is it really necessary to run Apache as a front-end to Glassfish/JBoss/Tomcat?

apache-2.2 glassfish tomcat

Solution 1:

Most people are going to say you need something in-front because of static files.

This is somewhat dumb because:

  • You can configure Tomcat to use the same IO as apache with APR
  • You should be using a CDN (Content delivery network) anyways.

The real reason you need something in-front of tomcat/jetty/jboss to load balance and handle failover.

I recommend you do not listen to "...The Tomcat engine is the Achilles heel of the entire ecosphere..." as we all know that is not true... your database and its connection pooling will be that.

Solution 2:

It depends on the ecosystem around your app. In an intranet environment - you probably do not need anything in front of Tomcat.

If alone on the internet as a public facing service, it depends. Apache is nice to because of the modules it provides like mod_security. But if you are not knowledgeable with the configuration of apache(or ngix) - then you could expose yourself to even MORE attacks or points of failure due to misconfiguration.

Apache in front comes in handy for serving outage pages in cases where you need to upgrade the webapp and wait for a restart. But if the restarts are rare or they are timed correctly - then its another reason to go Tomcat standalone.

The Tomcat FAQ does also talk about this too which addresses some additional points: http://wiki.apache.org/tomcat/FAQ/Connectors#Q3

Solution 3:

Amazing, some of these answers - do any of you folks actually run high performance multi-tiered and mutli-server Tomcat backed websites? OP, your original supposition that Tomcat is not "slow"... wow. The Tomcat engine is the Achilles heel of the entire ecosphere.

Yes, you want Apache in front - it provides first and foremost mod_rewrite (have you already implemented UrlRewriteFilter in your Tomcat?) as well as the htaccess files that make protecting a webserver so important. Apache can enable you to load balance Tomcat nodes behind it, serve your static content much quicker and get better performance out of Tomcat because you're not overloading it's request pipe with non-Java (js/css/html/jpg/etc.) things. You can offload your SSL at Apache (if not offloading at a hardware LB) with ease and not even have to deal with that travesty called the Java Keystore. There are just so many wins - you can tune mod_jk to your backend nodes to keep from overrunning Java's poor little brain because it typically can't handle massive traffic with the average Java coder's classes.

Beware anyone who tells you that Apache (or nginx, etc - but Apache's performance will outshine Tomcat anyways so it doesn't matter) is not a good idea in front of Tomcat.

Related

LDAP: How to add a person to an existing group?
Where can I find an online list of CentOS packages and their versions?
How can I decrypt multiple files in a directory with gpg?
How to list current sshfs mounts to server?
How to get checksum data integrity on ext4?
IIS 7.5: How to configure custom Authentication Error page with Windows Authentication. 401 header problems
Gratuitous CRLF in Subject: line - why is it there, and is it legal?
What algorithm does Amazon ELB use to balance load?
VMware ESXi SSD on RAID showing as non-ssd
Is there a way to create a "one-time" boot entry in grub?
How to specify exceptions from wildcard settings in a logrotate configuration file?
Under HTTP2, how often are new TCP connections initiated?