apache to tomcat: mod_jk vs mod_proxy
Asked Answered
H

3

113

What are the advantages and disadvantages of using mod_jk and mod_proxy for fronting a tomcat instance with apache?

I've been using mod_jk in production for years but I've heard that it's "the old way" of fronting tomcat. Should I consider changing? Would there be any benefits?

Hexastyle answered 4/7, 2009 at 10:7 Comment(1)
We’ve had more trouble with all mod_proxy_* variants and use mod_jk in production successfully, for both Tomcat (5.5, 6, 7) and JBoss/WildFly.Etrem
H
90

A pros/cons comparison for those modules exists on http://blog.jboss.org/

mod_proxy

* Pros:
      o No need for a separate module compilation and maintenance. mod_proxy,
        mod_proxy_http, mod_proxy_ajp and mod_proxy_balancer comes as part of 
        standard Apache 2.2+ distribution
      o Ability to use http https or AJP protocols, even within the same 
        balancer.
* Cons:
      o mod_proxy_ajp does not support large 8K+ packet sizes.
      o Basic load balancer
      o Does not support Domain model clustering

mod_jk

* Pros:
      o Advanced load balancer
      o Advanced node failure detection
      o Support for large AJP packet sizes
* Cons:
      o Need to build and maintain a separate module
Hexastyle answered 6/7, 2009 at 18:27 Comment(8)
What if your using Apache 2.0?Amblyopia
I find this blog entry tomcatexpert.com/blog/2010/06/16/… helpful.Dump
"Need to build and maintain a separate module" it ships with apache so you don't need to build something...Phonetist
@yura - That may depend on your OS version. Centos 7.x does not appear to have the module available and it is not available by default in apache 2.4: httpd.apache.org/docs/2.4/modSatiate
Specifically see wiki.apache.org/tomcat/FAQ/Connectors#Q7 who @daniel-serodio referenced... Where can I download a binary distribution of my connector? You cannot: you need to download the source and compile it for your platform.Satiate
Should it not be 8KB and not 8K?Nea
In some environments encryption is important. AJP cannot encrypt at all, while mod_proxy can switch to https.Exaggerated
This answer may be out-of-date by now. mod_proxy_ajp does support larger packet sizes using ProxyIOBufferSize, and mod_proxy capabilities have improved quite a bit over the past decade.Maomaoism
C
29

If you wish to stay in Apache land, you can also try the newer mod_proxy_ajp, which uses the AJP protocol to communicate with Tomcat instead of plain old HTTP, but which leverages mod_proxy to do the work.

Crux answered 4/7, 2009 at 10:27 Comment(3)
Thanks. But do you know what does the proxy_ajp would offer more than jk?Hexastyle
Yes, all the controls and (relatively) ease of configuration of mod_proxy, with the speed benefits of the AJP protocol (instead of using HTTP)Crux
AJP uses a binary format so in theory, it's suppose to provide better performance. I've never performance tested AJP vs HTTP proxying though.Cuman
H
4

AJP vs HTTP

When using mod_jk, you are using the AJP. When using mod_proxy you will use HTTP or HTTPS. And this is essentially what makes all the difference.

The Apache JServ Protocol (AJP)

The Apache JServ Protocol (AJP) is a binary protocol that can proxy inbound requests from a web server through to an application server that sits behind the web server. AJP is a highly trusted protocol and should never be exposed to untrusted clients, which could use it to gain access to sensitive information or execute code on the application server.

Pros

  • Easy to set up as the correct forwarding of HTTP headers is not required.
  • It is less resource intensive because the TCP packets are forwarded in binary format instead of doing a costly HTTP exchange.

Cons

  • Transferred data is not encrypted. It should only be used within trusted networks.

Hypertext Transfer Protocol (HTTP)

HTTP functions as a request–response protocol in the client–server computing model. A web browser, for example, may be the client and an application running on a computer hosting a website may be the server. The client submits an HTTP request message to the server. The server, which provides resources such as HTML files and other content, or performs other functions on behalf of the client, returns a response message to the client. The response contains completion status information about the request and may also contain requested content in its message body.

Pros

  • Can be encrypted with SSL/TLS making it suitable for traffic across untrusted networks.
  • It is flexible as it allows to modify the request before forwarding. For example, setting custom headers.

Cons

  • More overhead as the correct forwarding of the HTTP headers has to be ensured.
  • More resource intensive as the request is fully parsed before forwarding.
Hazan answered 25/10, 2020 at 11:0 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.