You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Cathy Spears <cs...@hcg.com> on 2022/12/05 20:03:04 UTC
Mod_JK vs Mod_Proxy
Using Tomcat 8.5 and 9.0 with 32-bit Apache 2.4 and mod_jk. Are there benefits to using mod_proxy instead of mod_jk? Also, is there a planned end of life for mod_jk or will it continue to be supported for now?
Thanks,
Cathy
DISCLAIMER:
The information transmitted in this e-mail message and attachments, if any, may be attorney-client information, including privileged and confidential matter, and is intended only for the use of the individual or entity named above. Distribution to, or review by, unauthorized persons is strictly prohibited. All personal messages express views solely of the sender, which are not to be attributed to any organization. If you have received this transmission in error, immediately notify the sender and permanently delete this transmission including attachments.
Re: Mod_JK vs Mod_Proxy
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Jon,
On 12/7/22 19:36, jonmcalexander@wellsfargo.com.INVALID wrote:
> I get it and agree, but it does just add unnecessary complexity also.
In my case, I find it necessary to encrypt ;)
There are some reasons I can't move to mod_proxy_* yet, so it's a
/necessary/ complexity for me.
-chris
>> -----Original Message-----
>> From: Christopher Schultz <ch...@christopherschultz.net>
>> Sent: Wednesday, December 7, 2022 4:54 PM
>> To: Tomcat Users List <us...@tomcat.apache.org>;
>> jonmcalexander@wellsfargo.com.INVALID
>> Subject: Re: Mod_JK vs Mod_Proxy
>>
>> Jon,
>>
>> On 12/6/22 16:22, jonmcalexander@wellsfargo.com.INVALID wrote:
>>> What, pray tell, is an encrypted AJP connection? Are you talking AJP
>>> over an SSH Tunnel (Stunnel)?
>> Exactly. It's absolutely cheating, but it achieves the goal :)
>>
>> -chris
>>
>>>> -----Original Message-----
>>>> From: Christopher Schultz <ch...@christopherschultz.net>
>>>> Sent: Tuesday, December 6, 2022 3:01 PM
>>>> To: users@tomcat.apache.org
>>>> Subject: Re: Mod_JK vs Mod_Proxy
>>>>
>>>> Jon,
>>>>
>>>> On 12/6/22 12:36, jonmcalexander@wellsfargo.com.INVALID wrote:
>>>>> IMHO, switching to mod_proxy, and using it over SSL, is by far
>>>>> better than
>>>> using mod_jk or mod_ajp, primarily as mod_proxy allows for secure
>>>> proxy connection, whereas mod_jk and mod_ajp aren't "secure" as they
>>>> are not encrypted channels.
>>>>
>>>> While this is true (and supports my assertion that everyone should
>>>> migrate), it doesn't preclude the use of encrypted AJP connections.
>>>>
>>>> -chris
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Mod_JK vs Mod_Proxy
Posted by jo...@wellsfargo.com.INVALID.
I get it and agree, but it does just add unnecessary complexity also.
Have a Happy!!!
Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His
Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508
jonmcalexander@wellsfargo.com
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
> -----Original Message-----
> From: Christopher Schultz <ch...@christopherschultz.net>
> Sent: Wednesday, December 7, 2022 4:54 PM
> To: Tomcat Users List <us...@tomcat.apache.org>;
> jonmcalexander@wellsfargo.com.INVALID
> Subject: Re: Mod_JK vs Mod_Proxy
>
> Jon,
>
> On 12/6/22 16:22, jonmcalexander@wellsfargo.com.INVALID wrote:
> > What, pray tell, is an encrypted AJP connection? Are you talking AJP
> > over an SSH Tunnel (Stunnel)?
> Exactly. It's absolutely cheating, but it achieves the goal :)
>
> -chris
>
> >> -----Original Message-----
> >> From: Christopher Schultz <ch...@christopherschultz.net>
> >> Sent: Tuesday, December 6, 2022 3:01 PM
> >> To: users@tomcat.apache.org
> >> Subject: Re: Mod_JK vs Mod_Proxy
> >>
> >> Jon,
> >>
> >> On 12/6/22 12:36, jonmcalexander@wellsfargo.com.INVALID wrote:
> >>> IMHO, switching to mod_proxy, and using it over SSL, is by far
> >>> better than
> >> using mod_jk or mod_ajp, primarily as mod_proxy allows for secure
> >> proxy connection, whereas mod_jk and mod_ajp aren't "secure" as they
> >> are not encrypted channels.
> >>
> >> While this is true (and supports my assertion that everyone should
> >> migrate), it doesn't preclude the use of encrypted AJP connections.
> >>
> >> -chris
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
Re: Mod_JK vs Mod_Proxy
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Jon,
On 12/6/22 16:22, jonmcalexander@wellsfargo.com.INVALID wrote:
> What, pray tell, is an encrypted AJP connection? Are you talking AJP
> over an SSH Tunnel (Stunnel)?
Exactly. It's absolutely cheating, but it achieves the goal :)
-chris
>> -----Original Message-----
>> From: Christopher Schultz <ch...@christopherschultz.net>
>> Sent: Tuesday, December 6, 2022 3:01 PM
>> To: users@tomcat.apache.org
>> Subject: Re: Mod_JK vs Mod_Proxy
>>
>> Jon,
>>
>> On 12/6/22 12:36, jonmcalexander@wellsfargo.com.INVALID wrote:
>>> IMHO, switching to mod_proxy, and using it over SSL, is by far better than
>> using mod_jk or mod_ajp, primarily as mod_proxy allows for secure proxy
>> connection, whereas mod_jk and mod_ajp aren't "secure" as they are not
>> encrypted channels.
>>
>> While this is true (and supports my assertion that everyone should migrate),
>> it doesn't preclude the use of encrypted AJP connections.
>>
>> -chris
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Mod_JK vs Mod_Proxy
Posted by jo...@wellsfargo.com.INVALID.
What, pray tell, is an encrypted AJP connection? Are you talking AJP over an SSH Tunnel (Stunnel)?
Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His
Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508
jonmcalexander@wellsfargo.com
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
> -----Original Message-----
> From: Christopher Schultz <ch...@christopherschultz.net>
> Sent: Tuesday, December 6, 2022 3:01 PM
> To: users@tomcat.apache.org
> Subject: Re: Mod_JK vs Mod_Proxy
>
> Jon,
>
> On 12/6/22 12:36, jonmcalexander@wellsfargo.com.INVALID wrote:
> > IMHO, switching to mod_proxy, and using it over SSL, is by far better than
> using mod_jk or mod_ajp, primarily as mod_proxy allows for secure proxy
> connection, whereas mod_jk and mod_ajp aren't "secure" as they are not
> encrypted channels.
>
> While this is true (and supports my assertion that everyone should migrate),
> it doesn't preclude the use of encrypted AJP connections.
>
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Mod_JK vs Mod_Proxy
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Jon,
On 12/6/22 12:36, jonmcalexander@wellsfargo.com.INVALID wrote:
> IMHO, switching to mod_proxy, and using it over SSL, is by far better than using mod_jk or mod_ajp, primarily as mod_proxy allows for secure proxy connection, whereas mod_jk and mod_ajp aren't "secure" as they are not encrypted channels.
While this is true (and supports my assertion that everyone should
migrate), it doesn't preclude the use of encrypted AJP connections.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Mod_JK vs Mod_Proxy
Posted by jo...@wellsfargo.com.INVALID.
IMHO, switching to mod_proxy, and using it over SSL, is by far better than using mod_jk or mod_ajp, primarily as mod_proxy allows for secure proxy connection, whereas mod_jk and mod_ajp aren't "secure" as they are not encrypted channels.
Again, just my .02 worth.
Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His
Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508
jonmcalexander@wellsfargo.com
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
> -----Original Message-----
> From: Christopher Schultz <ch...@christopherschultz.net>
> Sent: Tuesday, December 6, 2022 11:21 AM
> To: Tomcat Users List <us...@tomcat.apache.org>; Mark H. Wood
> <mw...@iupui.edu>
> Subject: Re: Mod_JK vs Mod_Proxy
>
> Mark,
>
> On 12/6/22 08:48, Mark H. Wood wrote:
> > On Mon, Dec 05, 2022 at 03:37:59PM -0500, Christopher Schultz wrote:
> >> On 12/5/22 15:03, Cathy Spears wrote:
> >>> Using Tomcat 8.5 and 9.0 with 32-bit Apache 2.4 and mod_jk. Are
> >>> there benefits to using mod_proxy instead of mod_jk? Also, is there
> >>> a planned end of life for mod_jk or will it continue to be supported
> >>> for now?
> >> Hopefully this will be helpful:
> >>
> >>
> https://urldefense.com/v3/__https://tomcat.apache.org/presentations.h
> >> tml*latest-migrate-ajp-http__;Iw!!F9svGWnIaVPGSwU!pPfhr06Y5US-
> 4xynUlu
> >>
> 8MkDyH2IZQTGO7ONWfErKJXwgn3RbLTJLgtoDEEEEj19eKsXfa65gU91ozXFiavI
> nikky
> >> ekiHowkw$
> >
> > I read this as a question about mod_proxy_ajp vs. mod_jk.
>
> I think I make the case that mod_proxy_ajp is a (slightly) better choice than
> mod_jk in that presentation.
>
> > Happily using mod_proxy_ajp here for some years. Both work well but I
> > very much prefer the way mod_proxy_ajp integrates with the proxy
> > configuration in HTTPD.
>
> +1
>
> And it doesn't require a custom-built add-on.
>
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
Re: Mod_JK vs Mod_Proxy
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Mark,
On 12/6/22 08:48, Mark H. Wood wrote:
> On Mon, Dec 05, 2022 at 03:37:59PM -0500, Christopher Schultz wrote:
>> On 12/5/22 15:03, Cathy Spears wrote:
>>> Using Tomcat 8.5 and 9.0 with 32-bit Apache 2.4 and mod_jk. Are there
>>> benefits to using mod_proxy instead of mod_jk? Also, is there a
>>> planned end of life for mod_jk or will it continue to be supported
>>> for now?
>> Hopefully this will be helpful:
>>
>> https://tomcat.apache.org/presentations.html#latest-migrate-ajp-http
>
> I read this as a question about mod_proxy_ajp vs. mod_jk.
I think I make the case that mod_proxy_ajp is a (slightly) better choice
than mod_jk in that presentation.
> Happily using mod_proxy_ajp here for some years. Both work well but I
> very much prefer the way mod_proxy_ajp integrates with the proxy
> configuration in HTTPD.
+1
And it doesn't require a custom-built add-on.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Mod_JK vs Mod_Proxy
Posted by "Mark H. Wood" <mw...@iupui.edu>.
On Mon, Dec 05, 2022 at 03:37:59PM -0500, Christopher Schultz wrote:
> On 12/5/22 15:03, Cathy Spears wrote:
> > Using Tomcat 8.5 and 9.0 with 32-bit Apache 2.4 and mod_jk. Are there
> > benefits to using mod_proxy instead of mod_jk? Also, is there a
> > planned end of life for mod_jk or will it continue to be supported
> > for now?
> Hopefully this will be helpful:
>
> https://tomcat.apache.org/presentations.html#latest-migrate-ajp-http
I read this as a question about mod_proxy_ajp vs. mod_jk.
Happily using mod_proxy_ajp here for some years. Both work well but I
very much prefer the way mod_proxy_ajp integrates with the proxy
configuration in HTTPD.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
Re: Mod_JK vs Mod_Proxy
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Cathy,
On 12/5/22 15:03, Cathy Spears wrote:
> Using Tomcat 8.5 and 9.0 with 32-bit Apache 2.4 and mod_jk. Are there
> benefits to using mod_proxy instead of mod_jk? Also, is there a
> planned end of life for mod_jk or will it continue to be supported
> for now?
Hopefully this will be helpful:
https://tomcat.apache.org/presentations.html#latest-migrate-ajp-http
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org