glassfish_at_javadesktop.org schrieb:
> My original thinking was that if I could get Glassfish listening on port
> 80 a specific IP, then I needn't involve Apache at all, but if you think
> mod_proxy would be the easiest way to go, then I'll follow your advice.
Generally I'd strongly vote for running apache 2.2 in front of glassfish for
a rather simple reason: Given extensions like mod_security, mod_evasive and
friends, apache2 does offer a wide range of features to harden your service
in terms of any attacks likely to be lead against servers exposed to "the
internet" these days, including (D)DoS and related pains. This way you add
one more line of defense which you surely will learn to love in times of
need. Another good reason: Maybe you're planning to use a clustered
Glassfish environment, you might easily throw in the apache mod_proxy load
balancer to take care of, as the name implies, load balancing across several
backend hosts, failover and the like.
If you need hints / help on how to get goin', just feel free to ask; we've
been using this kind of setup in a productive environment for quite a while
now, and without a few minor issues yet unresolved (involving mainly the
transfer of large binary files with certain clients), things work rather
well. Clustering is still on the todo-list however. ;)
Cheers,
Kristian
--
Kristian Rink
cell : +49 176 2447 2771
business: http://www.planconnect.de
personal: http://pictorial.zimmer428.net
"we command the system. calling all recievers.
we are noisy people for a better living".
(covenant - "monochrome")