TomcatExpert

Deciding between mod_jk, mod_proxy_http and mod_proxy_ajp

posted by mthomas on June 16, 2010 07:06 AM

Over the years there have been a number of connectors developed to enable Apache httpd to communicate with Tomcat that have used a variety of protocols. When searching the web for information on how to do this, it isn't unusual to stumble across some really bad, out of date advice. So first of all the only options you should consider for this are:

All of the other other options have not been supported for a number of years so you should avoid mod_jk2, mod_jserv, mod_webapp and any other module that isn't discussed here.

My experience with providing support to SpringSource customers is that a typical customer is more likely to hit a bug in mod_proxy_ajp than they are in mod_jk or mod_proxy_http. It isn't that mod_proxy_ajp is particularly buggy, I used it myself for 18 months on a production system without a single issue, but that it has a few more bugs than the other two modules. The situation is improving but at the time of writing I would rank mod_jk and mod_proxy_http above mod_proxy_ajp.

That brings us to the crunch question: mod_proxy_http or mod_jk? And the answer? It depends! Both modules have their strengths and weaknesses. Which one is right for you will depend on your circumstances. The factors that normally affect this choice are:

  • Is one module already in use?
  • Does the communication between httpd and Tomcat need to be encrypted?
  • Does httpd terminal SSL but the SSL information needs to be passed to Tomcat?

If you are already using mod_jk or mod_proxy_http and it meets all of your requirements then there is unlikely to be a good reason to change it. It would be better to stick to what you are currently using and to have consistency across your httpd instances.

If you need to encrypt the communication between httpd and Tomcat then this is significantly easier with mod_proxy_http when you can just switch from the http to the https protocol. mod_jk uses the AJP protocol which doesn't support encryption so you have to implement that separately via an SSH tunnel, IPSec or similar. This can add significant configuration complexity to the httpd-Tomcat communication channel.

Where httpd terminates the SSL, providing the SSL attributes are exposed (two simple directives) then mod_jk automatically passes this information to Tomcat and Tomcat makes it available to web applications without any additional configuration required. To achieve the same result with mod_proxy_http requires httpd to be configured to add the SSL information as http headers and a Valve needs to be configured in Tomcat to extract this information and to make it available to web applications. Making SSL information available to Tomcat is therefore a little more complicated with mod_proxy_http.

mod_jk and mod_proxy_http also have very different configuration styles. The mod_proxy_http directives are consistent with other httpd directives whereas mod_jk uses an external property file. For system administrators familiar with httpd, the mod_jk approach can look a little odd.

In summary:

  • If you need to encrypt the httpd to Tomcat channel, use mod_proxy_http
  • If you need to expose SSL information to your web application, use mod_jk
  • If you are already using one of these modules then changing is likely to cause more hassle than it saves
  • Given a completely free choice, I'd use mod_proxy_http just because the configuration is more consistent with other httpd modules.

Mark Thomas is a Senior Software Engineer for the SpringSource Division of VMware, Inc. (NYSE: VMW). Mark has been using and developing Tomcat for over six years. He first got involved in the development of Tomcat when he needed better control over the SSL configuration than was available at the time. After fixing that first bug, he started working his way through the remaining Tomcat bugs and is still going. Along the way Mark has become a Tomcat committer and PMC member, volunteered to be the Tomcat 4 & 7 release manager, created the Tomcat security pages, become a member of the ASF and joined the Apache Security Committee. He also helps maintain the ASF's Bugzilla instances. Mark has a MEng in Electronic and Electrical Engineering from the University of Birmingham, United Kingdom.

Comments

why not mod_rewrite

We are using mod_rewrite in our project for communication between apache and tomcat. We are using mod_rewrite as it allows us finer control to redirect only certain subset like *.do to tomcat. Where as same needs to be done by LocationMatch for mod_poxy.

ON what basis is this comparison done? Was mod_rewrite considered?

mod_rewrite is an alternative

mod_rewrite is an alternative way of doing pretty much anything in httpd. The general rule with mod_rewrite is that if there is a more specific directive then it is better (clearer configuration, better performance) to use the more specific directive. Hence, my article focussed on mod_proxy and mod_jk.

In your example, there is no need to use a LocationMatch plus a ProxyPass, you could use ProxyPassMatch.

In the last two years I can think of one example where I used mod_rewrite to configure the reverse proxy and that was where the client wanted to select the back-end server based on part of the query string.

Cool you write, the

Cool you write, the information is very good and interesting, I'll give you a link to my site. Save The Marriage System

Cool you write, the

Cool you write, the information is very good and interesting, I'll give you a link to my site. Ways To Get Your Ex Back

Cool you inscribe, the info

Cool you inscribe, the info is really salubrious further fascinating, I'll give you a connect to my scene. Survive In Bed

I use basically superior

I use basically superior fabrics : you will discover these products by: geriatric medicine

It is somewhat fantastic, and

It is somewhat fantastic, and yet check out the advice at this treat. How To Give A Hand Job

Its a great pleasure reading

Its a great pleasure reading your post.Its full of information I am looking for and I love to post a comment that "The content of your post is awesome" Great work.locksmith miramar

Cool you write, the

Cool you write, the information is very good and interesting, I'll give you a link to my site. How to Turn a Guy On

During this website, you will

During this website, you will see this shape, i highly recommend you learn this review. Bonding Code

sl786982

This is a website for all delhi escorts for pleasure and fun for time pass getting a girlfriend for sometime etc etc... online custom writing

sl786982

sl786982

I like this post,And I figure that they having a great time to peruse this post,they might take a decent site to make an information,thanks for sharing it to me. online custom writing

sl786982

Pure class article! Laser

Pure class article! Laser Printer Drum

sl786982

Vick and Newton, for all their breathtaking play, never receive the blessing of being described in such spiritual and transcendent language. michael spencer gilroy

sl786982

sl786982

I am always searching online for articles that can help me. There is obviously a lot to know about this. I think you made some good points in Features also. Keep working, great job! Apprendre la photo

sl786982

Fantastic stuff, mate!!!

Fantastic stuff, mate!!! débarras gratuit maison paris

I am happy to find your

I am happy to find your distinguished way of writing the post. Now you make it easy for me to understand and implement the concept. Thank you for the post.
Text The Romance Back 2.0

Awesome and interesting

Awesome and interesting article. Great things you've always shared with us. Thanks. Just continue composing this kind of post.
nyc flowers

sl786982

I am a new user of this site so here i saw multiple articles and posts posted by this site,I curious more interest in some of them hope you will give more information on this topics in your next articles. Feldco on Facebook

sl786982

saad.butt1989@gmail.com

Your blog is full of entertainment and helpful information that can allure to anyone anytime. Continue posting! feldco

sl786982

sl786982

Awesome dispatch! I am indeed getting apt to over this info, is truly neighborly my buddy. Likewise fantastic blog here among many of the costly info you acquire. Feldco

sl786982

sl786982

Thank you, I ' ve been seeking for info about this subject matter for ages and yours is the best I have discovered so far. feldco windows

sl786982

sl786982

I even have been getting a lot of helpful and informative material in your web site. feldco in chicago linkedin

sl786982

mod_proxy_ajp control interface

How do you control a cluster balanced tomcats using mod_proxy_ajp? For the mod_jk connector you can use the "status" worker to control and throttle trafic to the connected backend tomcat instances.

By using mod_proxy_balancer

http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html

You have not had to dress up

You have not had to dress up to fight bad weather, you have not had to pay for gas, fight crowds of people, look for a parking space or pay for lunch, let us not forget that all these things also conserve your funds http://royalcouponcode.com/store/phen375-coupons/.

i was just browsing along and

i was just browsing along and came upon your blog. just wanted to say good blog and this article really helped me. photofunia software free download

Good day very cool blog!! Guy

Good day very cool blog!! Guy .. Beautiful .. Amazing .. I’ll bookmark your site and take the feeds additionally? I am satisfied to find numerous useful information here in the post, we need work out extra strategies in this regard, thanks for sharing. . Gaming Mouses 2017

This is such a great resource

This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free.B612 Online

This is just the information

This is just the information I am finding everywhere. Thanks for your blog, I just subscribe your blog. This is a nice blog.. Flipagram Video

This is a great post. I like

This is a great post. I like this topic.This site has lots of advantage.I found many interesting things from this site. It helps me in many ways.Thanks for posting this again. Fotorus Camera

Just admiring your work and

Just admiring your work and wondering how you managed this blog so well. It’s so remarkable that I can't afford to not go through this valuable information whenever I surf the internet! Instasquare Photo

Any way I'll be subscribing

Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info. Opera Mini for PC

Thank you very much for

Thank you very much for writing such an interesting article on this topic. This has really made me think and I hope to read more. köpek ağız bakımı

I’ve a undertaking that I am

I’ve a undertaking that I am simply now operating on, and I have been at the look out for such info. news

It was a very good post

It was a very good post indeed. I thoroughly enjoyed reading it in my lunch time. Will surely come and visit this blog more often. Thanks for sharing. Picsart para PC

I found your this post while

I found your this post while searching for some related information on blog search...Its a good post..keep posting and update the information. Picture Perfect 365

Thank you for another great

Thank you for another great article. Where else could anyone get that kind of information in such a perfect way of writing? I have a presentation next week, and I am on the look for such information. PIP Camera App Free Download

I would like to thank you for

I would like to thank you for the efforts you have made in writing this article. I am hoping the same best work from you in the future as well. Thanks... Plague Inc Online

I would like to thank you for

I would like to thank you for the efforts you have made in writing this article. I am hoping the same best work from you in the future as well.. Retrica for PC

Misled re mod_proxy_ajp?

Thanks for this useful article Mark! I was very surprised to hear AJP (mod_proxy_ajp) is not particularly recommended here, as I've been led to believe it would generally perform better than mod_proxy_http. The httpd docs page for this module seems to suggest as much (http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html).

Are there known bugs you have in mind when you state "it has a few more bugs than the other two modules"?

I also got the feeling that since mod_jk uses AJP "under the hood" that mod_proxy_ajp was nearly the same functionality and performance, just different configuration options--just my assumption. Am I way off? You definitely appear to be able to accomplish a lot of similar techniques with either mod_jk or mod_proxy_ajp--again, presumably due to leveraging the AJP protocol.

Lastly, do you _strongly_ discourage mod_proxy_ajp, or is it just a matter of "don't bother if you don't have a good reason"? And I presume the age-old advice, "it depends," of course applies here ;-) Thanks again!

Not misled

I have similar experience of satisfactory performance from mod_proxy_ajp, but it's a relatively new module and many people are still using prepackaged HTTPD instances at version 2.2.3, which is when mod_proxy_ajp was first included and it definitely was buggy back then.

If you're running a recent version, and of course you should be to stay current with bug and security fixes, then there's less likely to be a problem. I wouldn't go as far as to discourage anyone from using it.

For me, mod_proxy_ajp is useful when the configuration requirement is straightforward and uncomplicated.

I've experienced the bug when

I've experienced the bug when clients get pages intended to other clients instead of requested by them. mod_proxy_ajp in httpd 2.2.11 mix responses from Tomcat in some conditions. That was not funny.

BlackMen

It would be better to stick to what you are currently using and to have consistency across your httpd instances.free phonecalls

Some truly wonderful work

Some truly wonderful work on behalf of the owner of this internet site , perfectly great articles .
drug rehab

Most of the time I don’t make

Most of the time I don’t make comments on websites, but I'd like to say that this article really forced me to do so. Really nice post! this one

Your content is nothing short

Your content is nothing short of brilliant in many ways. I think this is engaging and eye-opening material. Thank you so much for caring about your content and your readers. Buy Fake Id Cards

This is highly informatics.

This is highly informatics. crisp and clear. I think that everything has been described in systematic manner so that reader could get maximum information and learn many things. Cymera Photo Editor

Extremely educational post!

Extremely educational post! There is a great deal of data here that can help any business begin with a fruitful informal communication fight! Instamag

Awesome blog. I enjoyed

Awesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work! Youcam Makeup Online

Post new comment

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.