HTTP vs AJP in Apache and Tomcat

I have previously connected Apache httpd to Tomcat using the jkmount plug-in for Apache and the AJP protocol. I did not know why this was a good idea, I just assumed it probably was.

I read an interesting article here on the subject and now I have some opinions.

HTTP

  • Simple
  • Already provided by all servers
  • Easily configured in Apache
  • The most likely target of a security breach

AJP

  • Well supported
  • More compact a protocol
  • Easily configured in Apache and Tomcat

AJP looks slightly ahead for two reasons:

  • You’re not opening up HTTP on Tomcat (in fact you should close it for security)
  • As it’s a more compact protocol, there’s less traffic between the front server and the back server

Except… if the front server is on the same network segment, or even on the same machine, then there’s no advantage from the compactness of the protocol unless you have a huge number of tiny requests to serve.

Similarly, if the whole server is not visible to the whole internet because it’s behind a load balancer, then it doesn’t matter whether http is open on Tomcat as nobody could get there to use it.

Simple is better, so I declare HTTP the winner.

It looks quite straightforward to create an HTTP proxy in Apache:

 # within the VirtualHost section - assuming tomcat is on port 8080
 ProxyPass / http://localhost:8080/
 ProxyPassReverse / http://localhost:8080/

And the AJP proxy (assuming you’ve turned on AJP in Tomcat) can, apparently, be done the same way (according to here):

 ProxyPass / ajp://localhost:8009/
 ProxyPassReverse / ajp://localhost:8009/
Advertisements

Software developer, stand-up comedian, musician, writer, jolly big cheer-monkey, skeptical thinker, Doctor Who fan, lover of fine sounds.

Posted in Uncategorized
One comment on “HTTP vs AJP in Apache and Tomcat
  1. Abhinav Sonkar says:

    In case of AJP, you also need to enable mod_proxy_ajp plugin (uncomment respective line in httpd.conf) before using ProxyPass.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: