One thing architecturally and security-wise about having Apache front Tomcat
should also be mentioned. Apache provides native code for serving up HTTP
1.1 (is Tomcat at 1.1 yet, or still 1.0?) which means images and such are
transferred much more efficiently. This is also particularly true for SSL
code.
But the separation makes it easier to put the application server on a box
that is not directly connected to the Internet. Architecturally speaking,
this is a huge advantage since you don't generally want your application
code to be so vulnerable to attacks. Using mod_jk, you can put Tomcat on a
private network with a firewall that limits access very tightly -- only
allowing connections FROM the web server using the 8007/8009 ports (if
that's what you use). This is much more restrictive than needing to allow
ports 80/443 from ANY computer in the world. It also means that a hacker
has to get through two layers of your system before they can reach the
"gold," such as modifying JSP pages for graffiti or getting to your
database.
David
