mod_jk or mod_proxy
I tried googling and the only articles I found comparing these two were from 2005 down to 2002. I just set up my first Tomcat instance to run Jira for a project I'm doing. I want to proxy this through port 80 and apache. From what I can tell, I can easily forward the traffic using mod_proxy. What's the difference iwth using mod_jk? Are there any performance/security differences between these two mods? Anyone have any tips/experience setting up forwarding through apache? I'm running debian Lenny.
Solution 1:
JIRA don't officially support putting tomcat behind apache unless you use mod_proxy_http
. The recommended configuration goes something like this
/etc/httpd/vhosts.d/jira.company.com.conf
...
ProxyPreserveHost On
<Location />
ProxyPass http://localhost:8080/
</Location>
...
/opt/j2ee/domains/company.com/jira/tomcat/conf/server.xml
...
<Connector address="localhost" port="8080" URIEncoding="UTF-8"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
debug="0" connectionTimeout="20000"
proxyName="jira.company.com" proxyPort="80"
disableUploadTimeout="true" />
...
This should get your going on http
, let me know if you want an example for https
disclaimer: I am currently an Atlassian employee, although I don't work on the JIRA team
Solution 2:
Both methods forward requests from apache to tomcat. mod_proxy uses the HTTP that we all know an love. mod_jk uses a binary protocol AJP. The main advantages of mod_jk are:
- AJP is a binary protocol, so is slightly quicker for both ends to deal with and uses slightly less overhead compared to HTTP, but this is minimal.
- AJP includes information like original host name, the remote host and the SSL connection. This means that ServletRequest.isSecure() works as expected, and that you know who is connecting to you and allows you to do some sort of virtualhosting in your code.
A slight disadvantage is that AJP is based on fixed sized chunks, and can break with long headers, particularly request URLs with long list of parameters, but you should rarely be in a position of having 8K of URL parameters. (It would suggest you were doing it wrong. :) )
The position is slightly complicated by the existence of mod_proxy_ajp. Between them, mod_jk is the more mature of the two, but mod_proxy_ajp works in the same framework as the other mod_proxy modules. I have not yet used mod_proxy_ajp, but would consider doing so in the future, as mod_jk involves configuration outside of Apache.
Given a choice, I would prefer a AJP based connector, mostly due to my second stated advantage, more than the performance aspect. Of course, if Atlassian doesn't support anything other than mod_proxy_http, that does tie your hands somewhat, but mod_jk does work with JIRA.
Solution 3:
Yes there is some difference. However, which you choose to use would depend on your application.
As an example, mod_proxy will function as a normal reverse proxy which will forward only regular headers across while mod_jk would function as a special connector that forwards not only regular headers but also certain other environment variables. A simile can be drawn to scgi and fastcgi connectors.
For the purpose of working with JSP, you should use mod_jk which it was designed for. Use only mod_proxy when forwarding to regular web-servers only (that may launch other ajp connectors behind them).
[front apache]---proxy---[back apache]---ajp---[tomcat]
|
+--------- ajp----[tomcat]
Hope this helps.