40

If I am given a war file that contains a Java web application, and I want to run that war locally, then do I just need Tomcat, or do I need Tomcat and Apache httpd (or any other web server)? Thanks in advance!

IAmYourFaja
  • 55,468
  • 181
  • 466
  • 756

4 Answers4

52

Tomcat is a web server of its own, so a separate web server like Apache is not required. You probably will want to change Tomcat's port though, since it defaults to 8080 and web sites are usually on port 80.

I think people generally put Apache in front of Tomcat so they can do things like:

  • Have one website have several Tomcat instances behind it.
  • Serve static files from Apache to take load off of Tomcat.
  • Use other Apache features you may need (modules).
  • As @TacticalCoder mentions in the comments, you need to be root to listen on port 80, so some people may be using Apache as an easy way to proxy port 80 to port 8080.

I'd recommend the YAGNI approach and just go with Tomcat until/unless you find a reason you want Apache in front of it.

Brendan Long
  • 53,280
  • 21
  • 146
  • 188
  • Ahhh - so Tomcat *is* the web server, and I'm guessing that "Catalina" is the servlet processor/container? – IAmYourFaja Feb 23 '12 at 18:50
  • @AdamTannon - Yeah, [Catalina](http://en.wikipedia.org/wiki/Apache_Tomcat#Catalina) is the servlet container. – Brendan Long Feb 23 '12 at 18:54
  • 9
    @Bredan Long: *"You probably will want to change Tomcat's port though"* [sic]... With the caveat that, on Un*x OS for example, you cannot listen on port 80/443 without being *root*. But installing Java / Tomcat as *root* isn't necessarily a good practice: on Linux you can install Java without being *root*. You can also install Tomcat without being *root*. Then, as root, you can transparently redirect port 80/443 to 8080/4443 (for example) using the firewall (*e.g.* iptables). This is generally considered "more secure" than running Tomcat as *root* and directly listening on port 80/443. – TacticalCoder Feb 23 '12 at 19:12
  • 2
    Tactical - just out of curiosity, could you explain why the port redirection is more secure than having Tomcat listening to the port directly? – IAmYourFaja Feb 23 '12 at 20:27
  • 1
    @AdamTannon: because, on Un*x, you **must** have *root* privileges to be able to listen on ports below 1024. I always prefer to both install and run software with the least privileges possible. By using a port redirection there's exactly **one** command that needs to be run as *root*: all the rest can be done from a regular user account. Sure, you *could* use *authbind* or *sudo* etc. but why bother: install Java + Tomcat as non-root and do a port-redirection. Details here: http://www.jvmhost.com/articles/java-net-bindexception-permisssion-denied-operation-not-permitted – TacticalCoder Feb 24 '12 at 00:34
  • 3
    Just wanted to add this, as I have came across this shortly in a real life scenario: In case there is a security flaw in tomcat, and tomcat is run as root. Somebody might exploit this and could gain access as root to your system. You are in big trouble now. In case tomcat is run as non-root, the attacker might 'only' compromise some limited parts of your system. That can save your life one day... – st-h Nov 05 '13 at 21:52
  • Would it make sense to use an additional Tomcat instance then @Brendan Long: Instead of an Apache one? It makes more sense to me to use reduce variance especially if they provide the same functionality. That way the load could still be distributed but I wouldn't need to configure a separate application. – TenLeftFingers Sep 09 '14 at 10:47
  • 1
    @TenLeftFingers You could try it. Apache has some advantages due to its popularity (efficiency, stability, everyone knows the configuration format), but I've never tried using Tomcat for this so I don't know how they would compare. In my personal experience, I was already running Apache when Tomcat was added to the mix. – Brendan Long Sep 09 '14 at 16:52
6

Just Tomcat. HTTPD is never a requirement for Tomcat.

Mike Thomsen
  • 36,828
  • 10
  • 60
  • 83
  • if HTTPD is not required for Tomcat then which process in tomcat will take care of incoming server requests? Could you please explain? Thanks. – Kanagavelu Sugumar Feb 11 '14 at 16:14
  • @KanagaveluSugumar Tomcat runs an default HTTP server on port 8080 (thus, set port redirection to listen requests coming to HTTP port 80 or specify port 8080 in URL requests). Also, in the supplied server.xml file, you'll see the following element: To set Apache HTTP server in front of tomcat server, comment this entry in the server.xml. – sactiw Mar 31 '15 at 16:58
2

Tomcat is a servlet container which has it's own http server ,so if you want to run a war ,you only need a tomcat ,but if you want to run a website which only include static files(html ,js ,css),you should choose apache better,even if the tomcat can do this

doubleview
  • 75
  • 1
  • 6
0

You just need Tomcat or any other Java servlet container (Jetty, resin, etc).

cjstehno
  • 13,468
  • 4
  • 44
  • 56