Why using Apache and mod_jk to redirect ports to Jboss/Tomcat ?

I’ve seen a lot of machines running both Apache with mod_jk just to redirect ports to Jboss/Tomcat or another Java application server. As most of the Java AS have a built in HTTP server and can “talk” with that protocol, I can just let them run on the web (80) port and save me the extra configuration and memory Apache needs.

While this solution works fine, we should bear some things in mind:

  1. This solution requires running the Java AS as root, otherwise it can’t use a port lower than 1024. Running as root have some security implications.
  2. This means we can’t run regular websites on the server, as everything is handled by the Java AS.
  3. We can’t use Apache to load balance the Java AS (if we have more than one)
  4. We can’t run several Java AS on the same machine.
  5. We usually keeps the control on the AS for the system administrator, while running the AS as a separate user lets us pass the control to someone else.

So after seeing all the disadvanteges of not using Apache and mod_kl, I decided it worth the extra configuration and memory (:


Filed under Free software applications, System Administration

8 responses to “Why using Apache and mod_jk to redirect ports to Jboss/Tomcat ?

  1. Jörg Hoh

    Without an apache in front of your AS will also burden the delivery of static files on the shoulders of your AS.

  2. Lior Kaplan

    Well, see point #2 above, but I think people still use the AS to send static pages as it easier for them to do everything inside the AS instead of splitting the files between the AS and Apache.

    I mean people usually redirect whole URLs for their application with mod_kl and not only the jsp (or other stuff) directory.

  3. tshirtman

    About running root to get port 80, is’nt it possible to use a firewall rule to redirect connection to port 80 on a port above 1024? (on, something like a local NAT?

  4. Jörg Hoh

    I don’t like the AS to deliver the always static images (bullets, lines, 1pixel.gif and so on) and also CSS and Javascript things (if they’re quite static for more than a week). It will cut down the number of requests to your appserver to 50%. And you can use mod_cache of course 🙂

  5. Jani Mikkonen

    Also, apache provides more detailed access control mechanism than, say, tomcat. You could slap any mod_auth with bunch of different auth backends into apache..

  6. Why still use mod_jk when there is mod_proxy_ajp ?

  7. Lior Kaplan

    could you describe what is the difference between the two ?

    For others interested:

  8. Markus Hochholdinger

    In my opinion, mod_jk is very deep inside apache and can bring apache down if mod_jk is malfunctioning. mod_proxy_ajp is more like proxy_http and can handle better the failure of the AS. But both, mod_jk and mod_proxy_ajp talk ajp and don’t need the overhead of http.
    Another reason to use ajp instead of http is that you can better parse and handle user input (e.g. you don’t get the real ip of the client while using mod_proxy).
    Another reason against mod_jk is its difficult configuration.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s