You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Chad Arimura <ch...@alldorm.com> on 2003/09/03 20:18:22 UTC
Apache/Tomcat Appbase
I'm new to tomcat so this question might not make sense.
Is it a security risk (or a bad practice) to make the appbase of both
apache httpd and Tomcat the same? To me, it seems logical because then
I can serve .jsp files through Tomcat, and all other content through
httpd without having to put these contents in different directories...
(eg /var/www/myApp and /usr/tomcat/myApp).
I'm using Tomcat 4.1, Apache 2, and jk2.
Thanks,
Chad Arimura
AllDorm Inc.
RE: Apache/Tomcat Appbase
Posted by Chad Arimura <ne...@alldorm.com>.
Thanks Iain.
We have a pretty complex virtual host setup already configured in Apache
which is why I felt it best to use apache as a front-end. It's also for
educational purpose.
Cheers,
Chad
-----Original Message-----
From: Iain McClure [mailto:iain@stuntbaboon.com]
Sent: Wednesday, September 03, 2003 2:42 PM
To: Tomcat Users List
Subject: Re: Apache/Tomcat Appbase
Sounds OK to me if you're simply using Tomcat to handle *.jsp files.
However, you'll still need a "work" directory configured in Tomcat to
compile the pages into, and separate config files etc. for Tomcat.
A reason for keeping them separate would be to simplify servlet/jsp
deployment into the Tomcat container. Also, if you're writing JSP pages
exclusively, why not use Tomcat as a standalone server, and skip Apache
?
Iain.
----- Original Message -----
From: "Chad Arimura" <ch...@alldorm.com>
To: <to...@jakarta.apache.org>
Sent: Wednesday, September 03, 2003 7:18 PM
Subject: Apache/Tomcat Appbase
>
> I'm new to tomcat so this question might not make sense.
>
> Is it a security risk (or a bad practice) to make the appbase of both
> apache httpd and Tomcat the same? To me, it seems logical because
then
> I can serve .jsp files through Tomcat, and all other content through
> httpd without having to put these contents in different directories...
> (eg /var/www/myApp and /usr/tomcat/myApp).
>
> I'm using Tomcat 4.1, Apache 2, and jk2.
>
> Thanks,
> Chad Arimura
> AllDorm Inc.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Apache/Tomcat Appbase
Posted by Iain McClure <ia...@stuntbaboon.com>.
Sounds OK to me if you're simply using Tomcat to handle *.jsp files.
However, you'll still need a "work" directory configured in Tomcat to
compile the pages into, and separate config files etc. for Tomcat.
A reason for keeping them separate would be to simplify servlet/jsp
deployment into the Tomcat container. Also, if you're writing JSP pages
exclusively, why not use Tomcat as a standalone server, and skip Apache ?
Iain.
----- Original Message -----
From: "Chad Arimura" <ch...@alldorm.com>
To: <to...@jakarta.apache.org>
Sent: Wednesday, September 03, 2003 7:18 PM
Subject: Apache/Tomcat Appbase
>
> I'm new to tomcat so this question might not make sense.
>
> Is it a security risk (or a bad practice) to make the appbase of both
> apache httpd and Tomcat the same? To me, it seems logical because then
> I can serve .jsp files through Tomcat, and all other content through
> httpd without having to put these contents in different directories...
> (eg /var/www/myApp and /usr/tomcat/myApp).
>
> I'm using Tomcat 4.1, Apache 2, and jk2.
>
> Thanks,
> Chad Arimura
> AllDorm Inc.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
Re: Apache/Tomcat Appbase
Posted by John Turner <to...@johnturner.com>.
As long as you protect your WEB-INF and META-INF directories with the
appropriate Apache directives, and your connector mapping is correct,
and you don't use the Invoker servlet, you're good to go.
All of my virtual hosts have the Apache DocumentRoot setup that way.
John
Chad Arimura wrote:
> I'm new to tomcat so this question might not make sense.
>
> Is it a security risk (or a bad practice) to make the appbase of both
> apache httpd and Tomcat the same? To me, it seems logical because then
> I can serve .jsp files through Tomcat, and all other content through
> httpd without having to put these contents in different directories...
> (eg /var/www/myApp and /usr/tomcat/myApp).
>
> I'm using Tomcat 4.1, Apache 2, and jk2.
>
> Thanks,
> Chad Arimura
> AllDorm Inc.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>