we have one app server running glassfish 3.1.2 and another machine running web server httpd. between app server and web server we have a firewall. on our app server we have got 2 applications running on port 8181. we have OPENED port 8181 on the firewall. now we are configuring apache webserver to redirect requests to glassfish. my question is that do we need more ports to be opened on firewall ? i searched on google regarding configuring apache httpd with glassfish and it says that we have to create an AJP listener on say port 8009. is this right ? can't i directly forward requests from apache to my applications which are running on 8181 ? if i have to create an activate a listener on say port 8009 then i have to open port 8009 also on firewall . right ? please help as it is urgently required .
The problem with direct forwarding is that the client sees it as being redirected. Browser security may not tolerate that. Also, by delegating a request to the app server, your HTTPD server can still deliver any static content that is part of the page. The data returned from the GlassFish server can then be folded into it.
This configuration is quite common, as it has been used and abused with Apache HTTPd and Tomcat servers for years. GlassFish 3.1.2 supports the same mechanism with its own interface. You do not need to open your firewall to ephemeral port access, as the JK protocol manages data transfer in-band.
Make visible what, without you, might perhaps never have been seen. - Robert Bresson