Irma Tröger wrote:
> Hi,
>
> we are currently planning a setup for a new application and decided to use
> Apache as Web Server and Tomcat as JSP/Servlet Engine.
>
> This is -so far- a pretty common way I guess. We now think about the
> environment to build up, because it has to be an application running SSL.
>
> We think about the following option:
> Apache will serve as a webserver inside a firewall.
> It will then forward requests to Tomcat which runs on a separate machine
> behind the firewall.
>
> QUESTION 1:
> Does anyone have experience with that ?
Well, we run a similar setup with Apache and JServ - separating web and app
servers is a pretty common strategy for scalability (whether Java based or
otherwise).
>
>
> QUESTION 2:
> If we think about not separating Apache and Tomcat onto two machines, what
> are the PROs and CONs for
> - SSL via Apache (and forwarding requests to tomcat !?)
> - SSL via Tomcat
No question, use Apache whichever way you slice it. The direct webserver
capability in any appserver is purely a testing toy, and is not intended to
be used in anger.
Keep them separate, and arrange things so that the appserver doesn't talk to
the firewall at all; it gives an extra layer of protection.
>
>
> QUESTION 3:
> Does anyone have major experience with the one or the other way ?
> ... Is the installation of the apache ssl module as easy as the
> documentation says ? ...
Relatively painless (we use mod_ssl / OpenSSL) and totally orthogonal to the
Java layer. The biggest headache we've had is getting the tuning right so
MSIE doesn't fall on its behind (there is some flakiness in its SSL
implementation)
>
> ... Which version of tomcat do you suggest ?
>
> Thanks for your answers !
>
> Irma
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
