It is a great idea to front Tomcat with Apache httpd

There are many benefits to front Tomcat with httpd, chief among them are:

  • Allow Tomcat to stay behind firewall

It mitigates a big security problem for Tomcat based web applications. httpd and Tomcat can be separated to run on different machines. Thus it’s possible to put the sever that hosts httpd in DMZ and leave the server that hosts tomcat behind a more secure firewall, so that it can happily make connections to the heavily guarded database servers or the ultra sensitive enterprise directories, which in turns make the ‘paranoid’ security folks happy. The security folks have every reasons to be paranoid, by the way.

A bit of anecdotal experience. One Java bases system that we built had exactly the same issue as mentioned above. Then mod_proxy_ajp wasn’t available and httpd’s proxy ability wasn’t as good. We had to leave Tomcat in DMZ where the web app can’t access database. To get around the issue, we built another standalone java server and ran it behind the internal firewall. Web app connected to it via RMI. This actually led to another issue. We planed to use Hibernate as our ORM layer. It didn’t work out as you can’t do lazy loading over RMI. Eventually we settled for iBatis. In retrospect, we wouldn’t need to go through this had we been able to front tomcat with httpd. When we do a major upgrade to this system, we will most likely to get rid of RMI and may try hibernate again.

That being said, a lot of our systems’ architecture is using httpd/tomcat combination. It has worked beautifully for us.

  • Use httpd as load balancer

Httpd can be configured to connected to multiple Tomcat instances and load balances the traffic amongst the tomcat cluster. The service can be scaled horizontally easily, with sticky session and session replica support.

  • Off load static content, SSL, compression etc to httpd

With the improvement of JVM and Tomcat itself, Tomcat’s performance as a web server had improved dramatically and is compatible with httpd. But still it is better to let it do what it’s best at: Servlet Container. And leave the other stuff to httpd.

We haven’t seen any performance issues in our production environment. But I recently bumped into the following: “Whatever you do, using Apache HTTPD to proxy your requests should be avoided at all costs, as it will decrease your performance by nearly 50%.” @ http://www.mulesoft.com/tomcat-performance. And it’s the first question I have asked over @ StackOverflow: Is it a bad idea to use Apache HTTPD to proxy Tomcat? The responses I have got is “No, not at all”, it’s quite the opposite actually and it is recommended to front Tomcat with httpd. I think mulesoft made the statement without supporting facts, which is a quite disappointing thing, as I respect Mulesoft tremendously for its core software: Mule.

Advertisements
This entry was posted in JAVA, OPEN SOURCE and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s