Re: Tomcat as a standalone webserver. Why not?
On Jun 2, 2006, at 12:27 PM, Mladen Turk wrote: Jim Jagielski wrote: Web Servers are web servers primarily, focused on HTTP, compliance, speed and capability. Use the right tool for the right job :) Agreed. If you only need a web server, use a web server. I think that the question is not whether to replace the web server, but whether the web server is needed for delivering the static content in cases where there is already a Tomcat. In that case the APR can be used. Agreed. Although for simple static content, using web server caching can result in even better performance as well... Most just a web server web servers have robust caching built in (as well as flexible proxying as well). The subject line does say Why not? right? :) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as a standalone webserver. Why not?
Peter Lin wrote: I'm gonna say that's quite a bit of myth here. If SSL is important, get a cheap SSL enabled router. Doing software SSL is waste of CPU power and impacts the server's stability. Anyone that has a lot of HTTPS traffic shouldn't be using software SSL in my bias opinion. If you are so desparate that you need software SSL, as remy says, there's APR. no need to stick apache httpd infront. Guess my information regarding Tomcat + SSL was a bit outdated. Last time AFAIR I measured Tomcat 5.0.x (no APR avail) vs. Apache+Tomcat 5.0.x. So good to know there are new options with 5.5.x, Remy. Well regarding the HW vs. SW question, there's another point: Often you have different DMZs (e.g. you are required to do it for security reasons and some forced protocol changes) eventhough you know that you'll have servers running idle. In that case you might have pure Apache HTTPD servers in one DMZ and some Tomcats in another DMZ. Some HTTPS handling and not just AJP forwarding will use at least some CPU time in your external machines. ;-) if an SSL-enabled router is not what other people want. Cheers, Michael my bias 2 bits on this topic peter On 6/1/06, Remy Maucherat [EMAIL PROTECTED] wrote: On 6/1/06, Michael Echerer [EMAIL PROTECTED] wrote: Danny Lee wrote: Hi guys! I wondering if it's really so good to use Tomcat behind a real web server like Apache or IIS. In case you have a lot of HTTPS traffic, you'll find that having Apache handle SSL is faster than the Java implementation that Tomcat can offer. IMHO for HTTP traffic performance is almost comparable as long as you don't need 100% perf, but for HTTPS Apache is definitely better already with not so many concurrent requests. Great post. And now, for the real information: http://tomcat.apache.org/tomcat-5.5-doc/apr.html :) -- x Rémy Maucherat Developer Consultant JBoss Inc x - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as a standalone webserver. Why not?
IMO, if you need to move out of pure Java in your Java Web Server to get acceptable performance, then why use it in the first place? Plus, if you are concerned about the security of Apache (cause it's nasty C) and therefore want to use a Java Web Server, then using JNI means you've left that warm and safe place, since you are no longer safe in a pure Java environment. Web Servers are web servers primarily, focused on HTTP, compliance, speed and capability. Use the right tool for the right job :) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as a standalone webserver. Why not?
On 6/2/06, Jim Jagielski [EMAIL PROTECTED] wrote: IMO, if you need to move out of pure Java in your Java Web Server to get acceptable performance, then why use it in the first place? Plus, if you are concerned about the security of Apache (cause it's nasty C) and therefore want to use a Java Web Server, then using JNI means you've left that warm and safe place, since you are no longer safe in a pure Java environment. Web Servers are web servers primarily, focused on HTTP, compliance, speed and capability. Use the right tool for the right job :) We know what your company recommends, thank you very much :) Do you also mean to imply that the network code in the JVM is not native, and cannot have any security problem, etc ? Using APR replaces that native code and uses the one from the ASF instead. -- x Rémy Maucherat Developer Consultant JBoss Inc x - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as a standalone webserver. Why not?
Jim Jagielski wrote: Web Servers are web servers primarily, focused on HTTP, compliance, speed and capability. Use the right tool for the right job :) Agreed. If you only need a web server, use a web server. I think that the question is not whether to replace the web server, but whether the web server is needed for delivering the static content in cases where there is already a Tomcat. In that case the APR can be used. With traditional Apache+mod_jk+Tomcat you have tree points of failure; Apache, Tomcat and a connection stack between them. With Tomcat+APR you have only two. Because of the weak link rule, system will aways be as stable as Tomcat is. Just my 2 cents to this never ending kind of discussions :) Regards, Mladen. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as a standalone webserver. Why not?
This issue is discussed endlessly as far as I can see, both camps argue very well for their case However, my take from personal experience is that its very handy to have Apache in front, because it gives you a lot of scope to do little fixes and tweaks to odd users causing problems without any service downtime. For example you can pretty much add Apache Rewrite rules all over the shop to fix up little issues without having to actually restart any servers, (just an Apache SIGHUP, or reload). You can also fiddle with the various request headers, response headers, logging of request, response headers, with no impact on the back-end tomcat layer and its webapps. Of course there is the load balancer issue as well, if you require/desire to have sticky sessions. Obviously if your code is perfect and bug free and users are all perfect, and sticky sessions are not required then then perhaps tomcat-only is the solution. Although I've yet to meet an author of bug free code. Thats my opinion anyway. Mark On Thu, 2006-06-01 at 12:05 +0200, Danny Lee wrote: Hi guys! I wondering if it's really so good to use Tomcat behind a real web server like Apache or IIS. In my Tomcat 5 book there are two reasons to do it so: 1. Tomcat is not as secure as common web servers, especially if you want to use CGI and SSI (I don't think I want to) 2. Tomcat is slow delivering static content. Well, as long it's just planned to use only 1 server for my application, I don't think the both points are true for me. On the Tomcat site there's a note about performance: When using a single server, the performance when using a native webserver in front of the Tomcat instance is most of the time significantly worse than a standalone Tomcat with its default HTTP connector, even if a large part of the web application is made of static files And security... what about security? Why is Tomcat behind of Apache more secure then without it, especially (as I said) if both are running on the same server. Thanks in advance! Cheers, Danny - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This email has been scanned for all known viruses by the MessageLabs SkyScan service. This email has been scanned for all known viruses by the MessageLabs SkyScan service. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as a standalone webserver. Why not?
Hi, I wondering if it's really so good to use Tomcat behind a real web server like Apache or IIS. In my Tomcat 5 book there are two reasons to do it so: 1. Tomcat is not as secure as common web servers, especially if you want to use CGI and SSI (I don't think I want to) 2. Tomcat is slow delivering static content. Well, as long it's just planned to use only 1 server for my application, I don't think the both points are true for me. On the Tomcat site there's a note about performance: ... Not an easy question, I think that the answer to your question is a mix of personal preferences and, taking into account your application specifications, whether or not you need from apache something that you can't have with Tomcat. I personally started with an apache/tomcat/connector configuration because the same servers were already serving php/mysql and cgi applications. We moved then all the tomcat/jsp stuff to its own servers and I decided to remove apache because: - it was not required anymore (reason number one) and for me, the simpler you keep things, the more robust they are. Also, I'm quite paranoid and for me the less stuff you installed, the better - I had some problems with the mod_jk (timeouts) - we are not serving static content Regards, Gaël
Re: Tomcat as a standalone webserver. Why not?
Hi Tim, Thanks for your answer. I see your point about Apache more convenient for hackers, than Tomcat. About outage message. This is of course a problem running Tomcat as standalone, but I have the control over WebServer IP through the firewall, so i just start some Show we're down message servlet on the mmm... mailserver and if needed rewrite the current webserver IP :) Cheers, Danny Tim Funk wrote: ... Personally - I like having apache in front of tomcat because I find it easier to do CGI, static content directory aliasing, and the volume of available modules to be very convenient. It also allows my site to be up with a higher uptime since I can restart / replace a tomcat and in those periods of downtime - I can reconfigure apache to have an outage message. YMMV -Tim - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as a standalone webserver. Why not?
Hi, thanks for the answer! I am paranoid AND lazy, so I totally see your point :)) Cheers, Danny Gaël Lams wrote: Also, I'm quite paranoid and for me the less stuff you installed, the better - I had some problems with the mod_jk (timeouts) - we are not serving static content Regards, Gaël - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as a standalone webserver. Why not?
As it happens I can't really begin to count the number of times we've applied hacks at the Apache level to work around code bugs (did I say bug? I meant feature...). Although to be fair most of these are caused by users/customers doing odd things outside the spec of the current code. We also deal heavily with accesses from mobile phones, each one of which has new and interesting features in its web browser, some of which just can't be easily dealt with without direct control over the request/response headers which Apache makes easy. But more generally another big win we have found is the ability to fairly easily have Apache catch certain requests (ie for specific users) and hand them off to development/staging systems rather than the production systems. This is used quite often in our test/release cycle, and avoids having to have the production system tomcat layer even know that such hacky stuff is going on, whilst outside users can't necessarily know which back-end system they are using. Mark On Thu, 2006-06-01 at 16:30 +0200, Danny Lee wrote: Hi! Thanks for your answer. I use url-rewrite magic servlet (analog to apache mod_rewrite), so I have the same on the fly rewrite functionality (the rewrite-rules.xml is checked every minute or somth). I do all the request/response stuff in Tomcat as long it's relevant and a part of the system I don't want to move a part of functionality to Apache, I prefer having all-in-one solution (this is why I use Quartz for scheduled tasks and not some chron-jobs). And I can't see the connection, why my code have to be perfectly bug free? I mean, if I do have bugs Apache wont come and save my ass right? :)) This email has been scanned for all known viruses by the MessageLabs SkyScan service. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as a standalone webserver. Why not?
--- Ga�l Lams [EMAIL PROTECTED] wrote: Hi, I wondering if it's really so good to use Tomcat behind a real web server like Apache or IIS. In my Tomcat 5 book there are two reasons to do it so: 1. Tomcat is not as secure as common web servers, especially if you want to use CGI and SSI (I don't think I want to) 2. Tomcat is slow delivering static content. Well, as long it's just planned to use only 1 server for my application, I don't think the both points are true for me. On the Tomcat site there's a note about performance: ... Not an easy question, I think that the answer to your question is a mix of personal preferences and, taking into account your application specifications, whether or not you need from apache something that you can't have with Tomcat. I personally started with an apache/tomcat/connector configuration because the same servers were already serving php/mysql and cgi applications. We moved then all the tomcat/jsp stuff to its own servers and I decided to remove apache because: - it was not required anymore (reason number one) and for me, the simpler you keep things, the more robust they are. Also, I'm quite paranoid and for me the less stuff you installed, the better - I had some problems with the mod_jk (timeouts) - we are not serving static content Regards, Ga�l As far as static content goes I don't think Apache is really faster, it will probably use less memory, but faster is in the details. At least not with the more recent Tomcat versions. 5.x.x versions that is. I think for anyone to say otherwise they need to have proof readily available and it be comprehensively comparative (or at least more than 1 configuration) ... not just some conceived notion that compiled C code is going to run faster than Java code (look at Transmeta processors if you need another example of a virtual machine and speed improvements http://www.transmeta.com/efficeon/codemorphing.html just for an example native vs. non-native and which is faster are all in the details as well). The java heap works differently from the C heap, and native instructions at runtime are organized differently. Some things are faster in Java and some are faster in C (depending on the optimizations of the java runtime and hardware ... obviously a purely interpreted runtime would be slower). Some information on the whole Java C thing: http://www.idiom.com/~zilla/Computer/javaCbenchmark.html For information about the Apache/Tomcat debate see: http://tomcat.apache.org/faq/performance.html#faster I think the main point and answer comes down to Gael's email (personal preferences and needs/which provides you the services and configurations you need). Wade - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as a standalone webserver. Why not?
If you are running a big site with multiple servers, you do NOT want to run Apache in front of your Tomcats - All that you do is increase latency, and half your performance. The HTTP connector in TC 5.x is more than adequate to deal with heavy traffic loads. To be honest, I try not to use Apache at all any more, and tend towards lighttpd - depending of course on the requirements. We deliver our images via a separate url ie: img.domain.com and www.domain.com. We have the images delivered via a lighttpd, and our dynamic content delivered via tomcat - we currently do our load balacing with an F5 BigIP for these two fully qualified host names. Yes - you can do all sorts of snazzy things with a proxy (like apache and mod_proxy/ mod_jk) out front - but I do not think it is worth the cost of the performance that is lost... We did some tests 2 years ago for our system and discovered, with Apache and TC running on the same machine With mod_jk, apache 2.0 and TC 5.0 50 requests/ sec With just TC5.0 100 request/ sec ... As for security - you have TC running in both cases - mod_jk passes the requests unfiltered straight through Therefore by adding Apache, you are only adding something else to go wrong - be broken - not solving any problems... Andrew On 01/06/2006, at 5:39 PM, Nikola Milutinovic wrote: --- Tim Funk [EMAIL PROTECTED] wrote: Personally - I like having apache in front of tomcat because I find it easier to do CGI, static content directory aliasing, and the volume of available modules to be very convenient. It also allows my site to be up with a higher uptime since I can restart / replace a tomcat and in those periods of downtime - I can reconfigure apache to have an outage message. Hi Tim. And all of you out there. There is one thing that keeps bothering me. I AM a configuration fanatic and when I build my own version of Apache (Tru64 UNIX, in case anyone is screaming use RPM!), I tend to build it loaded with modules, mod_jk1/2 included. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as a standalone webserver. Why not?
I'm gonna say that's quite a bit of myth here. If SSL is important, get a cheap SSL enabled router. Doing software SSL is waste of CPU power and impacts the server's stability. Anyone that has a lot of HTTPS traffic shouldn't be using software SSL in my bias opinion. If you are so desparate that you need software SSL, as remy says, there's APR. no need to stick apache httpd infront. my bias 2 bits on this topic peter On 6/1/06, Remy Maucherat [EMAIL PROTECTED] wrote: On 6/1/06, Michael Echerer [EMAIL PROTECTED] wrote: Danny Lee wrote: Hi guys! I wondering if it's really so good to use Tomcat behind a real web server like Apache or IIS. In case you have a lot of HTTPS traffic, you'll find that having Apache handle SSL is faster than the Java implementation that Tomcat can offer. IMHO for HTTP traffic performance is almost comparable as long as you don't need 100% perf, but for HTTPS Apache is definitely better already with not so many concurrent requests. Great post. And now, for the real information: http://tomcat.apache.org/tomcat-5.5-doc/apr.html :) -- x Rémy Maucherat Developer Consultant JBoss Inc x - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]