AW: AW: mod_jk2 Ready/Recommended For Production?
Hi > However, here's an interesting/fairly recent thread: > http://marc.theaimsgroup.com/?l=tomcat-user&m=106036177509367&w=2 30K file: Server #of Samples Average Deviation Median Apache 1000 182ms 277 90 Tomcat 1000 185ms 249 80 And that way 4.1.27, over which 5.x improved! I agree that I should not hide the result for small files (82byte): Server #of Samples Average Deviation Median Apache 1000 17ms2510 Tomcat 1000 29ms4410 But still 5.x has improved and 82byte files are rare. And remember, that this is the result of pure-apache against pure-tomcat for static files. It is wrong to assume that dynamic files are equally fast comparing tomcat with tomcat/apache. apache/mod_jk add overhead to the process and thus slow down tomcat. And since static files can be cached while dynamic ones cannot, that overhead overhelms the IMHO little speed saving of apache for static files. just my $0,03. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
Re: AW: mod_jk2 Ready/Recommended For Production?
I have not run benchmarks, no... thus the likely... which is based on past articles and discussions. However, here's an interesting/fairly recent thread: http://marc.theaimsgroup.com/?l=tomcat-user&m=106036177509367&w=2 Thank you, -Raiden Johnson On Thu, 14 Oct 2004, Steffen Heil wrote: > Hi > > > Apache is likely much better than tomcat in serving static content, ... > > I assume you cannot prove that, right? > > Regards, > Steffen > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: mod_jk2 Ready/Recommended For Production?
Hi > Apache is likely much better than tomcat in serving static content, ... I assume you cannot prove that, right? Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
RE: mod_jk2 Ready/Recommended For Production?
On a somewhat related note; Anyone have best practices/recommendations on handling traditional .htaccess control on content? I don't particularly care to have the 2 separate layers of security, purely from an ease of administration perspective. .htaccess controls are totally bypassed when requesting content handled by Tomcat. For example, simply clicking cancel during the authentication dialog box will still present the default index.jsp page, or ignored all together if requesting the .jsp directly. In addition to creating the .htaccess, you then must also create your Tomcat Security Realm. Is there anyway to have Apache & Tomcat use the same user/pass file? Can a Realm be created that is simply; username:MD5 encrypted password (such as the format of .htaccess) I'd rather not have to go to the extent of creating user/password pairs in a database, then setting up something like mod_auth_mysql and JDBC for centralized authentication (is this even possible?). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, October 14, 2004 2:27 PM To: Tomcat Users List Subject: RE: mod_jk2 Ready/Recommended For Production? I have been using mod_jk2 for a couple of years now, and I have not had to compile it, either. I use it on Linux production systems... (currently I am using Redhat Enterprise Linux and the Fedora binary). The biggest problem has always been extremely poor documentation. However, the Fedora download has a directory structure that quickly shows you where to place the needed files. I was setup in less than 30 seconds. I am a big fan of a 3-tier architecture. I think it's important to have web requests intercepted on one layer, and only handed off to the processing layer (tomcat) when need be. Apache is likely much better than tomcat in serving static content, and even though tomcat has lots of security, I feel much more comfortable with Apache being at the front door, because of its extremely wide use and history. -Raiden Johnson On Thu, 14 Oct 2004, Angus Mezick wrote: > I have been using mod_jk2 for a long time now. I have no idea why so > many people dislike it (well, after they get it compiled that is). I > might just be blessed in that I run on win2k servers and can just get > the binary for mod_jk2. I have never had to deal with the pain of > compiling this thing. It is working great for me on a rather busy > little cluster of servers. > --Angus > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, October 13, 2004 7:27 PM > > To: Tomcat Users List > > Subject: Re: mod_jk2 Ready/Recommended For Production? > > > > > > Boy am I confused now. If mod_jk2 is dead, so what is everyone using? > > Still using just the first mod_jk? I had just gotten > > everythign working > > with mod_jk2 - more or less- but configurationwise mod_jk2 is > > a pain since > > the syntax was completely changed and requires you to map > > every nook and > > cranny. > > > > John > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mod_jk2 Ready/Recommended For Production?
I have been using mod_jk2 for a couple of years now, and I have not had to compile it, either. I use it on Linux production systems... (currently I am using Redhat Enterprise Linux and the Fedora binary). The biggest problem has always been extremely poor documentation. However, the Fedora download has a directory structure that quickly shows you where to place the needed files. I was setup in less than 30 seconds. I am a big fan of a 3-tier architecture. I think it's important to have web requests intercepted on one layer, and only handed off to the processing layer (tomcat) when need be. Apache is likely much better than tomcat in serving static content, and even though tomcat has lots of security, I feel much more comfortable with Apache being at the front door, because of its extremely wide use and history. -Raiden Johnson On Thu, 14 Oct 2004, Angus Mezick wrote: > I have been using mod_jk2 for a long time now. I have no idea why so > many people dislike it (well, after they get it compiled that is). I > might just be blessed in that I run on win2k servers and can just get > the binary for mod_jk2. I have never had to deal with the pain of > compiling this thing. It is working great for me on a rather busy > little cluster of servers. > --Angus > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, October 13, 2004 7:27 PM > > To: Tomcat Users List > > Subject: Re: mod_jk2 Ready/Recommended For Production? > > > > > > Boy am I confused now. If mod_jk2 is dead, so what is everyone using? > > Still using just the first mod_jk? I had just gotten > > everythign working > > with mod_jk2 - more or less- but configurationwise mod_jk2 is > > a pain since > > the syntax was completely changed and requires you to map > > every nook and > > cranny. > > > > John > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mod_jk2 Ready/Recommended For Production?
Run it as a daemon then you can run it as a non root user with permissions on port 80 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 14 October 2004 15:20 To: Tomcat Users List Subject: RE: mod_jk2 Ready/Recommended For Production? Yes for static, but what about port 80? John > Dangerous. > > You should run tomcat as a non-root user, no login, no shell. The reason > Apache is involved is because we want Apache to serve static pages. > > -Original Message- > From: Mike Millson [mailto:[EMAIL PROTECTED] > Sent: October 14, 2004 9:58 AM > To: Tomcat Users List > Subject: Re: mod_jk2 Ready/Recommended For Production? > > > On Thu, 2004-10-14 at 05:56, Antony Paul wrote: >> Do you mean Apache dont have any security holes. I dont know about >> hacking a system. But in terms of security Tomcat is far better than >> Apache since it dont have any security vulnerabilities. >> > > But if you run tomcat standalone, you have to run tomcat as root. Apache > does not run as root, so if you run Apache in front of tomcat, you can > avoid > exposing the root account. > > Mike > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > !DSPAM:416e85e7242988496385758! > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any opinions expressed in this E-mail may be those of the individual and not necessarily the company. This E-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this E-mail in error and that any use or copying is strictly prohibited. If you have received this E-mail in error please notify the beCogent postmaster at [EMAIL PROTECTED] Unless expressly stated, opinions in this email are those of the individual sender and not beCogent Ltd. You must take full responsibility for virus checking this email and any attachments. Please note that the content of this email or any of its attachments may contain data that falls within the scope of the Data Protection Acts and that you must ensure that any handling or processing of such data by you is fully compliant with the terms and provisions of the Data Protection Act 1984 and 1998. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mod_jk2 Ready/Recommended For Production?
If you want access to some of apaches more advanced features, yup, you need apache infront of tomcat. --Angus > -Original Message- > From: Peng Tuck Kwok [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 12, 2004 11:59 PM > To: Tomcat Users List; [EMAIL PROTECTED] > Subject: Re: mod_jk2 Ready/Recommended For Production? > > > Do you really need to put apache in front of tomcat ? Standalone > tomcat (since ver 4.x) > has always been pretty good in terms of performance > > > On Tue, 12 Oct 2004 22:07:34 -0400, Mike Millson > <[EMAIL PROTECTED]> wrote: > > The Tomcat FAQ page still says that "mod_jk is great and > should be used > > for production" and mod_jk2 "may not be production worthy > for everyone." > > > > http://jakarta.apache.org/tomcat/faq/connectors.html#vs > > > > Is this still accurate, or is mod_jk2 now ready/recommended for > > production? > > > > Thank you, > > Mike > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mod_jk2 Ready/Recommended For Production?
I have been using mod_jk2 for a long time now. I have no idea why so many people dislike it (well, after they get it compiled that is). I might just be blessed in that I run on win2k servers and can just get the binary for mod_jk2. I have never had to deal with the pain of compiling this thing. It is working great for me on a rather busy little cluster of servers. --Angus > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 13, 2004 7:27 PM > To: Tomcat Users List > Subject: Re: mod_jk2 Ready/Recommended For Production? > > > Boy am I confused now. If mod_jk2 is dead, so what is everyone using? > Still using just the first mod_jk? I had just gotten > everythign working > with mod_jk2 - more or less- but configurationwise mod_jk2 is > a pain since > the syntax was completely changed and requires you to map > every nook and > cranny. > > John > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mod_jk2 Ready/Recommended For Production?
Yes for static, but what about port 80? John > Dangerous. > > You should run tomcat as a non-root user, no login, no shell. The reason > Apache is involved is because we want Apache to serve static pages. > > -Original Message- > From: Mike Millson [mailto:[EMAIL PROTECTED] > Sent: October 14, 2004 9:58 AM > To: Tomcat Users List > Subject: Re: mod_jk2 Ready/Recommended For Production? > > > On Thu, 2004-10-14 at 05:56, Antony Paul wrote: >> Do you mean Apache dont have any security holes. I dont know about >> hacking a system. But in terms of security Tomcat is far better than >> Apache since it dont have any security vulnerabilities. >> > > But if you run tomcat standalone, you have to run tomcat as root. Apache > does not run as root, so if you run Apache in front of tomcat, you can > avoid > exposing the root account. > > Mike > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > !DSPAM:416e85e7242988496385758! > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mod_jk2 Ready/Recommended For Production?
Dangerous. You should run tomcat as a non-root user, no login, no shell. The reason Apache is involved is because we want Apache to serve static pages. -Original Message- From: Mike Millson [mailto:[EMAIL PROTECTED] Sent: October 14, 2004 9:58 AM To: Tomcat Users List Subject: Re: mod_jk2 Ready/Recommended For Production? On Thu, 2004-10-14 at 05:56, Antony Paul wrote: > Do you mean Apache dont have any security holes. I dont know about > hacking a system. But in terms of security Tomcat is far better than > Apache since it dont have any security vulnerabilities. > But if you run tomcat standalone, you have to run tomcat as root. Apache does not run as root, so if you run Apache in front of tomcat, you can avoid exposing the root account. Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:416e85e7242988496385758!
AW: mod_jk2 Ready/Recommended For Production?
Hi > But if you run tomcat standalone, you have to run tomcat as root. NO. There are ways to run tomcat using jsvc and others. Search the archive - I haven't done so myself yet. > Apache does not run as root, so if you run Apache in front of tomcat, you can avoid exposing the root account. And opening a lot of other possible security issues. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
Re: mod_jk2 Ready/Recommended For Production?
On Thu, 2004-10-14 at 05:56, Antony Paul wrote: > Do you mean Apache dont have any security holes. I dont know about > hacking a system. But in terms of security Tomcat is far better than > Apache since it dont have any security vulnerabilities. > But if you run tomcat standalone, you have to run tomcat as root. Apache does not run as root, so if you run Apache in front of tomcat, you can avoid exposing the root account. Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk2 Ready/Recommended For Production?
Do you mean Apache dont have any security holes. I dont know about hacking a system. But in terms of security Tomcat is far better than Apache since it dont have any security vulnerabilities. rgds Antony Paul On Thu, 14 Oct 2004 04:41:53 -0400 (EDT), Alex <[EMAIL PROTECTED]> wrote: > > From a security point of view, leaving tomcat hanging out there is one > tier less a malicious person would be faced with hacking...three tiers is > a nice simple security solution. $0.02. > > On Wed, 13 Oct 2004, Peng Tuck Kwok wrote: > > > Date: Wed, 13 Oct 2004 11:59:28 +0800 > > From: Peng Tuck Kwok <[EMAIL PROTECTED]> > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]>, > > Peng Tuck Kwok <[EMAIL PROTECTED]> > > To: Tomcat Users List <[EMAIL PROTECTED]>, > > [EMAIL PROTECTED] > > Subject: Re: mod_jk2 Ready/Recommended For Production? > > > > Do you really need to put apache in front of tomcat ? Standalone > > tomcat (since ver 4.x) > > has always been pretty good in terms of performance > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk2 Ready/Recommended For Production?
>From a security point of view, leaving tomcat hanging out there is one tier less a malicious person would be faced with hacking...three tiers is a nice simple security solution. $0.02. On Wed, 13 Oct 2004, Peng Tuck Kwok wrote: > Date: Wed, 13 Oct 2004 11:59:28 +0800 > From: Peng Tuck Kwok <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]>, > Peng Tuck Kwok <[EMAIL PROTECTED]> > To: Tomcat Users List <[EMAIL PROTECTED]>, > [EMAIL PROTECTED] > Subject: Re: mod_jk2 Ready/Recommended For Production? > > Do you really need to put apache in front of tomcat ? Standalone > tomcat (since ver 4.x) > has always been pretty good in terms of performance - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mod_jk2 Ready/Recommended For Production?
It is still in development so not dead by any means. It's only a couple of months since 2.04. I'm using it without problems and shall keep doing so until a better alternative becomes available. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 14 October 2004 00:27 To: Tomcat Users List Subject: Re: mod_jk2 Ready/Recommended For Production? Boy am I confused now. If mod_jk2 is dead, so what is everyone using? Still using just the first mod_jk? I had just gotten everythign working with mod_jk2 - more or less- but configurationwise mod_jk2 is a pain since the syntax was completely changed and requires you to map every nook and cranny. John - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any opinions expressed in this E-mail may be those of the individual and not necessarily the company. This E-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this E-mail in error and that any use or copying is strictly prohibited. If you have received this E-mail in error please notify the beCogent postmaster at [EMAIL PROTECTED] Unless expressly stated, opinions in this email are those of the individual sender and not beCogent Ltd. You must take full responsibility for virus checking this email and any attachments. Please note that the content of this email or any of its attachments may contain data that falls within the scope of the Data Protection Acts and that you must ensure that any handling or processing of such data by you is fully compliant with the terms and provisions of the Data Protection Act 1984 and 1998. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk2 Ready/Recommended For Production?
Boy am I confused now. If mod_jk2 is dead, so what is everyone using? Still using just the first mod_jk? I had just gotten everythign working with mod_jk2 - more or less- but configurationwise mod_jk2 is a pain since the syntax was completely changed and requires you to map every nook and cranny. John - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk2 Ready/Recommended For Production?
On Wed, 2004-10-13 at 13:42, Joseph Shraibman wrote: > From the tomcat-devel list: > > >> So is JK2 dead because of proxy_ajp? Why doesn't JK2 just replace JK? > >> > Ah, I see. This message from tomcat-devel shows the JK ToDo list: http://www.mail-archive.com/[EMAIL PROTECTED]/msg63908.html It is indeed dead. It looks like the plan is to roll jk2 features into jk. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk2 Ready/Recommended For Production?
From the tomcat-devel list: >> So is JK2 dead because of proxy_ajp? Why doesn't JK2 just replace JK? >> JK2 is dead because (like mod_webapp before it :), it failed to attract a community interested in maintaining it. You might as well ask 'why doesn't mod_webapp just replace JK?' For some reason the online archive at http://www.mail-archive.com/[EMAIL PROTECTED]/ only has messages through the 8th, and that was posted on the 11th. Mike Millson wrote: The Tomcat FAQ page still says that "mod_jk is great and should be used for production" and mod_jk2 "may not be production worthy for everyone." http://jakarta.apache.org/tomcat/faq/connectors.html#vs Is this still accurate, or is mod_jk2 now ready/recommended for production? Thank you, Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk2 Ready/Recommended For Production?
Do you really need to put apache in front of tomcat ? Standalone tomcat (since ver 4.x) has always been pretty good in terms of performance On Tue, 12 Oct 2004 22:07:34 -0400, Mike Millson <[EMAIL PROTECTED]> wrote: > The Tomcat FAQ page still says that "mod_jk is great and should be used > for production" and mod_jk2 "may not be production worthy for everyone." > > http://jakarta.apache.org/tomcat/faq/connectors.html#vs > > Is this still accurate, or is mod_jk2 now ready/recommended for > production? > > Thank you, > Mike > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk2 Ready/Recommended For Production?
On Tue, Oct 12, 2004 at 10:07:34PM -0400, Mike Millson wrote: : The Tomcat FAQ page still says that "mod_jk is great and should be used : for production" and mod_jk2 "may not be production worthy for everyone." : [snip] : Is this still accurate, or is mod_jk2 now ready/recommended for : production? Depends on who you ask. Reviewing the list archives, you'll see a fair number of problems with jk2. Some are related to pilot error, but a few issues stem from jk2 and APR (a required library) both being in flux. Then again, several people on the list have reported having no jk2 problems whatsoever. Knock on wood, I haven't seen any jk2 problems recently. Your decision will likely come down to: 1/ whether you want to take a crack at building jk2 yourself 2/ finding features you want that are in jk2 but not jk As I don't use jk2, I can't offer much help for #2. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
mod_jk2 Ready/Recommended For Production?
The Tomcat FAQ page still says that "mod_jk is great and should be used for production" and mod_jk2 "may not be production worthy for everyone." http://jakarta.apache.org/tomcat/faq/connectors.html#vs Is this still accurate, or is mod_jk2 now ready/recommended for production? Thank you, Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]