-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Adrián,
On 7/21/2011 4:09 PM, Adrián Córdoba wrote:
> So, how to serve dynamic content with Tomcat and static one with
> Apache, all in the same web application, in secure way? Can you show
> me that or tell me a link to learn it?
At least three ways:
1. Separate your static content from your webapp and deploy it
separately into your DocumentRoot.
(FWIW, I don't like this strategy because it's unnatural for me.
Better to keep everything together)
2. Copy static content out of your webapp into some other directory
you use as your DocumentRoot. Do this at build-time. This is
probably the way to go.
3. Use DocumentRoot = appbase, but make sure you protect things
correctly in your Apache httpd configuration. Use restrictions like
<Location> and <Directory> with "Order deny,allow", "Deny from all".
(This is actually what I do, but you have to be very careful how you
protect things. Be creative and think like an evildoer.)
You specifically asked how to hook up httpd and Tomcat together, but
here's another option:
4. Dump httpd altogether. Unless you need it for other things, it's
just complicating your configuration.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk4oigMACgkQ9CaO5/Lv0PAFCgCcCdevRHGToiakS7rgT8o9C3tt
pZUAn3FIFoXdSJ1uL+jdv5sKYYdm1eLL
=/uJC
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
