I know fronting Tomcat by Apache has some security benefits when we are using aws classic load balancer. However, I was wondering if it is meaningful to front Tomcat by Apache http server, when we are using aws application load balancer? Because an application load balancer operates at Layer 7 of the OSI model, and deals with application-level content.
It depends on your intention. Fronting tomcat is not an issue when you go with AWS and ALBs are good way to handle and route your traffic. Therefore, stick to ALB rather than ELB and maintaining an Apache layer.
Related
We have an Oracle application (Agile PLM) which is deployed in a clustered environment. We have one admin node and two managed nodes supporting our application, where admin and 1 managed nodes are on the same server. We also have Load balancer which manages the traffic between the cluster.
We want to configure SSL in our application so that the application URL will be accessible over https only. We have already configured SSL at Load Balancer level(by installing security certificates in weblogic server which is the admin server) but want to know if we have to configure SSL on the managed server as well or bringing Load Balancer on https is sufficient?
All the users access the application using the Load Balancer URL only but since I am from the development team, so is only aware of the fact that we can also connect to the application with Managed server URLs, which are still running on http. Is it must to bring Managed servers also on https or it is just a good practice but not necessary?
It's not necessary, though probably a good practice.
I believe I have read in Oracle's installation guide that the recommended way is HTTP on the managed servers and terminating SSL on the load balancer. This may have changed.
For what it's worth, I leave HTTP on the managed servers.
I am striving for a very simple cloud based architecture on Amazon AWS. I would like to have an app layer of several "elastic" EC2 instances where my application (and application servers) run, but I'm wondering what the load balancing will look like.
If I choose to use ELB, does it remove the need for Apache or Nginx?
No. All the loadbalancer does is just that, distributes load across instances. Whatever your stack is running on each instance will still need a nginx or apache or whatever service you want to respond back to the request routed through the load balancer.
I'm assuming you're running a web stack needing some type of server like nginx, apache, or java needing tomcat or something.
However, if you want AWS to take care of nginx and/or apache, look into running as a ElasticBeanstalk application: https://aws.amazon.com/elasticbeanstalk/
In our typical production environment, Apache web server works as proxy to our application server like weblogic. I have question about load balancing. Both apache and web logic provide its own functionality of load balancing. If apache can balance the load, what is the use of web logic load balancer.
As mentioned in the oracle doc Load Balancing, there are many ways of doing load balancing for weblogic. Should you already have an Apache web server, it is better to use that instead of having Weblogic do the load balancing. The load balancer must typically be off the JVM because the should there be higher traffic, weblogic must have reserve resources for these incidents. Apache does load balancing very easily but weblogic requires more effort as it is an additional feature. Its basically like a boat in water and a car that can also float (the car being weblogic).
How do I host a http server at front, while multiple tomcat server behind it in EC2?
Do we need to do session and cookie management or does EC2 has it inbuild?
Can we stream images and static resources through some other server while dynamic content from tomcat?
Check out the Java support in AWS Elastic Beanstalk. It handles the load balancing, auto scaling, metrics and deployment for you. Deploy your static assets to S3 + CloudFront instead of keeping them inside your application bundle.
There are multiple ways to host a webserver in front and redirect requests to multiple tomcat servers in backend. Assuming you have webserver and multiple tomcat servers deployed over a EC2 and tomcat. Using ajp or mod_proxy or mod_jk, you can redirect requests hitting on your webserver to your backend tomcat servers.
By default, AWS does not provide cookie or session management. You can use AWS Elasticache for session management.
Yes, you can upload your images and other static content on Amazon S3 and deliver it from S3 itself or using CloudFront (CDN) while your dynamic requests are coming to your tomcat servers.
Your questions was too broad. If you provide more details, we can help more.
Thanks
Sanket
We want to use Amazon Elastic BeanStalk service for deployment in EC2 Boxes.
We want to deploy our Ruby on Rails Application in such a way that we can do sub-domain based routing to different rails app.
And we want to use single SSL Certificate for our load balancer and want to configure our load balancer in susch a away tha subdomain based routing takes place.
HA Proxy does this work well but when we are trying to use Amazon Elastic BeanStalk service for our deployment, aws creates a load balancer but didn't associate it with any Key-Pair.
So we are not able to ssh in load balancer and add our configuration for subdomain based routing.
Can someone please point me to some solution ?
Thanks,
Ankit.
You don't SSH into AWS load balancers, they are basically a black box that you have only a limited set of configuration options for. You probably need to look at the Route 53 services for DNS routing.
Your configuration would have routing based on domain DNS to different load balancers, one for each separate service you need. You can't have a single ELB route traffic to different EC2 instances based on domain or URI fragments.