Skip to content

nginx, httpd, and Tomcat in a Stack

First PublishedByAtif Alam

This page is a structural overview for operators who see nginx, Apache httpd, and Apache Tomcat in the same architecture. It is not a tuning guide. For HTTP behavior at the edge, see HTTP for Operators.

Roles in a Typical Java Web Stack

Section titled “Roles in a Typical Java Web Stack”
Internet ──► TLS termination (often nginx or load balancer)
              
              
         Reverse proxy (nginx or httpd)
              │  proxy_pass / AJP / mod_proxy
              
         Tomcat (JVM) — servlets, WARs, Spring Boot behind WAR
ComponentRole
nginxHigh-performance reverse proxy, static files, TLS offload, rate limiting, path routing. Often fronting app servers or acting as Ingress controller in Kubernetes.
Apache httpdFull web server with modules (mod_proxy, mod_ssl, mod_rewrite). Can act as reverse proxy or serve PHP/static content directly.
TomcatServlet container and JSP runtime; implements Java EE web profile pieces. Runs WAR deployments; often listens on 8080 HTTP or 8443 HTTPS behind a proxy.

Why Two HTTP Layers?

Section titled “Why Two HTTP Layers?”
  • Separation of concerns — nginx/httpd handles TLS, compression, caching, and routing; Tomcat focuses on application logic.
  • Operational familiarity — teams standardize on nginx for all backends, not only Java.
  • Security — shrink the attack surface on Tomcat by not exposing it directly to the internet.

Connection Between Proxy and Tomcat

Section titled “Connection Between Proxy and Tomcat”

Common patterns:

  • HTTP proxyproxy_pass http://127.0.0.1:8080 (nginx); preserve Host and X-Forwarded-* headers for the app.
  • AJP — Older Apache JServ Protocol between httpd and Tomcat; less common in greenfield cloud setups.
  • Direct Tomcat — Possible behind a cloud load balancer that terminates TLS; Tomcat still needs thread pool and connector tuning for production.

Where This Site Uses nginx

Section titled “Where This Site Uses nginx”

Ansible examples install and template nginx heavily — see Roles, Modules, and Playbooks. Kubernetes examples use nginx as a sample container image — Manifests.

httpd appears briefly as user-data in AWS compute (install and start). Tomcat is not walkthrough-driven here; use vendor docs for server.xml, connectors, and JVM heap flags.

Summary

Section titled “Summary”

nginx/httpd = edge routing and TLS; Tomcat = Java web runtime. When debugging 502 or timeouts, identify which hop returns the status (proxy vs Tomcat) using HTTP for Operators and logs on both tiers.