I'm wondering what the valid reasons are these days for fronting a web application running in Tomcat with Apache (httpd). Any truly static content we're delivering from AmazonS3. It just seems to me that Apache is just an extra process at this point when every bit of traffic is forwarded to Tomcat. Any insight is appreciated.
A number of places I worked did this simply because Apache was deemed faster (rightly? Not sure.) than Tomcat at serving static resources. If the static resources come from somewhere else, that reasoning falls through.
Another place needed PHP support.
But most of the time I think that the reason is "We've always done it that way."
The only other reason I can think of is that on our dev/staging servers we added basic auth in the apache config to lock down access to the application since they are public domains. This security is completely seperate from the web applications security. And I don't know how to do that in Tomcat.
I think the place I'm doing some contract work for fronts with Apache for those types of security facilities. (But I tend to distrust the reasonings of the outfit that they're using for their IT as they've proven themselves to be the Marx Brothers on more than one occasion.)
Rob Spoor wrote:The only reason we've done it is to add load balancing to Tomcat.
Can you expand on that?
We have a clustered application (purchased) but it isn't load balanced. We put an Apache HTTPD server in front of it with mod_jk acting as load balancer. Our worker.properties file:
Any hit to the Apache server will end up at either of the two Tomcat instances, with session persistence enabled.
Perhaps the most important reason to put Apache in front of Tomcat is that Apache can safely receive on port 80 and 443 without running as root. Tomcat cannot. So if you want to use the standard ports, proxy Tomcat or open up a major security vulnerability.
The idea that Apache can serve static content faster than Tomcat is one that needs to be taken out back and shot. Up until about Tomcat 4, yes, that was true, but reportedly since then improvements in Tomcat mean that there's little difference. If in doubt (and if it's important), measure, but this is mainly a bit of obsolete wisdom, that like all obsolete wisdom does more harm than good.
Other reasons for running Apache as a front for Tomcat:
* "One stop shopping" for multiple Tomcat servers running different apps
* load balancing for multiple Tomcat servers running the same apps
* Proxy access to Tomcat servers behind a firewall
* Normalization of URLs to hide the normal port and application context paths. General URL rewriting.
* More "One stop shopping". You can run a mix of J2EE and non-J2EE apps (cgi, PHP, Python and so forth) all from the same host.
Sometimes the only way things ever got fixed is because people became uncomfortable.