Which one is the better configuration: Tomcat only OR Apache Server + Tomcat?

StackOverflow https://stackoverflow.com/questions/20958580

  •  25-09-2022
  •  | 
  •  

Question

I have a VPS where I want to install a web application for production.

Currently, it works on Tomcat 6 connected through Apache Server using AJP module.

Every thing works ok, but I want to know if it is a good idea to configure Tomcat as the main web server due we gonna run only JSP applications.

FYI: the server must handle https requests.

Thanks in advance.

Was it helpful?

Solution

Misinformation

Years ago there was much misinformation against using Tomcat directly as a web server, but in fact Tomcat works very well as such.

I've used nearly every version of Tomcat on various projects, though all were relatively low volume. Never let me down – well, the WebDAV module never worked right. But other than that Tomcat is fast and reliable both for static content as well as dynamic servlet work.

httpd

Apache HTTP Server ("httpd") is of course very advanced and full of features. If you need those features, then use httpd. If you have very high volume traffic, then use httpd. If you have huge amounts of static access and want to relieve Tomcat of that duty thereby letting Tomcat focus its performance on your servlets, then use httpd. If you want to keep a front-facing web site running while take Tomcat up and down, use httpd. But for most relatively simple web sites or simple web apps, Tomcat suffices.

I suggest you try Tomcat alone and see how it goes. Start with your development and testing systems. Review your config files for httpd to see if all its features can be reproduced using Tomcat features. If that all works, then do some load-testing. Either hack some load-tests of your own, or try any of the many load-test frameworks.

While you can hot-deploy webapps to Tomcat, that was not always recommended in production (I'm not sure about current versions). Plan how to handle taking down Tomcat to deploy updated apps and to perform maintenance chores.

Recent Tomcat

You say you are using Tomcat 6. You may want to consider moving to Tomcat 7 or 8, but review the release notes.

Jetty

Also consider Jetty, the most direct competitor/alternative to Tomcat. Jetty is much akin to Tomcat in its purpose, scope of features, and great reputation.

OTHER TIPS

If you're using SSL you will get the following benefits by front-ending with Apache HTTPD:

  1. Ability to specify cipher suites in order of preference, which is practically mandatory if you want case-hardened SSL, and impossible with Tomcat alone.
  2. Ability to request or require client certificates on a per-location basis instead of globally, which is Tomcat's only mechanism.

There are many other benefits as well, such as:

  • the ability to load-balance between multiple Tomcat instances, which alone is probably enough of a reason to do it
  • more control over what's logged and where the log files go
  • more tools to defend against attacks of various kinds.

I used standalone Tomcats for years, but having made the switch I would never go back even for a clean-sheet project.

I don't think either is better, it depends on your requirements. In environments where you may have to address security or logging requirements horizontally across heterogeneous backends (IIS, Tomcat, etc), Apache is your friend (or an expensive load balancer).

Assuming you don't have these requirements, I don't know of any advantage in using Apache for Apache sake.

SSL is easily configured in Tomcat and performance these days is likely to be on par with Apache and can be improved with APR.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top