Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Leo,
On 3/7/14, 10:44 AM, Leo Donahue wrote:
Who uses more than one Service in their server.xml and why? I get
that you can have multiple Connectors if you have multiple Service
components but why use multiple connectors?
You can already have multiple <Connector>s per <Service> but the
difference is that all Connectors in Service can access all web
applications in that Service.
Are there any docs on the use cases for these features?
Let's say that you wanted to deploy a non-secure webapp (/open) and a
secure webapp (/secure). And let's say that you were terribly paranoid
about proper setup: you want to make sure that nobody can access your
/secure webapp without going through HTTPS.
If you were to simply do this:
<Service>
<Connector port="80" /><!-- let's just be brief -->
<Connector port="443" />
<Host appBase="webapps" />
</Service>
... then anyone could access either web application via http:// and
https://. (Of course, you'd set "CONFIDENTIAL" in your web.xml, but
remember, we're being paranoid, here).
Instead, you can do this:
<Service>
<Connector port="80" /><!-- let's just be brief -->
<Host appBase="insecure-webapps" />
</Service>
<Service>
<Connector port="443" />
<Host appBase="secure-webapps" />
</Service>
This way, anyone requesting http:///secure would get a 404.
I'm sure you could come up with a real-world use-case for the above,
because it's obviously not a very good example I've laid out there.
Perhaps a better use-case might be something like a server connected
to several VPNs where services need to be separated by port number for
isolation. (I'm not sure why you'd isolate the port numbers in that
case and not also isolate the JVMs, but it's just a thought).
I would be almost ready to bet that nobody has ever tried 2 <Service>'s.
It almost sounds like 2 separate Tomcat instances, except that they share the same JVM and
the same TOMCAT_BASE, hence the same configuration files (of course), which makes it
difficult to think of a real use case, as compared to 2 separate (JVM + Tomcat) instances
running off the same codebase.
My guess would be : when designing Tomcat, it came to pass that somewhere in the logic,
Connector's and Engine were related things, but that there was no clear way to design it
so that one would be a child of the other or vice-versa. So they just created a Service
on top of both, and made them siblings.
It may just be so as to make it easier to start the Engine, before starting the
corresponding Connector's. Or to run them separately and asynchronously.
It is a good question though. I wonder why nobody ever asked on this list before (in my
memory).
Also, (and also in my memory) I could swear that at some point, there was a document
available on the Tomcat website, which gave some overview of the overall Tomcat design.
But I can't seem to find that anymore.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
