Hello David, > Nice if you've got that sort of money.
I will go further, I feel the price of the famous hardware load balancers is completely excessive in comparison with the other components we use on production. It is very common to see on production small servers (cheap dual x86 processors, cheap Linux, free JVM, free Tomcat/JBoss/Jetty, free SpringFramework, free Hibernate, ...) and in front of them hardware load balancers that cost more than 50 K USD. I feel open source will come to load balancers as it came to operating systems, application servers or database servers. Products like HA Proxy are very appealing for inexpensive load balancing, they will fit many production requirements. I found interesting docs about inexpensive load balancing : - "Making applications scalable with Load Balancing" by Willy Tarreau, the father of HA Proxy http://1wt.eu/articles/2006_lb/ - loadbalancing.org FAQ : a provocative opinion http://www.loadbalancing.org/ > it is quite cool because you can off-load the https part Look at Willy Tarreau's "Making applications scalable with Load Balancing", he offloads SSL for almost free with a neat architecture. > Personally i prefer mod_proxy_ajp with the balancing as well. I am preparing a blog post on "AJP versus HTTP" :-) My preference goes to HTTP because it has always been enough for my needs, even on high volume web sites, it is standard, network admins knows this protocol, all the network device can speak it, I can troubleshoot it with telnet and curl, ... :-) Cyrille -- Cyrille Le Clerc clecl...@xebia.fr http://blog.xebia.fr On Wed, Nov 25, 2009 at 12:09 PM, David Cassidy <da...@twocats.co.uk> wrote: > Cyrille, > > Nice if you've got that sort of money. > it is quite cool because you can off-load the https part > so some custom hardware - again cool if you've got the money > > Personally i prefer mod_proxy_ajp with the balancing as well. > > D > > On 25/11/09 10:57, Cyrille Le Clerc wrote: >> >> Hello, >> >> As Ronald said, we made some drawings on a detailed document >> "Tomcat, SSL, secure communications and X-Forwarded-Proto" (1) that >> explains solutions to handle HTTPS at the Tomcat, Apache Httpd and >> Load Balancer layers. The document is written in french but the google >> translation is quite good (2). >> >> My preference is to use a level 7 load balancer in front of Apache >> httpd servers with mod_proxy_http+mod_proxy_balancer and then Tomcat >> servers. Of course, this topology is not always the best one but is >> very often relevant. >> >> Hope this helps, >> >> Cyrille >> >> -- >> Cyrille Le Clerc >> clecl...@xebia.fr >> http://blog.xebia.fr >> >> (1) >> http://blog.xebia.fr/2009/11/13/tomcat-ssl-communications-securisees-et-x-forwarded-proto/ >> (2) >> http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fblog.xebia.fr%2F2009%2F11%2F13%2Ftomcat-ssl-communications-securisees-et-x-forwarded-proto%2F&sl=fr&tl=en >> >> On Wed, Nov 25, 2009 at 11:45 AM, Ronald Klop >> <ronald-mailingl...@base.nl> wrote: >> >>> >>> Always make a drawing. >>> >>> client -> https -> tcp-loadbalancer -> still same https connection-> >>> multiple tomcats >>> >>> client -> https -> http-loadbalancer (Apache, proxy) -> new >>> ajp/http(s) >>> connection-> multiple tomcats >>> >>> Normally the loadbalancer and tomcats are in the same private network. It >>> is >>> your choice if that is secure enough. In the end the data is unencrypted >>> in >>> the database I guess, so normally you trust your own network. >>> >>> Ronald. >>> >>> >>> Op woensdag, 25 november 2009 10:18 schreef jkv<j.kumara...@gmail.com>: >>> >>>> >>>> Hello, >>>> >>>> We are using Tomcat 6.0 and running HTTPS (enabled SSL). The number of >>>> requests has grown up and we have decided to do go for clustering and >>>> loadbalancing. We have decided to go for Apache and mod_proxy/mod_jk >>>> loadbalacing. My certificate resides in Tomcat. >>>> In order to loadbalance HTTPS request using Apache and mod_proxy/mod_jk, >>>> should I configure Apache to handle HTTPS and tell it about my >>>> certificate >>>> details? >>>> While loadbalancing I understand that http/https request to Apache is >>>> converted to ajp and tunneled to Tomcat, so is ajp protocol secure? >>>> should >>>> I >>>> enable SSL in tomcat to handle this request? >>>> Should I have two copies of my certificate files if Apache and Tomcat >>>> reside >>>> on two different physical machines(Horizontal Clustering)? >>>> >>>> I searched the forums and they are too advanced for my question. I am >>>> really >>>> new to clustering and load balancing and any help is deeply appreciated. >>>> Thanks in advance. >>>> >>>> Regards >>>> jkv >>>> -- >>>> View this message in context: >>>> >>>> http://old.nabble.com/Tomcat-Https-loadbalancing---tp26509573p26509573.html >>>> Sent from the Tomcat - User mailing list archive at Nabble.com. >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>> >>>> >>>> >>>> >>>> >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org