Re: Mod_JK vs Mod_Proxy
Jon, On 12/7/22 19:36, jonmcalexan...@wellsfargo.com.INVALID wrote: I get it and agree, but it does just add unnecessary complexity also. In my case, I find it necessary to encrypt ;) There are some reasons I can't move to mod_proxy_* yet, so it's a /necessary/ complexity for me. -chris -Original Message- From: Christopher Schultz Sent: Wednesday, December 7, 2022 4:54 PM To: Tomcat Users List ; jonmcalexan...@wellsfargo.com.INVALID Subject: Re: Mod_JK vs Mod_Proxy Jon, On 12/6/22 16:22, jonmcalexan...@wellsfargo.com.INVALID wrote: What, pray tell, is an encrypted AJP connection? Are you talking AJP over an SSH Tunnel (Stunnel)? Exactly. It's absolutely cheating, but it achieves the goal :) -chris -Original Message- From: Christopher Schultz Sent: Tuesday, December 6, 2022 3:01 PM To: users@tomcat.apache.org Subject: Re: Mod_JK vs Mod_Proxy Jon, On 12/6/22 12:36, jonmcalexan...@wellsfargo.com.INVALID wrote: IMHO, switching to mod_proxy, and using it over SSL, is by far better than using mod_jk or mod_ajp, primarily as mod_proxy allows for secure proxy connection, whereas mod_jk and mod_ajp aren't "secure" as they are not encrypted channels. While this is true (and supports my assertion that everyone should migrate), it doesn't preclude the use of encrypted AJP connections. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Mod_JK vs Mod_Proxy
I get it and agree, but it does just add unnecessary complexity also. Have a Happy!!! Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. > -Original Message- > From: Christopher Schultz > Sent: Wednesday, December 7, 2022 4:54 PM > To: Tomcat Users List ; > jonmcalexan...@wellsfargo.com.INVALID > Subject: Re: Mod_JK vs Mod_Proxy > > Jon, > > On 12/6/22 16:22, jonmcalexan...@wellsfargo.com.INVALID wrote: > > What, pray tell, is an encrypted AJP connection? Are you talking AJP > > over an SSH Tunnel (Stunnel)? > Exactly. It's absolutely cheating, but it achieves the goal :) > > -chris > > >> -Original Message- > >> From: Christopher Schultz > >> Sent: Tuesday, December 6, 2022 3:01 PM > >> To: users@tomcat.apache.org > >> Subject: Re: Mod_JK vs Mod_Proxy > >> > >> Jon, > >> > >> On 12/6/22 12:36, jonmcalexan...@wellsfargo.com.INVALID wrote: > >>> IMHO, switching to mod_proxy, and using it over SSL, is by far > >>> better than > >> using mod_jk or mod_ajp, primarily as mod_proxy allows for secure > >> proxy connection, whereas mod_jk and mod_ajp aren't "secure" as they > >> are not encrypted channels. > >> > >> While this is true (and supports my assertion that everyone should > >> migrate), it doesn't preclude the use of encrypted AJP connections. > >> > >> -chris > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Mod_JK vs Mod_Proxy
Jon, On 12/6/22 16:22, jonmcalexan...@wellsfargo.com.INVALID wrote: What, pray tell, is an encrypted AJP connection? Are you talking AJP over an SSH Tunnel (Stunnel)? Exactly. It's absolutely cheating, but it achieves the goal :) -chris -Original Message- From: Christopher Schultz Sent: Tuesday, December 6, 2022 3:01 PM To: users@tomcat.apache.org Subject: Re: Mod_JK vs Mod_Proxy Jon, On 12/6/22 12:36, jonmcalexan...@wellsfargo.com.INVALID wrote: IMHO, switching to mod_proxy, and using it over SSL, is by far better than using mod_jk or mod_ajp, primarily as mod_proxy allows for secure proxy connection, whereas mod_jk and mod_ajp aren't "secure" as they are not encrypted channels. While this is true (and supports my assertion that everyone should migrate), it doesn't preclude the use of encrypted AJP connections. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Mod_JK vs Mod_Proxy
What, pray tell, is an encrypted AJP connection? Are you talking AJP over an SSH Tunnel (Stunnel)? Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. > -Original Message- > From: Christopher Schultz > Sent: Tuesday, December 6, 2022 3:01 PM > To: users@tomcat.apache.org > Subject: Re: Mod_JK vs Mod_Proxy > > Jon, > > On 12/6/22 12:36, jonmcalexan...@wellsfargo.com.INVALID wrote: > > IMHO, switching to mod_proxy, and using it over SSL, is by far better than > using mod_jk or mod_ajp, primarily as mod_proxy allows for secure proxy > connection, whereas mod_jk and mod_ajp aren't "secure" as they are not > encrypted channels. > > While this is true (and supports my assertion that everyone should migrate), > it doesn't preclude the use of encrypted AJP connections. > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Mod_JK vs Mod_Proxy
Jon, On 12/6/22 12:36, jonmcalexan...@wellsfargo.com.INVALID wrote: IMHO, switching to mod_proxy, and using it over SSL, is by far better than using mod_jk or mod_ajp, primarily as mod_proxy allows for secure proxy connection, whereas mod_jk and mod_ajp aren't "secure" as they are not encrypted channels. While this is true (and supports my assertion that everyone should migrate), it doesn't preclude the use of encrypted AJP connections. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Mod_JK vs Mod_Proxy
IMHO, switching to mod_proxy, and using it over SSL, is by far better than using mod_jk or mod_ajp, primarily as mod_proxy allows for secure proxy connection, whereas mod_jk and mod_ajp aren't "secure" as they are not encrypted channels. Again, just my .02 worth. Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. > -Original Message- > From: Christopher Schultz > Sent: Tuesday, December 6, 2022 11:21 AM > To: Tomcat Users List ; Mark H. Wood > > Subject: Re: Mod_JK vs Mod_Proxy > > Mark, > > On 12/6/22 08:48, Mark H. Wood wrote: > > On Mon, Dec 05, 2022 at 03:37:59PM -0500, Christopher Schultz wrote: > >> On 12/5/22 15:03, Cathy Spears wrote: > >>> Using Tomcat 8.5 and 9.0 with 32-bit Apache 2.4 and mod_jk. Are > >>> there benefits to using mod_proxy instead of mod_jk? Also, is there > >>> a planned end of life for mod_jk or will it continue to be supported > >>> for now? > >> Hopefully this will be helpful: > >> > >> > https://urldefense.com/v3/__https://tomcat.apache.org/presentations.h > >> tml*latest-migrate-ajp-http__;Iw!!F9svGWnIaVPGSwU!pPfhr06Y5US- > 4xynUlu > >> > 8MkDyH2IZQTGO7ONWfErKJXwgn3RbLTJLgtoDj19eKsXfa65gU91ozXFiavI > nikky > >> ekiHowkw$ > > > > I read this as a question about mod_proxy_ajp vs. mod_jk. > > I think I make the case that mod_proxy_ajp is a (slightly) better choice than > mod_jk in that presentation. > > > Happily using mod_proxy_ajp here for some years. Both work well but I > > very much prefer the way mod_proxy_ajp integrates with the proxy > > configuration in HTTPD. > > +1 > > And it doesn't require a custom-built add-on. > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Mod_JK vs Mod_Proxy
Mark, On 12/6/22 08:48, Mark H. Wood wrote: On Mon, Dec 05, 2022 at 03:37:59PM -0500, Christopher Schultz wrote: On 12/5/22 15:03, Cathy Spears wrote: Using Tomcat 8.5 and 9.0 with 32-bit Apache 2.4 and mod_jk. Are there benefits to using mod_proxy instead of mod_jk? Also, is there a planned end of life for mod_jk or will it continue to be supported for now? Hopefully this will be helpful: https://tomcat.apache.org/presentations.html#latest-migrate-ajp-http I read this as a question about mod_proxy_ajp vs. mod_jk. I think I make the case that mod_proxy_ajp is a (slightly) better choice than mod_jk in that presentation. Happily using mod_proxy_ajp here for some years. Both work well but I very much prefer the way mod_proxy_ajp integrates with the proxy configuration in HTTPD. +1 And it doesn't require a custom-built add-on. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Mod_JK vs Mod_Proxy
On Mon, Dec 05, 2022 at 03:37:59PM -0500, Christopher Schultz wrote: > On 12/5/22 15:03, Cathy Spears wrote: > > Using Tomcat 8.5 and 9.0 with 32-bit Apache 2.4 and mod_jk. Are there > > benefits to using mod_proxy instead of mod_jk? Also, is there a > > planned end of life for mod_jk or will it continue to be supported > > for now? > Hopefully this will be helpful: > > https://tomcat.apache.org/presentations.html#latest-migrate-ajp-http I read this as a question about mod_proxy_ajp vs. mod_jk. Happily using mod_proxy_ajp here for some years. Both work well but I very much prefer the way mod_proxy_ajp integrates with the proxy configuration in HTTPD. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature
Re: Mod_JK vs Mod_Proxy
Cathy, On 12/5/22 15:03, Cathy Spears wrote: Using Tomcat 8.5 and 9.0 with 32-bit Apache 2.4 and mod_jk. Are there benefits to using mod_proxy instead of mod_jk? Also, is there a planned end of life for mod_jk or will it continue to be supported for now? Hopefully this will be helpful: https://tomcat.apache.org/presentations.html#latest-migrate-ajp-http -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk vs. mod_proxy
Hi Chris, Appreciate your feedback. That is helpful. Thanks you! -Shanti On Tue, Sep 18, 2012 at 3:33 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Shanti, > > On 9/18/12 10:04 AM, Shanti Suresh wrote: > > All, > > > > I wanted your opinion on this topic. I was heavily into using > > "mod_jk" a few years back. But I have since started using > > mod_proxy for the following reasons: (1) mod_proxy is easier to > > configure (2) I remember reading that "mod_jk" is deprecated (3) > > Logging for mod_proxy appears inline with Apache traffic log > > entries and is easier to debug. I am able to get detailed logging > > from mod_proxy by adjusting Apache's "LogLevel to debug". (4) Could > > there be any other reasons that I might be missing? > > > > I do also like the separate logging that mod_jk gives though. I > > notice that mod_jk is still being used. I just wanted to know your > > opinion. > > I use mod_jk because it gives me greater freedom of configuration and > tends to get updated more often. It is definitely "harder" to > configure, though, since a separate configuration file is usually used. > > As I don't use SSL between httpd and Tomcat this isn't much of an > issue for me, but connecting httpd->Tomcat via SSL is trivial with > mod_proxy_http (and not with mod_jk) while forwarding SSL info from > httpd -> Tomcat (while still using an unencrypted channel) is trivial > in mod_jk but more difficult with mod_proxy_http. > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ > > iEYEARECAAYFAlBYzKUACgkQ9CaO5/Lv0PBx0QCglrPz2MZLBeqeKp8LivAvLMqj > CosAnirMA2WNiN03BGvO6FthJ07LfWNK > =jDfk > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: mod_jk vs. mod_proxy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Shanti, On 9/18/12 10:04 AM, Shanti Suresh wrote: > All, > > I wanted your opinion on this topic. I was heavily into using > "mod_jk" a few years back. But I have since started using > mod_proxy for the following reasons: (1) mod_proxy is easier to > configure (2) I remember reading that "mod_jk" is deprecated (3) > Logging for mod_proxy appears inline with Apache traffic log > entries and is easier to debug. I am able to get detailed logging > from mod_proxy by adjusting Apache's "LogLevel to debug". (4) Could > there be any other reasons that I might be missing? > > I do also like the separate logging that mod_jk gives though. I > notice that mod_jk is still being used. I just wanted to know your > opinion. I use mod_jk because it gives me greater freedom of configuration and tends to get updated more often. It is definitely "harder" to configure, though, since a separate configuration file is usually used. As I don't use SSL between httpd and Tomcat this isn't much of an issue for me, but connecting httpd->Tomcat via SSL is trivial with mod_proxy_http (and not with mod_jk) while forwarding SSL info from httpd -> Tomcat (while still using an unencrypted channel) is trivial in mod_jk but more difficult with mod_proxy_http. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBYzKUACgkQ9CaO5/Lv0PBx0QCglrPz2MZLBeqeKp8LivAvLMqj CosAnirMA2WNiN03BGvO6FthJ07LfWNK =jDfk -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk vs. mod_proxy
Hi Dan, On Tue, Sep 18, 2012 at 10:10 AM, Daniel Mikusa wrote: > > I've not heard this. Where did you read this? > My apologies! I read wrong. It must have been about "mod_jk2". I found this article helpful. > > > http://www.tomcatexpert.com/blog/2010/06/16/deciding-between-modjk-modproxyhttp-and-modproxyajp > > Thank you for pointing out that reference. This is a really nice article indeed. Sorry about the misunderstanding. -Shanti
Re: mod_jk vs. mod_proxy
On Sep 18, 2012, at 10:04 AM, Shanti Suresh wrote: > All, > > I wanted your opinion on this topic. I was heavily into using "mod_jk" a > few years back. But I have since started using mod_proxy for the following > reasons: > (1) mod_proxy is easier to configure > (2) I remember reading that "mod_jk" is deprecated I've not heard this. Where did you read this? > (3) Logging for mod_proxy appears inline with Apache traffic log entries > and is easier to debug. I am able to get detailed logging from mod_proxy > by adjusting Apache's "LogLevel to debug". > (4) Could there be any other reasons that I might be missing? I found this article helpful. http://www.tomcatexpert.com/blog/2010/06/16/deciding-between-modjk-modproxyhttp-and-modproxyajp Dan > I do also like the separate logging that mod_jk gives though. I notice > that mod_jk is still being used. I just wanted to know your opinion. > > Thanks. > > -Shanti - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk vs mod_proxy
Hi Andrew, we've just been duscussing this topic a few days ago. You'll might want to read the whole thread @ http://www.nabble.com/AJP-vs-HTTP-connectors--td21797851.html Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org