2009/11/24 TheGrailer <ken...@gmail.com> > Im pretty new to this but have 2 friends that help me out. Though one of my > friends tells me to use Apache2 infront of Tomcat and the other one tells > me > it's unnecessary. >
Finding out their reasoning - and the evidence each one has supporting their point of view - would be interesting. I'll try to explain my situation: > I've started a virtual Ubuntu 8.04 Longterm server and my goal is to have > atleast one serious site (made in Grails) and beeing a search engine (think > youtube). So it's gonna be pretty much dynamic content and less static. But > I will also start some sites just for fun that probobly won't have that > much > visitors but beeing abit more static content. > Im not saying my primary site will get much visitors but I want to build > the > environment as if it has. > Ps. I will probobly put a Varnish at the front sooner or later (for the > experience) > > So what do you all think? Is the Apache2 infront of the Tomcat 6 a waste of > time or worth while? > > As always, it depends on your environment, wishes and skills. Tomcat has a reputation for being slow to serve static content. For 5.5+, that reputation is not deserved - you'll saturate your network connection long before you run out of CPU. So the "old" reason to put Apache httpd (hereafter just "httpd") in front of Tomcat no longer applies. If you add httpd, you also need to add a connection between httpd and Tomcat. More moving parts, more to maintain, higher CPU, use, higher memory use and higher latency on all requests that go to Tomcat. If you add httpd and don't configure the connection carefully, it's quite easy to expose the source of your JSPs and your webapp configuration - which may expose passwords, for example. So poor configuration of httpd+Tomcat can be a security risk. httpd can act as a very effective load-balancer for Tomcat if you don't want to use a hardware load-balancer. httpd has modules that are faster at serving non-Java dynamic content (PHP, perl etc) than Tomcat's CGI. httpd has mod_security, which may aid in site security if correctly configured (and can be a real PITA if not correctly configured). Pick the points from the above that apply to your site, and decide whether it's right for you. There is no Right or Wrong answer. - Peter
