It is easier to follow the conversation if questions/responses follow in a
logical order.
In other words, please do not "top-post".
Asha K S wrote:
Hi,
Thank you all for helping me in this regard. Can you please point me to
documentation which helps me configure https between Apache and Tomcat.
Also in AJPv13 extensions proposal
(http://tomcat.apache.org/connectors-doc/ajp/ajpv13ext.html) one add on suggests
"Basic authorisation system, where a shared secret key is present in web server and
servlet engine" do we know if this is still under consideration.
As far as I know, this exists already, at least with mod_jk.
Look at the documentation for the mod_jk connector , and at the AJP <Connector>
documentation in Tomcat.
I don't know about mod_proxy_ajp.
Thanks,
Asha
-----Original Message-----
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Wednesday, November 23, 2011 3:19 AM
To: Tomcat Users List
Subject: Re: tomcat http connector
Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Asha,
On 11/22/11 2:15 AM, Asha K S wrote:
Is there any performance comparison document available already
between http and AJP
It should be easy to test in your own environment.
If you are using AJP through another web server, the overhead of the
server itself is obviously non-zero.
If you're asking about connecting httpd and Tomcat via HTTP or AJP,
then you'll have to do your own testing. I'm not sure there are any
current performance comparisons out there.
If you are using HTTPS in to Tomcat (that is, terminating SSL at
httpd, then using HTTPS between httpd and Tomcat) then you definitely
want to use the APR (aka "native") connector as it's crypto
implementation is much faster than the Java one.
Addendum : but if you do the above, and you are looking for performance, then you should
at least think of what it means :
browser (1) <-- HTTPS A --> (2) Apache (3) <-- HTTPS B --> (4) Tomcat
(1) encryption (by the browser)
(2) decryption (by Apache)
(3) encryption (by Apache)
(4) decryption (by Tomcat)
encryption/decryption is a CPU-intensive process, so you will want to do it only where it
is necessary. If the link between Apache and Tomcat is "safe" (in other words, they are
both on the same host, or the link is a safe internal network), then you probably do not
want to use HTTPS there.
Even if the link between Apache and Tomcat is unencrypted HTTP (or AJP), you can still
pass information from Apache to Tomcat about the browser/Apache HTTPS connection, if you
need to.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
