I have heard several times that one should not serve a Java webapp directly to the outside world from the Tomcat server it is running on. Rather, one should have a regular web server in between -- e.g. Apache. Why is this?
Asked
Active
Viewed 351 times
3 Answers
4
Having asked just this question of my co-worker the web-dev recently... he said that Tomcat operates much more efficiently when only a single source (the web-server) is hitting it. It'll scale a lot farther. Also, actual web-servers are a lot easier to configure to do strange things like URL rewriting (a very common thing to want to do, judging by all the mod_rewrite question we're getting here on SF), access control, and anything SSL that isn't as simple as one-cert/one-site.
sysadmin1138
- 131,083
- 18
- 173
- 296
-
I thought `mod_jk` took precedence over `mod_rewrite` though most folks are just reverse proxying now. – Jé Queue Oct 15 '10 at 18:47
3
I don't know if this answer is specific to Java and Tomcat, but in our security model we don't serve anything directly to the internet - we have Apache in a DMZ running ReverseProxy to all of our application servers, in a separate DMZ (and those attach to our DB servers in yet another DMZ.)
In addition to security, this lets you do redirects, SSL offload, and all the other goodies that Apache can do. I don't know if Tomcat has all of those features.
mfinni
- 35,711
- 3
- 50
- 86
3
The main purpose usually used for an Apache server fronting the Tomcat is to offload static contents such as images,HTMLs, JS, CSS files to the Apache web server. Only dynamic requests are passed on to the Tomcat, thus reducing traffic esp. if across a firewall.
See the full list at official Wiki. Why should I integrate Apache with Tomcat? (or not) which explains Security, Clustering and Speed benefits however with the newer Tomcat 6 performance is not that much of an issue as earlier.
JoseK
- 455
- 6
- 13