Out tomcat servers are handling around 30K SSL hits every 5 minutes
with very little effort (10% cpu average on a dual core machine, good
response time).
We tried to put in httpd in front thinking we can squeeze out better
performance and memory consumption.
The system just couldn't handle the load and we had to roll back
(quickly) to a tomcat only configuration.
Hope this helps...
Yuval Perlov
www.r-u-on.com
On Apr 28, 2008, at 6:27 PM, Larry Prikockis wrote:
I know the latest edition of the O'Reilly Tomcat book by Brittain and
Darwin strongly advocates the use of standalone Tomcat as opposed to
the traditional httpd->Tomcat approach, but this seems to be somewhat
of a paradigm shift for most people. I'm interested in hearing what
the wider community thinks...
Specifically, we have a webapp on a Windows 2003 server that utilizes
Apache 2.2 SSL as a frontend and mod_proxy_ajp to send requests to
Tomcat 5.5.17 (on the same server). By eliminating the Apache
frontend and just using a Tomcat SSL connector directly, we saw
performance increases that absolutely dwarfed (400+%) everything else
we were achieving by tuning various connection parameters of Apache
httpd and Tomcat.
While I would expect hitting Tomcat directly would be a little faster
than going through the Apache proxy setup, we didn't expect such
dramatic differences. In fact, when comparing Apache w/o SSL ->
Tomcat, the performance was only a little worse than hitting Tomcat
HTTP directly.
My questions:
1) Any thoughts on why the Apache SSL -> Tomcat combination should be
so much slower?
2) Are there any security downsides to using Tomcat SSL directly as
opposed to fronting it with Apache httpd?
3) anyone else have any similar (or contradictory?) experiences?
thanks-
Larry Prikockis
--
Larry Prikockis
System Administrator
[EMAIL PROTECTED]
Phone: (240)737-2900
Vecna Technologies, Inc.
5004 Lehigh Rd
College Park, MD 20740-3821
Phone: (301) 864-7253
Fax: (301) 699-3180
240-737-1699 (office)
www.vecna.com
Better Technology, Better World (TM)
The contents of this message may be privileged and confidential.
Therefore, if this message has been received in error, please delete
it without reading it. Your receipt of this message is not intended to
waive any applicable privilege. Please do not disseminate this message
without the permission of the author.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
