Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Apache httpd reverse proxy and Tomcat

Jean-Frederic Clere
Jean-Frederic Clere

This document discusses Apache httpd reverse proxies and Tomcat. It covers why to use a proxy, common proxy protocols like AJP, HTTP/HTTPS, and HTTP/2. It also provides configuration examples for mod_jk, mod_proxy_ajp, and mod_proxy_http when using Apache httpd as a reverse proxy for Tomcat. Performance comparisons are shown between mod_jk, mod_proxy, and Nginx. The document concludes that a proxy is useful for load balancing, protocol upgrades, and SSL termination between the application server and internet.

1 of 30
Download to read offline
Apache httpd reverse proxy andApache httpd reverse proxy and TomcatTomcat Jean-Frederic ClereJean-Frederic Clere
What I will coverWhat I will cover ● Proxy what and why. ● Protocols – AJP – HTTP/HTTPS (1.1) – HTTP/2 (H2 and H2C) – Others (web-socket etc) ● Proxies – Httpd / Traffic Server / ngix / untertow proxy /mod_cluster 9/19/19 2
What I will cover (2)What I will cover (2) Proxies – httpd – Ngnix Questions? 9/19/19 3
Who I amWho I am Jean-Frederic Clere Red Hat Years writing JAVA code and server software Tomcat committer since 2001 Doing OpenSource since 1999 Cyclist/Runner etc Lived 15 years in Spain (Barcelona) Now in Neuchâtel (CH) 9/19/19 4
What is Proxy?What is Proxy? ● Something between the application server and the internet. ● Load-balancer ● Failover ● Protocol termination – TLS/SSL – HTTP/2 and soon HTTP/3 ● Understands a protocol and possible upgrades. 9/19/19 5
Why a proxy?Why a proxy? ● Control the load ● Serve static pages ● Control requests: mod_security / mod_rewrite etc ● Dynamic configuration (mod_balancer/mod_cluster…) ● Protocol translations 9/19/19 6
AJPAJP ● When – Easy TLS/SSL forwarding ● Limitations – No upgrade – Header size – No encryption – Limited “authentication” (secret) ● mod_proxy_ajp and mod_jk 9/19/19 7
HTTP and HTTPS 1.1HTTP and HTTPS 1.1 ● When: – No SSL forwarding – Using SSLValve ● HTTP/HTTPS: – HTTPS might be need (Encryption/Authentication) – HTTPS on tomcat (openssl again?) – HTTP if you trust your intranet. (really?) ● Other reasons: – HTTP is more developed than AJP 9/19/19 8
H2C ● h2c is only for reverse proxy ● Supported – httpd
Demultiplexing h2 in proxy ● Keep the back-end unchanged ● Keep the overhead of h2 in the proxy
mod_jk configurationmod_jk configuration ● Httpd.confHttpd.conf LoadModule jk_module modules/mod_jk.soLoadModule jk_module modules/mod_jk.so JkMount /jkaj/* worker1JkMount /jkaj/* worker1 JkWorkersFile conf/workers.propertiesJkWorkersFile conf/workers.properties ● propertiesproperties # Define 1 real worker using ajp13# Define 1 real worker using ajp13 worker.list=worker1worker.list=worker1 worker.worker1.type=lbworker.worker1.type=lb worker.worker1.balance_workers=clusterdev03,clusterdev04worker.worker1.balance_workers=clusterdev03,clusterdev04
mod_proxy_ajp configurationmod_proxy_ajp configuration ● Httpd.confHttpd.conf LoadModule slotmem_shm_module modules/mod_slotmem_shm.soLoadModule slotmem_shm_module modules/mod_slotmem_shm.so LoadModule proxy_module modules/mod_proxy.soLoadModule proxy_module modules/mod_proxy.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.soLoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.soLoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.soLoadModule proxy_balancer_module modules/mod_proxy_balancer.so <Proxy balancer://ajp><Proxy balancer://ajp> #192.168.0.140 192.168.0.130 clusterdev04 / 03#192.168.0.140 192.168.0.130 clusterdev04 / 03 BalancerMember ajp://192.168.0.130:8009BalancerMember ajp://192.168.0.130:8009 BalancerMember ajp://192.168.0.140:8009BalancerMember ajp://192.168.0.140:8009 </Proxy></Proxy> ProxyPass /tcaj balancer://ajp/tcajProxyPass /tcaj balancer://ajp/tcaj
mod_proxy_httpd configurationmod_proxy_httpd configuration ● Httpd.confHttpd.conf LoadModule slotmem_shm_module modules/mod_slotmem_shm.soLoadModule slotmem_shm_module modules/mod_slotmem_shm.so LoadModule proxy_module modules/mod_proxy.soLoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.soLoadModule proxy_http_module modules/mod_proxy_http.so LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.soLoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.soLoadModule proxy_balancer_module modules/mod_proxy_balancer.so <Proxy balancer://http><Proxy balancer://http> BalancerMember http://192.168.0.130:8080BalancerMember http://192.168.0.130:8080 BalancerMember http://192.168.0.140:8080BalancerMember http://192.168.0.140:8080 </Proxy></Proxy> ProxyPass /tchp balancer://http/tchpProxyPass /tchp balancer://http/tchp
Comparations mod_jk / mod_proxyComparations mod_jk / mod_proxy 4KiB.bin 8KiB.bin 16KiB.bin 32KiB.bin 64KiB.bin 128KiB.bin 256KiB.bin 512KiB.bin 1M iB.bin 0 10000 20000 30000 40000 50000 60000 70000 Concurency 240 mod_jk proxy_ajp proxy_http11 File Size Kbytes/second
Comparations mod_jk / mod_proxyComparations mod_jk / mod_proxy 4KiB 8KiB 16KiB 32KiB 64KiB 128KiB 256KiB 512KiB 1MiB 0 20 40 60 80 100 120 Concurency 240 mod_jk proxy_ajp proxy_http11 File Size CPUUsage
Conclusion AJP/HTTPConclusion AJP/HTTP ● No big difference mod_proxy_ajp/mod_jkNo big difference mod_proxy_ajp/mod_jk ● AJP more easy (no Valve needed)AJP more easy (no Valve needed) ● AJP not encryptedAJP not encrypted ● AJP has no upgradeAJP has no upgrade
H2C configurationH2C configuration ● Httpd.confHttpd.conf LoadModule proxy_module modules/mod_proxy.soLoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.soLoadModule proxy_http_module modules/mod_proxy_http.so LoadModule http2_module modules/mod_http2.soLoadModule http2_module modules/mod_http2.so – Protocols h2 h2c http/1.1Protocols h2 h2c http/1.1 – LoadModule proxy_http2_module modules/mod_proxy_http2.soLoadModule proxy_http2_module modules/mod_proxy_http2.so – ProxyPass "/tch2" "h2c://192.168.100.215:8888/tch2"ProxyPass "/tch2" "h2c://192.168.100.215:8888/tch2"
H2C configurationH2C configuration ● server.xmlserver.xml <Connector port="8888" protocol="HTTP/1.1" redirectPort="8443"><Connector port="8888" protocol="HTTP/1.1" redirectPort="8443"> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /><UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> </Connector></Connector>
NGNIX versus HTTPNGNIX versus HTTP Is NGNIX better?Is NGNIX better?
NGNIX configurationNGNIX configuration worker_processes 1;worker_processes 1; events {events { worker_connections 1024;worker_connections 1024; }} http {http { upstream myapp1 {upstream myapp1 { server 192.168.100.215:8080;server 192.168.100.215:8080; server 192.168.100.191:8080;server 192.168.100.191:8080; }} server {server { listen 8097 ssl http2;listen 8097 ssl http2; server_name localhost;server_name localhost; ssl_certificate newcert.pem;ssl_certificate newcert.pem; ssl_certificate_key newkey.txt.pem;ssl_certificate_key newkey.txt.pem; ssl_session_cache shared:SSL:1m;ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m;ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5;ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on;ssl_prefer_server_ciphers on; location / {location / { proxy_pass http://myapp1;proxy_pass http://myapp1; }} }} }}
Comparisons ngnix/httpdComparisons ngnix/httpd 4KiB.bin 8KiB.bin 16KiB.bin 32KiB.bin 64KiB.bin 128KiB.bin 256KiB.bin 512KiB.bin 1M iB.bin 0 10000 20000 30000 40000 50000 60000 Concurency 240 ngnix_h2_http11 proxy_h2_http11 File Size Kbytes/second
Comparisons ngnix/httpdComparisons ngnix/httpd 4KiB 8KiB 16KiB 32KiB 64KiB 128KiB256KiB512KiB 1MiB 0 20 40 60 80 100 120 Concurency 240 ngnix_h2_http11 proxy_h2_http11 File Size CPUUsage
Comparisons HTTP11Comparisons HTTP11 4KiB.bin 8KiB.bin 16KiB.bin 32KiB.bin 64KiB.bin 128KiB.bin 256KiB.bin 512KiB.bin 1M iB.bin 0 10000 20000 30000 40000 50000 60000 70000 Concurency 240 ngnix_http11 proxy_http11 File Size Kbytes/second
Comparisons HTTP11Comparisons HTTP11 4KiB 8KiB 16KiB 32KiB 64KiB 128KiB 256KiB 512KiB 1MiB 0 20 40 60 80 100 120 Concurency 240 ngnix_http11 proxy_http11 File Size CPUusage
And so what ngnix?And so what ngnix? ● Hard to conclude (try 2 processes in NGNIX) ● Many process in httpd (try less 5 used) ● Ngnix also uses openssl 9/19/19 25
Other proxiesOther proxies ● HAProxy (in the cloud / openshift for example) ● mod_cluster (httpd dynamic load balancer) ● Undertow proxy (jboss servlet container) ● Ingress (in kubernetes, well Nginx or GCE) ● Traffic Server 9/19/19 26
Other protocolsOther protocols ● Jboss-remoting ● Mix httpd/1.1 websockets ● mod_proxy_wstunnel ● ProxySet "ws://localhost:8080/" upgrade=jboss-remoting ● LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so 9/19/19 27
So proxy or not proxySo proxy or not proxy ● Fail-over : yes ● H2 and old HTTP/1.1 tomcat : yes ● Pure java tomcat + TLS/SSL : yes ● Otherwise: No ● Which proxy: httpd but ngnix too... 9/19/19 28
Questions?Questions? Thank you!Thank you! ● jfclere@gmail.com ● users@tomcat.apache.org ● Repo with the scripts for the tests: – https://github.com/jfclere/AC2014scripts 9/19/19 29
Jean-Frederic Clere @jfclere jfclere@gmail.com

More Related Content

What's hot

Hardware Acceleration in WebKit
Hardware Acceleration in WebKitHardware Acceleration in WebKit
Hardware Acceleration in WebKit
Joone Hur
 
Go and the garbage collection
Go and the garbage collectionGo and the garbage collection
Go and the garbage collection
Joris Bonnefoy
 
Define and expansion of cpp macro
Define and expansion of cpp macroDefine and expansion of cpp macro
Define and expansion of cpp macro
digitalghost
 
In the DOM, no one will hear you scream
In the DOM, no one will hear you screamIn the DOM, no one will hear you scream
In the DOM, no one will hear you scream
Mario Heiderich
 
クエリビルダとEloquent ORM の違い
クエリビルダとEloquent ORM の違いクエリビルダとEloquent ORM の違い
クエリビルダとEloquent ORM の違い
tomo
 
Scriptless Attacks - Stealing the Pie without touching the Sill
Scriptless Attacks - Stealing the Pie without touching the SillScriptless Attacks - Stealing the Pie without touching the Sill
Scriptless Attacks - Stealing the Pie without touching the Sill
Mario Heiderich
 
Spring boot Under Da Hood
Spring boot Under Da HoodSpring boot Under Da Hood
Spring boot Under Da Hood
Michel Schudel
 
OS X Drivers Reverse Engineering
OS X Drivers Reverse EngineeringOS X Drivers Reverse Engineering
OS X Drivers Reverse Engineering
Positive Hack Days
 
ウェブセキュリティの常識
ウェブセキュリティの常識ウェブセキュリティの常識
ウェブセキュリティの常識
Hiroshi Tokumaru
 
[NDC07] 게임 개발에서의 클라이언트 보안 - 송창규
[NDC07] 게임 개발에서의 클라이언트 보안 - 송창규[NDC07] 게임 개발에서의 클라이언트 보안 - 송창규
[NDC07] 게임 개발에서의 클라이언트 보안 - 송창규
ChangKyu Song
 
トピックブランチとは
トピックブランチとはトピックブランチとは
トピックブランチとは
nakajima_yuji
 
OData って何?
OData って何?OData って何?
OData って何?
Yoshitaka Seo
 
Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharing
James Hsieh
 
[야생의 땅: 듀랑고] 서버 아키텍처 - SPOF 없는 분산 MMORPG 서버
[야생의 땅: 듀랑고] 서버 아키텍처 - SPOF 없는 분산 MMORPG 서버[야생의 땅: 듀랑고] 서버 아키텍처 - SPOF 없는 분산 MMORPG 서버
[야생의 땅: 듀랑고] 서버 아키텍처 - SPOF 없는 분산 MMORPG 서버
Heungsub Lee
 
New methods for exploiting ORM injections in Java applications
New methods for exploiting ORM injections in Java applicationsNew methods for exploiting ORM injections in Java applications
New methods for exploiting ORM injections in Java applications
Mikhail Egorov
 
언리얼4 플레이어 컨트롤러의 이해.
언리얼4 플레이어 컨트롤러의 이해.언리얼4 플레이어 컨트롤러의 이해.
언리얼4 플레이어 컨트롤러의 이해.
Wuwon Yu
 
CUDA를 게임 프로젝트에 적용하기
CUDA를 게임 프로젝트에 적용하기CUDA를 게임 프로젝트에 적용하기
CUDA를 게임 프로젝트에 적용하기
YEONG-CHEON YOU
 
COSCUP 2016: Project 52 每週一個小專案來學習 Golang
COSCUP 2016: Project 52 每週一個小專案來學習 GolangCOSCUP 2016: Project 52 每週一個小專案來學習 Golang
COSCUP 2016: Project 52 每週一個小專案來學習 Golang
Evan Lin
 
C#でわかる こわくないMonad
C#でわかる こわくないMonadC#でわかる こわくないMonad
C#でわかる こわくないMonad
Kouji Matsui
 
はじめての Gatling
はじめての Gatlingはじめての Gatling
はじめての Gatling
Naoya Nakazawa
 

What's hot (20)

Hardware Acceleration in WebKit
Hardware Acceleration in WebKitHardware Acceleration in WebKit
Hardware Acceleration in WebKit
 
Go and the garbage collection
Go and the garbage collectionGo and the garbage collection
Go and the garbage collection
 
Define and expansion of cpp macro
Define and expansion of cpp macroDefine and expansion of cpp macro
Define and expansion of cpp macro
 
In the DOM, no one will hear you scream
In the DOM, no one will hear you screamIn the DOM, no one will hear you scream
In the DOM, no one will hear you scream
 
クエリビルダとEloquent ORM の違い
クエリビルダとEloquent ORM の違いクエリビルダとEloquent ORM の違い
クエリビルダとEloquent ORM の違い
 
Scriptless Attacks - Stealing the Pie without touching the Sill
Scriptless Attacks - Stealing the Pie without touching the SillScriptless Attacks - Stealing the Pie without touching the Sill
Scriptless Attacks - Stealing the Pie without touching the Sill
 
Spring boot Under Da Hood
Spring boot Under Da HoodSpring boot Under Da Hood
Spring boot Under Da Hood
 
OS X Drivers Reverse Engineering
OS X Drivers Reverse EngineeringOS X Drivers Reverse Engineering
OS X Drivers Reverse Engineering
 
ウェブセキュリティの常識
ウェブセキュリティの常識ウェブセキュリティの常識
ウェブセキュリティの常識
 
[NDC07] 게임 개발에서의 클라이언트 보안 - 송창규
[NDC07] 게임 개발에서의 클라이언트 보안 - 송창규[NDC07] 게임 개발에서의 클라이언트 보안 - 송창규
[NDC07] 게임 개발에서의 클라이언트 보안 - 송창규
 
トピックブランチとは
トピックブランチとはトピックブランチとは
トピックブランチとは
 
OData って何?
OData って何?OData って何?
OData って何?
 
Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharing
 
[야생의 땅: 듀랑고] 서버 아키텍처 - SPOF 없는 분산 MMORPG 서버
[야생의 땅: 듀랑고] 서버 아키텍처 - SPOF 없는 분산 MMORPG 서버[야생의 땅: 듀랑고] 서버 아키텍처 - SPOF 없는 분산 MMORPG 서버
[야생의 땅: 듀랑고] 서버 아키텍처 - SPOF 없는 분산 MMORPG 서버
 
New methods for exploiting ORM injections in Java applications
New methods for exploiting ORM injections in Java applicationsNew methods for exploiting ORM injections in Java applications
New methods for exploiting ORM injections in Java applications
 
언리얼4 플레이어 컨트롤러의 이해.
언리얼4 플레이어 컨트롤러의 이해.언리얼4 플레이어 컨트롤러의 이해.
언리얼4 플레이어 컨트롤러의 이해.
 
CUDA를 게임 프로젝트에 적용하기
CUDA를 게임 프로젝트에 적용하기CUDA를 게임 프로젝트에 적용하기
CUDA를 게임 프로젝트에 적용하기
 
COSCUP 2016: Project 52 每週一個小專案來學習 Golang
COSCUP 2016: Project 52 每週一個小專案來學習 GolangCOSCUP 2016: Project 52 每週一個小專案來學習 Golang
COSCUP 2016: Project 52 每週一個小專案來學習 Golang
 
C#でわかる こわくないMonad
C#でわかる こわくないMonadC#でわかる こわくないMonad
C#でわかる こわくないMonad
 
はじめての Gatling
はじめての Gatlingはじめての Gatling
はじめての Gatling
 

Similar to Apache httpd reverse proxy and Tomcat

03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf
03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf
03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf
Jean-Frederic Clere
 
03_clere_Proxing to tomcat with httpd.pdf
03_clere_Proxing to tomcat with httpd.pdf03_clere_Proxing to tomcat with httpd.pdf
03_clere_Proxing to tomcat with httpd.pdf
Jean-Frederic Clere
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to Practice
Docker, Inc.
 
Container orchestration from theory to practice
Container orchestration from theory to practiceContainer orchestration from theory to practice
Container orchestration from theory to practice
Docker, Inc.
 
Ob1k presentation at Java.IL
Ob1k presentation at Java.ILOb1k presentation at Java.IL
Ob1k presentation at Java.IL
Eran Harel
 
Solving anything in VCL
Solving anything in VCLSolving anything in VCL
Solving anything in VCL
Fastly
 
Apache Web Services
Apache Web ServicesApache Web Services
Apache Web Services
lkurriger
 
The Recording HTTP Proxy: Not Yet Another Messiah - Bulgaria PHP 2019
The Recording HTTP Proxy: Not Yet Another Messiah - Bulgaria PHP 2019The Recording HTTP Proxy: Not Yet Another Messiah - Bulgaria PHP 2019
The Recording HTTP Proxy: Not Yet Another Messiah - Bulgaria PHP 2019
Viktor Todorov
 
Socket programming, and openresty
Socket programming, and openrestySocket programming, and openresty
Socket programming, and openresty
Tavish Naruka
 
202107 - Orion introduction - COSCUP
202107 - Orion introduction - COSCUP202107 - Orion introduction - COSCUP
202107 - Orion introduction - COSCUP
Ronald Hsu
 
Docker Monitoring Webinar
Docker Monitoring WebinarDocker Monitoring Webinar
Docker Monitoring Webinar
Sematext Group, Inc.
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
NGINX, Inc.
 
Tomcat next
Tomcat nextTomcat next
Tomcat next
Jean-Frederic Clere
 
NGINX: HTTP/2 Server Push and gRPC
NGINX: HTTP/2 Server Push and gRPCNGINX: HTTP/2 Server Push and gRPC
NGINX: HTTP/2 Server Push and gRPC
NGINX, Inc.
 
WebTalk - Implementing Web Services with a dedicated Java daemon
WebTalk - Implementing Web Services with a dedicated Java daemonWebTalk - Implementing Web Services with a dedicated Java daemon
WebTalk - Implementing Web Services with a dedicated Java daemon
Geert Van Pamel
 
Docker for mac & local developer environment optimization
Docker for mac & local developer environment optimizationDocker for mac & local developer environment optimization
Docker for mac & local developer environment optimization
Radek Baczynski
 
HTTP2
HTTP2HTTP2
HTTP2
Mateus Prado
 
Tornado Web Server Internals
Tornado Web Server InternalsTornado Web Server Internals
Tornado Web Server Internals
Praveen Gollakota
 
NGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX: HTTP/2 Server Push and gRPC – EMEANGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX, Inc.
 
Start tracking your ruby infrastructure
Start tracking your ruby infrastructureStart tracking your ruby infrastructure
Start tracking your ruby infrastructure
Sergiy Kukunin
 

Similar to Apache httpd reverse proxy and Tomcat (20)

03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf
03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf
03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf
 
03_clere_Proxing to tomcat with httpd.pdf
03_clere_Proxing to tomcat with httpd.pdf03_clere_Proxing to tomcat with httpd.pdf
03_clere_Proxing to tomcat with httpd.pdf
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to Practice
 
Container orchestration from theory to practice
Container orchestration from theory to practiceContainer orchestration from theory to practice
Container orchestration from theory to practice
 
Ob1k presentation at Java.IL
Ob1k presentation at Java.ILOb1k presentation at Java.IL
Ob1k presentation at Java.IL
 
Solving anything in VCL
Solving anything in VCLSolving anything in VCL
Solving anything in VCL
 
Apache Web Services
Apache Web ServicesApache Web Services
Apache Web Services
 
The Recording HTTP Proxy: Not Yet Another Messiah - Bulgaria PHP 2019
The Recording HTTP Proxy: Not Yet Another Messiah - Bulgaria PHP 2019The Recording HTTP Proxy: Not Yet Another Messiah - Bulgaria PHP 2019
The Recording HTTP Proxy: Not Yet Another Messiah - Bulgaria PHP 2019
 
Socket programming, and openresty
Socket programming, and openrestySocket programming, and openresty
Socket programming, and openresty
 
202107 - Orion introduction - COSCUP
202107 - Orion introduction - COSCUP202107 - Orion introduction - COSCUP
202107 - Orion introduction - COSCUP
 
Docker Monitoring Webinar
Docker Monitoring WebinarDocker Monitoring Webinar
Docker Monitoring Webinar
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
 
Tomcat next
Tomcat nextTomcat next
Tomcat next
 
NGINX: HTTP/2 Server Push and gRPC
NGINX: HTTP/2 Server Push and gRPCNGINX: HTTP/2 Server Push and gRPC
NGINX: HTTP/2 Server Push and gRPC
 
WebTalk - Implementing Web Services with a dedicated Java daemon
WebTalk - Implementing Web Services with a dedicated Java daemonWebTalk - Implementing Web Services with a dedicated Java daemon
WebTalk - Implementing Web Services with a dedicated Java daemon
 
Docker for mac & local developer environment optimization
Docker for mac & local developer environment optimizationDocker for mac & local developer environment optimization
Docker for mac & local developer environment optimization
 
HTTP2
HTTP2HTTP2
HTTP2
 
Tornado Web Server Internals
Tornado Web Server InternalsTornado Web Server Internals
Tornado Web Server Internals
 
NGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX: HTTP/2 Server Push and gRPC – EMEANGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX: HTTP/2 Server Push and gRPC – EMEA
 
Start tracking your ruby infrastructure
Start tracking your ruby infrastructureStart tracking your ruby infrastructure
Start tracking your ruby infrastructure
 

More from Jean-Frederic Clere

Panama.pdf
Panama.pdfPanama.pdf
Panama.pdf
Jean-Frederic Clere
 
01_clere_Having fun with a solar panel, camera and raspberry. How with a few ...
01_clere_Having fun with a solar panel, camera and raspberry. How with a few ...01_clere_Having fun with a solar panel, camera and raspberry. How with a few ...
01_clere_Having fun with a solar panel, camera and raspberry. How with a few ...
Jean-Frederic Clere
 
Apache Httpd and TLS certificates validations
Apache Httpd and TLS certificates validationsApache Httpd and TLS certificates validations
Apache Httpd and TLS certificates validations
Jean-Frederic Clere
 
Cloud RPI4 tomcat ARM64
Cloud RPI4 tomcat ARM64Cloud RPI4 tomcat ARM64
Cloud RPI4 tomcat ARM64
Jean-Frederic Clere
 
From a cluster to the Cloud
From a cluster to the CloudFrom a cluster to the Cloud
From a cluster to the Cloud
Jean-Frederic Clere
 
HTTP/2, HTTP/3 and SSL/TLS State of the Art in Our Servers
HTTP/2, HTTP/3 and SSL/TLS State of the Art in Our ServersHTTP/2, HTTP/3 and SSL/TLS State of the Art in Our Servers
HTTP/2, HTTP/3 and SSL/TLS State of the Art in Our Servers
Jean-Frederic Clere
 
Apache httpd and TLS/SSL certificates validation
Apache httpd and TLS/SSL certificates validationApache httpd and TLS/SSL certificates validation
Apache httpd and TLS/SSL certificates validation
Jean-Frederic Clere
 
Juggva cloud
Juggva cloudJuggva cloud
Juggva cloud
Jean-Frederic Clere
 
TomcatCon: from a cluster to the cloud
TomcatCon: from a cluster to the cloudTomcatCon: from a cluster to the cloud
TomcatCon: from a cluster to the cloud
Jean-Frederic Clere
 
Tomcat from a cluster to the cloud on RP3
Tomcat from a cluster to the cloud on RP3Tomcat from a cluster to the cloud on RP3
Tomcat from a cluster to the cloud on RP3
Jean-Frederic Clere
 
Having fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projectsHaving fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projects
Jean-Frederic Clere
 
Tomcat openssl
Tomcat opensslTomcat openssl
Tomcat openssl
Jean-Frederic Clere
 
Having fun with Raspberry and Apache projects
Having fun with Raspberry and Apache projectsHaving fun with Raspberry and Apache projects
Having fun with Raspberry and Apache projects
Jean-Frederic Clere
 
HTTP/2 and SSL/TLS state of art in ASF servers
HTTP/2 and SSL/TLS state of art in ASF serversHTTP/2 and SSL/TLS state of art in ASF servers
HTTP/2 and SSL/TLS state of art in ASF servers
Jean-Frederic Clere
 
Tomcat next
Tomcat nextTomcat next
Tomcat next
Jean-Frederic Clere
 
Native 1.2.8
Native 1.2.8Native 1.2.8
Native 1.2.8
Jean-Frederic Clere
 
Tomcat openssl
Tomcat opensslTomcat openssl
Tomcat openssl
Jean-Frederic Clere
 

More from Jean-Frederic Clere (17)

Panama.pdf
Panama.pdfPanama.pdf
Panama.pdf
 
01_clere_Having fun with a solar panel, camera and raspberry. How with a few ...
01_clere_Having fun with a solar panel, camera and raspberry. How with a few ...01_clere_Having fun with a solar panel, camera and raspberry. How with a few ...
01_clere_Having fun with a solar panel, camera and raspberry. How with a few ...
 
Apache Httpd and TLS certificates validations
Apache Httpd and TLS certificates validationsApache Httpd and TLS certificates validations
Apache Httpd and TLS certificates validations
 
Cloud RPI4 tomcat ARM64
Cloud RPI4 tomcat ARM64Cloud RPI4 tomcat ARM64
Cloud RPI4 tomcat ARM64
 
From a cluster to the Cloud
From a cluster to the CloudFrom a cluster to the Cloud
From a cluster to the Cloud
 
HTTP/2, HTTP/3 and SSL/TLS State of the Art in Our Servers
HTTP/2, HTTP/3 and SSL/TLS State of the Art in Our ServersHTTP/2, HTTP/3 and SSL/TLS State of the Art in Our Servers
HTTP/2, HTTP/3 and SSL/TLS State of the Art in Our Servers
 
Apache httpd and TLS/SSL certificates validation
Apache httpd and TLS/SSL certificates validationApache httpd and TLS/SSL certificates validation
Apache httpd and TLS/SSL certificates validation
 
Juggva cloud
Juggva cloudJuggva cloud
Juggva cloud
 
TomcatCon: from a cluster to the cloud
TomcatCon: from a cluster to the cloudTomcatCon: from a cluster to the cloud
TomcatCon: from a cluster to the cloud
 
Tomcat from a cluster to the cloud on RP3
Tomcat from a cluster to the cloud on RP3Tomcat from a cluster to the cloud on RP3
Tomcat from a cluster to the cloud on RP3
 
Having fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projectsHaving fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projects
 
Tomcat openssl
Tomcat opensslTomcat openssl
Tomcat openssl
 
Having fun with Raspberry and Apache projects
Having fun with Raspberry and Apache projectsHaving fun with Raspberry and Apache projects
Having fun with Raspberry and Apache projects
 
HTTP/2 and SSL/TLS state of art in ASF servers
HTTP/2 and SSL/TLS state of art in ASF serversHTTP/2 and SSL/TLS state of art in ASF servers
HTTP/2 and SSL/TLS state of art in ASF servers
 
Tomcat next
Tomcat nextTomcat next
Tomcat next
 
Native 1.2.8
Native 1.2.8Native 1.2.8
Native 1.2.8
 
Tomcat openssl
Tomcat opensslTomcat openssl
Tomcat openssl
 

Recently uploaded

@Call @Girls in Tiruppur 🤷‍♂️ XXXXXXXX 🤷‍♂️ Tanisha Sharma Best High Class ...
@Call @Girls in Tiruppur 🤷‍♂️ XXXXXXXX 🤷‍♂️ Tanisha Sharma Best High Class ... @Call @Girls in Tiruppur 🤷‍♂️ XXXXXXXX 🤷‍♂️ Tanisha Sharma Best High Class ...
@Call @Girls in Tiruppur 🤷‍♂️ XXXXXXXX 🤷‍♂️ Tanisha Sharma Best High Class ...
Mona Rathore
 
ColdBox Debugger v4.2.0: Unveiling Advanced Debugging Techniques for ColdBox ...
ColdBox Debugger v4.2.0: Unveiling Advanced Debugging Techniques for ColdBox ...ColdBox Debugger v4.2.0: Unveiling Advanced Debugging Techniques for ColdBox ...
ColdBox Debugger v4.2.0: Unveiling Advanced Debugging Techniques for ColdBox ...
Ortus Solutions, Corp
 
Non-Functional Testing Guide_ Exploring Its Types, Importance and Tools.pdf
Non-Functional Testing Guide_ Exploring Its Types, Importance and Tools.pdfNon-Functional Testing Guide_ Exploring Its Types, Importance and Tools.pdf
Non-Functional Testing Guide_ Exploring Its Types, Importance and Tools.pdf
kalichargn70th171
 
Java SE 17 Study Guide for Certification - Chapter 01
Java SE 17 Study Guide for Certification - Chapter 01Java SE 17 Study Guide for Certification - Chapter 01
Java SE 17 Study Guide for Certification - Chapter 01
williamrobertherman
 
Development of Chatbot Using AI\ML Technologies
Development of Chatbot Using AI\ML TechnologiesDevelopment of Chatbot Using AI\ML Technologies
Development of Chatbot Using AI\ML Technologies
MaisnamLuwangPibarel
 
Top 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your WebsiteTop 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your Website
e-Definers Technology
 
Break data silos with real-time connectivity using Confluent Cloud Connectors
Break data silos with real-time connectivity using Confluent Cloud ConnectorsBreak data silos with real-time connectivity using Confluent Cloud Connectors
Break data silos with real-time connectivity using Confluent Cloud Connectors
confluent
 
Splunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptxSplunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptx
sudsdeep
 
How we built TryBoxLang in under 48 hours
How we built TryBoxLang in under 48 hoursHow we built TryBoxLang in under 48 hours
How we built TryBoxLang in under 48 hours
Ortus Solutions, Corp
 
mobile-app-development-company-in-noida.pdf
mobile-app-development-company-in-noida.pdfmobile-app-development-company-in-noida.pdf
mobile-app-development-company-in-noida.pdf
Mobile App Development Company in Noida - Drona Infotech
 
@Call @Girls in Saharanpur 🐱‍🐉 XXXXXXXXXX 🐱‍🐉 Tanisha Sharma Best High Clas...
@Call @Girls in Saharanpur 🐱‍🐉 XXXXXXXXXX 🐱‍🐉 Tanisha Sharma Best High Clas... @Call @Girls in Saharanpur 🐱‍🐉 XXXXXXXXXX 🐱‍🐉 Tanisha Sharma Best High Clas...
@Call @Girls in Saharanpur 🐱‍🐉 XXXXXXXXXX 🐱‍🐉 Tanisha Sharma Best High Clas...
AlinaDevecerski
 
Migrate your Infrastructure to the AWS Cloud
Migrate your Infrastructure to the AWS CloudMigrate your Infrastructure to the AWS Cloud
Migrate your Infrastructure to the AWS Cloud
Ortus Solutions, Corp
 
Java SE 17 Study Guide for Certification - Chapter 02
Java SE 17 Study Guide for Certification - Chapter 02Java SE 17 Study Guide for Certification - Chapter 02
Java SE 17 Study Guide for Certification - Chapter 02
williamrobertherman
 
dachnug51 - HCL Domino Roadmap .pdf
dachnug51 - HCL Domino Roadmap .pdfdachnug51 - HCL Domino Roadmap .pdf
dachnug51 - HCL Domino Roadmap .pdf
DNUG e.V.
 
Seamless PostgreSQL to Snowflake Data Transfer in 8 Simple Steps
Seamless PostgreSQL to Snowflake Data Transfer in 8 Simple StepsSeamless PostgreSQL to Snowflake Data Transfer in 8 Simple Steps
Seamless PostgreSQL to Snowflake Data Transfer in 8 Simple Steps
Estuary Flow
 
Panvel @Call @Girls Whatsapp 9833363713 With High Profile Offer
Panvel @Call @Girls Whatsapp 9833363713 With High Profile OfferPanvel @Call @Girls Whatsapp 9833363713 With High Profile Offer
Panvel @Call @Girls Whatsapp 9833363713 With High Profile Offer
$A19
 
YouTube SEO Mastery ......................
YouTube SEO Mastery ......................YouTube SEO Mastery ......................
YouTube SEO Mastery ......................
islamiato717
 
Web Hosting with CommandBox and CommandBox Pro
Web Hosting with CommandBox and CommandBox ProWeb Hosting with CommandBox and CommandBox Pro
Web Hosting with CommandBox and CommandBox Pro
Ortus Solutions, Corp
 
BoxLang Developer Tooling: VSCode Extension and Debugger
BoxLang Developer Tooling: VSCode Extension and DebuggerBoxLang Developer Tooling: VSCode Extension and Debugger
BoxLang Developer Tooling: VSCode Extension and Debugger
Ortus Solutions, Corp
 
Design system: The basis for a consistent design
Design system: The basis for a consistent designDesign system: The basis for a consistent design
Design system: The basis for a consistent design
Ortus Solutions, Corp
 

Recently uploaded (20)

@Call @Girls in Tiruppur 🤷‍♂️ XXXXXXXX 🤷‍♂️ Tanisha Sharma Best High Class ...
@Call @Girls in Tiruppur 🤷‍♂️ XXXXXXXX 🤷‍♂️ Tanisha Sharma Best High Class ... @Call @Girls in Tiruppur 🤷‍♂️ XXXXXXXX 🤷‍♂️ Tanisha Sharma Best High Class ...
@Call @Girls in Tiruppur 🤷‍♂️ XXXXXXXX 🤷‍♂️ Tanisha Sharma Best High Class ...
 
ColdBox Debugger v4.2.0: Unveiling Advanced Debugging Techniques for ColdBox ...
ColdBox Debugger v4.2.0: Unveiling Advanced Debugging Techniques for ColdBox ...ColdBox Debugger v4.2.0: Unveiling Advanced Debugging Techniques for ColdBox ...
ColdBox Debugger v4.2.0: Unveiling Advanced Debugging Techniques for ColdBox ...
 
Non-Functional Testing Guide_ Exploring Its Types, Importance and Tools.pdf
Non-Functional Testing Guide_ Exploring Its Types, Importance and Tools.pdfNon-Functional Testing Guide_ Exploring Its Types, Importance and Tools.pdf
Non-Functional Testing Guide_ Exploring Its Types, Importance and Tools.pdf
 
Java SE 17 Study Guide for Certification - Chapter 01
Java SE 17 Study Guide for Certification - Chapter 01Java SE 17 Study Guide for Certification - Chapter 01
Java SE 17 Study Guide for Certification - Chapter 01
 
Development of Chatbot Using AI\ML Technologies
Development of Chatbot Using AI\ML TechnologiesDevelopment of Chatbot Using AI\ML Technologies
Development of Chatbot Using AI\ML Technologies
 
Top 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your WebsiteTop 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your Website
 
Break data silos with real-time connectivity using Confluent Cloud Connectors
Break data silos with real-time connectivity using Confluent Cloud ConnectorsBreak data silos with real-time connectivity using Confluent Cloud Connectors
Break data silos with real-time connectivity using Confluent Cloud Connectors
 
Splunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptxSplunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptx
 
How we built TryBoxLang in under 48 hours
How we built TryBoxLang in under 48 hoursHow we built TryBoxLang in under 48 hours
How we built TryBoxLang in under 48 hours
 
mobile-app-development-company-in-noida.pdf
mobile-app-development-company-in-noida.pdfmobile-app-development-company-in-noida.pdf
mobile-app-development-company-in-noida.pdf
 
@Call @Girls in Saharanpur 🐱‍🐉 XXXXXXXXXX 🐱‍🐉 Tanisha Sharma Best High Clas...
@Call @Girls in Saharanpur 🐱‍🐉 XXXXXXXXXX 🐱‍🐉 Tanisha Sharma Best High Clas... @Call @Girls in Saharanpur 🐱‍🐉 XXXXXXXXXX 🐱‍🐉 Tanisha Sharma Best High Clas...
@Call @Girls in Saharanpur 🐱‍🐉 XXXXXXXXXX 🐱‍🐉 Tanisha Sharma Best High Clas...
 
Migrate your Infrastructure to the AWS Cloud
Migrate your Infrastructure to the AWS CloudMigrate your Infrastructure to the AWS Cloud
Migrate your Infrastructure to the AWS Cloud
 
Java SE 17 Study Guide for Certification - Chapter 02
Java SE 17 Study Guide for Certification - Chapter 02Java SE 17 Study Guide for Certification - Chapter 02
Java SE 17 Study Guide for Certification - Chapter 02
 
dachnug51 - HCL Domino Roadmap .pdf
dachnug51 - HCL Domino Roadmap .pdfdachnug51 - HCL Domino Roadmap .pdf
dachnug51 - HCL Domino Roadmap .pdf
 
Seamless PostgreSQL to Snowflake Data Transfer in 8 Simple Steps
Seamless PostgreSQL to Snowflake Data Transfer in 8 Simple StepsSeamless PostgreSQL to Snowflake Data Transfer in 8 Simple Steps
Seamless PostgreSQL to Snowflake Data Transfer in 8 Simple Steps
 
Panvel @Call @Girls Whatsapp 9833363713 With High Profile Offer
Panvel @Call @Girls Whatsapp 9833363713 With High Profile OfferPanvel @Call @Girls Whatsapp 9833363713 With High Profile Offer
Panvel @Call @Girls Whatsapp 9833363713 With High Profile Offer
 
YouTube SEO Mastery ......................
YouTube SEO Mastery ......................YouTube SEO Mastery ......................
YouTube SEO Mastery ......................
 
Web Hosting with CommandBox and CommandBox Pro
Web Hosting with CommandBox and CommandBox ProWeb Hosting with CommandBox and CommandBox Pro
Web Hosting with CommandBox and CommandBox Pro
 
BoxLang Developer Tooling: VSCode Extension and Debugger
BoxLang Developer Tooling: VSCode Extension and DebuggerBoxLang Developer Tooling: VSCode Extension and Debugger
BoxLang Developer Tooling: VSCode Extension and Debugger
 
Design system: The basis for a consistent design
Design system: The basis for a consistent designDesign system: The basis for a consistent design
Design system: The basis for a consistent design
 

Apache httpd reverse proxy and Tomcat

  • 1. Apache httpd reverse proxy andApache httpd reverse proxy and TomcatTomcat Jean-Frederic ClereJean-Frederic Clere
  • 2. What I will coverWhat I will cover ● Proxy what and why. ● Protocols – AJP – HTTP/HTTPS (1.1) – HTTP/2 (H2 and H2C) – Others (web-socket etc) ● Proxies – Httpd / Traffic Server / ngix / untertow proxy /mod_cluster 9/19/19 2
  • 3. What I will cover (2)What I will cover (2) Proxies – httpd – Ngnix Questions? 9/19/19 3
  • 4. Who I amWho I am Jean-Frederic Clere Red Hat Years writing JAVA code and server software Tomcat committer since 2001 Doing OpenSource since 1999 Cyclist/Runner etc Lived 15 years in Spain (Barcelona) Now in Neuchâtel (CH) 9/19/19 4
  • 5. What is Proxy?What is Proxy? ● Something between the application server and the internet. ● Load-balancer ● Failover ● Protocol termination – TLS/SSL – HTTP/2 and soon HTTP/3 ● Understands a protocol and possible upgrades. 9/19/19 5
  • 6. Why a proxy?Why a proxy? ● Control the load ● Serve static pages ● Control requests: mod_security / mod_rewrite etc ● Dynamic configuration (mod_balancer/mod_cluster…) ● Protocol translations 9/19/19 6
  • 7. AJPAJP ● When – Easy TLS/SSL forwarding ● Limitations – No upgrade – Header size – No encryption – Limited “authentication” (secret) ● mod_proxy_ajp and mod_jk 9/19/19 7
  • 8. HTTP and HTTPS 1.1HTTP and HTTPS 1.1 ● When: – No SSL forwarding – Using SSLValve ● HTTP/HTTPS: – HTTPS might be need (Encryption/Authentication) – HTTPS on tomcat (openssl again?) – HTTP if you trust your intranet. (really?) ● Other reasons: – HTTP is more developed than AJP 9/19/19 8
  • 9. H2C ● h2c is only for reverse proxy ● Supported – httpd
  • 10. Demultiplexing h2 in proxy ● Keep the back-end unchanged ● Keep the overhead of h2 in the proxy
  • 11. mod_jk configurationmod_jk configuration ● Httpd.confHttpd.conf LoadModule jk_module modules/mod_jk.soLoadModule jk_module modules/mod_jk.so JkMount /jkaj/* worker1JkMount /jkaj/* worker1 JkWorkersFile conf/workers.propertiesJkWorkersFile conf/workers.properties ● propertiesproperties # Define 1 real worker using ajp13# Define 1 real worker using ajp13 worker.list=worker1worker.list=worker1 worker.worker1.type=lbworker.worker1.type=lb worker.worker1.balance_workers=clusterdev03,clusterdev04worker.worker1.balance_workers=clusterdev03,clusterdev04
  • 12. mod_proxy_ajp configurationmod_proxy_ajp configuration ● Httpd.confHttpd.conf LoadModule slotmem_shm_module modules/mod_slotmem_shm.soLoadModule slotmem_shm_module modules/mod_slotmem_shm.so LoadModule proxy_module modules/mod_proxy.soLoadModule proxy_module modules/mod_proxy.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.soLoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.soLoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.soLoadModule proxy_balancer_module modules/mod_proxy_balancer.so <Proxy balancer://ajp><Proxy balancer://ajp> #192.168.0.140 192.168.0.130 clusterdev04 / 03#192.168.0.140 192.168.0.130 clusterdev04 / 03 BalancerMember ajp://192.168.0.130:8009BalancerMember ajp://192.168.0.130:8009 BalancerMember ajp://192.168.0.140:8009BalancerMember ajp://192.168.0.140:8009 </Proxy></Proxy> ProxyPass /tcaj balancer://ajp/tcajProxyPass /tcaj balancer://ajp/tcaj
  • 13. mod_proxy_httpd configurationmod_proxy_httpd configuration ● Httpd.confHttpd.conf LoadModule slotmem_shm_module modules/mod_slotmem_shm.soLoadModule slotmem_shm_module modules/mod_slotmem_shm.so LoadModule proxy_module modules/mod_proxy.soLoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.soLoadModule proxy_http_module modules/mod_proxy_http.so LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.soLoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.soLoadModule proxy_balancer_module modules/mod_proxy_balancer.so <Proxy balancer://http><Proxy balancer://http> BalancerMember http://192.168.0.130:8080BalancerMember http://192.168.0.130:8080 BalancerMember http://192.168.0.140:8080BalancerMember http://192.168.0.140:8080 </Proxy></Proxy> ProxyPass /tchp balancer://http/tchpProxyPass /tchp balancer://http/tchp
  • 14. Comparations mod_jk / mod_proxyComparations mod_jk / mod_proxy 4KiB.bin 8KiB.bin 16KiB.bin 32KiB.bin 64KiB.bin 128KiB.bin 256KiB.bin 512KiB.bin 1M iB.bin 0 10000 20000 30000 40000 50000 60000 70000 Concurency 240 mod_jk proxy_ajp proxy_http11 File Size Kbytes/second
  • 15. Comparations mod_jk / mod_proxyComparations mod_jk / mod_proxy 4KiB 8KiB 16KiB 32KiB 64KiB 128KiB 256KiB 512KiB 1MiB 0 20 40 60 80 100 120 Concurency 240 mod_jk proxy_ajp proxy_http11 File Size CPUUsage
  • 16. Conclusion AJP/HTTPConclusion AJP/HTTP ● No big difference mod_proxy_ajp/mod_jkNo big difference mod_proxy_ajp/mod_jk ● AJP more easy (no Valve needed)AJP more easy (no Valve needed) ● AJP not encryptedAJP not encrypted ● AJP has no upgradeAJP has no upgrade
  • 17. H2C configurationH2C configuration ● Httpd.confHttpd.conf LoadModule proxy_module modules/mod_proxy.soLoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.soLoadModule proxy_http_module modules/mod_proxy_http.so LoadModule http2_module modules/mod_http2.soLoadModule http2_module modules/mod_http2.so – Protocols h2 h2c http/1.1Protocols h2 h2c http/1.1 – LoadModule proxy_http2_module modules/mod_proxy_http2.soLoadModule proxy_http2_module modules/mod_proxy_http2.so – ProxyPass "/tch2" "h2c://192.168.100.215:8888/tch2"ProxyPass "/tch2" "h2c://192.168.100.215:8888/tch2"
  • 18. H2C configurationH2C configuration ● server.xmlserver.xml <Connector port="8888" protocol="HTTP/1.1" redirectPort="8443"><Connector port="8888" protocol="HTTP/1.1" redirectPort="8443"> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /><UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> </Connector></Connector>
  • 19. NGNIX versus HTTPNGNIX versus HTTP Is NGNIX better?Is NGNIX better?
  • 20. NGNIX configurationNGNIX configuration worker_processes 1;worker_processes 1; events {events { worker_connections 1024;worker_connections 1024; }} http {http { upstream myapp1 {upstream myapp1 { server 192.168.100.215:8080;server 192.168.100.215:8080; server 192.168.100.191:8080;server 192.168.100.191:8080; }} server {server { listen 8097 ssl http2;listen 8097 ssl http2; server_name localhost;server_name localhost; ssl_certificate newcert.pem;ssl_certificate newcert.pem; ssl_certificate_key newkey.txt.pem;ssl_certificate_key newkey.txt.pem; ssl_session_cache shared:SSL:1m;ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m;ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5;ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on;ssl_prefer_server_ciphers on; location / {location / { proxy_pass http://myapp1;proxy_pass http://myapp1; }} }} }}
  • 22. Comparisons ngnix/httpdComparisons ngnix/httpd 4KiB 8KiB 16KiB 32KiB 64KiB 128KiB256KiB512KiB 1MiB 0 20 40 60 80 100 120 Concurency 240 ngnix_h2_http11 proxy_h2_http11 File Size CPUUsage
  • 24. Comparisons HTTP11Comparisons HTTP11 4KiB 8KiB 16KiB 32KiB 64KiB 128KiB 256KiB 512KiB 1MiB 0 20 40 60 80 100 120 Concurency 240 ngnix_http11 proxy_http11 File Size CPUusage
  • 25. And so what ngnix?And so what ngnix? ● Hard to conclude (try 2 processes in NGNIX) ● Many process in httpd (try less 5 used) ● Ngnix also uses openssl 9/19/19 25
  • 26. Other proxiesOther proxies ● HAProxy (in the cloud / openshift for example) ● mod_cluster (httpd dynamic load balancer) ● Undertow proxy (jboss servlet container) ● Ingress (in kubernetes, well Nginx or GCE) ● Traffic Server 9/19/19 26
  • 27. Other protocolsOther protocols ● Jboss-remoting ● Mix httpd/1.1 websockets ● mod_proxy_wstunnel ● ProxySet "ws://localhost:8080/" upgrade=jboss-remoting ● LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so 9/19/19 27
  • 28. So proxy or not proxySo proxy or not proxy ● Fail-over : yes ● H2 and old HTTP/1.1 tomcat : yes ● Pure java tomcat + TLS/SSL : yes ● Otherwise: No ● Which proxy: httpd but ngnix too... 9/19/19 28
  • 29. Questions?Questions? Thank you!Thank you! ● jfclere@gmail.com ● users@tomcat.apache.org ● Repo with the scripts for the tests: – https://github.com/jfclere/AC2014scripts 9/19/19 29