I have previously connected Apache httpd to Tomcat using the jkmount plug-in for Apache and the AJP protocol. I did not know why this was a good idea, I just assumed it probably was.
I read an interesting article here on the subject and now I have some opinions.
- Already provided by all servers
- Easily configured in Apache
- The most likely target of a security breach
- Well supported
- More compact a protocol
- Easily configured in Apache and Tomcat
AJP looks slightly ahead for two reasons:
- You’re not opening up HTTP on Tomcat (in fact you should close it for security)
- As it’s a more compact protocol, there’s less traffic between the front server and the back server
Except… if the front server is on the same network segment, or even on the same machine, then there’s no advantage from the compactness of the protocol unless you have a huge number of tiny requests to serve.
Similarly, if the whole server is not visible to the whole internet because it’s behind a load balancer, then it doesn’t matter whether http is open on Tomcat as nobody could get there to use it.
Simple is better, so I declare HTTP the winner.
It looks quite straightforward to create an HTTP proxy in Apache:
# within the VirtualHost section - assuming tomcat is on port 8080 ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/
And the AJP proxy (assuming you’ve turned on AJP in Tomcat) can, apparently, be done the same way (according to here):
ProxyPass / ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/