AJP vs HTTP

AJP

• Not a binary protocol
  • Common headers and values encoded
  • Other values in plain text
  • Request and response bodies in plain text
• Request headers must fit in a single AJP message
  • Default 8192
  • Max 65536
• Supports passing of SSL termination information
• Does not directly support encryption
  • IPSec, VPN, SSH tunnel, etc.

 

HTTP

• Clear text protocol
  • Easy to read
• No limit on request header size
• Does not directly support providing SSL termination information
  • Can be added by httpd using custom headers
  • Can be processed by Tomcat using the SSLValve (undocumented)
• Supports encryption via HTTPS

 

AJP vs. HTTP

• If terminating SSL at httpd and you need the SSL information
  • Use AJP
• If you need to encrypt the httpd to Tomcat channel
  • Use HTTP
• If you need both
  • Use HTTP
  • It is (usually) easier to pass SSL information over HTTP than it is to encrypt AJP
• If you need neither
  • Pick the one you are more familiar with – debugging problems will be easier

 

mod_jk

• Only supports AJP
• Developed by the Tomcat committers
• Non-httpd style configuration
• More complex URL mappings are simpler to write
• Binaries only provided for Windows

 

 

mod_proxy

• Supports AJP and HTTP
• Included as standard with httpd
• Uses httpd style configuration
• More complex URL mappings are trickier to write
• Binaries provided for most platforms