Thanks for the response Torsten! In our environment, the machines we have Tomcat running on strictly use Tomcat 6, APR for SSL support, and we load balance applications through an external load balancer. We have been able to get by without brining HTTPD for things like mod_rewrite or any of the PAMs, so I would like to keep it as simple as possible.
I don't have any personal issue with moving to running Tomcat directly as the non-privileged account meant for Tomcat, however I am curious about the trade offs especially related to security. Thanks! On 10/30/08 12:37 PM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > Hi Andrew, > > We let all our Tomcats run on a non-privileged port and use some init script > using startup.sh/shutdown.sh, and have an Apache httpd forwarding requests > with AJP. > > We then use Apache httpd for things like terminating SSL, do RADIUS or LDAP > authentication, load balancing several Tomcat instances and so on. > > I think it is a good and common setup like that. > > Torsten > > -----Original Message----- > From: Andrew Feller [mailto:[EMAIL PROTECTED] > Sent: 30. oktober 2008 18:16 > To: users@tomcat.apache.org > Cc: Brad Cupit > Subject: JSVC vs standard startup / shutdown scripts > > QUESTION: What is the best practice for running Tomcat? JSVC daemon or > startup / shutdown scripts as a non-root user and forwarding HTTPS requests > to a non-privileged port? > > While reading the Professional Apache Tomcat 6 (ISBN: 978-0-471-75361-2), > they recommend running Tomcat to start it up using the startup script > provided in the Tomcat binary and having your firewall forward requests from > HTTPS to a non-privileged port. This is very interesting for two reasons: > > 1. The book never mentions JSVC, which the Tomcat documentation does > 2. We believed using JSVC was the only way to run as a non-root user, > which doesn't seem to be the case now > > I would appreciate any feedback about the trade offs and why people choose > one over the other. > > Thanks, > Andrew > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > -- Andrew R. Feller, Analyst Information Technology Services 200 Fred Frey Building Louisiana State University Baton Rouge, LA 70803 (225) 578-3737 (Office) (225) 578-6400 (Fax) --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
