how to organize files in Tomcat and Apache server? - apache

I just installed both Apache server and Tomcat, and I read that I should put static html pages in Apache and put dynamic pages, like JSP, Servlets, and all other full Java applications in Tomcat. Specifically, where should they go respectively?
For instance, should html files be placed under /var/www/html?
And all other files under /opt/apache-tomcat-7.0.34/webapps/?
Any tutorial for this? Thanks a lot.

The typical ways to forward requests from Apache to Tomcat involve the use of mod_proxy, mod_proxy_ajp or mod_jk (there might be more). All of them are well documented and basically involve requests that hit your Apache to be forwarded to tomcat if they match certain criteria (like path names) - all nonmatching requests will be handled by Apache, however you configure this one.
However, I'm seconding on JB Nizet's comment: Dividing the serving of different content to Apache and Tomcat is an optimization. It's arguable if you should add this complexity (not that it's too complex, but it's more to do than not separating it) when you don't have the need. E.g. if your nonoptimized website can handle 1000 concurrent users, but you'll rarely have more than 10 - don't bother.

Related

Using mod_security, either with Apache 2.4 or with mod_proxy as a reverse proxy

I would like to setup mod_security as a stand alone instance protecting Tomcat instances against web application attacks. Would anyone know the pros and cons of doing this via installing mod_security as an Apache module versus installing mod_security on a reverse proxy? Has anyone implemented mod_security in either of these fashions? And if so is one preferred over the other?
There's really no difference in your two options. What non reverse proxy would you install the module on to protect Tomcat?
The question doesn't really make sense as they are both the same to you.
If you already have an Apache server, then you install ModSecurity in one of two ways:
In embedded mode by installing ModSecurity as module in the existing Apache instance you already have. The advantages are that you won't have to set up a separate Apache instance, and that the ModSecurity will have access to the environment that Apache runs under (so can see environment variables for example or log to same log files).
In a reverse proxy mode. This involves setting up a separate Apache instance, with ModSecurity on it only, and funnel all requests through it, before sending on the requests to your normal Apache. The advantages here are a dedicated web server just for ModSecurity, so you will not share resources with your existing version of Apache, if it is already resource hungry. Disadvantages are that it doubles your infrastructure and the complications that brings.
Personally I prefer option 1.
However, as you want to set up a dedicated web server in front of TomCat, the two options are identical for you. The new instance of Apache (or Nginx) that you set up will be running it in embedded mode and will act as a reverse proxy to your Tomcat server.
Personally I always think it's best to run a dedicated web server like Apache in front of any app server like Tomcat - especially on a public facing website. Granted Tomcat does include a pretty good web server (called Coyote), which may serve most of your web server needs, but a dedicated web server like Apache is more geared towards serving static content and contains other features for performance and security which make it a better end point server (including the ability to run ModSecurity for example!).
And just in case there is any confusion, Apache is actually short for Apache HTTP Server, and is sometimes called Apache httpd after the process that it runs. It is Apache's most popular bit of software hence why the name gets shortened, but Apache actually have lots of bits of software (including Apache Tomcat - usually shortened just to Tomcat).

Should I run Tomcat by itself or Apache + Tomcat?

I was wondering if it would be okay to run Tomcat as both the web server and container? On the other hand, it seems that the right way to go about scaling your webapp is to use Apache HTTP listening on port 80 and connecting that to Tomcat listening on another port?
Are both ways acceptable? What is being used nowdays? Whats the prime difference? How do most major websites go about this?
Thanks.
Placing an Apache (or any other webserver) in front of your application server(s) (Tomcat) is a good thing for a number of reasons.
First consideration is about static resources and caching.
Tomcat will probably serve also a lot of static content, or even on dynamic content it will send some caching directives to browsers. However, each browser that hits your tomcat for the first time will cause tomcat to send the static file. Since processing a request is a bit more expensive in Tomcat than it is in Apache (because of Apache being super-optimized and exploiting very low level stuff not always available in Tomcat, because Tomcat extracting much more informations from the request than Apache needs etc...), it may be better for the static files to be server by Apache.
Since however configuring Apache to serve part of the content and Tomcat for the rest or the URL space is a daunting task, it is usually easier to have Tomcat serve everything with the right cache headers, and Apache in front of it capturing the content, serving it to the requiring browser, and caching it so that other browser hitting the same file will get served directly from Apache without even disturbing Tomcat.
Other than static files, also many dynamic stuff may not need to be updated every millisecond. For example, a json loaded by the homepage that tells the user how much stuff is in your database, is an expensive query performed thousands of times that can safely be performed each hour or so without making your users angry. So, tomcat may serve the json with proper one hour caching directive, Apache will cache the json fragment and serve it to any browser requiring it for one hour. There are obviously a ton of other ways to implement it (a caching filter, a JPA cache that caches the query etc...), but sending proper cache headers and using Apache as a reverse proxy is quite easy, REST compliant and scales well.
Another consideration is load balancing. Apache comes with a nice load balancing module, that can help you scale your application on a number of Tomcat instances, supposed that your application can scale horizontally or run on a cluster.
A third consideration is about ulrs, headers etc.. From time to time you may need to change some urls, or remove or override some headers. For example, before a major update you may want to disable caching on browsers for some hours to avoid browsers keep using stale data (same as lowering the DNS TTL before switching servers), or move the old application on another url space, or rewrite old URLs to new ones when possible. While reconfiguring the servlets inside your web.xml files is possible, and filters can do wonders, if you are using a framework that interprets the URLs you may need to do a lot of work on your sitemap files or similar stuff.
Having Apache or another web server in front of Tomcat may help a lot changing only Apache configuration files with modules like mod_rewrite.
So, I always recommend having Apache httpd in front of Tomcat. The small overhead on connection handling is usually recovered thanks to caching of resources, and the additional configuration works is regained the first time you need to move URLs or handle some headers.
It depends on your network and how you wish to have security set up.
If you have a two-firewall DMZ, with applications deployed inside the second firewall, it makes sense to have an Apache or IIS instance in between the two firewalls to handle security and proxy calls into the app server. If it's acceptable to put the Tomcat instance in the DMZ you're free to do so. The only downside that I see is that you'll have to open a port in the second firewall to access a database inside. That might put the database at risk.
Another consideration is traffic. You don't say anything about traffic, sizing servers, and possible load balancing and clustering. A load balancer in front of a cluster of app servers is more likely to be kept inside the second firewall. The Tomcat instance is capable of handling traffic on its own, but there are always volume limitations depending on the hardware it's deployed on and what the application is doing with each request. It's almost impossible to give a yes or no answer without more detailed, application-specific information.
Search the site for "tomcat without apache" - it's been asked before. I voted to close before finding duplicates.

Should there always be an Apache in front of a Tomcat (and why)? [duplicate]

I'm trying to set up Apache in front of Tomcat. What do I have Apache serve? I know Apache works better for static pages and images. I currently deploy a war file in Tomcat that contains static pages, images, and Flash files. Should I put those all on the Apache server? How to I reference those pages/images from the Tomcat application?
I would like to use Apache to decrease the war file size and hopefully serve images faster. Is there a good guide for setting up Apache and Tomcat and what to place where?
Do you have a problem with performance/load on your Tomcat server? Do it if you need to(performance, security, etc), but don't make things more complicated if you don't need to.
It used to be the standard to front Tomcat with an Apache server, but recent versions of Tomcat can(and often times are) used as both the HTTP Server and the Servlet Container.
Take a look at the Tomcat Connector FAQ for information on the subject.
Why should I integrate Apache with
Tomcat? (or not)
There are many reasons to integrate
Tomcat with Apache. And there are
reasons why it should not be done too.
Needless to say, everyone will
disagree with the opinions here. With
the performance of Tomcat 5 and 6,
performance reasons become harder to
justify.
...
Speed. Apache is faster at serving
static content than Tomcat. But unless
you have a high traffic site, this
point is useless. But in some
scenarios, tomcat can be faster than
Apache httpd. So benchmark YOUR site.
Tomcat can perform at httpd speeds
when using the proper connector (APR
with sendFile enabled). Speed should
not be considered a factor when
choosing between Apache httpd and
Tomcat

nginx/apache/php vs nginx/php

I currently have one server with nginx that reverse_proxy to apache (same server) for processing php requests. I'm wondering if I drop apache so I'd run nginx/fastcgi to php if I'd see any sort of performance increases. I'm assuming I would since Apache's pretty bloated up, but at the same time I'm not sure how reliable fastcgi/php is especially in high traffic situations.
My sites gets around 200,000 unique visitors a month, with around 6,000,000 page crawls from the search engines monthly. This number is steadily increasing so I'm looking at perfomrance options.
My site is very optimized code wise and there isn't any caching (don't want that either), each page has a max of 2 sql queries without any joins on other tables, indexes are perfect as well.
In a year or so I'll be rewriting everything to use ClearSilver for the templates, and then probably use python or else c++ for extreme performance.
I suppose I'm more or less looking for any advice from anyone who is familiar with nginx/fastcgi and if willing to provide some benchmarks. My sites are one server with 1 quad core xeon, 8gb ram, 150gb velociraptor drive.
nginx will definitely work faster than Apache. I can't tell about fastcgi since I never used it with nginx but this solution seems to make more sense on several servers (one for static contents and one for fastcgi/PHP).
If you are really targeting performance -and even consider C/C++- then you should give a try to G-WAN, an all-in-one server which provides (very fast) C scripts.
Not only G-WAN has a ridiculously small memory footprint (120 KB) but it scales like nothing else. There's work ahead of you if you migrate from PHP, but you can start with the performance-critical tasks and migrate progressively.
We have made the jump and cannot consider to go back to Apache!
Here is a chart showing the respective performances of nginx, apache and g-wan:
g-wan.com/imgs/gwan-lighttpd-nginx-cherokee.png
apache does not seem to lead the pack (and that's a -Quad XEON # 3GHz).
Here is an independent benchmark for g-wan vs nginx, varnish and others http://nbonvin.wordpress.com/2011/03/14/apache-vs-nginx-vs-varnish-vs-gwan/
g-wan handles much more requests per second with much less CPU time.
NGINX is the best choice as a webserver now a days.
The main difference between Apache and NGINX lies in their design
architecture. Apache uses a process-driven approach and creates a
new thread for each request. Whereas NGINX uses an event-driven
architecture to handle multiple requests within one thread.
As far as Static content is concerned, Nginx overpasses Apache.
Both are great at processing Dynamic content.
Apache runs on all operating systems such as UNIX, Linux or BSD and
has full support for Microsoft Windows & NGINX also runs on several
modern Unix-like systems and has support for Windows, but its
performance on Windows is not as stable as that on UNIX platforms.
Apache allows additional configuration on a per-directory basis via
.htaccess files. Where Nginx doesn’t allow additional configuration.
Request Interpretation-Apache pass file System location. Nginx
Passes URI to interpret requests.
Apache have 60 official dynamically loadable modules that can be
turned On/Off.Nginx have 3rd Party core modules (not dynamically
loadable).NGINX provides all of the core features of a web server,
without sacrificing the lightweight and high-performance qualities
that have made it successful.
Apache Supports customization of web server through dynamic modules.
Nginx is not flexible enough to support dynamic modules and loading.
Apache makes sure that all the website that runs on its server are
safe from any harm and hackers. Apache offers configuration tips for
DDoS attack handling, as well as the mod_evasive module for
responding to HTTP DoS, DDoS, or brute force attacks.
When Choose Apache over NGINX?
When needs .htaccess files, you can override system-wide settings on
a per-directory basis.
In a shared hosting environment, Apache works better because of its
.htaccess configuration.
In case of functionality limitations – use Apache
When Choose NGINX over Apache?
Fast Static Content Processing
Great for High Traffic Websites
When Use Both of them -Together
User can use Nginx in front of Apache as a server proxy.

What should Apache serve and what should Tomcat serve?

I'm trying to set up Apache in front of Tomcat. What do I have Apache serve? I know Apache works better for static pages and images. I currently deploy a war file in Tomcat that contains static pages, images, and Flash files. Should I put those all on the Apache server? How to I reference those pages/images from the Tomcat application?
I would like to use Apache to decrease the war file size and hopefully serve images faster. Is there a good guide for setting up Apache and Tomcat and what to place where?
Do you have a problem with performance/load on your Tomcat server? Do it if you need to(performance, security, etc), but don't make things more complicated if you don't need to.
It used to be the standard to front Tomcat with an Apache server, but recent versions of Tomcat can(and often times are) used as both the HTTP Server and the Servlet Container.
Take a look at the Tomcat Connector FAQ for information on the subject.
Why should I integrate Apache with
Tomcat? (or not)
There are many reasons to integrate
Tomcat with Apache. And there are
reasons why it should not be done too.
Needless to say, everyone will
disagree with the opinions here. With
the performance of Tomcat 5 and 6,
performance reasons become harder to
justify.
...
Speed. Apache is faster at serving
static content than Tomcat. But unless
you have a high traffic site, this
point is useless. But in some
scenarios, tomcat can be faster than
Apache httpd. So benchmark YOUR site.
Tomcat can perform at httpd speeds
when using the proper connector (APR
with sendFile enabled). Speed should
not be considered a factor when
choosing between Apache httpd and
Tomcat