Yes, an apache frontend is a more convenient way, also allows
load-balancing of same URL between multiple instances.
We have multiple load balanced instances of a thredds service published
in both (http and https). When a dataset requires authentication the
challenge is made through https, and data access is coming back to http.
This is my test. My client and server are in the same side of the firewall
```bash
[antonio@ui ~]$ wget -O /dev/null
http://www.meteo.unican.es/thredds/fileServer/VALUE/Renalysis/NCEP/NCEP_Z925.nc
--2015-12-18 19:28:25--
http://www.meteo.unican.es/thredds/fileServer/VALUE/Renalysis/NCEP/NCEP_Z925.nc
Resolving www.meteo.unican.es... 193.144.202.238
Connecting to www.meteo.unican.es|193.144.202.238|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 680577496 (649M) [application/x-netcdf]
Saving to: “/dev/null”
100%[===============================================================================================================================>]
680,577,496 29.2M/s in 26s
2015-12-18 19:28:51 (25.1 MB/s) - “/dev/null” saved [680577496/680577496]
```bash
[antonio@ui ~]$ wget -O /dev/null
https://www.meteo.unican.es/thredds/fileServer/VALUE/Renalysis/NCEP/NCEP_Z925.nc
--2015-12-18 19:29:19--
https://www.meteo.unican.es/thredds/fileServer/VALUE/Renalysis/NCEP/NCEP_Z925.nc
Resolving www.meteo.unican.es... 193.144.202.238
Connecting to www.meteo.unican.es|193.144.202.238|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 680577496 (649M) [application/x-netcdf]
Saving to: “/dev/null”
100%[===============================================================================================================================>]
680,577,496 15.0M/s in 43s
2015-12-18 19:30:02 (15.2 MB/s) - “/dev/null” saved [680577496/680577496]
```
Please, feel free to test the above URLs. If somebody is using them,
please report me the result, because we are having some issues with
firewall-bandwith controller.
Antonio
El 18/12/2015 a las 18:56, John Caron escribió:
I agree, an Apache front end is a simple and standard thing to do.
AFAIU, the user still is using SSL encryption, its just that Apache is
doing that instead of Tomcat. So it would be good for any of us to
make some measurements comparing large binary data transfers.
On Fri, Dec 18, 2015 at 10:42 AM, James Gallagher
<jgallagher@xxxxxxxxxxx <mailto:jgallagher@xxxxxxxxxxx>> wrote:
On Dec 18, 2015, at 9:06 AM, Steve Ansari - NOAA Federal
<steve.ansari@xxxxxxxx <mailto:steve.ansari@xxxxxxxx>> wrote:
Sure - I'll follow up offline.
Steve
On Fri, Dec 18, 2015 at 11:04 AM, Roy Mendelssohn - NOAA Federal
<roy.mendelssohn@xxxxxxxx <mailto:roy.mendelssohn@xxxxxxxx>> wrote:
Hi Steve
I was hoping that would work. That any proxying, whether AJP
or other, would be hidden. I have had problems in the past
getting AJP proxying to work, if I need to do that. Can you
send me (offline) the part of you httpd.conf where you proxy
over to tomcat using AJP?
We have had good success using Apache & AJP. Apache as a front end
provides a number of options, particularly WRT authentication and
this might provide for a compromise should HTTPS be too much of a
bottle neck. I have not tested the impact of HTTPS compared to
HTTP (it would be easy enough to do using simple file transfers).
James
Thanks,
-Roy
> On Dec 18, 2015, at 7:59 AM, Steve Ansari - NOAA Federal
<steve.ansari@xxxxxxxx <mailto:steve.ansari@xxxxxxxx>> wrote:
>
> Hey Roy,
>
> We are using Apache to handle all the HTTPS stuff. Apache
then forwards requests to Tomcat and TDS using AJP.
> https://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html
>
> Our TDS:
> https://www.ncdc.noaa.gov/thredds/catalog.html
>
>
> Steve
>
>
> On Fri, Dec 18, 2015 at 10:29 AM, Roy Mendelssohn - NOAA
Federal <roy.mendelssohn@xxxxxxxx
<mailto:roy.mendelssohn@xxxxxxxx>> wrote:
> Hi All:
>
> As I hope you know, the Federal government is required to
migrate to https for all services in the next1.5 years. My
question is can the TDS work with https? If so, can you point
me to any documents or what changes, if any, need to be made
to use https. If not, are there plans to incorporate this
ability into TDS?
>
> Thanks,
>
> -Roy
>
>
>
> **********************
> "The contents of this message do not reflect any position
of the U.S. Government or NOAA."
> **********************
> Roy Mendelssohn
> Supervisory Operations Research Analyst
> NOAA/NMFS
> Environmental Research Division
> Southwest Fisheries Science Center
> ***Note new address and phone***
> 110 Shaffer Road
> Santa Cruz, CA 95060
> Phone: (831)-420-3666 <tel:%28831%29-420-3666>
> Fax: (831) 420-3980 <tel:%28831%29%20420-3980>
> e-mail: Roy.Mendelssohn@xxxxxxxx
<mailto:Roy.Mendelssohn@xxxxxxxx> www: http://www.pfeg.noaa.gov/
>
> "Old age and treachery will overcome youth and skill."
> "From those who have been given much, much will be expected"
> "the arc of the moral universe is long, but it bends toward
justice" -MLK Jr.
>
> _______________________________________________
> thredds mailing list
> thredds@xxxxxxxxxxxxxxxx <mailto:thredds@xxxxxxxxxxxxxxxx>
> For list information or to unsubscribe, visit:
http://www.unidata.ucar.edu/mailing_lists/
>
>
>
> --
> Steve Ansari
> Physical Scientist
> NOAA National Centers for Environmental Information (NCEI)
> (828) 271-4611 <tel:%28828%29%20271-4611>
>
> The newly formed NCEI merges the National Oceanographic
Data Center (NODC), the National Climatic Data Center (NCDC),
and the National Geophysical Data Center (NGDC).
**********************
"The contents of this message do not reflect any position of
the U.S. Government or NOAA."
**********************
Roy Mendelssohn
Supervisory Operations Research Analyst
NOAA/NMFS
Environmental Research Division
Southwest Fisheries Science Center
***Note new address and phone***
110 Shaffer Road
Santa Cruz, CA 95060
Phone: (831)-420-3666 <tel:%28831%29-420-3666>
Fax: (831) 420-3980 <tel:%28831%29%20420-3980>
e-mail: Roy.Mendelssohn@xxxxxxxx
<mailto:Roy.Mendelssohn@xxxxxxxx> www: http://www.pfeg.noaa.gov/
"Old age and treachery will overcome youth and skill."
"From those who have been given much, much will be expected"
"the arc of the moral universe is long, but it bends toward
justice" -MLK Jr.
--
/Steve Ansari/
/Physical Scientist/
/NOAA National Centers for Environmental Information (NCEI)/
/(828) 271-4611 <tel:%28828%29%20271-4611>/
/
/
The newly formed NCEI merges the National Oceanographic Data
Center (NODC), the National Climatic Data Center (NCDC), and the
National Geophysical Data Center (NGDC)./
/
_______________________________________________
thredds mailing list
thredds@xxxxxxxxxxxxxxxx <mailto:thredds@xxxxxxxxxxxxxxxx>
For list information or to unsubscribe, visit:
http://www.unidata.ucar.edu/mailing_lists/
--
James Gallagher
jgallagher@xxxxxxxxxxx <mailto:jgallagher@xxxxxxxxxxx>
_______________________________________________
thredds mailing list
thredds@xxxxxxxxxxxxxxxx <mailto:thredds@xxxxxxxxxxxxxxxx>
For list information or to unsubscribe, visit:
http://www.unidata.ucar.edu/mailing_lists/
_______________________________________________
thredds mailing list
thredds@xxxxxxxxxxxxxxxx
For list information or to unsubscribe, visit:
http://www.unidata.ucar.edu/mailing_lists/