Ok I'm making good progress on getting my first vps up and running, now its time to tackle ssl.
My question/concerns are:
Should I use Tomcat (I'm running tomcat 6) & SSL, or should I use Apache as the front end with it handling the SSL encrypt/decrypt.
As of right now I don't use Apache for anything i.e. its not even installed.
I believe in order to get Tomcat working properly with SSL is not exactly trivial..to do it right I will want native 'APR' (Apache Portal Runtime)..which I believe is in fact just Apache...but I'm not sure.
Anyone out there have any advice? are there any pros/cons of using Tomcat/APR, vs Tomcat/Apache.
note: the only static content my server serves is *.js/*.css/images.
Everything else jsp/ajax requests.
(I believe in theory it may be beneficial to move the *.js/*.css/images) into the Apache server, but I think with APR this may make no difference?
What makes you think that you need Apache on the front end to handle SSL? The Tomcat SSL how to makes it pretty easy to handle. Most SSL providers can generate a certificate that works just fine for Tomcat/Java.
Take a look at the docs and see if you run into any issues.
As far as separating static content from dynamic content - every benchmark I've seen shows that Tomcat is about as fast and in some instances faster than Apache. Of course the old saying goes that there are lies, damn lies, and statistics. Unless you're seeing a huge slowdown I wouldn't worry about it.
Need Java help? Want to help people who do? Sit down with a cup of Java at the hotjoe forums.
Yeah, I believe with APR installed your correct (however without APR the ssl will certainly be much slower in Tomcat..or so I'm led to believe...I haven't really been able to find any benchmarks however..do you have any links?), tomcat vs apache performance for static content is essentially on par. My understanding however is that most people prefer to run Apache as root receiving ports 80/443, then forwarding them via ajp to tomcat...this also allows Apache to actually run on different hardware, which would should make it harder to hack into the backend. Regardless my operation is not that big (yet...dreams..) so I just went with tomcat/apr solution. (hopefully I will have ssl fully up and running today the install process for the ssl cert I believe is not the normal tomcat process..hence its more complicated then I initially expected..in fact I think when it comes to the cert itself..you follow the 'apache' cert installation process, but substitute the server.xml from tomcat for pointing it to the certs..etc.).