Re: Apache httpd reverse proxy setup
Marko Asplund wrote: Chris Schultz wrote: On 10/31/12 3:55 PM, Marko Asplund wrote: There are at least 3 different approaches for configuring Apache httpd 2.2 to act as a reverse proxy for Tomcat 7.0: a) mod_proxy_http b) mod_proxy_ajp c) mod_jk ... What are the current differences and tradeoffs with using these alternatives? I recently updated http://wiki.apache.org/tomcat/FAQ/Connectors#Q2. YMMV. Excellent, thanks! I think this will be very useful information for people trying to decide between these options. Quite a few writers appear recommend mod_jk if performance and HA features are critical. But Apache 2.2 mod_proxy supports some load balancing and failover features through mod_proxy_balancer. mod_jk also supports lb and failover; just configured differently. On different web resources an oft-cited advantage of mod_jk appeared to be its lb and failover features, which was why I thought I'd mention mod_proxy providing similar features. Also, mod_cache can be used to offload static resource serving from the back-end to provide something similar to JkMount. I suppose you are saying that they can be configured equivalently? Yes, exactly. Both provide a feature that allows you to serve static content without invoking the backend. This is achieved through mod_cache when using mod_proxy and with the JkMount configuration parameter when using mod_jk by. What about all the fine features of mod_jk ? (such as cping/cpong, timeouts, retries, etc.). I do not see any of this mentioned in the on-line mod_proxy_ajp documentation. Is it that these settings are not available with mod_proxy_ajp, or simply that the documentation is incomplete ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache httpd reverse proxy setup
Chris Schultz wrote: On 10/31/12 3:55 PM, Marko Asplund wrote: There are at least 3 different approaches for configuring Apache httpd 2.2 to act as a reverse proxy for Tomcat 7.0: a) mod_proxy_http b) mod_proxy_ajp c) mod_jk ... What are the current differences and tradeoffs with using these alternatives? I recently updated http://wiki.apache.org/tomcat/FAQ/Connectors#Q2. YMMV. Excellent, thanks! I think this will be very useful information for people trying to decide between these options. Quite a few writers appear recommend mod_jk if performance and HA features are critical. But Apache 2.2 mod_proxy supports some load balancing and failover features through mod_proxy_balancer. mod_jk also supports lb and failover; just configured differently. On different web resources an oft-cited advantage of mod_jk appeared to be its lb and failover features, which was why I thought I'd mention mod_proxy providing similar features. Also, mod_cache can be used to offload static resource serving from the back-end to provide something similar to JkMount. I suppose you are saying that they can be configured equivalently? Yes, exactly. Both provide a feature that allows you to serve static content without invoking the backend. This is achieved through mod_cache when using mod_proxy and with the JkMount configuration parameter when using mod_jk by. marko
Re: Apache httpd reverse proxy setup
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marko, On 10/31/12 3:55 PM, Marko Asplund wrote: There are at least 3 different approaches for configuring Apache httpd 2.2 to act as a reverse proxy for Tomcat 7.0: a) mod_proxy_http b) mod_proxy_ajp c) mod_jk There's been quite a lot of discussion about the differences of each one but a lot of that discussion appears to be either not very analytical or outdated. What are the current differences and tradeoffs with using these alternatives? I recently updated http://wiki.apache.org/tomcat/FAQ/Connectors#Q2. YMMV. Quite a few writers appear recommend mod_jk if performance and HA features are critical. But Apache 2.2 mod_proxy supports some load balancing and failover features through mod_proxy_balancer. mod_jk also supports lb and failover; just configured differently. Also, mod_cache can be used to offload static resource serving from the back-end to provide something similar to JkMount. I suppose you are saying that they can be configured equivalently? Does mod_jk still have a lead when it comes to these features? At this point, mod_proxy_ajp has pretty much achieved feature-parity with mod_jk. If you want encryption between httpd and Tomcat, mod_proxy_http (with an https:// backend-URL) is the easiest to implement, but then you may have to manually-forward lots of the original SSL information across the HTTP connection -- you get that all for free with AJP (either mod_jk or mod_proxy_ajp). From a setup point of view, using mod_proxy_http/ajp is a lot simpler than mod_jk because e.g. on a Linux system you can typically install these using a system package manager. +1 For mod_jk you need to either have a compilation environment on your production system (which the sysops don't like) or compile and package the module on another machine with a compatible OS setup. Correct. My advice is for new projects to start with mod_proxy_ajp for the reasons you have listed above (pretty much ease of both installation and configuration). IMO there is no compelling reason for anyone using one or the other to switch, unless you find that you can't get a certain configuration to work (which was the case with me a long time back): it's better to stick with a technology that you know how to configure properly than to switch just because it's easier even though you don't know what you're doing. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCYjkQACgkQ9CaO5/Lv0PA0QACgkeaV1OBdCNYV9i4mDNm31R8S OfYAnRH1tVDfyQq4TF0At41baJByDVh/ =p6vx -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache httpd reverse proxy setup
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 10/31/12 4:32 PM, André Warnier wrote: Marko Asplund wrote: Hi, There are at least 3 different approaches for configuring Apache httpd 2.2 to act as a reverse proxy for Tomcat 7.0: a) mod_proxy_http b) mod_proxy_ajp c) mod_jk There's been quite a lot of discussion about the differences of each one but a lot of that discussion appears to be either not very analytical or outdated. What are the current differences and tradeoffs with using these alternatives? Quite a few writers appear recommend mod_jk if performance and HA features are critical. But Apache 2.2 mod_proxy supports some load balancing and failover features through mod_proxy_balancer. Also, mod_cache can be used to offload static resource serving from the back-end to provide something similar to JkMount. Does mod_jk still have a lead when it comes to these features? From a setup point of view, using mod_proxy_http/ajp is a lot simpler than mod_jk because e.g. on a Linux system you can typically install these using a system package manager. For mod_jk you need to either have a compilation environment on your production system (which the sysops don't like) or compile and package the module on another machine with a compatible OS setup. Just a note to say that on a Linux system above is probably too broad a generalisation. To my knowledge, most Linux distributions offer a mod_jk package. RedHat doesn't, which is indeed a pain. Often, they have insane dependencies (or used to). I seem to recall one package manager wanting to install Java itself just for mod_jk. I fired-up apt-get on my Debian Squeeze system and was delighted to see this: $ apt-cache show libapache2-mod-jk Package: libapache2-mod-jk Version: 1:1.2.30-1squeeze1 Depends: libc6 (= 2.3), apache2.2-common, apache2 Suggests: tomcat6, libapache-mod-jk-doc Unfortunately, like most Debian packages, it's hideously out of date with the state-of-the art in terms of version numbers (1.2.30 is 2.5 years old). You can play games with backports and stuff like that, but most people won't: they just stick to the release channel. RedHat not providing a package for mod_jk is enormously frustrating. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCYj1kACgkQ9CaO5/Lv0PDFmQCgiwyQUa2EB9x12c9UBo6CilNF cKcAnjzMSVigkD/yIsiDGNUkUxbzN9Z7 =7Dng -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache httpd reverse proxy setup
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marko, On 11/4/12 10:12 AM, Marko Asplund wrote: On 31/10/2012 20:08:21 GMT, Mark Thomas wrote: http://www.tomcatexpert.com/blog/2010/06/16/deciding-between-modjk-modproxyhttp-and-modproxyajp The mod_proxy_ajp stability issues are less of an issue now than they were when I wrote that article. What that means is if you want the SSL benefits of AJP with the mod_proxy_xxx benefits of consistent configuration then mod_proxy_ajp is the way to go. very good post, thanks for the pointer! Are there any noticeable differences performance wise? I found this performance comparison that was done on Windows: http://www.blakerobertson.com/devlog/2012/2/7/performance-comparison-mod_jk-vs-mod_proxy_ajp-for-apache-22.html The exact performance test methodology is not described but do you think any conclusions can be drawn on the relative performance figures for the general case and other platforms? I'm especially interested about Linux (RHEL 5 and 6 + clones). It's tough to decide what would be best for you based upon someone else's vague methodology and your vague requirements :) I would recommend doing your own performance testing in your own environment: it doesn't take much to fire-up JMeter or ApacheBench to test these configurations. One thing that the author of that comparison did was use ProxyPassMatch which uses a regular expression to match the URL. JkMount does not use a regular expression and so that may have had an effect -- the comparison doesn't say what kind of requests were being served. If this was a test of static content (which is really all you need to test the connector), then regular-expression overhead might have made a big difference. When doing your own performance testing, I highly recommend that you try to compare configurations that are as similar as possible to each other. Otherwise, you are lying to yourself ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCYkhUACgkQ9CaO5/Lv0PBzFgCgqQ92kfrbBKNbdB/lMhCfK/eq GT0AniMP8/snxQJKikb5CZNQDOIcfiJu =Z1uV -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache httpd reverse proxy setup
On 31/10/2012 20:08:21 GMT, Mark Thomas wrote: http://www.tomcatexpert.com/blog/2010/06/16/deciding-between-modjk-modproxyhttp-and-modproxyajp The mod_proxy_ajp stability issues are less of an issue now than they were when I wrote that article. What that means is if you want the SSL benefits of AJP with the mod_proxy_xxx benefits of consistent configuration then mod_proxy_ajp is the way to go. very good post, thanks for the pointer! Are there any noticeable differences performance wise? I found this performance comparison that was done on Windows: http://www.blakerobertson.com/devlog/2012/2/7/performance-comparison-mod_jk-vs-mod_proxy_ajp-for-apache-22.html The exact performance test methodology is not described but do you think any conclusions can be drawn on the relative performance figures for the general case and other platforms? I'm especially interested about Linux (RHEL 5 and 6 + clones). marko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Apache httpd reverse proxy setup
Hi, There are at least 3 different approaches for configuring Apache httpd 2.2 to act as a reverse proxy for Tomcat 7.0: a) mod_proxy_http b) mod_proxy_ajp c) mod_jk There's been quite a lot of discussion about the differences of each one but a lot of that discussion appears to be either not very analytical or outdated. What are the current differences and tradeoffs with using these alternatives? Quite a few writers appear recommend mod_jk if performance and HA features are critical. But Apache 2.2 mod_proxy supports some load balancing and failover features through mod_proxy_balancer. Also, mod_cache can be used to offload static resource serving from the back-end to provide something similar to JkMount. Does mod_jk still have a lead when it comes to these features? From a setup point of view, using mod_proxy_http/ajp is a lot simpler than mod_jk because e.g. on a Linux system you can typically install these using a system package manager. For mod_jk you need to either have a compilation environment on your production system (which the sysops don't like) or compile and package the module on another machine with a compatible OS setup. marko
Re: Apache httpd reverse proxy setup
On 31/10/2012 19:55, Marko Asplund wrote: Hi, There are at least 3 different approaches for configuring Apache httpd 2.2 to act as a reverse proxy for Tomcat 7.0: a) mod_proxy_http b) mod_proxy_ajp c) mod_jk There's been quite a lot of discussion about the differences of each one but a lot of that discussion appears to be either not very analytical or outdated. What are the current differences and tradeoffs with using these alternatives? http://www.tomcatexpert.com/blog/2010/06/16/deciding-between-modjk-modproxyhttp-and-modproxyajp The mod_proxy_ajp stability issues are less of an issue now than they were when I wrote that article. What that means is if you want the SSL benefits of AJP with the mod_proxy_xxx benefits of consistent configuration then mod_proxy_ajp is the way to go. Mark Quite a few writers appear recommend mod_jk if performance and HA features are critical. But Apache 2.2 mod_proxy supports some load balancing and failover features through mod_proxy_balancer. Also, mod_cache can be used to offload static resource serving from the back-end to provide something similar to JkMount. Does mod_jk still have a lead when it comes to these features? From a setup point of view, using mod_proxy_http/ajp is a lot simpler than mod_jk because e.g. on a Linux system you can typically install these using a system package manager. For mod_jk you need to either have a compilation environment on your production system (which the sysops don't like) or compile and package the module on another machine with a compatible OS setup. marko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache httpd reverse proxy setup
Marko Asplund wrote: Hi, There are at least 3 different approaches for configuring Apache httpd 2.2 to act as a reverse proxy for Tomcat 7.0: a) mod_proxy_http b) mod_proxy_ajp c) mod_jk There's been quite a lot of discussion about the differences of each one but a lot of that discussion appears to be either not very analytical or outdated. What are the current differences and tradeoffs with using these alternatives? Quite a few writers appear recommend mod_jk if performance and HA features are critical. But Apache 2.2 mod_proxy supports some load balancing and failover features through mod_proxy_balancer. Also, mod_cache can be used to offload static resource serving from the back-end to provide something similar to JkMount. Does mod_jk still have a lead when it comes to these features? From a setup point of view, using mod_proxy_http/ajp is a lot simpler than mod_jk because e.g. on a Linux system you can typically install these using a system package manager. For mod_jk you need to either have a compilation environment on your production system (which the sysops don't like) or compile and package the module on another machine with a compatible OS setup. Just a note to say that on a Linux system above is probably too broad a generalisation. To my knowledge, most Linux distributions offer a mod_jk package. RedHat doesn't, which is indeed a pain. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org