2014-03-07 21:21 GMT+04:00 André Warnier <a...@ice-sa.com>: > Christopher Schultz wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> Leo, >> >> On 3/7/14, 10:44 AM, Leo Donahue wrote: >>> >>> Who uses more than one Service in their server.xml and why? I get that >>> you can have multiple Connectors if you have multiple Service components but >>> why use multiple connectors? >> >> >> You can already have multiple <Connector>s per <Service> but the >> difference is that all Connectors in Service can access all web >> applications in that Service. >> >>> Are there any docs on the use cases for these features? >> >> >> Let's say that you wanted to deploy a non-secure webapp (/open) and a >> secure webapp (/secure). And let's say that you were terribly paranoid >> about proper setup: you want to make sure that nobody can access your >> /secure webapp without going through HTTPS. >> >> If you were to simply do this: >> >> <Service> >> <Connector port="80" /><!-- let's just be brief --> >> <Connector port="443" /> >> <Host appBase="webapps" /> >> </Service> >> >> ... then anyone could access either web application via http:// and >> https://. (Of course, you'd set "CONFIDENTIAL" in your web.xml, but >> remember, we're being paranoid, here). >> >> Instead, you can do this: >> >> <Service> >> <Connector port="80" /><!-- let's just be brief --> >> <Host appBase="insecure-webapps" /> >> </Service> >> <Service> >> <Connector port="443" /> >> <Host appBase="secure-webapps" /> >> </Service> >> >> This way, anyone requesting http:///secure would get a 404. >> >> I'm sure you could come up with a real-world use-case for the above, >> because it's obviously not a very good example I've laid out there. >> >> Perhaps a better use-case might be something like a server connected >> to several VPNs where services need to be separated by port number for >> isolation. (I'm not sure why you'd isolate the port numbers in that >> case and not also isolate the JVMs, but it's just a thought). >> > > I would be almost ready to bet that nobody has ever tried 2 <Service>'s. > It almost sounds like 2 separate Tomcat instances, except that they share > the same JVM and the same TOMCAT_BASE, hence the same configuration files > (of course), which makes it difficult to think of a real use case, as > compared to 2 separate (JVM + Tomcat) instances running off the same > codebase.
For example, the Manager web application is implemented so that it manages the current "Host" only, but that is only an implementer's decision. With JMX access you can manage the whole Tomcat. There might be alternative management applications out there that allow to manage the whole Tomcat, while being run in a different Service / Host. > My guess would be : when designing Tomcat, it came to pass that somewhere in > the logic, Connector's and Engine were related things, but that there was no > clear way to design it so that one would be a child of the other or > vice-versa. So they just created a Service on top of both, and made them > siblings. > It may just be so as to make it easier to start the Engine, before starting > the corresponding Connector's. Or to run them separately and asynchronously. > > It is a good question though. I wonder why nobody ever asked on this list > before (in my memory). > > Also, (and also in my memory) I could swear that at some point, there was a > document available on the Tomcat website, which gave some overview of the > overall Tomcat design. But I can't seem to find that anymore. > Docs -> Architecture ? http://tomcat.apache.org/tomcat-7.0-doc/architecture/index.html Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
