Apache Tomcat and Apache HTTP web server integration –
1. I would advice to use Apache http web server module “mod_jk” instead of “mod_proxy” because of following reasons –
- It has greater control to manage the request/response internally between Apache’s http and tomcat server.
- This will enable to have internal software load balancing with greater control options, if required.
- It is more secure then mod_proxy.
- Detailed log mechanism to figure out any communication errors.
- Greater control over option what you want to server from which server internally (ie. static content from http server and java content from tomcat)
- Support for large AJP packet sizes (“mod_proxy_ajp” does not support large 8K+ packet sizes).
- Advanced node failure detection (if load balancer mechanism used).
* Only biggest advantage of using mod_proxy* module is easy and short configuration in Apache conf file to achieve integration.
2. SSL certificate should be installed on Apache’s http server instead of tomcat.
3. Tomcat should be running on separate port other than standard http and https port.
4. Apache’s http webserver should be running on standard http and https ports. It is easy feasible to secure Apache’s http server instead of tomcat server, since tomcat is not a full featured web server.