You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by ri...@xentu.com on 2018/03/02 20:59:14 UTC

Tomcat behind IIS on windows 2012

If I want to have IIS act as an intermediary between Tomcat and the 
outside world, if I've understood it correctly, there seem to be two 
choices.

Either add something called HttpPlatformHandler into IIS

https://www.iis.net/downloads/microsoft/httpplatformhandler

or, use the Apache Tomcat Connectors

https://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/win64/jk-1.2.30/ia64/

Is either considered best practice, to be preferred over the other?


Regards
Richard


ps: I posted this same question over at javaranch a week or so back, but 
with no responses as yet. I'll copy any answer here over to that forum.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcat behind IIS on windows 2012

Posted by "André Warnier (tomcat)" <aw...@ice-sa.com>.

On 05.03.2018 14:21, Mark Thomas wrote:
> On 02/03/18 20:59, richard@xentu.com wrote:
>> If I want to have IIS act as an intermediary between Tomcat and the
>> outside world, if I've understood it correctly, there seem to be two
>> choices.
>>
>> Either add something called HttpPlatformHandler into IIS
>>
>> https://www.iis.net/downloads/microsoft/httpplatformhandler
>>
>> or, use the Apache Tomcat Connectors
>>
>> https://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/win64/jk-1.2.30/ia64/
>
> That is the Itanium build. Are you sure that is the version you want?
> Also, 1.2.30 is 8+ years old. The latest version is 1.2.42 (with 1.2.43
> currently being voted on for release). Get the latest version from:
> https://tomcat.apache.org/download-connectors.cgi
>
>
>> Is either considered best practice, to be preferred over the other?
>
> I've never used HttpPlatformHandler so it is hard to comment. This
> community is more likely to be able to support the ISAPI redirector (the
> IIS component of Tomcat Connectors).
>
> Generally it looks as if the pros/cons of HTTP proxy vs AJP proxy would
> apply. Which usually boils down to:
>
> - if you want to proxy over a TLS connection use an HTTP proxy
> - else if you want to expose client info to the back-end easily use AJP
> - else choose whichever you are more familiar / comfortable with
>

A difference may also be, if you intend/plan/foresee to have some day multiple Tomcats 
sharing the load between them, as a cluster.  The Isapi/AJP redirector can work as a 
load-balancer in such a case.  The HttpPlatformHandler (which I have also never 
used/looked at) may also be able to do that, or not.

A little graphic often helps :

browser <--(1)--> webserver front-end <--(3)--> Tomcat + <Connector>(4)
                     + proxy/redirector
                       module (2)
In the absolute :
(1) can be a HTTP or HTTPS connection
(2) can be Apache httpd, IIS, or any webserver
(3) can be a HTTP, HTTPS or AJP connection
        (AJP is a different protocol than HTTP/S, but it can carry the same information
         back and forth, only in a different format. AJP is not encrypted.)
(4) the <Connector> that you configure in Tomcat, must match the protocol used for (3)

To connect the front-end webserver with a Tomcat back-end via AJP, you MUST use a specific
proxy/redirector module at the front-end level :
- if the front-end is IIS, you must use the "Isapi redirector" (available from the Tomcat 
website under "Connectors")
- if the front-end is Apache httpd, you can use either mod_proxy_ajp (available from the 
Apache httpd website) or mod_jk (available from the Tomcat website)

To connect the front-end webserver with a Tomcat back-end via either HTTP or HTTPS,
you can use any front-end proxy module capable of doing HTTP or HTTPS.
Under IIS, this could be HttpPlatformHandler (I guess).
Under Apache httpd, this could be mod_proxy_http.

Performance-wise, there is probably nowadays not a very big difference between the various 
options.  The AJP connection is probably a bit more tricky to set up and configure, but it 
provides a number of options which the HTTP(S) connection do not provide (or not as readily).
An AJP connection is not encrypted, which means that in theory someone could listen in the 
middle and know what is being exchanged.  But if the connection between the front-end and 
the back-end is relatively private (such as when both run on the same host), it probably 
does not matter.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcat behind IIS on windows 2012

Posted by Mark Thomas <ma...@apache.org>.

On 02/03/18 20:59, richard@xentu.com wrote:
> If I want to have IIS act as an intermediary between Tomcat and the
> outside world, if I've understood it correctly, there seem to be two
> choices.
> 
> Either add something called HttpPlatformHandler into IIS
> 
> https://www.iis.net/downloads/microsoft/httpplatformhandler
> 
> or, use the Apache Tomcat Connectors
> 
> https://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/win64/jk-1.2.30/ia64/

That is the Itanium build. Are you sure that is the version you want?
Also, 1.2.30 is 8+ years old. The latest version is 1.2.42 (with 1.2.43
currently being voted on for release). Get the latest version from:
https://tomcat.apache.org/download-connectors.cgi

> Is either considered best practice, to be preferred over the other?

I've never used HttpPlatformHandler so it is hard to comment. This
community is more likely to be able to support the ISAPI redirector (the
IIS component of Tomcat Connectors).

Generally it looks as if the pros/cons of HTTP proxy vs AJP proxy would
apply. Which usually boils down to:

- if you want to proxy over a TLS connection use an HTTP proxy
- else if you want to expose client info to the back-end easily use AJP
- else choose whichever you are more familiar / comfortable with

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcat behind IIS on windows 2012

Posted by ri...@xentu.com.

On 2018-03-02 20:59, richard@xentu.com wrote:
> If I want to have IIS act as an intermediary between Tomcat and the
> outside world, if I've understood it correctly, there seem to be two
> choices.
> 
> Either add something called HttpPlatformHandler into IIS
> 
> https://www.iis.net/downloads/microsoft/httpplatformhandler
> 
> or, use the Apache Tomcat Connectors
> 
> https://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/win64/jk-1.2.30/ia64/
> 
> Is either considered best practice, to be preferred over the other?
> 
> 
> Regards
> Richard
> 
> 
> ps: I posted this same question over at javaranch a week or so back,
> but with no responses as yet. I'll copy any answer here over to that
> forum.
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org

Mark & Andre,

Thank you for your responses.
Useful.

Regards
Richard

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org