apache to tomcat: mod_jk vs mod_proxy

apache tomcat mod-proxy mod-jk

90,862

Solution 1

A pros/cons comparison for those modules exists on http://blog.jboss.org/

mod_proxy

* Pros:
      o No need for a separate module compilation and maintenance. mod_proxy,
        mod_proxy_http, mod_proxy_ajp and mod_proxy_balancer comes as part of 
        standard Apache 2.2+ distribution
      o Ability to use http https or AJP protocols, even within the same 
        balancer.
* Cons:
      o mod_proxy_ajp does not support large 8K+ packet sizes.
      o Basic load balancer
      o Does not support Domain model clustering

mod_jk

* Pros:
      o Advanced load balancer
      o Advanced node failure detection
      o Support for large AJP packet sizes
* Cons:
      o Need to build and maintain a separate module

Solution 2

If you wish to stay in Apache land, you can also try the newer mod_proxy_ajp, which uses the AJP protocol to communicate with Tomcat instead of plain old HTTP, but which leverages mod_proxy to do the work.

Solution 3

AJP vs HTTP

When using mod_jk, you are using the AJP. When using mod_proxy you will use HTTP or HTTPS. And this is essentially what makes all the difference.

The Apache JServ Protocol (AJP)

The Apache JServ Protocol (AJP) is a binary protocol that can proxy inbound requests from a web server through to an application server that sits behind the web server. AJP is a highly trusted protocol and should never be exposed to untrusted clients, which could use it to gain access to sensitive information or execute code on the application server.

Pros

Easy to set up as the correct forwarding of HTTP headers is not required.
It is less resource intensive because the TCP packets are forwarded in binary format instead of doing a costly HTTP exchange.

Cons

Transferred data is not encrypted. It should only be used within trusted networks.

Hypertext Transfer Protocol (HTTP)

HTTP functions as a request–response protocol in the client–server computing model. A web browser, for example, may be the client and an application running on a computer hosting a website may be the server. The client submits an HTTP request message to the server. The server, which provides resources such as HTML files and other content, or performs other functions on behalf of the client, returns a response message to the client. The response contains completion status information about the request and may also contain requested content in its message body.

Pros

Can be encrypted with SSL/TLS making it suitable for traffic across untrusted networks.
It is flexible as it allows to modify the request before forwarding. For example, setting custom headers.

Cons

More overhead as the correct forwarding of the HTTP headers has to be ensured.
More resource intensive as the request is fully parsed before forwarding.

90,862

cherouvim

I've been programming for fun since 1989.

Updated on July 08, 2022

Comments

cherouvim almost 2 years

What are the advantages and disadvantages of using mod_jk and mod_proxy for fronting a tomcat instance with apache?

I've been using mod_jk in production for years but I've heard that it's "the old way" of fronting tomcat. Should I consider changing? Would there be any benefits?
- mirabilos over 9 years
  
  We’ve had more trouble with all mod_proxy_* variants and use mod_jk in production successfully, for both Tomcat (5.5, 6, 7) and JBoss/WildFly.
cherouvim almost 15 years

Thanks. But do you know what does the proxy_ajp would offer more than jk?
Vinko Vrsalovic almost 15 years

Yes, all the controls and (relatively) ease of configuration of mod_proxy, with the speed benefits of the AJP protocol (instead of using HTTP)
Taylor Leese over 14 years

AJP uses a binary format so in theory, it's suppose to provide better performance. I've never performance tested AJP vs HTTP proxying though.
blak3r over 12 years

What if your using Apache 2.0?
CodeReaper about 12 years

I find this blog entry tomcatexpert.com/blog/2010/06/16/… helpful.
Yura about 8 years

"Need to build and maintain a separate module" it ships with apache so you don't need to build something...
runamok about 7 years

@yura - That may depend on your OS version. Centos 7.x does not appear to have the module available and it is not available by default in apache 2.4: httpd.apache.org/docs/2.4/mod
runamok about 7 years

Specifically see wiki.apache.org/tomcat/FAQ/Connectors#Q7 who @daniel-serodio referenced... Where can I download a binary distribution of my connector? You cannot: you need to download the source and compile it for your platform.
Rui F Ribeiro almost 6 years

Should it not be 8KB and not 8K?
Hiran Chaudhuri over 3 years

In some environments encryption is important. AJP cannot encrypt at all, while mod_proxy can switch to https.
Christopher Schultz over 3 years

This answer may be out-of-date by now. mod_proxy_ajp does support larger packet sizes using ProxyIOBufferSize, and mod_proxy capabilities have improved quite a bit over the past decade.