I wish to increase maxThreads for the ajp connector to 500, i notice that it has a redirect port 8443, so should I increase the maxThreads of connector on port 8443 as well?
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" maxThreads="500"/>
Best Answer
In any httpd + Tomcat setups I have worked with, we get rid of any of the HTTP connectors, contain the AJP connector to loopback and let it run without encryption. The goal is to let Tomcat do the Java application work and let httpd handle all of the HTTP services.
The only way the redirectPort would get used in the case of the AJP connector is if there is a web application (web.xml) containing a security-contraint having a user-data-constraint having a transport-guarantee set to CONFIDENTIAL.
At least in our case, it is rare for our applications to have such a construct defined. We typically handle the secure communications via httpd or the load balancer. Most of our applications require SSL at all times anyway due to the data displayed.
Updated response:
Here is a real baseline Tomcat configuration with the slight tweak to increase the connector's maxThreads to 500. It is configured only to listen for AJP/1.3 traffic on loopback (as well as for the shutdown port).
On the httpd side, we have a proxy_ajp.conf file which we use to specifically map URL paths back to the Tomcat. Example:
The httpd.conf can be configured to use (and optionally force) SSL. But that is completely optional.