-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marko,
On 10/31/12 3:55 PM, Marko Asplund wrote: > There are at least 3 different approaches for configuring Apache > httpd 2.2 to act as a reverse proxy for Tomcat 7.0: > > a) mod_proxy_http b) mod_proxy_ajp c) mod_jk > > There's been quite a lot of discussion about the differences of > each one but a lot of that discussion appears to be either not very > analytical or outdated. > > What are the current differences and tradeoffs with using these > alternatives? I recently updated http://wiki.apache.org/tomcat/FAQ/Connectors#Q2. YMMV. > Quite a few writers appear recommend mod_jk if performance and HA > features are critical. But Apache 2.2 mod_proxy supports some load > balancing and failover features through mod_proxy_balancer. mod_jk also supports lb and failover; just configured differently. > Also, mod_cache can be used to offload static resource serving from > the back-end to provide something similar to JkMount. I suppose you are saying that they can be configured equivalently? > Does mod_jk still have a lead when it comes to these features? At this point, mod_proxy_ajp has pretty much achieved feature-parity with mod_jk. If you want encryption between httpd and Tomcat, mod_proxy_http (with an https:// backend-URL) is the easiest to implement, but then you may have to manually-forward lots of the original SSL information across the HTTP connection -- you get that all for free with AJP (either mod_jk or mod_proxy_ajp). > From a setup point of view, using mod_proxy_http/ajp is a lot > simpler than mod_jk because e.g. on a Linux system you can > typically install these using a system package manager. +1 > For mod_jk you need to either have a compilation environment on > your production system (which the sysops don't like) or compile and > package the module on another machine with a compatible OS setup. Correct. My advice is for new projects to start with mod_proxy_ajp for the reasons you have listed above (pretty much ease of both installation and configuration). IMO there is no compelling reason for anyone using one or the other to switch, unless you find that you can't get a certain configuration to work (which was the case with me a long time back): it's better to stick with a technology that you know how to configure properly than to switch just because "it's easier" even though you don't know what you're doing. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCYjkQACgkQ9CaO5/Lv0PA0QACgkeaV1OBdCNYV9i4mDNm31R8S OfYAnRH1tVDfyQq4TF0At41baJByDVh/ =p6vx -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
