On Mon, Apr 28, 2008 at 11:27:09AM -0400, Larry Prikockis wrote: > I know the latest edition of the O'Reilly Tomcat book by Brittain and > Darwin strongly advocates the use of standalone Tomcat as opposed to the > traditional httpd->Tomcat approach, but this seems to be somewhat of a > paradigm shift for most people. I'm interested in hearing what the wider > community thinks...
"Always do this" vs. "never do this" is a little oversimplified. Some sites will have reasons to run HTTPD anyway, for example, so then you get to choose between using an odd port for Tomcat and front-ending with HTTPD. There might be other reasons (like I *loathe* keytool, for example). > Specifically, we have a webapp on a Windows 2003 server that utilizes > Apache 2.2 SSL as a frontend and mod_proxy_ajp to send requests to Tomcat > 5.5.17 (on the same server). By eliminating the Apache frontend and just > using a Tomcat SSL connector directly, we saw performance increases that > absolutely dwarfed (400+%) everything else we were achieving by tuning > various connection parameters of Apache httpd and Tomcat. That's certainly worth thinking about. What exactly do you mean by "performance"? o round-trip time for a single transaction? o throughput (pour in transactions as fast as the system will take them, for (say) an hour, and measure how many you completed per second)? o processor utilization under typical load? o something else? > My questions: > 1) Any thoughts on why the Apache SSL -> Tomcat combination should be so > much slower? Back-resolving client addresses to names for some reason? (Check your logging directives, for example.) Not enough entropy? Check your random-number generator setup. Some generators will stall until they can gather enough randomness to provide a good result; others will do the best they can immediately; some will mix several sources to produce pretty-good results even when the blocking sources are exhausted. HTTPD is probably using OpenSSL facilities plus its own "mixer", and I don't know what your JRE uses. If your processor provides a source of randomness that you trust, be sure it's being used, since a number of sources (keyboard and mouse event timing, for example) are of little use on a server. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Typically when a software vendor says that a product is "intuitive" he means the exact opposite.
pgp2vpuHoRzKA.pgp
Description: PGP signature
