Nuxeo Tomcat HTTPS Configuration - Why not recommended?

Hello,

I want to implement HTTPS in nuxeo, and I have been looking at this: https://doc.nuxeo.com/nxdoc/http-and-https-reverse-proxy-configuration/

Tomcat HTTPS Configuration seems to be very easy (I have experience configuring tomcat to serve via HTTPS), but I saw this message: “Configuring Tomcat in HTTPS is not recommended. Please follow instructions above to configure Apache server.

So my question is, why is it not recommended?

Thank you.

0 votes

2 answers

483 views

ANSWER



Tomcat is application server, Apache is made to serve static content. My guess is you will get a lot better performance from using Apache vs Tomcat. There is also a slight increase in difficulty configuring Tomcat for HTTPS (for those not familiar with the process). Just my thoughts on why they might recommend against it.

2 votes



Confirming this answer. Patrick Abgrall's answer is also correct.

"Configuring Tomcat in HTTPS is not recommended" because Apache Web Server (aka httpd) is a general-purpose web server whereas Tomcat is a Servlet Container. It supports a number of advanced options that Tomcat (embedded HTTP component) does not. So, Apache Web Server is assumed to have better performance, compliance and third-party integration, easier configuration, up-to-date security fixes, etc. on its specific features.

Using Tomcat HTTPS is perfectly acceptable but not the solution that we would recommend, compared to the duo Apache+Tomcat.

See https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html

12/02/2019


I think it should be understood as “Configuring Tomcat in HTTPS and putting Nuxeo to face directly the Wild Wild Web is not recommended. Please follow instructions above to configure Apache server before Nuxeo as a Frontend to face the Wild Wild Web.” So just a warning that Apache as a WebServer to face internet is the recommended configuration.

0 votes