SlideShare a Scribd company logo

Apache httpd reverse proxy and Tomcat

Jean-Frederic Clere
Jean-Frederic Clere

presentation given at apacheconna2019

Software
1 of 30
Download to read offline
Apache httpd reverse proxy andApache httpd reverse proxy and TomcatTomcat Jean-Frederic ClereJean-Frederic Clere
What I will coverWhat I will cover ● Proxy what and why. ● Protocols – AJP – HTTP/HTTPS (1.1) – HTTP/2 (H2 and H2C) – Others (web-socket etc) ● Proxies – Httpd / Traffic Server / ngix / untertow proxy /mod_cluster 9/19/19 2
What I will cover (2)What I will cover (2) Proxies – httpd – Ngnix Questions? 9/19/19 3
Who I amWho I am Jean-Frederic Clere Red Hat Years writing JAVA code and server software Tomcat committer since 2001 Doing OpenSource since 1999 Cyclist/Runner etc Lived 15 years in Spain (Barcelona) Now in Neuchâtel (CH) 9/19/19 4
What is Proxy?What is Proxy? ● Something between the application server and the internet. ● Load-balancer ● Failover ● Protocol termination – TLS/SSL – HTTP/2 and soon HTTP/3 ● Understands a protocol and possible upgrades. 9/19/19 5
Why a proxy?Why a proxy? ● Control the load ● Serve static pages ● Control requests: mod_security / mod_rewrite etc ● Dynamic configuration (mod_balancer/mod_cluster…) ● Protocol translations 9/19/19 6
AJPAJP ● When – Easy TLS/SSL forwarding ● Limitations – No upgrade – Header size – No encryption – Limited “authentication” (secret) ● mod_proxy_ajp and mod_jk 9/19/19 7
HTTP and HTTPS 1.1HTTP and HTTPS 1.1 ● When: – No SSL forwarding – Using SSLValve ● HTTP/HTTPS: – HTTPS might be need (Encryption/Authentication) – HTTPS on tomcat (openssl again?) – HTTP if you trust your intranet. (really?) ● Other reasons: – HTTP is more developed than AJP 9/19/19 8
H2C ● h2c is only for reverse proxy ● Supported – httpd
Demultiplexing h2 in proxy ● Keep the back-end unchanged ● Keep the overhead of h2 in the proxy
mod_jk configurationmod_jk configuration ● Httpd.confHttpd.conf LoadModule jk_module modules/mod_jk.soLoadModule jk_module modules/mod_jk.so JkMount /jkaj/* worker1JkMount /jkaj/* worker1 JkWorkersFile conf/workers.propertiesJkWorkersFile conf/workers.properties ● propertiesproperties # Define 1 real worker using ajp13# Define 1 real worker using ajp13 worker.list=worker1worker.list=worker1 worker.worker1.type=lbworker.worker1.type=lb worker.worker1.balance_workers=clusterdev03,clusterdev04worker.worker1.balance_workers=clusterdev03,clusterdev04
mod_proxy_ajp configurationmod_proxy_ajp configuration ● Httpd.confHttpd.conf LoadModule slotmem_shm_module modules/mod_slotmem_shm.soLoadModule slotmem_shm_module modules/mod_slotmem_shm.so LoadModule proxy_module modules/mod_proxy.soLoadModule proxy_module modules/mod_proxy.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.soLoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.soLoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.soLoadModule proxy_balancer_module modules/mod_proxy_balancer.so <Proxy balancer://ajp><Proxy balancer://ajp> #192.168.0.140 192.168.0.130 clusterdev04 / 03#192.168.0.140 192.168.0.130 clusterdev04 / 03 BalancerMember ajp://192.168.0.130:8009BalancerMember ajp://192.168.0.130:8009 BalancerMember ajp://192.168.0.140:8009BalancerMember ajp://192.168.0.140:8009 </Proxy></Proxy> ProxyPass /tcaj balancer://ajp/tcajProxyPass /tcaj balancer://ajp/tcaj
mod_proxy_httpd configurationmod_proxy_httpd configuration ● Httpd.confHttpd.conf LoadModule slotmem_shm_module modules/mod_slotmem_shm.soLoadModule slotmem_shm_module modules/mod_slotmem_shm.so LoadModule proxy_module modules/mod_proxy.soLoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.soLoadModule proxy_http_module modules/mod_proxy_http.so LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.soLoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.soLoadModule proxy_balancer_module modules/mod_proxy_balancer.so <Proxy balancer://http><Proxy balancer://http> BalancerMember http://192.168.0.130:8080BalancerMember http://192.168.0.130:8080 BalancerMember http://192.168.0.140:8080BalancerMember http://192.168.0.140:8080 </Proxy></Proxy> ProxyPass /tchp balancer://http/tchpProxyPass /tchp balancer://http/tchp
Comparations mod_jk / mod_proxyComparations mod_jk / mod_proxy 4KiB.bin 8KiB.bin 16KiB.bin 32KiB.bin 64KiB.bin 128KiB.bin 256KiB.bin 512KiB.bin 1M iB.bin 0 10000 20000 30000 40000 50000 60000 70000 Concurency 240 mod_jk proxy_ajp proxy_http11 File Size Kbytes/second
Comparations mod_jk / mod_proxyComparations mod_jk / mod_proxy 4KiB 8KiB 16KiB 32KiB 64KiB 128KiB 256KiB 512KiB 1MiB 0 20 40 60 80 100 120 Concurency 240 mod_jk proxy_ajp proxy_http11 File Size CPUUsage
Conclusion AJP/HTTPConclusion AJP/HTTP ● No big difference mod_proxy_ajp/mod_jkNo big difference mod_proxy_ajp/mod_jk ● AJP more easy (no Valve needed)AJP more easy (no Valve needed) ● AJP not encryptedAJP not encrypted ● AJP has no upgradeAJP has no upgrade
H2C configurationH2C configuration ● Httpd.confHttpd.conf LoadModule proxy_module modules/mod_proxy.soLoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.soLoadModule proxy_http_module modules/mod_proxy_http.so LoadModule http2_module modules/mod_http2.soLoadModule http2_module modules/mod_http2.so – Protocols h2 h2c http/1.1Protocols h2 h2c http/1.1 – LoadModule proxy_http2_module modules/mod_proxy_http2.soLoadModule proxy_http2_module modules/mod_proxy_http2.so – ProxyPass "/tch2" "h2c://192.168.100.215:8888/tch2"ProxyPass "/tch2" "h2c://192.168.100.215:8888/tch2"
H2C configurationH2C configuration ● server.xmlserver.xml <Connector port="8888" protocol="HTTP/1.1" redirectPort="8443"><Connector port="8888" protocol="HTTP/1.1" redirectPort="8443"> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /><UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> </Connector></Connector>
NGNIX versus HTTPNGNIX versus HTTP Is NGNIX better?Is NGNIX better?
NGNIX configurationNGNIX configuration worker_processes 1;worker_processes 1; events {events { worker_connections 1024;worker_connections 1024; }} http {http { upstream myapp1 {upstream myapp1 { server 192.168.100.215:8080;server 192.168.100.215:8080; server 192.168.100.191:8080;server 192.168.100.191:8080; }} server {server { listen 8097 ssl http2;listen 8097 ssl http2; server_name localhost;server_name localhost; ssl_certificate newcert.pem;ssl_certificate newcert.pem; ssl_certificate_key newkey.txt.pem;ssl_certificate_key newkey.txt.pem; ssl_session_cache shared:SSL:1m;ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m;ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5;ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on;ssl_prefer_server_ciphers on; location / {location / { proxy_pass http://myapp1;proxy_pass http://myapp1; }} }} }}
Comparisons ngnix/httpdComparisons ngnix/httpd 4KiB.bin 8KiB.bin 16KiB.bin 32KiB.bin 64KiB.bin 128KiB.bin 256KiB.bin 512KiB.bin 1M iB.bin 0 10000 20000 30000 40000 50000 60000 Concurency 240 ngnix_h2_http11 proxy_h2_http11 File Size Kbytes/second
Comparisons ngnix/httpdComparisons ngnix/httpd 4KiB 8KiB 16KiB 32KiB 64KiB 128KiB256KiB512KiB 1MiB 0 20 40 60 80 100 120 Concurency 240 ngnix_h2_http11 proxy_h2_http11 File Size CPUUsage
Comparisons HTTP11Comparisons HTTP11 4KiB.bin 8KiB.bin 16KiB.bin 32KiB.bin 64KiB.bin 128KiB.bin 256KiB.bin 512KiB.bin 1M iB.bin 0 10000 20000 30000 40000 50000 60000 70000 Concurency 240 ngnix_http11 proxy_http11 File Size Kbytes/second
Comparisons HTTP11Comparisons HTTP11 4KiB 8KiB 16KiB 32KiB 64KiB 128KiB 256KiB 512KiB 1MiB 0 20 40 60 80 100 120 Concurency 240 ngnix_http11 proxy_http11 File Size CPUusage
And so what ngnix?And so what ngnix? ● Hard to conclude (try 2 processes in NGNIX) ● Many process in httpd (try less 5 used) ● Ngnix also uses openssl 9/19/19 25
Other proxiesOther proxies ● HAProxy (in the cloud / openshift for example) ● mod_cluster (httpd dynamic load balancer) ● Undertow proxy (jboss servlet container) ● Ingress (in kubernetes, well Nginx or GCE) ● Traffic Server 9/19/19 26
Other protocolsOther protocols ● Jboss-remoting ● Mix httpd/1.1 websockets ● mod_proxy_wstunnel ● ProxySet "ws://localhost:8080/" upgrade=jboss-remoting ● LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so 9/19/19 27
So proxy or not proxySo proxy or not proxy ● Fail-over : yes ● H2 and old HTTP/1.1 tomcat : yes ● Pure java tomcat + TLS/SSL : yes ● Otherwise: No ● Which proxy: httpd but ngnix too... 9/19/19 28
Questions?Questions? Thank you!Thank you! ● jfclere@gmail.com ● users@tomcat.apache.org ● Repo with the scripts for the tests: – https://github.com/jfclere/AC2014scripts 9/19/19 29
Jean-Frederic Clere @jfclere jfclere@gmail.com

Recommended

Acus08 Advanced Load Balancing Apache2.2
Acus08 Advanced Load Balancing Apache2.2Acus08 Advanced Load Balancing Apache2.2
Acus08 Advanced Load Balancing Apache2.2
Jim Jagielski
 
Kubernetes networking - basics
Kubernetes networking - basicsKubernetes networking - basics
Kubernetes networking - basics
Juraj Hantak
 
OWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersOWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA Testers
Javan Rasokat
 
Apache httpd 2.4 Reverse Proxy
Apache httpd 2.4 Reverse ProxyApache httpd 2.4 Reverse Proxy
Apache httpd 2.4 Reverse Proxy
Jim Jagielski
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0
Philippe Bogaerts
 
Docker and Fargate
Docker and FargateDocker and Fargate
Docker and Fargate
Shinji Miyazato
 
Installation Openstack Swift
Installation Openstack SwiftInstallation Openstack Swift
Installation Openstack Swift
ymtech
 
Nginx Internals
Nginx InternalsNginx Internals
Nginx Internals
Joshua Zhu
 

Recommended

Acus08 Advanced Load Balancing Apache2.2
Acus08 Advanced Load Balancing Apache2.2Acus08 Advanced Load Balancing Apache2.2
Acus08 Advanced Load Balancing Apache2.2
Jim Jagielski
 
Kubernetes networking - basics
Kubernetes networking - basicsKubernetes networking - basics
Kubernetes networking - basics
Juraj Hantak
 
OWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersOWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA Testers
Javan Rasokat
 
Apache httpd 2.4 Reverse Proxy
Apache httpd 2.4 Reverse ProxyApache httpd 2.4 Reverse Proxy
Apache httpd 2.4 Reverse Proxy
Jim Jagielski
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0
Philippe Bogaerts
 
Docker and Fargate
Docker and FargateDocker and Fargate
Docker and Fargate
Shinji Miyazato
 
Installation Openstack Swift
Installation Openstack SwiftInstallation Openstack Swift
Installation Openstack Swift
ymtech
 
Nginx Internals
Nginx InternalsNginx Internals
Nginx Internals
Joshua Zhu
 
Extending functionality in nginx, with modules!
Extending functionality in nginx, with modules!Extending functionality in nginx, with modules!
Extending functionality in nginx, with modules!
Trygve Vea
 
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTPAltitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Fastly
 
Introduction to Haproxy
Introduction to HaproxyIntroduction to Haproxy
Introduction to Haproxy
Shaopeng He
 
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
Jxck Jxck
 
Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)
DongHyeon Kim
 
Apache httpd 2.4: The Cloud Killer App
Apache httpd 2.4: The Cloud Killer AppApache httpd 2.4: The Cloud Killer App
Apache httpd 2.4: The Cloud Killer App
Jim Jagielski
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUIC
Source Conference
 
Introduction to QUIC
Introduction to QUICIntroduction to QUIC
Introduction to QUIC
Shuya Osaki
 
TomcatCon: from a cluster to the cloud
TomcatCon: from a cluster to the cloudTomcatCon: from a cluster to the cloud
TomcatCon: from a cluster to the cloud
Jean-Frederic Clere
 
nginx: writing your first module
nginx: writing your first modulenginx: writing your first module
nginx: writing your first module
redivy
 
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 eraHTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
peychevi
 
HTTP/2, HTTP/3 and SSL/TLS State of the Art in Our Servers
HTTP/2, HTTP/3 and SSL/TLS State of the Art in Our ServersHTTP/2, HTTP/3 and SSL/TLS State of the Art in Our Servers
HTTP/2, HTTP/3 and SSL/TLS State of the Art in Our Servers
Jean-Frederic Clere
 
Technical Overview of QUIC
Technical Overview of QUICTechnical Overview of QUIC
Technical Overview of QUIC
shigeki_ohtsu
 
Google QUIC
Google QUICGoogle QUIC
Google QUIC
Felipe Rayel
 
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
Docker, Inc.
 
Troubleshooting containerized triple o deployment
Troubleshooting containerized triple o deploymentTroubleshooting containerized triple o deployment
Troubleshooting containerized triple o deployment
Sadique Puthen
 
Load Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - SlidesLoad Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - Slides
Severalnines
 
Apache Httpd and TLS certificates validations
Apache Httpd and TLS certificates validationsApache Httpd and TLS certificates validations
Apache Httpd and TLS certificates validations
Jean-Frederic Clere
 
QUIC
QUICQUIC
QUIC
Apache Traffic Server
 
03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf
03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf
03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf
Jean-Frederic Clere
 
03_clere_Proxing to tomcat with httpd.pdf
03_clere_Proxing to tomcat with httpd.pdf03_clere_Proxing to tomcat with httpd.pdf
03_clere_Proxing to tomcat with httpd.pdf
Jean-Frederic Clere
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to Practice
Docker, Inc.
 

More Related Content

What's hot

Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTPAltitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Fastly
 
nginx: writing your first module
nginx: writing your first modulenginx: writing your first module
nginx: writing your first module
redivy
 
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
Docker, Inc.
 

What's hot (19)

Extending functionality in nginx, with modules!
Extending functionality in nginx, with modules!Extending functionality in nginx, with modules!
Extending functionality in nginx, with modules!
 
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTPAltitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
 
Introduction to Haproxy
Introduction to HaproxyIntroduction to Haproxy
Introduction to Haproxy
 
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
 
Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)
 
Apache httpd 2.4: The Cloud Killer App
Apache httpd 2.4: The Cloud Killer AppApache httpd 2.4: The Cloud Killer App
Apache httpd 2.4: The Cloud Killer App
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUIC
 
Introduction to QUIC
Introduction to QUICIntroduction to QUIC
Introduction to QUIC
 
TomcatCon: from a cluster to the cloud
TomcatCon: from a cluster to the cloudTomcatCon: from a cluster to the cloud
TomcatCon: from a cluster to the cloud
 
nginx: writing your first module
nginx: writing your first modulenginx: writing your first module
nginx: writing your first module
 
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 eraHTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
 
HTTP/2, HTTP/3 and SSL/TLS State of the Art in Our Servers
HTTP/2, HTTP/3 and SSL/TLS State of the Art in Our ServersHTTP/2, HTTP/3 and SSL/TLS State of the Art in Our Servers
HTTP/2, HTTP/3 and SSL/TLS State of the Art in Our Servers
 
Technical Overview of QUIC
Technical Overview of QUICTechnical Overview of QUIC
Technical Overview of QUIC
 
Google QUIC
Google QUICGoogle QUIC
Google QUIC
 
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
 
Troubleshooting containerized triple o deployment
Troubleshooting containerized triple o deploymentTroubleshooting containerized triple o deployment
Troubleshooting containerized triple o deployment
 
Load Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - SlidesLoad Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - Slides
 
Apache Httpd and TLS certificates validations
Apache Httpd and TLS certificates validationsApache Httpd and TLS certificates validations
Apache Httpd and TLS certificates validations
 
QUIC
QUICQUIC
QUIC
 

Similar to Apache httpd reverse proxy and Tomcat

Apache Web Services
Apache Web ServicesApache Web Services
Apache Web Services
lkurriger
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
NGINX, Inc.
 
WebTalk - Implementing Web Services with a dedicated Java daemon
WebTalk - Implementing Web Services with a dedicated Java daemonWebTalk - Implementing Web Services with a dedicated Java daemon
WebTalk - Implementing Web Services with a dedicated Java daemon
Geert Van Pamel
 
Tornado Web Server Internals
Tornado Web Server InternalsTornado Web Server Internals
Tornado Web Server Internals
Praveen Gollakota
 

Similar to Apache httpd reverse proxy and Tomcat (20)

03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf
03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf
03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf
 
03_clere_Proxing to tomcat with httpd.pdf
03_clere_Proxing to tomcat with httpd.pdf03_clere_Proxing to tomcat with httpd.pdf
03_clere_Proxing to tomcat with httpd.pdf
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to Practice
 
Container orchestration from theory to practice
Container orchestration from theory to practiceContainer orchestration from theory to practice
Container orchestration from theory to practice
 
Ob1k presentation at Java.IL
Ob1k presentation at Java.ILOb1k presentation at Java.IL
Ob1k presentation at Java.IL
 
Solving anything in VCL
Solving anything in VCLSolving anything in VCL
Solving anything in VCL
 
Apache Web Services
Apache Web ServicesApache Web Services
Apache Web Services
 
The Recording HTTP Proxy: Not Yet Another Messiah - Bulgaria PHP 2019
The Recording HTTP Proxy: Not Yet Another Messiah - Bulgaria PHP 2019The Recording HTTP Proxy: Not Yet Another Messiah - Bulgaria PHP 2019
The Recording HTTP Proxy: Not Yet Another Messiah - Bulgaria PHP 2019
 
Socket programming, and openresty
Socket programming, and openrestySocket programming, and openresty
Socket programming, and openresty
 
202107 - Orion introduction - COSCUP
202107 - Orion introduction - COSCUP202107 - Orion introduction - COSCUP
202107 - Orion introduction - COSCUP
 
Docker Monitoring Webinar
Docker Monitoring WebinarDocker Monitoring Webinar
Docker Monitoring Webinar
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
 
Tomcat next
Tomcat nextTomcat next
Tomcat next
 
NGINX: HTTP/2 Server Push and gRPC
NGINX: HTTP/2 Server Push and gRPCNGINX: HTTP/2 Server Push and gRPC
NGINX: HTTP/2 Server Push and gRPC
 
WebTalk - Implementing Web Services with a dedicated Java daemon
WebTalk - Implementing Web Services with a dedicated Java daemonWebTalk - Implementing Web Services with a dedicated Java daemon
WebTalk - Implementing Web Services with a dedicated Java daemon
 
Docker for mac & local developer environment optimization
Docker for mac & local developer environment optimizationDocker for mac & local developer environment optimization
Docker for mac & local developer environment optimization
 
HTTP2
HTTP2HTTP2
HTTP2
 
Tornado Web Server Internals
Tornado Web Server InternalsTornado Web Server Internals
Tornado Web Server Internals
 
NGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX: HTTP/2 Server Push and gRPC – EMEANGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX: HTTP/2 Server Push and gRPC – EMEA
 
Start tracking your ruby infrastructure
Start tracking your ruby infrastructureStart tracking your ruby infrastructure
Start tracking your ruby infrastructure
 

More from Jean-Frederic Clere

More from Jean-Frederic Clere (14)

Panama.pdf
Panama.pdfPanama.pdf
Panama.pdf
 
01_clere_Having fun with a solar panel, camera and raspberry. How with a few ...
01_clere_Having fun with a solar panel, camera and raspberry. How with a few ...01_clere_Having fun with a solar panel, camera and raspberry. How with a few ...
01_clere_Having fun with a solar panel, camera and raspberry. How with a few ...
 
Cloud RPI4 tomcat ARM64
Cloud RPI4 tomcat ARM64Cloud RPI4 tomcat ARM64
Cloud RPI4 tomcat ARM64
 
From a cluster to the Cloud
From a cluster to the CloudFrom a cluster to the Cloud
From a cluster to the Cloud
 
Apache httpd and TLS/SSL certificates validation
Apache httpd and TLS/SSL certificates validationApache httpd and TLS/SSL certificates validation
Apache httpd and TLS/SSL certificates validation
 
Juggva cloud
Juggva cloudJuggva cloud
Juggva cloud
 
Tomcat from a cluster to the cloud on RP3
Tomcat from a cluster to the cloud on RP3Tomcat from a cluster to the cloud on RP3
Tomcat from a cluster to the cloud on RP3
 
Having fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projectsHaving fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projects
 
Tomcat openssl
Tomcat opensslTomcat openssl
Tomcat openssl
 
Having fun with Raspberry and Apache projects
Having fun with Raspberry and Apache projectsHaving fun with Raspberry and Apache projects
Having fun with Raspberry and Apache projects
 
HTTP/2 and SSL/TLS state of art in ASF servers
HTTP/2 and SSL/TLS state of art in ASF serversHTTP/2 and SSL/TLS state of art in ASF servers
HTTP/2 and SSL/TLS state of art in ASF servers
 
Tomcat next
Tomcat nextTomcat next
Tomcat next
 
Native 1.2.8
Native 1.2.8Native 1.2.8
Native 1.2.8
 
Tomcat openssl
Tomcat opensslTomcat openssl
Tomcat openssl
 

Recently uploaded

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
 

Recently uploaded (20)

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 

Apache httpd reverse proxy and Tomcat

  • 1. Apache httpd reverse proxy andApache httpd reverse proxy and TomcatTomcat Jean-Frederic ClereJean-Frederic Clere
  • 2. What I will coverWhat I will cover ● Proxy what and why. ● Protocols – AJP – HTTP/HTTPS (1.1) – HTTP/2 (H2 and H2C) – Others (web-socket etc) ● Proxies – Httpd / Traffic Server / ngix / untertow proxy /mod_cluster 9/19/19 2
  • 3. What I will cover (2)What I will cover (2) Proxies – httpd – Ngnix Questions? 9/19/19 3
  • 4. Who I amWho I am Jean-Frederic Clere Red Hat Years writing JAVA code and server software Tomcat committer since 2001 Doing OpenSource since 1999 Cyclist/Runner etc Lived 15 years in Spain (Barcelona) Now in Neuchâtel (CH) 9/19/19 4
  • 5. What is Proxy?What is Proxy? ● Something between the application server and the internet. ● Load-balancer ● Failover ● Protocol termination – TLS/SSL – HTTP/2 and soon HTTP/3 ● Understands a protocol and possible upgrades. 9/19/19 5
  • 6. Why a proxy?Why a proxy? ● Control the load ● Serve static pages ● Control requests: mod_security / mod_rewrite etc ● Dynamic configuration (mod_balancer/mod_cluster…) ● Protocol translations 9/19/19 6
  • 7. AJPAJP ● When – Easy TLS/SSL forwarding ● Limitations – No upgrade – Header size – No encryption – Limited “authentication” (secret) ● mod_proxy_ajp and mod_jk 9/19/19 7
  • 8. HTTP and HTTPS 1.1HTTP and HTTPS 1.1 ● When: – No SSL forwarding – Using SSLValve ● HTTP/HTTPS: – HTTPS might be need (Encryption/Authentication) – HTTPS on tomcat (openssl again?) – HTTP if you trust your intranet. (really?) ● Other reasons: – HTTP is more developed than AJP 9/19/19 8
  • 9. H2C ● h2c is only for reverse proxy ● Supported – httpd
  • 10. Demultiplexing h2 in proxy ● Keep the back-end unchanged ● Keep the overhead of h2 in the proxy
  • 11. mod_jk configurationmod_jk configuration ● Httpd.confHttpd.conf LoadModule jk_module modules/mod_jk.soLoadModule jk_module modules/mod_jk.so JkMount /jkaj/* worker1JkMount /jkaj/* worker1 JkWorkersFile conf/workers.propertiesJkWorkersFile conf/workers.properties ● propertiesproperties # Define 1 real worker using ajp13# Define 1 real worker using ajp13 worker.list=worker1worker.list=worker1 worker.worker1.type=lbworker.worker1.type=lb worker.worker1.balance_workers=clusterdev03,clusterdev04worker.worker1.balance_workers=clusterdev03,clusterdev04
  • 12. mod_proxy_ajp configurationmod_proxy_ajp configuration ● Httpd.confHttpd.conf LoadModule slotmem_shm_module modules/mod_slotmem_shm.soLoadModule slotmem_shm_module modules/mod_slotmem_shm.so LoadModule proxy_module modules/mod_proxy.soLoadModule proxy_module modules/mod_proxy.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.soLoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.soLoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.soLoadModule proxy_balancer_module modules/mod_proxy_balancer.so <Proxy balancer://ajp><Proxy balancer://ajp> #192.168.0.140 192.168.0.130 clusterdev04 / 03#192.168.0.140 192.168.0.130 clusterdev04 / 03 BalancerMember ajp://192.168.0.130:8009BalancerMember ajp://192.168.0.130:8009 BalancerMember ajp://192.168.0.140:8009BalancerMember ajp://192.168.0.140:8009 </Proxy></Proxy> ProxyPass /tcaj balancer://ajp/tcajProxyPass /tcaj balancer://ajp/tcaj
  • 13. mod_proxy_httpd configurationmod_proxy_httpd configuration ● Httpd.confHttpd.conf LoadModule slotmem_shm_module modules/mod_slotmem_shm.soLoadModule slotmem_shm_module modules/mod_slotmem_shm.so LoadModule proxy_module modules/mod_proxy.soLoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.soLoadModule proxy_http_module modules/mod_proxy_http.so LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.soLoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.soLoadModule proxy_balancer_module modules/mod_proxy_balancer.so <Proxy balancer://http><Proxy balancer://http> BalancerMember http://192.168.0.130:8080BalancerMember http://192.168.0.130:8080 BalancerMember http://192.168.0.140:8080BalancerMember http://192.168.0.140:8080 </Proxy></Proxy> ProxyPass /tchp balancer://http/tchpProxyPass /tchp balancer://http/tchp
  • 14. Comparations mod_jk / mod_proxyComparations mod_jk / mod_proxy 4KiB.bin 8KiB.bin 16KiB.bin 32KiB.bin 64KiB.bin 128KiB.bin 256KiB.bin 512KiB.bin 1M iB.bin 0 10000 20000 30000 40000 50000 60000 70000 Concurency 240 mod_jk proxy_ajp proxy_http11 File Size Kbytes/second
  • 15. Comparations mod_jk / mod_proxyComparations mod_jk / mod_proxy 4KiB 8KiB 16KiB 32KiB 64KiB 128KiB 256KiB 512KiB 1MiB 0 20 40 60 80 100 120 Concurency 240 mod_jk proxy_ajp proxy_http11 File Size CPUUsage
  • 16. Conclusion AJP/HTTPConclusion AJP/HTTP ● No big difference mod_proxy_ajp/mod_jkNo big difference mod_proxy_ajp/mod_jk ● AJP more easy (no Valve needed)AJP more easy (no Valve needed) ● AJP not encryptedAJP not encrypted ● AJP has no upgradeAJP has no upgrade
  • 17. H2C configurationH2C configuration ● Httpd.confHttpd.conf LoadModule proxy_module modules/mod_proxy.soLoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.soLoadModule proxy_http_module modules/mod_proxy_http.so LoadModule http2_module modules/mod_http2.soLoadModule http2_module modules/mod_http2.so – Protocols h2 h2c http/1.1Protocols h2 h2c http/1.1 – LoadModule proxy_http2_module modules/mod_proxy_http2.soLoadModule proxy_http2_module modules/mod_proxy_http2.so – ProxyPass "/tch2" "h2c://192.168.100.215:8888/tch2"ProxyPass "/tch2" "h2c://192.168.100.215:8888/tch2"
  • 18. H2C configurationH2C configuration ● server.xmlserver.xml <Connector port="8888" protocol="HTTP/1.1" redirectPort="8443"><Connector port="8888" protocol="HTTP/1.1" redirectPort="8443"> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /><UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> </Connector></Connector>
  • 19. NGNIX versus HTTPNGNIX versus HTTP Is NGNIX better?Is NGNIX better?
  • 20. NGNIX configurationNGNIX configuration worker_processes 1;worker_processes 1; events {events { worker_connections 1024;worker_connections 1024; }} http {http { upstream myapp1 {upstream myapp1 { server 192.168.100.215:8080;server 192.168.100.215:8080; server 192.168.100.191:8080;server 192.168.100.191:8080; }} server {server { listen 8097 ssl http2;listen 8097 ssl http2; server_name localhost;server_name localhost; ssl_certificate newcert.pem;ssl_certificate newcert.pem; ssl_certificate_key newkey.txt.pem;ssl_certificate_key newkey.txt.pem; ssl_session_cache shared:SSL:1m;ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m;ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5;ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on;ssl_prefer_server_ciphers on; location / {location / { proxy_pass http://myapp1;proxy_pass http://myapp1; }} }} }}
  • 22. Comparisons ngnix/httpdComparisons ngnix/httpd 4KiB 8KiB 16KiB 32KiB 64KiB 128KiB256KiB512KiB 1MiB 0 20 40 60 80 100 120 Concurency 240 ngnix_h2_http11 proxy_h2_http11 File Size CPUUsage
  • 24. Comparisons HTTP11Comparisons HTTP11 4KiB 8KiB 16KiB 32KiB 64KiB 128KiB 256KiB 512KiB 1MiB 0 20 40 60 80 100 120 Concurency 240 ngnix_http11 proxy_http11 File Size CPUusage
  • 25. And so what ngnix?And so what ngnix? ● Hard to conclude (try 2 processes in NGNIX) ● Many process in httpd (try less 5 used) ● Ngnix also uses openssl 9/19/19 25
  • 26. Other proxiesOther proxies ● HAProxy (in the cloud / openshift for example) ● mod_cluster (httpd dynamic load balancer) ● Undertow proxy (jboss servlet container) ● Ingress (in kubernetes, well Nginx or GCE) ● Traffic Server 9/19/19 26
  • 27. Other protocolsOther protocols ● Jboss-remoting ● Mix httpd/1.1 websockets ● mod_proxy_wstunnel ● ProxySet "ws://localhost:8080/" upgrade=jboss-remoting ● LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so 9/19/19 27
  • 28. So proxy or not proxySo proxy or not proxy ● Fail-over : yes ● H2 and old HTTP/1.1 tomcat : yes ● Pure java tomcat + TLS/SSL : yes ● Otherwise: No ● Which proxy: httpd but ngnix too... 9/19/19 28
  • 29. Questions?Questions? Thank you!Thank you! ● jfclere@gmail.com ● users@tomcat.apache.org ● Repo with the scripts for the tests: – https://github.com/jfclere/AC2014scripts 9/19/19 29