The ability to mediate your user requests in Apache httpd (both bots
and regular users) far outweighs any performance hit, which in my
experience it is miniscule in comparison to the memory and CPU loads
that tomcat itself produces being a multi-threaded Java application.
Apache is a very efficient and optimized http service, the mod_jk
connector simply streams the request/response cycle to tomcat.
-Mark
On Jan 25, 2007, at 10:53 AM, John Preston wrote:
Thanks. One question. Any idea what the performance hit is for
using apache with mod_jk vs straight Tomcat.
John
On 1/25/07, Mark Diggory < [EMAIL PROTECTED]> wrote:
John,
It is mounted vi mod_jk, connector which allows apache to
communicate with tomcat directly. I left that out, those details
are available in tomcats server.xml. There are two configurations
that you are hearing back from Larry Stone and myself about.
1.) Use Apache and mod_jk in front of tomcat to handle http/https
requests. In which apache handles which port a request goes to ala
URL Rewrites/Redirects, tomcat listens via the mod_jk/ajp connector
for requests. This is a the solution usually taken in production
environments running tomcat. It allows the System Administrator to
control the entire request process and its behavior. There are many
"mods" in Apache that can do things like bandwidth filtering,
redirecting and URL rewriting which are difficult if not impossible
to find for Tomcat directly. This solution does not require having
to recompile the dspace webapplication to administer these aspects,
it allows your System Admin to take control in this area while your
application developers deal with the web-application side.
2.) Use Tomcat to directly serve http/https and security
constraints. This requires rebuilding the war (or just editing the
security constraint in web.xml) to enforce this restriction. Note,
you have open tomcat up on two ports http and https You also need
to hack the JSP's to redirect you back out of https after your user
is leaving a protected area.
This is why I choose the former solution, it is always in the hands
of the system administrator, who is the expert in this area and
actualy needs to control these security aspects of a service as the
responsibility of his/her position. It requires zero modification
of the DSpace web-application JSPs and configuration and thus is
very easy to maintain across dspace upgrades. Each solution has
its nuances and complexities. You'll need to evaluate for yourself,
which seems most appropriate for your taste and situation.
-Mark Diggory
On Jan 24, 2007, at 3:19 PM, John Preston wrote:
I see that you are redirecting to the apache https service. Where
is the tomcat server, I presume on 84343 port.
John
On 1/24/07, Mark Diggory < [EMAIL PROTECTED]> wrote:
We accomplish this within our Apache httpd service in front of
Tomcat. Basically I use mod_rewrite to force specific url's into
http or https. (for example:
## SSL Virtual Host Context
<VirtualHost 18.51.3.31:443>
...
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/certificate-login.*
RewriteCond %{REQUEST_URI} !^/password-login.*
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [L,R]
...
</VirtualHost>
<VirtualHost 18.51.3.31:80>
...
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/certificate-login.* [OR]
RewriteCond %{REQUEST_URI} ^/password-login.*
RewriteRule ^/(.*) https://%{HTTP_HOST}:443/$1 [L,R]
-Mark
On Jan 24, 2007, at 2:15 PM, John Preston wrote:
Can anyone tell me if it is possible to use https for just the
login steps and regualr unsecured http to access my dspace site.
I need to secure the login username/password phase but once
logged in I want to use the regular http so it is as fast as
possible.
Mark R. Diggory
~~~~~~~~~~~~~
DSpace Systems Manager
MIT Libraries, Systems and Technology Services
Massachusetts Institute of Technology
Mark R. Diggory
~~~~~~~~~~~~~
DSpace Systems Manager
MIT Libraries, Systems and Technology Services
Massachusetts Institute of Technology
Mark R. Diggory
~~~~~~~~~~~~~
DSpace Systems Manager
MIT Libraries, Systems and Technology Services
Massachusetts Institute of Technology
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
