Tomcat FAQ: Apache/Jk/Jk2

Q: Which connector should I use? In all cases, YMMV. Plus you can manipulate the source to prove me wrong. (C) means the module to use for apache. (JAVA) means the "thing" to use for tomcat.

(C) Stay away from mod_webapp, aka warp. It is deprecated and unsupported due to lack of devloper interest and there are better options such as jk and jk2. It is WILL NOT run on windows.
(C) mod_jserv is good but AFAIK is unsupported and will not be supported in tomcat 5.
(C) mod_jk is great and should be used for production. It is getting fixes as needed (which is now rare).
(C) jk2 is a refactoring of mod_jk and uses the Apache Portable Runtime(apr). If you are using apache 2.0, you'll probably want to use jk2. But this may not be production worthy for everyone.
(C) mod_proxy. Interesting idea but you probably won't get sticky load balancing and might be less scalable.
(JAVA) Use the Coyote connectors. Everything else is deprecated or probably not well supported. That doesn't mean the older Java based connectors are bad, they may work perfectly for your needs.

Q: Why should I integrate Apache with Tomcat? (or not)

A: There are many reasons to integrate Tomcat with Apache. And there are reasons why it should not be done too. Needless to say, everyone will disagree with the opinions put forwards here. With the upcoming performance of Tomcat 5, performance reasons become harder to justify. So here are the issues to discuss in intergrating vs not.

Clustering. By using apache as a front end you can let apache act as a front door to your content to multiple tomcat instances. If one of your tomcats fails, apache ignores it and your Sysadmin can sleep through the night.
Clustering/Security. You can also use apache as a front door to different tomcats for different URL namespaces (/app1/, /app2/, /app3/, or virtual hosts). The tomcats can then be each in a protected area and from a security point of view, you only need to worry about the apache server.
Security. This topic can sway one either way. Java has the security manager while apache has a larger mindshare and more tricks with respect to security. I won't go into this in more detail, but let Google be your friend. But depending on your scenario, one might be better than the other. But also keep in mind, if run apache with tomcat - you have two systems to defend, not one.
Add-ons. Adding on CGI, perl, PHP is very natural to apache. Its slower and more of a kludge for tomcat. Tomcat can do it, but think of tomcat's services like PHP, CGI, and mod_perl. Apache also has hundreds of modules that can be plugged in at will. Tomcat can have this ability, but the code hasn't been written yet.
Decorators! With apache in front of tomcat, you can perform any number of decorators that tomcat doesn't support or doesn't have the immediate code support. For example, mod_headers, mod_rewrite, and mod_alias could be written for tomcat, but why reinvent the wheel when apache has done it so well?
Speed. Apache is faster at serving static content than tomcat. But unless you have a high traffic site, this point is useless.
Socket handling/system stability. Apache has better socket handling with respect to error conditions than tomcat. The main reason is tomcat must perform all its socket handling via the JVM which needs to be cross patform. The problem is socket optimization is a platform specific ordeal. Most of the time the java code is fine, but when you are also bombarded with dropped connections, invlaid packets, invalid requests from invalid IP's, apache does a better job at dropping these error conditions than and JVM based program.
Here is a great response from Craig R. McClanahan. If you have free time, read emails by him in any of the list archives. You'll learn a lot.

The original location of this FAQ is located at: http://tomcatfaq.sourceforge.net/ and is hosted by

Last edit date: $Date: 2003/05/20 11:10:20 $ .