[ajug-members] Tomcat + Apache and SSL
Buch, Peter
peter.buch at emory.edu
Tue Oct 30 08:27:14 EDT 2007
I think two issues of serving static content with Tomcat are security
and performance. Although, I don't fully understand the security
argument if all your apps and pages require SSL and authentication.
Perhaps someone could enlighten me. The performance argument is a sound
one on a high load web app. Why bogg your app server down with static
requests? It sounds like performance isn't an issue in this situation if
your considering removing Apache.
________________________________
From: Carl Hall [mailto:carl.hall at gmail.com]
Sent: Monday, October 29, 2007 5:02 PM
To: General AJUG membership forum (100-200 messages/month)
Subject: [ajug-members] Tomcat + Apache and SSL
Our current production setup has an Apache instance in front of each
tomcat instance (4 machines; each with 1 Apache + 1 Tomcat). This sits
behind a BigIP load balancer. We let Apache serve the static content as
well though the Tomcat docs lead me to believe that Tomcat can server
static content as good or better. The only explanation I've heard for
using this is that it's easier for Apache to unwrap the SSL requests
than it is for Tomcat (more overhead on Tomcat; all of our traffic is
over SSL). We're using Apache 2.0 + mod_jk + Tomcat 5.5 and are
considering going to Apache 2.2 + mod_proxy_ajp + Tomcat 5.5 but I'm
wondering if we could remove Apache all together. Does anyone have any
experience or data to support/deny the claim of SSL is better handled by
Apache than Tomcat. Is Apache + Tomcat still the way to go?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.ajug.org/pipermail/ajug-members/attachments/20071030/f1d6a90f/attachment.html
More information about the ajug-members
mailing list