Opened 14 years ago

Closed 9 years ago

#37 closed enhancement (wontfix)

tomcat support?

Reported by: andersk Owned by:
Priority: minor Milestone:
Component: web Keywords:
Cc:

Description (last modified by andersk)

(Imported from help.mit.edu #547795.)

abhagi:

Also, can one upload JSP files onto scripts.mit.edu?

geofft:

We do not run a Tomcat installation the same way we run an Apache httpd installation on scripts; Tomcat does not allow us to do security isolation between users in the same manner, so we cannot set up a multiuser installation. There is an Apache-httpd module (mod_proxy_ajp) that appears to allow running JSP scripts, but we are not yet sure whether this properly and securely isolates user accounts. We will try to take a look at this sometime soon and determine whether this method is a practical solution; other users have expressed some interest in running JSP pages on scripts.

Change History (5)

comment:1 Changed 14 years ago by andersk

  • Description modified (diff)

comment:2 Changed 14 years ago by andersk

  • Description modified (diff)

comment:3 Changed 12 years ago by geofft

I looked at this a little more closely. It looks like mod_proxy_ajp only adds an ajp:// method to proxying, which is a FastCGI-like thing for servlets. We recently enabled mod_proxy, so there should be no security reasons not to enable mod_proxy_ajp and let people run servlet containers out of, say, cron.

We may want to figure out something like hacron to make it easy to determine the current scripts primary, or something like the port reservation system to make it guaranteed that the server you're proxying to is your own.

comment:4 Changed 11 years ago by geofft

  • sensitive set to 0

I swear I mentioned this somewhere, but apparently it wasn't Trac. According to http://docs.codehaus.org/display/JETTY/Configuring+AJP13+Using+mod_jk you don't actually want AJP, because it's nowhere near as pantsful as FastCGI, and you just want to use mod_proxy via plain old HTTP.

I think the only thing remaining on this ticket is to decide if we want to figure out some way to run server-spawned servlet containers (or other HTTP servers), a la server-spawned FastCGIs, or if we're okay with people running persistent servlet containers and proxying to them. Apparently in my previous comment I was assuming the latter would be the case, so...

comment:5 Changed 9 years ago by glasgall

  • Resolution set to wontfix
  • Status changed from new to closed

If we support Java at all, it will be via Jetty.

Note: See TracTickets for help on using tickets.