-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Miguel,
On 8/22/12 5:04 AM, Miguel González Castaños wrote: > On 21/08/2012 17:00, Christopher Schultz wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> Miguel, >> >> On 8/21/12 6:25 AM, Miguel González Castaños wrote: >>> Dear all, >>> >>> I have a Tomcat web server. From time to time, I need to do >>> some maintenance and want people not to interact with the >>> Tomcat server while I'm doing it. The key thing here is that >>> the Tomcat server is up and running. This is what I want to >>> achieve: >>> >>> - I want all people to be redirected from 80/443 port at >>> server1 to a different URL http://server2/maintenance.html >>> except my IP address (so I can check Tomcat myself). >>> >>> - If possible, I want this to be transparent to the user, so >>> they get a http redirect showing the server1 in the client's >>> browser, not server2 (but this is not that important). >>> >>> I assume I can use iptables to redirect people to a different >>> web server, but how can I know that I need to redirect them to >>> the maintenance.html if that server is serving other web pages >>> too? >> I don't know if you want to add this kind of complication to >> your environment, but this is pretty much what mod_jk was built >> for: distributing requests to one or more back-end Tomcat >> servers. >> >> With mod_jk's management interface, you can take (load-balanced) >> workers out of a pool, upgrade them, then add them back to the >> pool. Before you add them back, you can always access them >> directly if you have set up an HTTP <Connector> and you can feel >> free to use any technique (iptables, bind to 127.0.0.1, etc.) to >> prevent direct access to the HTTP port from normal users. >> >> The use of Apache httpd out in front of your app server(s) also >> means that you can detect error conditions in the Tomcat instance >> (like it's crashed or whatever) and give a semi-nice error >> message instead of a connection failure. >> >> This is one of those situations where using Apache httpd out in >> front of Tomcat makes some sense: not for performance, but for >> availability. See Mladen's article with explains some of the why, >> what and how of setting up a mod_jk-based cluster: >> http://people.apache.org/~mturk/docs/article/ftwai.html > It makes sense. I will give it a thought. Unfortunately until we > migrate to a bigger server, I'm not sure the overhead of Apache is > too much. Although I know Apache is faster for static content. This is a common misconception: Apache httpd is *not* faster than Tomcat for static content when configured appropriately. The current default configuration is unfortunately much less optimized than Apache httpd's default configuration, so httpd beats Tomcat out-of-the-box. If you are going to end up fronting Tomcat with Apache httpd, it's probably worth your while to push your static content out to the httpd level so that you *can* serve your static content without proxying that stuff over to your Tomcat instances. That /will/ certainly improve performance given a two-tier setup. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlA1AJoACgkQ9CaO5/Lv0PANlwCgtFR4YnlMDlsH4Mb1qlb8iBjt pA8AmgP1RzyXWBNNY+n2L3pNSn7PrvAc =u3UR -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
