Main Content

Database connection Pooling, SSL, and command line deployment - httpd and Tomcat

Archive - Originally posted on "The Horse's Mouth" - 2009-03-01 06:56:23 - Graham Ellis

Yesterday (yes, that was a Saturday!) I was running a tailored Apache Tomcat training and consultancy day - a day on which I cover a lot of standard training material, but did so in relation to a particular application for the delegate(s).

Most of what I covered was in our own material (which we can print out even during the course!), but there were some topics that were or are best illustrated by web sites other than our. "Don't re-invent the wheel" they say - and indeed, I projected up / used the following web sites - amongst others - as sources during the day. I'm documenting them here, now ... for course attendees to be able to refer back, and to help give web visibility to resources that others may find useful too.

For SSL setup for apache httpd I referred to a page at securityfocus.com and that carried on to part 2. There are so many options with SSL, so much technology, that it can be hard to see the wood for the trees - but this example if far better than most. One question that arises time and time again is "how do I set up SSL on Tomcat" to which I answer "why do you want to?". Whilst there ARE some instances where you'll want to do it, it's far more common to set up SSL on an outward facing Apache httpd server, and use a non secure protocol such as http or ajp between Htttpd and Tomcat. After all - the place where you want the security is out in the big wide word of the internet, which httpd is looking after. It's an unusual situation where you want to secure all your traffic between a couple of computers that are on your own intranet, behind your own firewall and probably sitting next to each other in the rack!

Tomcat Manager is a good, interactive deployment tool ... but so often, system admin delegates want to (un)deploy an application from the command line. Now that SOUNDS like it will be easy, but it isn't. You can do it through ant - and there's a sample of deploying Java applications through ant on a page at ProjectCaroline.net. Why isn't there just an easy command line tool? Perhaps it's because of the whole security thing - to use the Tomcat Manager your JMX roles and realms all have to be set up via tomcat-users.xml, and a simple command line tool would need to consider this, and not provide a magnificent loophole to circumvent Java's security model.

On a lighter note, the tenth System Admin Appreciation day is on 31st July this year - see sysadminday.com.

And finally, if you're connecting to databases from within a web application hosted by Tomcat, you may want to use Database (JDBC) Connection pooling. Pooling allows each of your requests to carry on the same SQL session with the SQL server, rather than opening up and shutting down connections with a frequency that could have a serious impact on performance. See this page on onjava.com.

If you have this sort of question and would like my help, take an initial look at our deploying Apache httpd and Tomcat course. If the course agenda is such that we won't be able to answer all your specialised questions, let me know and we can either add an extra day for you or - if what you want is very different - run a special session. Email graham@wellho.net to ask about your own specific requirements.