On Mon, 5 Sep 2011, Marvin Addison wrote:
Seems like a good day for a holy war. A good holy war always starts
out with a controversial if not inflammatory statement or claim:
Ha, I like your style! :)
Tomcat alone is sufficient as an enterprise servlet container and
nothing further is needed for an adequate HA solution in most cases.
Perhaps more controversial is an unstated implication: Apache httpd
has _no_ place in most enterprise HA setups for serving Spring-based
Web applications like CAS.
This point of view is relevant for CAS users since I'm planning to
discuss system architecture generally and servlet container
configuration specifically as part of a chapter on HA considerations
for the new CAS User Manual. I plan to make the above statement a
thesis of the discussion.
I'm hopeful the above statement is provocative enough to stimulate
some discussion on the matter; I'm particularly eager for dissenting
opinions. I would be especially grateful if you could back up you
opinions with analysis and/or data.
I prefer front-ending Tomcat with Apache httpd. I wonder if that is due
to my ignorance of Tomcat's features? Here are a few reasons:
1. Apache is a better *web server*. It has very useful features such as
URL rewriting and virtual hosts. Config changes can be made with a simple
reload.
2. Upgrading Tomcat or Java is sometimes necessary to fix security
vulnerabilities. Apache *seems* to be more secure (fewer security
updates) at this time. Some Tomcat and Java vulnerabilities can be
mitigated with Apache.
3. Using Apache gives me the ability to run multiple Tomcats behind a
single website (dev/prod). For example, I run 2 separate instances of
Tomcat on the same server: one for /cas and one for /cas-dev. If I did
not have Apache, I would need a second hostname for the DEV instance (and
another SSL certificate).
4. With Apache in front, a misbehaving webapp doesn't take down the
webserver (e.g. Java heap out of memory).
Java and Tomcat are still fairly new to me, but I'm very comfortable
configuring and running Apache in a wide variety of deployments. Maybe
I'll get to the same place with Tomcat someday!
On a somewhat related note, one of our vendor's support personnel pointed
me to an excellent Tomcat monitoring tool called Lambda Probe
(http://www.lambdaprobe.org). It deploys as a webapp in Tomcat and
provides a wealth of monitoring capabilities, including the equivalent of
Apache's /server-status.
Andy
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
