Ooops... I forgot THE major feature of mod_jk : the load-balancer/cluster manager : With mod_jk, you can very easily balance your web load to a cluster of tomcat. It's safe, easy and highly scalable...! another reason to put an apache httpd frontend in front of your tomcat(s)...
-Romain Romain BOURGUE a écrit : > Provided you add this mod_ssl directive to your apache configuration > SSLOptions +ExportCertData > mod_jk does forward the certData to the tomcat backend server. > > I add my 2 cents to the debate : Apache httpd is a an http server. Tomcat is > an > application server with an http connector : It's not tomcat's main objectiv > to > serve http static resources, it's Apache httpd's. Therefore, you'll have much > more possibilities handling and securing http requests on Apache httpd than > you'll have with Tomcat. > Furthermore, with heavy web traffic you need to lighten the load on your > Tomcat, > so it's good pratice to have your static files (html, images, css...) served > by > the Apache httpd and have only the dynamic resources forwarded to the tomcat. > > In development environment though, a standalone tomcat is perfect... > > -Romain > > [EMAIL PROTECTED] a écrit : >> Thank you for you answers. >> >> As you are speaking about SSL, do you know if client certificats are >> forwarded to CAS X509 handler when Tomecat is behind the Apache/mod_jk >> or Apache/mod_proxy_ajp ? >> >> Stéphane >> >> On 7/24/08, Andrew Ralph Feller, afelle1 <[EMAIL PROTECTED]> wrote: >>> For those who need to support Java applications along with PHP / Perl >>> applications, they could host both from the same machine by having Apache >>> httpd front-end Apache Tomcat. There is a another reason why some people >>> use mod_jk + Tomcat: inexperience in managing Tomcat. When I was starting >>> out, I hated working with keystores as it wasn¹t nearly as straight forward >>> as Apache httpd¹s mod_ssl configuration. Once I found how to setup the >>> Apache Portable Runtime in Tomcat, then I felt comfortable not having Tomcat >>> front-ended as the APR configuration is extremely similar to mod_ssl. >>> >>> On a tangential note, there is an alternative to mod_jk called >>> mod_proxy_ajp, which comes with Apache httpd 2.2 and works in a similar >>> manner. >>> >>> >>> On 7/24/08 6:12 AM, "Siegfried Puchbauer" <[EMAIL PROTECTED]> >>> wrote: >>> >>>> You can gain a lot of flexibility when you choose to use Apache in front >>>> of >>>> your Tomcat backend. For example a very flexible way to perform name-based >>>> virtual hosting. Also mod_rewrite is great to perform dynamic redirects >>>> using >>>> regexes. And the reverse-proxy capabilities by mod_proxy are also very >>>> useful >>>> - especially when using other application in the same url-space. You can >>>> also >>>> use it to display a service unavailibilty information when you >>>> upgrade/restart >>>> you tomcat. If you do not have the need of rewriteing urls, perform >>>> virtual-hosting there is IMHO no reason to not choose a standalone tomcat. >>>> >>>> Cheers, sigi >>>> _______________________ >>>> Siegfried Puchbauer >>>> http://siegfried.puchbauer.com/ >>>> >>>> On Thu, Jul 24, 2008 at 11:55, Stéphane Gully <[EMAIL PROTECTED]> >>>> wrote: >>>>> Hello, >>>>> >>>>> This is a generic question, not directly related to CAS. I'm sorry for >>>>> that. >>>>> Google didn't helped me so I try here. >>>>> >>>>> When I installed CAS, I had the choice to deploy it directly in Tomcat >>>>> or in Apache/mod_jk+Tomcat. I chosed to deploy it directly in Tomcat >>>>> because I needed X509 authentication handler and it just looked more >>>>> easy to configure directly in Tomcat. >>>>> >>>>> I often read that mod_jk should be used but I never know why ? could >>>>> someone tell me the reason(s) ? >>>>> >>>>> regards, >>>>> -- >>>>> Stéphane GULLY >>>>> _______________________________________________ >>>>> Yale CAS mailing list >>>>> [email protected] >>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>> >>>> _______________________________________________ >>>> Yale CAS mailing list >>>> [email protected] >>>> http://tp.its.yale.edu/mailman/listinfo/cas >>> -- >>> Andrew R. Feller, Analyst >>> Information Technology Services >>> 200 Fred Frey Building >>> Louisiana State University >>> Baton Rouge, LA 70803 >>> (225) 578-3737 (Office) >>> (225) 578-6400 (Fax) >>> >>> >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
