This entry was originally posted in slightly different form to Server Fault
There are several ways to run Tomcat applications. You can either run
tomcat direcly on port 80, or you can put a webserver in front of tomcat and
proxy connections to it. I would highly recommend using Apache as a
front end. The main reason for this suggestion is that Apache is more
flexible than tomcat. Apache has many modules that would require you to
code support yourself in Tomcat. For example, while Tomcat can do gzip
compression, it’s a single switch; enabled or disabled. Sadly you can
not compress CSS or javascript for Internet Explorer 6. This is easy to
support in Apache, but impossible to do in Tomcat. Things like caching
are also easier to do in Apache.
Having decided to use Apache to front Tomcat, you need to decide how
to connect them. There are several choices: mod_proxy ( more accurately, mod_proxy_http in
Apache 2.2, but I’ll refer to this as mod_proxy), mod_jk and mod_jk2.
Mod_jk2 is not under active development and should not be used. This
leaves us with mod_proxy or mod_jk.
Both methods forward requests from apache to tomcat. mod_proxy uses the HTTP
that we all know an love. mod_jk uses a binary protocol AJP. The main
advantages of mod_jk are:
-
AJP is a binary protocol, so is slightly quicker for both ends to deal with and
uses slightly less overhead compared to HTTP, but this is minimal. -
AJP
includes information like original host name, the remote host and the SSL
connection. This means that ServletRequest.isSecure() works as expected, and
that you know who is connecting to you and allows you to do some sort of
virtualhosting in your code.
A slight disadvantage is that AJP is based on
fixed sized chunks, and can break with long headers, particularly request URLs
with long list of parameters, but you should rarely be in a position of having
8K of URL parameters. (It would suggest you were doing it wrong. 🙂 )
It used to be the case that mod_jk provided basic load balancing
between two tomcats, which mod_proxy couldn’t do, but with the new
mod_proxy_balancer in Apache 2.2, this is no longer a reason to choose between them.
The position is slightly complicated by the existence of mod_proxy_ajp. Between
them, mod_jk is the more mature of the two, but mod_proxy_ajp works in the same
framework as the other mod_proxy modules. I have not yet used mod_proxy_ajp,
but would consider doing so in the future, as mod_proxy_ajp is part of
Apche and mod_jk involves additional configuration outside of Apache.
Given a choice, I would prefer a AJP based connector, mostly due to my second
stated advantage, more than the performance aspect. Of course, if your
application vendor doesn’t support anything other than mod_proxy_http, that
does tie your hands somewhat.
You could use an alternative webserver like lighttpd, which does have
an AJP module. Sadly, my prefered lightweight HTTP server, nginx, does
not support AJP and is unlike ever to do so, due to the design of its
proxying system.
on said:
At a client site mod_proxy_ajp under load would return the wrong response to clients, so requests from a and b comes in, then b gets a’s response.
Nasty, this was on RHEL 5.3, went back to mod_jk and it all returned to normal, might have been fixed since.
on said:
Thanks for your post, interesting to read other people’s opinions and war stories.
I normally have a cache server in front of my app servers, so the performance discussion between the Apache modules is of less importance to me (albeit, faster is always better 🙂
Whenever possible, it’s great to skip the HTTPd as it’s one layer less of complexity (cache server and app server is enough). However, I’ve yet to work on a site that didn’t need mod_rewrite, mod_security and so on …
I prefer the mod_proxy_balancer option as it provides, well load balancing 🙂 Session support using the app servers session pooling/clustering is tempting technology, but this requires that all objects on the session scope are serializable and sad to say, that’s not always the case …
on said:
Another good thing about running HTTP in tomcat (even with apache in front), is you can directly hit tomcat to troubleshoot issues to rule out Apache issues you may experience. Yes a binary protocol is faster between apache and tomcat, but how often is that your bottle neck?
on said:
typo Apche