Christopher, thank you for your reply, yes, maybe on http://tomcat.apache.org/tomcat-7.0-doc/connectors.html could be a few more simple words about this concepts, I was mislead by
*The native connectors supported with this Tomcat release are: * - *JK 1.2.x with any of the supported servers* - *mod_proxy on Apache HTTP Server 2.x (included by default in Apache HTTP Server 2.2), with AJP enabled* was placed under AJP, noot in separate section, It also seemed to me, that these are some other types of connectors, different from ajp and http, I alos somehow haven't caught word 'native' as adjective but now, after your and Andre explanation it is quite clear *and a few other things (like SSL details if Apache httpd is doing SSL-termination) back to the Java server.* 1) could you please expand this topic ? 2) what is SSL-termination ? 3) in case of ajp, httpd uncipher https, and sends normal http to Tomcat ? 4) and how is it in case of mod_proxy_http ? does httpd see what is it forwarding, or only Tomcat see the content ? 5) how is https treated by these protocols ? 6) it seems to me, that in case of ajp communication between Tomcat and httpd cannot be ciphered, and in case of http it can be ciphered, right ? 7) but if it is true, with mod_proxy_http what cipher is it, internal cipher between Tomcat and httpd, and than httpd cipher with external certificate visible to client, 8) or tomcat do the target ciphering, and httpd gets ciphered packets and only forwards them to client browser ? regards Jakub On Wed, Apr 10, 2013 at 6:27 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Jakub, > > While André has already answered, I think it's worth re-iterating what > everything is, here. See below. > > On 4/9/13 11:03 AM, Jakub 1983 wrote: > > 2) what does "native connectors" mean here ? > > A "native connector" is the native (i.e. non-Java) component that > actually runs in the web server. This piece of the puzzle is > completely outside of Tomcat. > > > 3) what is JK ? and what is mod_proxy ? are both of them some > > alternative implementations of ajp ? who uses them, tomcat or > > apache http*d* web server ? > > Yes, "JK" (formally "mod_jk") and mod_proxy are alternatives, both of > which are modules that you be loaded into Apache httpd. (mod_jk also > includes components that can be used in Microsoft IIS and a few other > web servers, too, while mod_proxy is IIRC strictly for Apache httpd). > > (Note that mod_jk always speaks the AJP protocol while mod_proxy can > use either HTTP or AJP... we'll get to that, later.) > > > 5) how should I define JK connector ? > > The connector that you configure needs to speak the protocol of the > native component. If you have used mod_jk or mod_proxy in it's "AJP" > flavor, then you'll want to configure a connector with the "AJP" > protocol, like this: > > <Connector protocol="AJP/1.3" ... /> > > (You'll also have to provide the port number and any other > configuration you want. Merely specifying protocol="AJP/1.3" selects > the connector that can speak AJP".) > > If you want to choose a specific implementation of connector (see > below), you can provide any of these explicit implementations: > > org.apache.coyote.ajp.AjpProtocol - blocking Java connector > org.apache.coyote.ajp.AjpNioProtocol - non blocking Java connector > org.apache.coyote.ajp.AjpAprProtocol - the APR/native connector > > > 6) what JK has to do with AJP ? > > mod_jk speaks "AJP" which stands for "Apache JServ Protocol". It's a > throwback from when Tomcat was called "Apache JServ" and the protocol > was invented to allow Apache httpd to talk to Apache JServ. It > basically forwards HTTP headers, request-bodies, and a few other > things (like SSL details if Apache httpd is doing SSL-termination) > back to the Java server. > > > 7) which terms concern tomcat and which apache httpd server ? > > AJP is a protocol used by both sides. Everything else is separate. > > > 8) where is *APR* in above context ? > > The waters get a little muddy, here, because APR stands for Apache > Portable Runtime. It's a library that the ASF uses for a few projects, > including Apache httpd. Tomcat has an optional native module that can > use the same library to do some high-performance stuff that Java can't > do, such as native sockets and OpenSSL integration (using OpenSSL for > crypto is measurably faster than using Java's JSSE to do the same task). > > Tomcat provides an optional set of "native" connector called the "APR" > connector because it's based upon the APR library. There are > connectors for HTTP(S) and AJP. So, you can mix-and-match HTTP/AJP > protocols with BIO/NIO/APR connectors. > > > 9) how do I define APR connector (is it possible)? > > You can set the "protocol" attribute to the class you want to use as > your connector, like this: > > protocol="org.apache.coyote.ajp.AjpAprProtocol" > > This will select the APR-based (native) connector that speaks AJP. > > protocol="org.apache.coyote.ajp.Http11AprProtocol" > > This will select the APR-based (native) connector that speaks HTTP. > > > 10) > > > http://tomcat.apache.org/tomcat-7.0-doc/apr.html#APR_Connectors_Configurationstates > : > > > > *AJP* > > > > For AJP configuration, see the > > AJP<http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html>connector > > > > > configuration documentation. > > > > it redirects to > > http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.htmlwhich > > states nothing about apr, so what is apr ? > > Sure it does: > > http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html#APR/native_specific_configuration > > > 11 how can it be put simple in several words ? > > Unfortunately, it's not a simple subject. Perhaps more care could be > given when explaining these things in the documentation. Which page do > you think would benefit from a better introduction to all these concepts? > > http://tomcat.apache.org/tomcat-7.0-doc/connectors.html ? > > Unfortunately, things get even more confusing when you introduce the > concept of asynchronous dispatch, because the different connectors > behave somewhat differently under those circumstances (e.g. the BIO > connector does not actually allow non-blocking, asynchronous > communication). > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJRZZL3AAoJEBzwKT+lPKRYFFIP/1oXukHpcyzSehazEBv+6Wlh > HWm8QWlZhO+Si+aMNIZ5f/WsMNzD0r+X4GF43tH4yEizw0yKXX40xvXOgXv+fQBR > HabcjQId+JovZuNHOh8NeQL4j+NRKoKMkn8OS7XPOcCr+XLdp+wo7sfRH/7D+FiM > PsDQIEle07lv64WZbWAiiJUzCJDG2Sg35kotjpks/1bXfArwANALgmOvPuLwW72B > 21wIMPClCnWrlaHqLmrRlJdT97BeeKHFIvq1uDTTnHlPm2M+7W7yIWoMVW1L7J1R > Vi5B9UJBxPh2liNz08lA9cf4jI9ikhBog+CZLoJ49cc/htHZsykOP3yivzmr/1BS > Udwlec6FEjt6u9fuHXcDs6M61M40dtSvbjlCinkwtA0Pp4t6oUTZerqam9Ekl7Ve > pSu/CnBL/NszGpyribg+FfamYan71N54ULG1mQN+IMoAjiYTUkZZJP+khLYzaZd3 > PoqqUhG7pEm5IZ5E4HQCqU7e1iR/qvnlH43YDA8wBal7op04/sTXnNaVyERrZIkb > Yww+iQVwthApnvX8VGhXchS1rJkX0B69/UdN/kUHtaSLXiEjaxIsBQAFe7hhI4gZ > 9rmaqmJSMvXns3WI5w64PvGgw+Xz6AZleCH0sFEWu/nHgWyEi8bocJ2UqoX/+7sy > KhNTWWR3ugQV6diuvo3K > =rpG5 > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
