升级Tomcat版本 apache-tomcat-7.0.77
diff --git a/tomcat-uidm/webapps/docs/config/http.html b/tomcat-uidm/webapps/docs/config/http.html
index 47e1645..2d6e436 100644
--- a/tomcat-uidm/webapps/docs/config/http.html
+++ b/tomcat-uidm/webapps/docs/config/http.html
@@ -1,10 +1,85 @@
-<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Apache Tomcat Configuration Reference (6.0.41) - The HTTP Connector</title><meta name="author" content="Craig R. McClanahan"><meta name="author" content="Yoav Shapira"><style type="text/css" media="print">
- .noPrint {display: none;}
- td#mainBody {width: 100%;}
- </style></head><body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"><table border="0" width="100%" cellspacing="0"><!--PAGE HEADER--><tr><td><!--PROJECT LOGO--><a href="http://tomcat.apache.org/"><img src="../images/tomcat.gif" align="right" alt="
+<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Apache Tomcat 7 Configuration Reference (7.0.77) - The HTTP Connector</title><meta name="author" content="Craig R. McClanahan"><meta name="author" content="Yoav Shapira"><style type="text/css" media="print">
+ .noPrint {display: none;}
+ td#mainBody {width: 100%;}
+</style><style type="text/css">
+code {background-color:rgb(224,255,255);padding:0 0.1em;}
+code.attributeName, code.propertyName {background-color:transparent;}
+
+
+table {
+ border-collapse: collapse;
+ text-align: left;
+}
+table *:not(table) {
+ /* Prevent border-collapsing for table child elements like <div> */
+ border-collapse: separate;
+}
+
+th {
+ text-align: left;
+}
+
+
+div.codeBox pre code, code.attributeName, code.propertyName, code.noHighlight, .noHighlight code {
+ background-color: transparent;
+}
+div.codeBox {
+ overflow: auto;
+ margin: 1em 0;
+}
+div.codeBox pre {
+ margin: 0;
+ padding: 4px;
+ border: 1px solid #999;
+ border-radius: 5px;
+ background-color: #eff8ff;
+ display: table; /* To prevent <pre>s from taking the complete available width. */
+ /*
+ When it is officially supported, use the following CSS instead of display: table
+ to prevent big <pre>s from exceeding the browser window:
+ max-width: available;
+ width: min-content;
+ */
+}
+
+div.codeBox pre.wrap {
+ white-space: pre-wrap;
+}
+
+
+table.defaultTable tr, table.detail-table tr {
+ border: 1px solid #CCC;
+}
+
+table.defaultTable tr:nth-child(even), table.detail-table tr:nth-child(even) {
+ background-color: #FAFBFF;
+}
+
+table.defaultTable tr:nth-child(odd), table.detail-table tr:nth-child(odd) {
+ background-color: #EEEFFF;
+}
+
+table.defaultTable th, table.detail-table th {
+ background-color: #88b;
+ color: #fff;
+}
+
+table.defaultTable th, table.defaultTable td, table.detail-table th, table.detail-table td {
+ padding: 5px 8px;
+}
+
+
+p.notice {
+ border: 1px solid rgb(255, 0, 0);
+ background-color: rgb(238, 238, 238);
+ color: rgb(0, 51, 102);
+ padding: 0.5em;
+ margin: 1em 2em 1em 1em;
+}
+</style></head><body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"><table border="0" width="100%" cellspacing="0"><!--PAGE HEADER--><tr><td><!--PROJECT LOGO--><a href="http://tomcat.apache.org/"><img src="../images/tomcat.gif" align="right" alt="
The Apache Tomcat Servlet/JSP Container
- " border="0"></a></td><td><h1><font face="arial,helvetica,sanserif">Apache Tomcat 6.0</font></h1><font face="arial,helvetica,sanserif">Version 6.0.41, May 19 2014</font></td><td><!--APACHE LOGO--><a href="http://www.apache.org/"><img src="../images/asf-logo.gif" align="right" alt="Apache Logo" border="0"></a></td></tr></table><table border="0" width="100%" cellspacing="4"><!--HEADER SEPARATOR--><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><tr><!--LEFT SIDE NAVIGATION--><td width="20%" valign="top" nowrap="nowrap" class="noPrint"><p><strong>Links</strong></p><ul><li><a href="../index.html">Docs Home</a></li><li><a href="index.html">Config Ref. Home</a></li></ul><p><strong>Top Level Elements</strong></p><ul><li><a href="server.html">Server</a></li><li><a href="service.html">Service</a></li></ul><p><strong>Executors</strong></p><ul><li><a href="executor.html">Executor</a></li></ul><p><strong>Connectors</strong></p><ul><li><a href="http.html">HTTP</a></li><li><a href="ajp.html">AJP</a></li></ul><p><strong>Containers</strong></p><ul><li><a href="context.html">Context</a></li><li><a href="engine.html">Engine</a></li><li><a href="host.html">Host</a></li><li><a href="cluster.html">Cluster</a></li></ul><p><strong>Nested Components</strong></p><ul><li><a href="globalresources.html">Global Resources</a></li><li><a href="listeners.html">Listeners</a></li><li><a href="loader.html">Loader</a></li><li><a href="manager.html">Manager</a></li><li><a href="realm.html">Realm</a></li><li><a href="resources.html">Resources</a></li><li><a href="valve.html">Valve</a></li></ul><p><strong>Cluster Elements</strong></p><ul><li><a href="cluster.html">Cluster</a></li><li><a href="cluster-manager.html">Manager</a></li><li><a href="cluster-channel.html">Channel</a></li><li><a href="cluster-membership.html">Channel/Membership</a></li><li><a href="cluster-sender.html">Channel/Sender</a></li><li><a href="cluster-receiver.html">Channel/Receiver</a></li><li><a href="cluster-interceptor.html">Channel/Interceptor</a></li><li><a href="cluster-valve.html">Valve</a></li><li><a href="cluster-deployer.html">Deployer</a></li><li><a href="cluster-listener.html">ClusterListener</a></li></ul><p><strong>web.xml</strong></p><ul><li><a href="filter.html">Filter</a></li></ul><p><strong>Other</strong></p><ul><li><a href="systemprops.html">System properties</a></li></ul></td><!--RIGHT SIDE MAIN BODY--><td width="80%" valign="top" align="left" id="mainBody"><h1>Apache Tomcat Configuration Reference</h1><h2>The HTTP Connector</h2><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Table of Contents"><!--()--></a><a name="Table_of_Contents"><strong>Table of Contents</strong></a></font></td></tr><tr><td><blockquote>
-<ul><li><a href="#Introduction">Introduction</a></li><li><a href="#Attributes">Attributes</a><ol><li><a href="#Common_Attributes">Common Attributes</a></li><li><a href="#Standard_Implementation">Standard Implementation</a></li><li><a href="#Nio_Implementation">Nio Implementation</a></li></ol></li><li><a href="#Nested_Components">Nested Components</a></li><li><a href="#Special_Features">Special Features</a><ol><li><a href="#HTTP/1.1_and_HTTP/1.0_Support">HTTP/1.1 and HTTP/1.0 Support</a></li><li><a href="#Proxy_Support">Proxy Support</a></li><li><a href="#SSL_Support">SSL Support</a></li><li><a href="#Connector_Comparison">Connector Comparison</a></li></ol></li></ul>
+ " border="0"></a></td><td><h1><font face="arial,helvetica,sanserif">Apache Tomcat 7</font></h1><font face="arial,helvetica,sanserif">Version 7.0.77, Mar 28 2017</font></td><td><!--APACHE LOGO--><a href="http://www.apache.org/"><img src="../images/asf-logo.svg" align="right" alt="Apache Logo" border="0" style="width: 266px;height: 83px;"></a></td></tr></table><table border="0" width="100%" cellspacing="4"><!--HEADER SEPARATOR--><tr><td colspan="2"><hr noshade size="1"></td></tr><tr><!--LEFT SIDE NAVIGATION--><td width="20%" valign="top" nowrap class="noPrint"><p><strong>Links</strong></p><ul><li><a href="../index.html">Docs Home</a></li><li><a href="index.html">Config Ref. Home</a></li><li><a href="http://wiki.apache.org/tomcat/FAQ">FAQ</a></li><li><a href="#comments_section">User Comments</a></li></ul><p><strong>Top Level Elements</strong></p><ul><li><a href="server.html">Server</a></li><li><a href="service.html">Service</a></li></ul><p><strong>Executors</strong></p><ul><li><a href="executor.html">Executor</a></li></ul><p><strong>Connectors</strong></p><ul><li><a href="http.html">HTTP</a></li><li><a href="ajp.html">AJP</a></li></ul><p><strong>Containers</strong></p><ul><li><a href="context.html">Context</a></li><li><a href="engine.html">Engine</a></li><li><a href="host.html">Host</a></li><li><a href="cluster.html">Cluster</a></li></ul><p><strong>Nested Components</strong></p><ul><li><a href="globalresources.html">Global Resources</a></li><li><a href="jar-scanner.html">JarScanner</a></li><li><a href="listeners.html">Listeners</a></li><li><a href="loader.html">Loader</a></li><li><a href="manager.html">Manager</a></li><li><a href="realm.html">Realm</a></li><li><a href="resources.html">Resources</a></li><li><a href="sessionidgenerator.html">SessionIdGenerator</a></li><li><a href="valve.html">Valve</a></li></ul><p><strong>Cluster Elements</strong></p><ul><li><a href="cluster.html">Cluster</a></li><li><a href="cluster-manager.html">Manager</a></li><li><a href="cluster-channel.html">Channel</a></li><li><a href="cluster-membership.html">Channel/Membership</a></li><li><a href="cluster-sender.html">Channel/Sender</a></li><li><a href="cluster-receiver.html">Channel/Receiver</a></li><li><a href="cluster-interceptor.html">Channel/Interceptor</a></li><li><a href="cluster-valve.html">Valve</a></li><li><a href="cluster-deployer.html">Deployer</a></li><li><a href="cluster-listener.html">ClusterListener</a></li></ul><p><strong>web.xml</strong></p><ul><li><a href="filter.html">Filter</a></li></ul><p><strong>Other</strong></p><ul><li><a href="systemprops.html">System properties</a></li></ul></td><!--RIGHT SIDE MAIN BODY--><td width="80%" valign="top" align="left" id="mainBody"><h1>The HTTP Connector</h1><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Table of Contents"><!--()--></a><a name="Table_of_Contents"><strong>Table of Contents</strong></a></font></td></tr><tr><td><blockquote>
+<ul><li><a href="#Introduction">Introduction</a></li><li><a href="#Attributes">Attributes</a><ol><li><a href="#Common_Attributes">Common Attributes</a></li><li><a href="#Standard_Implementation">Standard Implementation</a></li><li><a href="#Java_TCP_socket_attributes">Java TCP socket attributes</a></li><li><a href="#BIO_specific_configuration">BIO specific configuration</a></li><li><a href="#NIO_specific_configuration">NIO specific configuration</a></li><li><a href="#APR/native_specific_configuration">APR/native specific configuration</a></li></ol></li><li><a href="#Nested_Components">Nested Components</a></li><li><a href="#Special_Features">Special Features</a><ol><li><a href="#HTTP/1.1_and_HTTP/1.0_Support">HTTP/1.1 and HTTP/1.0 Support</a></li><li><a href="#Proxy_Support">Proxy Support</a></li><li><a href="#SSL_Support">SSL Support</a><ol><li><a href="#SSL_Support_-_BIO_and_NIO">SSL Support - BIO and NIO</a></li><li><a href="#SSL_Support_-_APR/Native">SSL Support - APR/Native</a></li></ol></li><li><a href="#Connector_Comparison">Connector Comparison</a></li></ol></li></ul>
</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
<p>The <strong>HTTP Connector</strong> element represents a
@@ -19,8 +94,8 @@
<p>If you wish to configure the <strong>Connector</strong> that is used
for connections to web servers using the AJP protocol (such as the
- <code>mod_jk 1.2.x</code> connector for Apache 1.3), see
- <a href="ajp.html">here</a> instead.</p>
+ <code>mod_jk 1.2.x</code> connector for Apache 1.3), please refer to the
+ <a href="ajp.html">AJP Connector</a> documentation.</p>
<p>Each incoming request requires
a thread for the duration of that request. If more simultaneous requests
@@ -40,43 +115,39 @@
<p>All implementations of <strong>Connector</strong>
support the following attributes:</p>
- <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>allowTrace</code></td><td align="left" valign="center">
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code class="attributeName">allowTrace</code></td><td align="left" valign="center">
<p>A boolean value which can be used to enable or disable the TRACE
HTTP method. If not specified, this attribute is set to false.</p>
- </td></tr><tr><td align="left" valign="center"><code>emptySessionPath</code></td><td align="left" valign="center">
- <p>If set to <code>true</code>, all paths for session cookies will be set
- to <code>/</code>. This can be useful for portlet specification implementations.
- If not specified, this attribute is set to <code>false</code>.<br>
- A side effect to setting this to true, is that if Tomcat creates a new session it will attempt to use the
- cookie session id if supplied by the client.<br>
- <a href="http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/Request.java?diff_format=h&view=log#rev303682">SVN check in</a><br>
- <a href="http://tomcat.markmail.org/search/?q=emptysessionpath%20reuse#query:emptysessionpath%20reuse%20date%3A200502%20+page:1+mid:2bocwjhn3cczsoii+state:results">Dev discussion</a><br>
- <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=47298">Work around</a>
- </p>
- </td></tr><tr><td align="left" valign="center"><code>enableLookups</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">asyncTimeout</code></td><td align="left" valign="center">
+ <p>The default timeout for asynchronous requests in milliseconds. If not
+ specified, this attribute is set to 10000 (10 seconds).</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">enableLookups</code></td><td align="left" valign="center">
<p>Set to <code>true</code> if you want calls to
<code>request.getRemoteHost()</code> to perform DNS lookups in
order to return the actual host name of the remote client. Set
to <code>false</code> to skip the DNS lookup and return the IP
address in String form instead (thereby improving performance).
By default, DNS lookups are disabled.</p>
- </td></tr><tr><td align="left" valign="center"><code>maxHeaderCount</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">maxHeaderCount</code></td><td align="left" valign="center">
<p>The maximum number of headers in a request that are allowed by the
container. A request that contains more headers than the specified limit
will be rejected. A value of less than 0 means no limit.
If not specified, a default of 100 is used.</p>
- </td></tr><tr><td align="left" valign="center"><code>maxParameterCount</code></td><td align="left" valign="center">
- <p>The maximum number of parameters (GET plus POST) which will be
- automatically parsed by the container. A value of less than 0 means no
- limit. If not specified, a default of 10000 is used. Note that
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">maxParameterCount</code></td><td align="left" valign="center">
+ <p>The maximum number of parameter and value pairs (GET plus POST) which
+ will be automatically parsed by the container. Parameter and value pairs
+ beyond this limit will be ignored. A value of less than 0 means no limit.
+ If not specified, a default of 10000 is used. Note that
<code>FailedRequestFilter</code> <a href="filter.html">filter</a> can be
used to reject requests that hit the limit.</p>
- </td></tr><tr><td align="left" valign="center"><code>maxPostSize</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">maxPostSize</code></td><td align="left" valign="center">
<p>The maximum size in bytes of the POST which will be handled by
the container FORM URL parameter parsing. The limit can be disabled by
- setting this attribute to a value less than or equal to 0.
- If not specified, this attribute is set to 2097152 (2 megabytes).</p>
- </td></tr><tr><td align="left" valign="center"><code>maxSavePostSize</code></td><td align="left" valign="center">
+ setting this attribute to a value less than zero. If not specified, this
+ attribute is set to 2097152 (2 megabytes). Note that the
+ <a href="filter.html#Failed_Request_Filter"><code>FailedRequestFilter</code></a>
+ can be used to reject requests that exceed this limit.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">maxSavePostSize</code></td><td align="left" valign="center">
<p>The maximum size in bytes of the POST which will be saved/buffered by
the container during FORM or CLIENT-CERT authentication. For both types
of authentication, the POST will be saved/buffered before the user is
@@ -89,88 +160,86 @@
attribute to -1. Setting the attribute to zero will disable the saving of
POST data during authentication. If not specified, this attribute is set
to 4096 (4 kilobytes).</p>
- </td></tr><tr><td align="left" valign="center"><code>parseBodyMethods</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">parseBodyMethods</code></td><td align="left" valign="center">
<p>A comma-separated list of HTTP methods for which request
bodies will be parsed for request parameters identically
to POST. This is useful in RESTful applications that want to
support POST-style semantics for PUT requests.
Note that any setting other than <code>POST</code> causes Tomcat
- to behave in a way that does against the intent of the servlet
+ to behave in a way that goes against the intent of the servlet
specification.
The HTTP method TRACE is specifically forbidden here in accordance
with the HTTP specification.
The default is <code>POST</code></p>
- </td></tr><tr><td align="left" valign="center"><strong><code>port</code></strong></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><strong><code class="attributeName">port</code></strong></td><td align="left" valign="center">
<p>The TCP port number on which this <strong>Connector</strong>
will create a server socket and await incoming connections. Your
operating system will allow only one server application to listen
- to a particular port number on a particular IP address.</p>
- </td></tr><tr><td align="left" valign="center"><code>protocol</code></td><td align="left" valign="center">
- <p>
- Sets the protocol to handle incoming traffic.
- The default value is <code>HTTP/1.1</code> and configures the
- <code>org.apache.coyote.http11.Http11Protocol</code>. This is the blocking Java connector.<br>
- If the <code>PATH</code> (Windows) or <code>LD_LIBRARY_PATH</code> (on most unix systems)
- environment variables contain the Tomcat native library, the APR connector
- will automatically be configured. Please be advised that the APR connector has different
- settings for HTTPS than the default Java connector.<br>
- Other values for this attribute are, but not limited to:<br>
- <code>org.apache.coyote.http11.Http11Protocol</code> - same as HTTP/1.1<br>
- <code>org.apache.coyote.http11.Http11NioProtocol</code> - non blocking Java connector<br>
- <code>org.apache.coyote.http11.Http11AprProtocol</code> - the APR connector.<br>
- Take a look at our <a href="#Connector Comparison">Connector Comparison</a> chart.
- The configuration for both Java connectors are identical, both for http and https. <br>
- For more information on the APR connector and APR specific SSL settings please
- visit the <a href="../apr.html">APR documentation</a>
+ to a particular port number on a particular IP address. If the special
+ value of 0 (zero) is used, then Tomcat will select a free port at random
+ to use for this connector. This is typically only useful in embedded and
+ testing applications.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">protocol</code></td><td align="left" valign="center">
+ <p>Sets the protocol to handle incoming traffic. The default value is
+ <code>HTTP/1.1</code> which uses an auto-switching mechanism to select
+ either a blocking Java based connector or an APR/native based connector.
+ If the <code>PATH</code> (Windows) or <code>LD_LIBRARY_PATH</code> (on
+ most unix systems) environment variables contain the Tomcat native
+ library, the APR/native connector will be used. If the native library
+ cannot be found, the blocking Java based connector will be used. Note
+ that the APR/native connector has different settings for HTTPS than the
+ Java connectors.<br>
+ To use an explicit protocol rather than rely on the auto-switching
+ mechanism described above, the following values may be used:<br>
+ <code>org.apache.coyote.http11.Http11Protocol</code> -
+ blocking Java connector<br>
+ <code>org.apache.coyote.http11.Http11NioProtocol</code> -
+ non blocking Java connector<br>
+ <code>org.apache.coyote.http11.Http11AprProtocol</code> -
+ the APR/native connector.<br>
+ Custom implementations may also be used.<br>
+ Take a look at our <a href="#Connector_Comparison">Connector
+ Comparison</a> chart. The configuration for both Java connectors is
+ identical, for http and https.<br>
+ For more information on the APR connector and APR specific SSL settings
+ please visit the <a href="../apr.html">APR documentation</a>
</p>
- </td></tr><tr><td align="left" valign="center"><code>proxyName</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">proxyName</code></td><td align="left" valign="center">
<p>If this <strong>Connector</strong> is being used in a proxy
configuration, configure this attribute to specify the server name
to be returned for calls to <code>request.getServerName()</code>.
- See <a href="#Proxy Support">Proxy Support</a> for more
+ See <a href="#Proxy_Support">Proxy Support</a> for more
information.</p>
- </td></tr><tr><td align="left" valign="center"><code>proxyPort</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">proxyPort</code></td><td align="left" valign="center">
<p>If this <strong>Connector</strong> is being used in a proxy
configuration, configure this attribute to specify the server port
to be returned for calls to <code>request.getServerPort()</code>.
- See <a href="#Proxy Support">Proxy Support</a> for more
+ See <a href="#Proxy_Support">Proxy Support</a> for more
information.</p>
- </td></tr><tr><td align="left" valign="center"><code>redirectPort</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">redirectPort</code></td><td align="left" valign="center">
<p>If this <strong>Connector</strong> is supporting non-SSL
requests, and a request is received for which a matching
<code><security-constraint></code> requires SSL transport,
Catalina will automatically redirect the request to the port
number specified here.</p>
- </td></tr><tr><td align="left" valign="center"><code>SSLEnabled</code></td><td align="left" valign="center">
- <p>
- Use this attribute to enable SSL traffic on a connector.
- To turn on SSL handshake/encryption/decryption on a connector
- set this value to <code>true</code>.
- The default value is <code>false</code>.
- When turning this value <code>true</code> you will want to set the
- <code>scheme</code> and the <code>secure</code> attributes as well
- to pass the correct <code>request.getScheme()</code> and
- <code>request.isSecure()</code> values to the servlets
- See <a href="#SSL Support">SSL Support</a> for more information.
- </p>
- </td></tr><tr><td align="left" valign="center"><code>scheme</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">scheme</code></td><td align="left" valign="center">
<p>Set this attribute to the name of the protocol you wish to have
returned by calls to <code>request.getScheme()</code>. For
example, you would set this attribute to "<code>https</code>"
for an SSL Connector. The default value is "<code>http</code>".
</p>
- </td></tr><tr><td align="left" valign="center"><code>secure</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">secure</code></td><td align="left" valign="center">
<p>Set this attribute to <code>true</code> if you wish to have
calls to <code>request.isSecure()</code> to return <code>true</code>
for requests received by this Connector. You would want this on an
- SSL Connector or a non SSL connector that is receiving data from a
+ SSL Connector or a non SSL connector that is receiving data from a
SSL accelerator, like a crypto card, a SSL appliance or even a webserver.
The default value is <code>false</code>.</p>
- </td></tr><tr><td align="left" valign="center"><code>URIEncoding</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">URIEncoding</code></td><td align="left" valign="center">
<p>This specifies the character encoding used to decode the URI bytes,
after %xx decoding the URL. If not specified, ISO-8859-1 will be used.
</p>
- </td></tr><tr><td align="left" valign="center"><code>useBodyEncodingForURI</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">useBodyEncodingForURI</code></td><td align="left" valign="center">
<p>This specifies if the encoding specified in contentType should be used
for URI query parameters, instead of using the URIEncoding. This
setting is present for compatibility with Tomcat 4.1.x, where the
@@ -178,11 +247,20 @@
Request.setCharacterEncoding method was also used for the parameters from
the URL. The default value is <code>false</code>.
</p>
- </td></tr><tr><td align="left" valign="center"><code>useIPVHosts</code></td><td align="left" valign="center">
+ <p><strong>Notes:</strong> 1) This setting is applied only to the
+ query string of a request. Unlike <code>URIEncoding</code> it does not
+ affect the path portion of a request URI. 2) If request character
+ encoding is not known (is not provided by a browser and is not set by
+ <code>SetCharacterEncodingFilter</code> or a similar filter using
+ Request.setCharacterEncoding method), the default encoding is always
+ "ISO-8859-1". The <code>URIEncoding</code> setting has no effect on
+ this default.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">useIPVHosts</code></td><td align="left" valign="center">
<p>Set this attribute to <code>true</code> to cause Tomcat to use
the IP address that the request was received on to determine the Host
to send the request to. The default value is <code>false</code>.</p>
- </td></tr><tr><td align="left" valign="center"><code>xpoweredBy</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">xpoweredBy</code></td><td align="left" valign="center">
<p>Set this attribute to <code>true</code> to cause Tomcat to advertise
support for the Servlet specification using the header recommended in the
specification. The default value is <code>false</code>.</p>
@@ -192,29 +270,50 @@
<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Standard Implementation"><!--()--></a><a name="Standard_Implementation"><strong>Standard Implementation</strong></a></font></td></tr><tr><td><blockquote>
- <p>
- HTTP supports the following additional attributes (in addition to the
- common attributes listed above):</p>
+ <p>The standard HTTP connectors (BIO, NIO and APR/native) all support the
+ following attributes in addition to the common Connector attributes listed
+ above.</p>
- <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>acceptCount</code></td><td align="left" valign="center">
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code class="attributeName">acceptCount</code></td><td align="left" valign="center">
<p>The maximum queue length for incoming connection requests when
all possible request processing threads are in use. Any requests
received when the queue is full will be refused. The default
value is 100.</p>
- </td></tr><tr><td align="left" valign="center"><code>address</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">acceptorThreadCount</code></td><td align="left" valign="center">
+ <p>The number of threads to be used to accept connections. Increase this
+ value on a multi CPU machine, although you would never really need more
+ than <code>2</code>. Also, with a lot of non keep alive connections, you
+ might want to increase this value as well. Default value is
+ <code>1</code>.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">acceptorThreadPriority</code></td><td align="left" valign="center">
+ <p>The priority of the acceptor threads. The threads used to accept
+ new connections. The default value is <code>5</code> (the value of the
+ <code>java.lang.Thread.NORM_PRIORITY</code> constant). See the JavaDoc
+ for the <code>java.lang.Thread</code> class for more details on what
+ this priority means.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">address</code></td><td align="left" valign="center">
<p>For servers with more than one IP address, this attribute
specifies which address will be used for listening on the specified
port. By default, this port will be used on all IP addresses
associated with the server.</p>
- </td></tr><tr><td align="left" valign="center"><code>bufferSize</code></td><td align="left" valign="center">
- <p>The size (in bytes) of the buffer to be provided for input
- streams created by this connector. By default, buffers of
- 2048 bytes will be provided.</p>
- </td></tr><tr><td align="left" valign="center"><code>compressableMimeType</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">allowedTrailerHeaders</code></td><td align="left" valign="center">
+ <p>By default Tomcat will ignore all trailer headers when processing
+ chunked input. For a header to be processed, it must be added to this
+ comma-separated list of header names.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">bindOnInit</code></td><td align="left" valign="center">
+ <p>Controls when the socket used by the connector is bound. By default it
+ is bound when the connector is initiated and unbound when the connector is
+ destroyed. If set to <code>false</code>, the socket will be bound when the
+ connector is started and unbound when it is stopped.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">compressibleMimeType</code></td><td align="left" valign="center">
<p>The value is a comma separated list of MIME types for which HTTP
compression may be used.
- The default value is <code>text/html,text/xml,text/plain</code>.</p>
- </td></tr><tr><td align="left" valign="center"><code>compression</code></td><td align="left" valign="center">
+ The default value is
+ <code>
+ text/html,text/xml,text/plain,text/css,text/javascript,application/javascript
+ </code>.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">compression</code></td><td align="left" valign="center">
<p>The <strong>Connector</strong> may use HTTP/1.1 GZIP compression in
an attempt to save server bandwidth. The acceptable values for the
parameter is "off" (disable compression), "on" (allow compression, which
@@ -236,67 +335,141 @@
<code>conf/web.xml</code> or in the <code>web.xml</code> of your web
application.
</p>
- </td></tr><tr><td align="left" valign="center"><code>connectionLinger</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">compressionMinSize</code></td><td align="left" valign="center">
+ <p>If <strong>compression</strong> is set to "on" then this attribute
+ may be used to specify the minimum amount of data before the output is
+ compressed. If not specified, this attribute is defaults to "2048".</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">connectionLinger</code></td><td align="left" valign="center">
<p>The number of seconds during which the sockets used by this
- <strong>Connector</strong> will linger when they are closed. Setting this
- attribute to <code>-1</code> will disable connection linger. The default
- value for the BIO and AJP connectors is 100. The default value for the NIO
- connection is 25.</p>
- </td></tr><tr><td align="left" valign="center"><code>connectionTimeout</code></td><td align="left" valign="center">
+ <strong>Connector</strong> will linger when they are closed. The default
+ value is <code>-1</code> which disables socket linger.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">connectionTimeout</code></td><td align="left" valign="center">
<p>The number of milliseconds this <strong>Connector</strong> will wait,
after accepting a connection, for the request URI line to be
- presented. The default value is 60000 (i.e. 60 seconds).</p>
- </td></tr><tr><td align="left" valign="center"><code>executor</code></td><td align="left" valign="center">
- <p>A reference to the name in an <a href="executor.html">Executor</a> element.
- If this attribute is enabled, and the named executor exists, the connector will
- use the executor, and all the other thread attributes will be ignored.</p>
- </td></tr><tr><td align="left" valign="center"><code>keepAliveTimeout</code></td><td align="left" valign="center">
- <p>The number of milliseconds this <strong>Connector</strong> will wait for
- another HTTP request before closing the connection.
- The default value is to use the value that has been set for the
- connectionTimeout attribute.</p>
- </td></tr><tr><td align="left" valign="center"><code>disableUploadTimeout</code></td><td align="left" valign="center">
- <p>This flag allows the servlet container to use a different, longer
- connection timeout while a servlet is being executed, which in the end
- allows either the servlet a longer amount of time to complete its
- execution, or a longer timeout during data upload. If not specified,
- this attribute is set to "true".</p>
- </td></tr><tr><td align="left" valign="center"><code>maxHttpHeaderSize</code></td><td align="left" valign="center">
+ presented. Use a value of -1 to indicate no (i.e. infinite) timeout.
+ The default value is 60000 (i.e. 60 seconds) but note that the standard
+ server.xml that ships with Tomcat sets this to 20000 (i.e. 20 seconds).
+ Unless <strong>disableUploadTimeout</strong> is set to <code>false</code>,
+ this timeout will also be used when reading the request body (if any).</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">connectionUploadTimeout</code></td><td align="left" valign="center">
+ <p>Specifies the timeout, in milliseconds, to use while a data upload is
+ in progress. This only takes effect if
+ <strong>disableUploadTimeout</strong> is set to <code>false</code>.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">disableUploadTimeout</code></td><td align="left" valign="center">
+ <p>This flag allows the servlet container to use a different, usually
+ longer connection timeout during data upload. If not specified, this
+ attribute is set to <code>true</code> which disables this longer timeout.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">executor</code></td><td align="left" valign="center">
+ <p>A reference to the name in an <a href="executor.html">Executor</a>
+ element. If this attribute is set, and the named executor exists, the
+ connector will use the executor, and all the other thread attributes will
+ be ignored. Note that if a shared executor is not specified for a
+ connector then the connector will use a private, internal executor to
+ provide the thread pool.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">executorTerminationTimeoutMillis</code></td><td align="left" valign="center">
+ <p>The time that the private internal executor will wait for request
+ processing threads to terminate before continuing with the process of
+ stopping the connector. If not set, the default is <code>0</code> (zero)
+ for the BIO connector and <code>5000</code> (5 seconds) for the NIO and
+ APR/native connectors.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">keepAliveTimeout</code></td><td align="left" valign="center">
+ <p>The number of milliseconds this <strong>Connector</strong> will wait
+ for another HTTP request before closing the connection. The default value
+ is to use the value that has been set for the
+ <strong>connectionTimeout</strong> attribute.
+ Use a value of -1 to indicate no (i.e. infinite) timeout.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">maxConnections</code></td><td align="left" valign="center">
+ <p>The maximum number of connections that the server will accept and
+ process at any given time. When this number has been reached, the server
+ will accept, but not process, one further connection. This additional
+ connection be blocked until the number of connections being processed
+ falls below <strong>maxConnections</strong> at which point the server will
+ start accepting and processing new connections again. Note that once the
+ limit has been reached, the operating system may still accept connections
+ based on the <code>acceptCount</code> setting. The default value varies by
+ connector type. For BIO the default is the value of
+ <strong>maxThreads</strong> unless an <a href="executor.html">Executor</a>
+ is used in which case the default will be the value of maxThreads from the
+ executor. For NIO the default is <code>10000</code>.
+ For APR/native, the default is <code>8192</code>.</p>
+ <p>Note that for APR/native on Windows, the configured value will be
+ reduced to the highest multiple of 1024 that is less than or equal to
+ maxConnections. This is done for performance reasons.<br>
+ If set to a value of -1, the maxConnections feature is disabled
+ and connections are not counted.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">maxCookieCount</code></td><td align="left" valign="center">
+ <p>The maximum number of cookies that are permitted for a request. A value
+ of less than zero means no limit. If not specified, a default value of 200
+ will be used.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">maxExtensionSize</code></td><td align="left" valign="center">
+ <p>Limits the total length of chunk extensions in chunked HTTP requests.
+ If the value is <code>-1</code>, no limit will be imposed. If not
+ specified, the default value of <code>8192</code> will be used.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">maxHttpHeaderSize</code></td><td align="left" valign="center">
<p>The maximum size of the request and response HTTP header, specified
- in bytes.
- If not specified, this attribute is set to 8192 (8 KB).</p>
- </td></tr><tr><td align="left" valign="center"><code>maxKeepAliveRequests</code></td><td align="left" valign="center">
+ in bytes. If not specified, this attribute is set to 8192 (8 KB).</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">maxKeepAliveRequests</code></td><td align="left" valign="center">
<p>The maximum number of HTTP requests which can be pipelined until
the connection is closed by the server. Setting this attribute to 1 will
disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and
pipelining. Setting this to -1 will allow an unlimited amount of
pipelined or keep-alive HTTP requests.
If not specified, this attribute is set to 100.</p>
- </td></tr><tr><td align="left" valign="center"><code>maxThreads</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">maxSwallowSize</code></td><td align="left" valign="center">
+ <p>The maximum number of request body bytes (excluding transfer encoding
+ overhead) that will be swallowed by Tomcat for an aborted upload. An
+ aborted upload is when Tomcat knows that the request body is going to be
+ ignored but the client still sends it. If Tomcat does not swallow the body
+ the client is unlikely to see the response. If not specified the default
+ of 2097152 (2 megabytes) will be used. A value of less than zero indicates
+ that no limit should be enforced.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">maxThreads</code></td><td align="left" valign="center">
<p>The maximum number of request processing threads to be created
by this <strong>Connector</strong>, which therefore determines the
maximum number of simultaneous requests that can be handled. If
not specified, this attribute is set to 200. If an executor is associated
- with this connector, this attribute is ignored as the connector will
- execute tasks using the executor rather than an internal thread pool.</p>
- </td></tr><tr><td align="left" valign="center"><code>noCompressionUserAgents</code></td><td align="left" valign="center">
- <p>The value is a comma separated list of regular expressions matching
- user-agents of HTTP clients for which compression should not be used,
+ with this connector, this attribute is ignored as the connector will
+ execute tasks using the executor rather than an internal thread pool. Note
+ that if an executor is configured any value set for this attribute will be
+ recorded correctly but it will be reported (e.g. via JMX) as
+ <code>-1</code> to make clear that it is not used.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">maxTrailerSize</code></td><td align="left" valign="center">
+ <p>Limits the total length of trailing headers in the last chunk of
+ a chunked HTTP request. If the value is <code>-1</code>, no limit will be
+ imposed. If not specified, the default value of <code>8192</code> will be
+ used.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">minSpareThreads</code></td><td align="left" valign="center">
+ <p>The minimum number of threads always kept running. If not specified,
+ the default of <code>10</code> is used. If an executor is associated
+ with this connector, this attribute is ignored as the connector will
+ execute tasks using the executor rather than an internal thread pool. Note
+ that if an executor is configured any value set for this attribute will be
+ recorded correctly but it will be reported (e.g. via JMX) as
+ <code>-1</code> to make clear that it is not used.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">noCompressionUserAgents</code></td><td align="left" valign="center">
+ <p>The value is a regular expression (using <code>java.util.regex</code>)
+ matching the <code>user-agent</code> header of HTTP clients for which
+ compression should not be used,
because these clients, although they do advertise support for the
feature, have a broken implementation.
The default value is an empty String (regexp matching disabled).</p>
- </td></tr><tr><td align="left" valign="center"><strong><code>port</code></strong></td><td align="left" valign="center">
- <p>The TCP port number on which this <strong>Connector</strong>
- will create a server socket and await incoming connections. Your
- operating system will allow only one server application to listen
- to a particular port number on a particular IP address.</p>
- </td></tr><tr><td align="left" valign="center"><code>restrictedUserAgents</code></td><td align="left" valign="center">
- <p>The value is a comma separated list of regular expressions matching
- user-agents of HTTP clients for which HTTP/1.1 or HTTP/1.0 keep alive
- should not be used, even if the clients advertise support for these
- features.
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">processorCache</code></td><td align="left" valign="center">
+ <p>The protocol handler caches Processor objects to speed up performance.
+ This setting dictates how many of these objects get cached.
+ <code>-1</code> means unlimited, default is <code>200</code>. If not using
+ Servlet 3.0 asynchronous processing, a good default is to use the same as
+ the maxThreads setting. If using Servlet 3.0 asynchronous processing, a
+ good default is to use the larger of maxThreads and the maximum number of
+ expected concurrent requests (synchronous and asynchronous).</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">restrictedUserAgents</code></td><td align="left" valign="center">
+ <p>The value is a regular expression (using <code>java.util.regex</code>)
+ matching the <code>user-agent</code> header of HTTP clients for which
+ HTTP/1.1 or HTTP/1.0 keep alive should not be used, even if the clients
+ advertise support for these features.
The default value is an empty String (regexp matching disabled).</p>
- </td></tr><tr><td align="left" valign="center"><code>server</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">server</code></td><td align="left" valign="center">
<p>Overrides the Server header for the http response. If set, the value
for this attribute overrides the Tomcat default and any Server header set
by a web application. If not set, any value specified by the application
@@ -304,194 +477,291 @@
<code>Apache-Coyote/1.1</code> is used. Unless you are paranoid, you won't
need this feature.
</p>
- </td></tr><tr><td align="left" valign="center"><code>socketBuffer</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socketBuffer</code></td><td align="left" valign="center">
<p>The size (in bytes) of the buffer to be provided for socket
output buffering. -1 can be specified to disable the use of a buffer.
By default, a buffers of 9000 bytes will be used.</p>
- </td></tr><tr><td align="left" valign="center"><code>tcpNoDelay</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">SSLEnabled</code></td><td align="left" valign="center">
+ <p>Use this attribute to enable SSL traffic on a connector.
+ To turn on SSL handshake/encryption/decryption on a connector
+ set this value to <code>true</code>.
+ The default value is <code>false</code>.
+ When turning this value <code>true</code> you will want to set the
+ <code>scheme</code> and the <code>secure</code> attributes as well
+ to pass the correct <code>request.getScheme()</code> and
+ <code>request.isSecure()</code> values to the servlets
+ See <a href="#SSL_Support">SSL Support</a> for more information.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">tcpNoDelay</code></td><td align="left" valign="center">
<p>If set to <code>true</code>, the TCP_NO_DELAY option will be
set on the server socket, which improves performance under most
circumstances. This is set to <code>true</code> by default.</p>
- </td></tr><tr><td align="left" valign="center"><code>threadPriority</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">threadPriority</code></td><td align="left" valign="center">
<p>The priority of the request processing threads within the JVM.
The default value is <code>5</code> (the value of the
<code>java.lang.Thread.NORM_PRIORITY</code> constant). See the JavaDoc
for the <code>java.lang.Thread</code> class for more details on what
- this priority means.
- </p>
+ this priority means. If an executor is associated
+ with this connector, this attribute is ignored as the connector will
+ execute tasks using the executor rather than an internal thread pool. Note
+ that if an executor is configured any value set for this attribute will be
+ recorded correctly but it will be reported (e.g. via JMX) as
+ <code>-1</code> to make clear that it is not used.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">upgradeAsyncWriteBufferSize</code></td><td align="left" valign="center">
+ <p>The default size of the buffer to allocate to for asynchronous writes
+ that can not be completed in a single operation, specified in bytes. Data that can't be
+ written immediately will be stored in this buffer until it can be written.
+ If more data needs to be stored than space is available in the buffer than
+ the size of the buffer will be increased for the duration of the write. If
+ not specified the default value of 8192 will be used.</p>
</td></tr></table>
</blockquote></td></tr></table>
-
- <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Nio Implementation"><!--()--></a><a name="Nio_Implementation"><strong>Nio Implementation</strong></a></font></td></tr><tr><td><blockquote>
- <p>The NIO connector exposes all the low level socket properties that can be used to tune the connector.
- Most of these attributes are directly linked to the socket implementation in the JDK so you can find out
- about the actual meaning in the JDK API documentation.<br>
- <strong>Note:</strong> On some JDK versions, setTrafficClass causes a problem, a work around for this is to add
- the <code>-Djava.net.preferIPv4Stack=true</code> value to your command line</p>
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Java TCP socket attributes"><!--()--></a><a name="Java_TCP_socket_attributes"><strong>Java TCP socket attributes</strong></a></font></td></tr><tr><td><blockquote>
- <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>useSendfile</code></td><td align="left" valign="center">
- <p>(bool)Use this attribute to enable or disable sendfile capability.
- The default value is <code>true</code>
- </p>
- </td></tr><tr><td align="left" valign="center"><code>useExecutor</code></td><td align="left" valign="center">
- <p>(bool)Set to true to use the NIO thread pool executor. The default value is <code>true</code>.
- If set to false, it uses a thread pool based on a stack for its execution.
- Generally, using the executor yields a little bit slower performance, but yields a better
- fairness for processing connections in a high load environment as the traffic gets queued through a
- FIFO queue. If set to true(default) then the max pool size is the <code>maxThreads</code> attribute
- and the core pool size is the <code>minSpareThreads</code>.
- This value is ignored if the <code>executor</code> attribute is present and points to a valid shared thread pool.
- </p>
- </td></tr><tr><td align="left" valign="center"><code>executor</code></td><td align="left" valign="center">
- <p>A reference to the name in an <a href="executor.html">Executor</a> element.
- If this attribute is enabled, and the named executor exists, the connector will
- use the executor, and all the other thread attributes will be ignored.</p>
- </td></tr><tr><td align="left" valign="center"><code>acceptorThreadCount</code></td><td align="left" valign="center">
- <p>(int)The number of threads to be used to accept connections. Increase this value on a multi CPU machine,
- although you would never really need more than <code>2</code>. Also, with a lot of non keep alive connections,
- you might want to increase this value as well. Default value is <code>1</code>.</p>
- </td></tr><tr><td align="left" valign="center"><code>pollerThreadCount</code></td><td align="left" valign="center">
+ <p>The BIO and NIO implementation support the following Java TCP socket
+ attributes in addition to the common Connector and HTTP attributes listed
+ above.</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code class="attributeName">socket.rxBufSize</code></td><td align="left" valign="center">
+ <p>(int)The socket receive buffer (SO_RCVBUF) size in bytes. JVM default
+ used if not set.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.txBufSize</code></td><td align="left" valign="center">
+ <p>(int)The socket send buffer (SO_SNDBUF) size in bytes. JVM default
+ used if not set.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.tcpNoDelay</code></td><td align="left" valign="center">
+ <p>(bool)This is equivalent to standard attribute
+ <strong>tcpNoDelay</strong>.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.soKeepAlive</code></td><td align="left" valign="center">
+ <p>(bool)Boolean value for the socket's keep alive setting
+ (SO_KEEPALIVE). JVM default used if not set.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.ooBInline</code></td><td align="left" valign="center">
+ <p>(bool)Boolean value for the socket OOBINLINE setting. JVM default
+ used if not set.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.soReuseAddress</code></td><td align="left" valign="center">
+ <p>(bool)Boolean value for the sockets reuse address option
+ (SO_REUSEADDR). JVM default used if not set.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.soLingerOn</code></td><td align="left" valign="center">
+ <p>(bool)Boolean value for the sockets so linger option (SO_LINGER).
+ A value for the standard attribute <strong>connectionLinger</strong>
+ that is >=0 is equivalent to setting this to <code>true</code>.
+ A value for the standard attribute <strong>connectionLinger</strong>
+ that is <0 is equivalent to setting this to <code>false</code>.
+ Both this attribute and <code>soLingerTime</code> must be set else the
+ JVM defaults will be used for both.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.soLingerTime</code></td><td align="left" valign="center">
+ <p>(int)Value in seconds for the sockets so linger option (SO_LINGER).
+ This is equivalent to standard attribute
+ <strong>connectionLinger</strong>.
+ Both this attribute and <code>soLingerOn</code> must be set else the
+ JVM defaults will be used for both.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.soTimeout</code></td><td align="left" valign="center">
+ <p>This is equivalent to standard attribute
+ <strong>connectionTimeout</strong>.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.performanceConnectionTime</code></td><td align="left" valign="center">
+ <p>(int)The first value for the performance settings. See
+ <a href="http://docs.oracle.com/javase/6/docs/api/java/net/Socket.html#setPerformancePreferences(int,%20int,%20int)">Socket Performance Options</a>.
+ All three performance attributes must be set else the JVM defaults will
+ be used for all three.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.performanceLatency</code></td><td align="left" valign="center">
+ <p>(int)The second value for the performance settings. See
+ <a href="http://docs.oracle.com/javase/6/docs/api/java/net/Socket.html#setPerformancePreferences(int,%20int,%20int)">Socket Performance Options</a>.
+ All three performance attributes must be set else the JVM defaults will
+ be used for all three.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.performanceBandwidth</code></td><td align="left" valign="center">
+ <p>(int)The third value for the performance settings. See
+ <a href="http://docs.oracle.com/javase/6/docs/api/java/net/Socket.html#setPerformancePreferences(int,%20int,%20int)">Socket Performance Options</a>.
+ All three performance attributes must be set else the JVM defaults will
+ be used for all three.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.unlockTimeout</code></td><td align="left" valign="center">
+ <p>(int) The timeout for a socket unlock. When a connector is stopped, it will try to release the acceptor thread by opening a connector to itself.
+ The default value is <code>250</code> and the value is in milliseconds</p>
+ </td></tr></table>
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="BIO specific configuration"><!--()--></a><a name="BIO_specific_configuration"><strong>BIO specific configuration</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The following attributes are specific to the BIO connector.</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code class="attributeName">disableKeepAlivePercentage</code></td><td align="left" valign="center">
+ <p>The percentage of processing threads that have to be in use before
+ HTTP keep-alives are disabled to improve scalability. Values less than
+ <code>0</code> will be changed to <code>0</code> and values greater than
+ <code>100</code> will be changed to <code>100</code>. If not specified,
+ the default value is <code>75</code>.</p>
+ </td></tr></table>
+
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="NIO specific configuration"><!--()--></a><a name="NIO_specific_configuration"><strong>NIO specific configuration</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The following attributes are specific to the NIO connector.</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code class="attributeName">pollerThreadCount</code></td><td align="left" valign="center">
<p>(int)The number of threads to be used to run for the polling events.
- Default value is <code>1</code> per processor. Can't see a reason to go
- above that. But experiment and find your own results.</p>
- </td></tr><tr><td align="left" valign="center"><code>pollerThreadPriority</code></td><td align="left" valign="center">
+ Default value is <code>1</code> per processor up to and including version 7.0.27.
+ Default value as of version 7.0.28 is <code>1</code> per processor but not more than 2.<br>
+ When accepting a socket, the operating system holds a global lock. So the benefit of
+ going above 2 threads diminishes rapidly. Having more than one thread is for
+ system that need to accept connections very rapidly. However usually just
+ increasing <code>acceptCount</code> will solve that problem.
+ Increasing this value may also be beneficial when a large amount of send file
+ operations are going on.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">pollerThreadPriority</code></td><td align="left" valign="center">
<p>(int)The priority of the poller threads.
The default value is <code>5</code> (the value of the
<code>java.lang.Thread.NORM_PRIORITY</code> constant). See the JavaDoc
for the <code>java.lang.Thread</code> class for more details on what
- this priority means.
+ this priority means.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">selectorTimeout</code></td><td align="left" valign="center">
+ <p>(int)The time in milliseconds to timeout on a select() for the
+ poller. This value is important, since connection clean up is done on
+ the same thread, so do not set this value to an extremely high one. The
+ default value is <code>1000</code> milliseconds.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">useComet</code></td><td align="left" valign="center">
+ <p>(bool)Whether to allow comet servlets or not. Default value is
+ <code>true</code>.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">useSendfile</code></td><td align="left" valign="center">
+ <p>(bool)Use this attribute to enable or disable sendfile capability.
+ The default value is <code>true</code>.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.directBuffer</code></td><td align="left" valign="center">
+ <p>(bool)Boolean value, whether to use direct ByteBuffers or java mapped
+ ByteBuffers. If <code>true</code> then
+ <code>java.nio.ByteBuffer.allocateDirect()</code> is used to allocate
+ the buffers, if <code>false</code> then
+ <code>java.nio.ByteBuffer.allocate()</code> is used. The default value
+ is <code>false</code>.<br>
+ When you are using direct buffers, make sure you allocate the
+ appropriate amount of memory for the direct memory space. On Sun's JDK
+ that would be something like <code>-XX:MaxDirectMemorySize=256m</code>.
</p>
- </td></tr><tr><td align="left" valign="center"><code>acceptorThreadPriority</code></td><td align="left" valign="center">
- <p>(int)The priority of the acceptor threads. The threads used to accept new connections.
- The default value is <code>5</code> (the value of the
- <code>java.lang.Thread.NORM_PRIORITY</code> constant). See the JavaDoc
- for the <code>java.lang.Thread</code> class for more details on what
- this priority means.
- </p>
- </td></tr><tr><td align="left" valign="center"><code>selectorTimeout</code></td><td align="left" valign="center">
- <p>(int)The time in milliseconds to timeout on a select() for the poller.
- This value is important, since connection clean up is done on the same thread, so do not set this
- value to an extremely high one. The default value is <code>1000</code> milliseconds.</p>
- </td></tr><tr><td align="left" valign="center"><code>useComet</code></td><td align="left" valign="center">
- <p>(bool)Whether to allow comet servlets or not, Default value is <code>true</code>.</p>
- </td></tr><tr><td align="left" valign="center"><code>processorCache</code></td><td align="left" valign="center">
- <p>(int)The protocol handler caches Http11NioProcessor objects to speed up performance.
- This setting dictates how many of these objects get cached.
- <code>-1</code> means unlimited, default is <code>200</code>. Set this value somewhere close to your maxThreads value.
- </p>
- </td></tr><tr><td align="left" valign="center"><code>maxKeepAliveRequests</code></td><td align="left" valign="center">
- <p>The maximum number of HTTP requests which can be pipelined until
- the connection is closed by the server. Setting this attribute to 1 will
- disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and
- pipelining. Setting this to -1 will allow an unlimited amount of
- pipelined or keep-alive HTTP requests.
- If not specified, this attribute is set to 100.</p>
- </td></tr><tr><td align="left" valign="center"><code>socket.directBuffer</code></td><td align="left" valign="center">
- <p>(bool)Boolean value, whether to use direct ByteBuffers or java mapped ByteBuffers. Default is <code>false</code>
- <br>When you are using direct buffers, make sure you allocate the appropriate amount of memory for the
- direct memory space. On Sun's JDK that would be something like <code>-XX:MaxDirectMemorySize=256m</code></p>
- </td></tr><tr><td align="left" valign="center"><code>socket.rxBufSize</code></td><td align="left" valign="center">
- <p>(int)The socket receive buffer (SO_RCVBUF) size in bytes. Default value is <code>25188</code></p>
- </td></tr><tr><td align="left" valign="center"><code>socket.txBufSize</code></td><td align="left" valign="center">
- <p>(int)The socket send buffer (SO_SNDBUF) size in bytes. Default value is <code>43800</code></p>
- </td></tr><tr><td align="left" valign="center"><code>socket.appReadBufSize</code></td><td align="left" valign="center">
- <p>(int)Each connection that is opened up in Tomcat get associated with a read and a write ByteBuffer
- This attribute controls the size of these buffers. By default this read buffer is sized at <code>8192</code> bytes.
- For lower concurrency, you can increase this to buffer more data.
- For an extreme amount of keep alive connections, decrease this number or increase your heap size.</p>
- </td></tr><tr><td align="left" valign="center"><code>socket.appWriteBufSize</code></td><td align="left" valign="center">
- <p>(int)Each connection that is opened up in Tomcat get associated with a read and a write ByteBuffer
- This attribute controls the size of these buffers. By default this write buffer is sized at <code>8192</code> bytes.
- For low concurrency you can increase this to buffer more response data.
- For an extreme amount of keep alive connections, decrease this number or increase your heap size.
- <br>
- The default value here is pretty low, you should up it if you are not dealing with tens of thousands
- concurrent connections.</p>
- </td></tr><tr><td align="left" valign="center"><code>socket.bufferPool</code></td><td align="left" valign="center">
- <p>(int)The Nio connector uses a class called NioChannel that holds elements linked to a socket.
- To reduce garbage collection, the Nio connector caches these channel objects.
- This value specifies the size of this cache.
- The default value is <code>500</code>, and represents that the cache will hold 500 NioChannel objects.
- Other values are <code>-1</code>. unlimited cache, and <code>0</code>, no cache.</p>
- </td></tr><tr><td align="left" valign="center"><code>socket.bufferPoolSize</code></td><td align="left" valign="center">
- <p>(int)The NioChannel pool can also be size based, not used object based. The size is calculated as follows:<br>
- NioChannel <code>buffer size = read buffer size + write buffer size</code><br>
- SecureNioChannel <code>buffer size = application read buffer size + application write buffer size + network read buffer size + network write buffer size</code><br>
- The value is in bytes, the default value is <code>1024*1024*100</code> (100MB)
- </p>
- </td></tr><tr><td align="left" valign="center"><code>socket.processorCache</code></td><td align="left" valign="center">
- <p>(int)Tomcat will cache SocketProcessor objects to reduce garbage collection.
- The integer value specifies how many objects to keep in the cache at most.
- The default is <code>500</code>.
- Other values are <code>-1</code>. unlimited cache, and <code>0</code>, no cache.</p>
- </td></tr><tr><td align="left" valign="center"><code>socket.keyCache</code></td><td align="left" valign="center">
- <p>(int)Tomcat will cache KeyAttachment objects to reduce garbage collection.
- The integer value specifies how many objects to keep in the cache at most.
- The default is <code>500</code>.
- Other values are <code>-1</code>. unlimited cache, and <code>0</code>, no cache.</p>
- </td></tr><tr><td align="left" valign="center"><code>socket.eventCache</code></td><td align="left" valign="center">
- <p>(int)Tomcat will cache PollerEvent objects to reduce garbage collection.
- The integer value specifies how many objects to keep in the cache at most.
- The default is <code>500</code>.
- Other values are <code>-1</code>. unlimited cache, and <code>0</code>, no cache.</p>
- </td></tr><tr><td align="left" valign="center"><code>socket.tcpNoDelay</code></td><td align="left" valign="center">
- <p>(bool)same as the standard setting <code>tcpNoDelay</code>. Default value is <code>false</code></p>
- </td></tr><tr><td align="left" valign="center"><code>socket.soKeepAlive</code></td><td align="left" valign="center">
- <p>(bool)Boolean value for the socket's keep alive setting (SO_KEEPALIVE). Default is <code>false</code>. </p>
- </td></tr><tr><td align="left" valign="center"><code>socket.ooBInline</code></td><td align="left" valign="center">
- <p>(bool)Boolean value for the socket OOBINLINE setting. Default value is <code>true</code></p>
- </td></tr><tr><td align="left" valign="center"><code>socket.soReuseAddress</code></td><td align="left" valign="center">
- <p>(bool)Boolean value for the sockets reuse address option (SO_REUSEADDR). Default value is <code>true</code></p>
- </td></tr><tr><td align="left" valign="center"><code>socket.soLingerOn</code></td><td align="left" valign="center">
- <p>(bool)Boolean value for the sockets so linger option (SO_LINGER). Default value is <code>true</code>.
- This option is paired with the <code>soLingerTime</code> value.</p>
- </td></tr><tr><td align="left" valign="center"><code>socket.soLingerTime</code></td><td align="left" valign="center">
- <p>(bool)Value in seconds for the sockets so linger option (SO_LINGER). Default value is <code>25</code> seconds.
- This option is paired with the soLinger value.</p>
- </td></tr><tr><td align="left" valign="center"><code>socket.soTimeout</code></td><td align="left" valign="center">
- <p>(int)Value in milliseconds for the sockets read timeout (SO_TIMEOUT). Default value is <code>5000</code> milliseconds.</p>
- </td></tr><tr><td align="left" valign="center"><code>socket.soTrafficClass</code></td><td align="left" valign="center">
- <p>(byte)Value between <code>0</code> and <code>255</code> for the traffic class on the socket, <code>0x04 | 0x08 | 0x010</code></p>
- </td></tr><tr><td align="left" valign="center"><code>socket.performanceConnectionTime</code></td><td align="left" valign="center">
- <p>(int)The first value for the performance settings. Default is <code>1</code>, see <a href="http://docs.oracle.com/javase/1.5.0/docs/api/java/net/Socket.html#setPerformancePreferences(int,%20int,%20int)">Socket Performance Options</a></p>
- </td></tr><tr><td align="left" valign="center"><code>socket.performanceLatency</code></td><td align="left" valign="center">
- <p>(int)The second value for the performance settings. Default is <code>0</code>, see <a href="http://docs.oracle.com/javase/1.5.0/docs/api/java/net/Socket.html#setPerformancePreferences(int,%20int,%20int)">Socket Performance Options</a></p>
- </td></tr><tr><td align="left" valign="center"><code>socket.performanceBandwidth</code></td><td align="left" valign="center">
- <p>(int)The third value for the performance settings. Default is <code>1</code>, see <a href="http://docs.oracle.com/javase/1.5.0/docs/api/java/net/Socket.html#setPerformancePreferences(int,%20int,%20int)">Socket Performance Options</a></p>
- </td></tr><tr><td align="left" valign="center"><code>selectorPool.maxSelectors</code></td><td align="left" valign="center">
- <p>(int)The max selectors to be used in the pool, to reduce selector contention.
- Use this option when the command line <code>org.apache.tomcat.util.net.NioSelectorShared</code> value is set to false.
- Default value is <code>200</code>.</p>
- </td></tr><tr><td align="left" valign="center"><code>selectorPool.maxSpareSelectors</code></td><td align="left" valign="center">
- <p>(int)The max spare selectors to be used in the pool, to reduce selector contention.
- When a selector is returned to the pool, the system can decide to keep it or let it be GC:ed.
- Use this option when the command line <code>org.apache.tomcat.util.net.NioSelectorShared</code> value is set to false.
- Default value is <code>-1</code> (unlimited)</p>
- </td></tr><tr><td align="left" valign="center"><code>command-line-options</code></td><td align="left" valign="center">
- <p>The following command line options are available for the NIO connector:<br>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.appReadBufSize</code></td><td align="left" valign="center">
+ <p>(int)Each connection that is opened up in Tomcat get associated with
+ a read ByteBuffer. This attribute controls the size of this buffer. By
+ default this read buffer is sized at <code>8192</code> bytes. For lower
+ concurrency, you can increase this to buffer more data. For an extreme
+ amount of keep alive connections, decrease this number or increase your
+ heap size.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.appWriteBufSize</code></td><td align="left" valign="center">
+ <p>(int)Each connection that is opened up in Tomcat get associated with
+ a write ByteBuffer. This attribute controls the size of this buffer. By
+ default this write buffer is sized at <code>8192</code> bytes. For low
+ concurrency you can increase this to buffer more response data. For an
+ extreme amount of keep alive connections, decrease this number or
+ increase your heap size.<br>
+ The default value here is pretty low, you should up it if you are not
+ dealing with tens of thousands concurrent connections.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.bufferPool</code></td><td align="left" valign="center">
+ <p>(int)The NIO connector uses a class called NioChannel that holds
+ elements linked to a socket. To reduce garbage collection, the NIO
+ connector caches these channel objects. This value specifies the size of
+ this cache. The default value is <code>500</code>, and represents that
+ the cache will hold 500 NioChannel objects. Other values are
+ <code>-1</code> for unlimited cache and <code>0</code> for no cache.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.bufferPoolSize</code></td><td align="left" valign="center">
+ <p>(int)The NioChannel pool can also be size based, not used object
+ based. The size is calculated as follows:<br>
+ NioChannel
+ <code>buffer size = read buffer size + write buffer size</code><br>
+ SecureNioChannel <code>buffer size = application read buffer size +
+ application write buffer size + network read buffer size +
+ network write buffer size</code><br>
+ The value is in bytes, the default value is <code>1024*1024*100</code>
+ (100MB).</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.processorCache</code></td><td align="left" valign="center">
+ <p>(int)Tomcat will cache SocketProcessor objects to reduce garbage
+ collection. The integer value specifies how many objects to keep in the
+ cache at most. The default is <code>500</code>. Other values are
+ <code>-1</code> for unlimited cache and <code>0</code> for no cache.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.keyCache</code></td><td align="left" valign="center">
+ <p>(int)Tomcat will cache KeyAttachment objects to reduce garbage
+ collection. The integer value specifies how many objects to keep in the
+ cache at most. The default is <code>500</code>. Other values are
+ <code>-1</code> for unlimited cache and <code>0</code> for no cache.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">socket.eventCache</code></td><td align="left" valign="center">
+ <p>(int)Tomcat will cache PollerEvent objects to reduce garbage
+ collection. The integer value specifies how many objects to keep in the
+ cache at most. The default is <code>500</code>. Other values are
+ <code>-1</code> for unlimited cache and <code>0</code> for no cache.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">selectorPool.maxSelectors</code></td><td align="left" valign="center">
+ <p>(int)The max selectors to be used in the pool, to reduce selector
+ contention. Use this option when the command line
+ <code>org.apache.tomcat.util.net.NioSelectorShared</code> value is set
+ to false. Default value is <code>200</code>.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">selectorPool.maxSpareSelectors</code></td><td align="left" valign="center">
+ <p>(int)The max spare selectors to be used in the pool, to reduce
+ selector contention. When a selector is returned to the pool, the system
+ can decide to keep it or let it be GC'd. Use this option when the
+ command line <code>org.apache.tomcat.util.net.NioSelectorShared</code>
+ value is set to false. Default value is <code>-1</code> (unlimited).</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">command-line-options</code></td><td align="left" valign="center">
+ <p>The following command line options are available for the NIO
+ connector:<br>
<code>-Dorg.apache.tomcat.util.net.NioSelectorShared=true|false</code>
- default is <code>true</code>. Set this value to <code>false</code> if you wish to
use a selector for each thread. When you set it to <code>false</code>, you can
- control the size of the pool of selectors by using the
- <strong>selectorPool.maxSelectors</strong> attribute</p>
- </td></tr><tr><td align="left" valign="center"><code>oomParachute</code></td><td align="left" valign="center">
- <p>(int)The NIO connector implements an OutOfMemoryError strategy called parachute.
- It holds a chunk of data as a byte array. In case of an OOM,
- this chunk of data is released and the error is reported. This will give the VM enough room
- to clean up. The <code>oomParachute</code> represent the size in bytes of the parachute(the byte array).
- The default value is <code>1024*1024</code>(1MB).
- Please note, this only works for OOM errors regarding the Java Heap space, and there is absolutely no
- guarantee that you will be able to recover at all.
- If you have an OOM outside of the Java Heap, then this parachute trick will not help.
+ control the size of the pool of selectors by using the
+ <strong>selectorPool.maxSelectors</strong> attribute.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">oomParachute</code></td><td align="left" valign="center">
+ <p>(int)The NIO connector implements an OutOfMemoryError strategy called
+ parachute. It holds a chunk of data as a byte array. In case of an OOM,
+ this chunk of data is released and the error is reported. This will give
+ the VM enough room to clean up. The <code>oomParachute</code> represents
+ the size in bytes of the parachute(the byte array). The default value is
+ <code>1024*1024</code>(1MB). Please note, this only works for OOM errors
+ regarding the Java Heap space, and there is absolutely no guarantee
+ that you will be able to recover at all. If you have an OOM outside of
+ the Java Heap, then this parachute trick will not help.
</p>
- </td></tr><tr><td align="left" valign="center"><code>socket.unlockTimeout</code></td><td align="left" valign="center">
- <p>(int) The timeout for a socket unlock. When a connector is stopped, it will try to release the acceptor thread by opening a connector to itself.
- The default value is <code>250</code> and the value is in milliseconds</p>
</td></tr></table>
</blockquote></td></tr></table>
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="APR/native specific configuration"><!--()--></a><a name="APR/native_specific_configuration"><strong>APR/native specific configuration</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The following attributes are specific to the APR/native connector.</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code class="attributeName">deferAccept</code></td><td align="left" valign="center">
+ <p>Sets the <code>TCP_DEFER_ACCEPT</code> flag on the listening socket
+ for this connector. The default value is <code>true</code> where
+ <code>TCP_DEFER_ACCEPT</code> is supported by the operating system,
+ otherwise it is <code>false</code>.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">pollerSize</code></td><td align="left" valign="center">
+ <p>Amount of sockets that the poller responsible for polling kept alive
+ connections can hold at a given time. Extra connections will be closed
+ right away. The default value is 8192, corresponding to 8192 keep-alive
+ connections. This is a synonym for maxConnections.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">pollTime</code></td><td align="left" valign="center">
+ <p>Duration of a poll call in microseconds. Lowering this value will
+ slightly decrease latency of connections being kept alive in some cases,
+ but will use more CPU as more poll calls are being made. The default
+ value is 2000 (2ms).</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">sendfileSize</code></td><td align="left" valign="center">
+ <p>Amount of sockets that the poller responsible for sending static
+ files asynchronously can hold at a given time. Extra connections will be
+ closed right away without any data being sent (resulting in a zero
+ length file on the client side). Note that in most cases, sendfile is a
+ call that will return right away (being taken care of "synchronously" by
+ the kernel), and the sendfile poller will not be used, so the amount of
+ static files which can be sent concurrently is much larger than the
+ specified amount. The default value is 1024.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">threadPriority</code></td><td align="left" valign="center">
+ <p>(int)The priority of the acceptor and poller threads.
+ The default value is <code>5</code> (the value of the
+ <code>java.lang.Thread.NORM_PRIORITY</code> constant). See the JavaDoc
+ for the <code>java.lang.Thread</code> class for more details on what
+ this priority means.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">useComet</code></td><td align="left" valign="center">
+ <p>(bool)Whether to allow comet servlets or not. Default value is
+ <code>true</code>.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">useSendfile</code></td><td align="left" valign="center">
+ <p>(bool)Use this attribute to enable or disable sendfile capability.
+ The default value is <code>true</code>.</p>
+ </td></tr></table>
+
+ </blockquote></td></tr></table>
+
</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Nested Components"><!--()--></a><a name="Nested_Components"><strong>Nested Components</strong></a></font></td></tr><tr><td><blockquote>
<p>None at this time.</p>
@@ -543,137 +813,30 @@
<strong>Connector</strong> by setting the <code>SSLEnabled</code> attribute to
<code>true</code>.</p>
- <p>You will also need to set the <code>scheme</code> and <code>secure</code> attributes
- to the values <code>https</code> and <code>true</code> respectively,
- to pass correct information to the servlets.</p>
+ <p>You will also need to set the <code>scheme</code> and <code>secure</code>
+ attributes to the values <code>https</code> and <code>true</code>
+ respectively, to pass correct information to the servlets.</p>
- <p>In addition, you may need to configure the following
- attributes:</p>
+ <p>The BIO and NIO connectors use the JSSE SSL whereas the APR/native
+ connector uses OpenSSL. Therefore, in addition to using different attributes
+ to configure SSL, the APR/native connector also requires keys and certificates
+ to be provided in a different format.</p>
- <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>algorithm</code></td><td align="left" valign="center">
+ <p>For more information, see the
+ <a href="../ssl-howto.html">SSL Configuration HOW-TO</a>.</p>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="SSL Support - BIO and NIO"><!--()--></a><a name="SSL_Support_-_BIO_and_NIO"><strong>SSL Support - BIO and NIO</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The BIO and NIO connectors use the following attributes to configure SSL:
+ </p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code class="attributeName">algorithm</code></td><td align="left" valign="center">
<p>The certificate encoding algorithm to be used. This defaults to
<code>KeyManagerFactory.getDefaultAlgorithm()</code> which returns
<code>SunX509</code> for Sun JVMs. IBM JVMs return
<code>IbmX509</code>. For other vendors, consult the JVM
documentation for the default value.</p>
- </td></tr><tr><td align="left" valign="center"><code>clientAuth</code></td><td align="left" valign="center">
- <p>Set to <code>true</code> if you want the SSL stack to require a
- valid certificate chain from the client before accepting a connection.
- Set to <code>want</code> if you want the SSL stack to request a client
- Certificate, but not fail if one isn't presented. A <code>false</code>
- value (which is the default) will not require a certificate chain
- unless the client requests a resource protected by a security
- constraint that uses <code>CLIENT-CERT</code> authentication. See the
- <a href="../ssl-howto.html">SSL HowTo</a> for an example.</p>
- </td></tr><tr><td align="left" valign="center"><code>clientCertProvider</code></td><td align="left" valign="center">
- <p>When client certificate information is presented in a form other than
- instances of <code>java.security.cert.X509Certificate</code> it needs to
- be converted before it can be used and this property controls which JSSE
- provider is used to perform the conversion. For example it is used with
- the <a href="ajp.html">AJP connectors</a>, the HTTP APR connector and
- with the <a href="valve.html#SSL_Authenticator_Valve">
- org.apache.catalina.valves.SSLValve</a>. If not specified, the default
- provider will be used.</p>
- </td></tr><tr><td align="left" valign="center"><code>keystoreFile</code></td><td align="left" valign="center">
- <p>The pathname of the keystore file where you have stored the
- server certificate to be loaded. By default, the pathname is
- the file "<code>.keystore</code>" in the operating system home
- directory of the user that is running Tomcat. If your
- <code>keystoreType</code> doesn't need a file use <code>""</code>
- (empty string) for this parameter.</p>
- </td></tr><tr><td align="left" valign="center"><code>keystorePass</code></td><td align="left" valign="center">
- <p>The password used to access the server certificate from the
- specified keystore file. The default value is "<code>changeit</code>".
- </p>
- </td></tr><tr><td align="left" valign="center"><code>keystoreType</code></td><td align="left" valign="center">
- <p>The type of keystore file to be used for the server certificate.
- If not specified, the default value is "<code>JKS</code>".</p>
- </td></tr><tr><td align="left" valign="center"><code>keystoreProvider</code></td><td align="left" valign="center">
- <p>The name of the keystore provider to be used for the server
- certificate. If not specified, the list of registered providers is
- traversed in preference order and the first provider that supports the
- <code>keystoreType</code> is used.
- </p>
- </td></tr><tr><td align="left" valign="center"><code>sslProtocol</code></td><td align="left" valign="center">
- <p>The the SSL protocol(s) to use (a single value may enable multiple
- protocols - see the JVM documentation for details). If not specified, the
- default is <code>TLS</code>. The permitted values may be obtained from the
- JVM documentation for the allowed values for algorithm when creating an
- <code>SSLContext</code> instance e.g.
- <a href="http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#SSLContext">
- Oracle Java 6</a> and
- <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext">
- Oracle Java 7</a>. Note: There is overlap between this attribute and
- <code>sslEnabledProtocols</code>.</p>
- </td></tr><tr><td align="left" valign="center"><code>ciphers</code></td><td align="left" valign="center">
- <p>The comma separated list of encryption ciphers that this socket is
- allowed to use. By default, the default ciphers for the JVM will be used.
- Note that this usually means that the weak export grade ciphers will be
- included in the list of available ciphers. The ciphers are specified using
- the JSSE cipher naming convention.</p>
- </td></tr><tr><td align="left" valign="center"><code>keyAlias</code></td><td align="left" valign="center">
- <p>The alias used to for the server certificate in the keystore. If not
- specified the first key read in the keystore will be used.</p>
- </td></tr><tr><td align="left" valign="center"><code>trustManagerClassName</code></td><td align="left" valign="center">
- <p>The name of a custom trust manager class to use to validate client
- certificates. The class must have a zero argument constructor and must
- also implement <code>javax.net.ssl.X509TrustManager</code>. If this
- attribute is set, the trust store attributes may be ignored.
- </p>
- </td></tr><tr><td align="left" valign="center"><code>truststoreFile</code></td><td align="left" valign="center">
- <p>The trust store file to use to validate client certificates. The
- default is the value of the <code>javax.net.ssl.trustStore</code> system
- property. If neither this attribute nor the default system property is
- set, no trust store will be configured.</p>
- </td></tr><tr><td align="left" valign="center"><code>truststorePass</code></td><td align="left" valign="center">
- <p>The password to access the trust store. The default is the value of the
- <code>javax.net.ssl.trustStorePassword</code> system property. If that
- property is null, the value of <code>keystorePass</code> is used as the
- default. If an invalid trust store password is specified, a warning will
- be logged and an attempt will be made to access the trust store without a
- password which will skip validation of the trust store contents. If the
- trust store password is defined as <code>""</code> then no
- password will be used to access the store which will also skip validation
- of the trust store contents.</p>
- </td></tr><tr><td align="left" valign="center"><code>truststoreType</code></td><td align="left" valign="center">
- <p>The type of key store used for the trust store. The default is the
- value of the <code>javax.net.ssl.trustStoreType</code> system property. If
- that property is null, the value of <code>keystoreType</code> is used as
- the default.</p>
- </td></tr><tr><td align="left" valign="center"><code>truststoreProvider</code></td><td align="left" valign="center">
- <p>The name of the truststore provider to be used for the server
- certificate. The default is the value of the
- <code>javax.net.ssl.trustStoreProvider</code> system property. If
- that property is null, the value of <code>keystoreProvider</code> is used
- as the default. If neither this attribute, the default system property nor
- <code>keystoreProvider</code>is set, the list of registered providers is
- traversed in preference order and the first provider that supports the
- <code>truststoreType</code> is used.
- </p>
- </td></tr><tr><td align="left" valign="center"><code>sessionCacheSize</code></td><td align="left" valign="center">
- <p>The number of SSL sessions to maintain in the session cache. Use 0 to
- specify an unlimited cache size. If not specified, a default of 0 is
- used.</p>
- </td></tr><tr><td align="left" valign="center"><code>sessionTimeout</code></td><td align="left" valign="center">
- <p>The time, in seconds, after the creation of an SSL session that it will
- timeout. Use 0 to specify an unlimited timeout. If not specified, a
- default of 86400 (24 hours) is used.</p>
- </td></tr><tr><td align="left" valign="center"><code>sslEnabledProtocols</code></td><td align="left" valign="center">
- <p>The comma separated list of SSL protocols to support for HTTPS
- connections. If specified, only the protocols that are listed and
- supported by the SSL implementation will be enabled. If not specified,
- the JVM default is used. The permitted values may be obtained from the
- JVM documentation for the allowed values for
- <code>SSLSocket.setEnabledProtocols()</code> e.g.
- <a href="http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#jssenames">
- Oracle Java 6</a> and
- <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#jssenames">
- Oracle Java 7</a>. Note: There is overlap between this attribute and
- <code>sslProtocol</code>.</p>
- </td></tr><tr><td align="left" valign="center"><code>crlFile</code></td><td align="left" valign="center">
- <p>The certificate revocation list file to use to validate client
- certificates.</p>
- </td></tr><tr><td align="left" valign="center"><code>allowUnsafeLegacyRenegotiation</code></td><td align="left" valign="center">
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">allowUnsafeLegacyRenegotiation</code></td><td align="left" valign="center">
<p>Is unsafe legacy TLS renegotiation allowed which is likely to expose
users to CVE-2009-3555, a man-in-the-middle vulnerability in the TLS
protocol that allows an attacker to inject arbitrary data into the user's
@@ -684,32 +847,319 @@
onwards. Where RFC 5746 is supported the renegotiation - including support
for unsafe legacy renegotiation - is controlled by the JVM configuration.
</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">useServerCipherSuitesOrder</code></td><td align="left" valign="center">
+ <p>
+ Set to <code>true</code> to enforce the server's cipher order
+ (from the <code>ciphers</code> setting). Set to <code>false</code>
+ to choose the first acceptable cipher suite presented by the client.
+ <b>Use of this feature requires Java 8 or later.</b>
+ Default is <i>undefined</i>, leaving the choice up to the JSSE
+ implementation.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">ciphers</code></td><td align="left" valign="center">
+ <p>The comma separated list of encryption ciphers to support for HTTPS
+ connections. If specified, only the ciphers that are listed and supported
+ by the SSL implementation will be used. By default, the default ciphers
+ for the JVM will be used less those considered to be insecure. Note that
+ with older JVMs this will result in a very limited set of ciphers being
+ available by default. The ciphers are specified using the JSSE cipher
+ naming convention. The special value of <code>ALL</code> will enable all
+ supported ciphers. This will include many that are not secure.
+ <code>ALL</code> is intended for testing purposes only.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">clientAuth</code></td><td align="left" valign="center">
+ <p>Set to <code>true</code> if you want the SSL stack to require a
+ valid certificate chain from the client before accepting a connection.
+ Set to <code>want</code> if you want the SSL stack to request a client
+ Certificate, but not fail if one isn't presented. A <code>false</code>
+ value (which is the default) will not require a certificate chain
+ unless the client requests a resource protected by a security
+ constraint that uses <code>CLIENT-CERT</code> authentication.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">clientCertProvider</code></td><td align="left" valign="center">
+ <p>When client certificate information is presented in a form other than
+ instances of <code>java.security.cert.X509Certificate</code> it needs to
+ be converted before it can be used and this property controls which JSSE
+ provider is used to perform the conversion. For example it is used with
+ the <a href="ajp.html">AJP connectors</a>, the HTTP APR connector and
+ with the <a href="valve.html#SSL_Authenticator_Valve">
+ org.apache.catalina.valves.SSLValve</a>. If not specified, the default
+ provider will be used.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">crlFile</code></td><td align="left" valign="center">
+ <p>The certificate revocation list to be used to verify client
+ certificates. If not defined, client certificates will not be checked
+ against a certificate revocation list. The file may be specified using a
+ URL, an absolute path or a relative (to CATALINA_BASE) path.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">keyAlias</code></td><td align="left" valign="center">
+ <p>The alias used for the server key and certificate in the keystore. If
+ not specified, the first key read from the keystore will be used. The
+ order in which keys are read from the keystore is implementation
+ dependent. It may not be the case that keys are read from the keystore in
+ the same order as they were added. If more than one key is present in the
+ keystore it is strongly recommended that a keyAlias is configured to
+ ensure that the correct key is used.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">keyPass</code></td><td align="left" valign="center">
+ <p>The password used to access the server certificate from the
+ specified keystore file. The default value is "<code>changeit</code>".
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">keystoreFile</code></td><td align="left" valign="center">
+ <p>The pathname of the keystore file where you have stored the
+ server certificate to be loaded. By default, the pathname is
+ the file "<code>.keystore</code>" in the operating system home
+ directory of the user that is running Tomcat. If your
+ <code>keystoreType</code> doesn't need a file use <code>""</code>
+ (empty string) for this parameter. The file may be specified using a
+ URL, an absolute path or a relative (to CATALINA_BASE) path.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">keystorePass</code></td><td align="left" valign="center">
+ <p>The password used to access the specified keystore file. The default
+ value is the value of the <code>keyPass</code> attribute.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">keystoreProvider</code></td><td align="left" valign="center">
+ <p>The name of the keystore provider to be used for the server
+ certificate. If not specified, the list of registered providers is
+ traversed in preference order and the first provider that supports the
+ <code>keystoreType</code> is used.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">keystoreType</code></td><td align="left" valign="center">
+ <p>The type of keystore file to be used for the server certificate.
+ If not specified, the default value is "<code>JKS</code>".</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">sessionCacheSize</code></td><td align="left" valign="center">
+ <p>The number of SSL sessions to maintain in the session cache. Use 0 to
+ specify an unlimited cache size. If not specified, a default of 0 is
+ used.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">sessionTimeout</code></td><td align="left" valign="center">
+ <p>The time, in seconds, after the creation of an SSL session that it will
+ timeout. Use 0 to specify an unlimited timeout. If not specified, a
+ default of 86400 (24 hours) is used.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">sslEnabledProtocols</code></td><td align="left" valign="center">
+ <p>The comma separated list of SSL protocols to support for HTTPS
+ connections. If specified, only the protocols that are listed and
+ supported by the SSL implementation will be enabled. If not specified,
+ the JVM default (excluding SSLv2 and SSLv3 if the JVM enables either or
+ both of them by default) is used. The permitted values may be obtained from the
+ JVM documentation for the allowed values for
+ <code>SSLSocket.setEnabledProtocols()</code> e.g.
+ <a href="http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#jssenames">
+ Oracle Java 6</a> and
+ <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#jssenames">
+ Oracle Java 7</a>. Note: There is overlap between this attribute and
+ <code>sslProtocol</code>.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">sslImplementationName</code></td><td align="left" valign="center">
+ <p>The class name of the SSL implementation to use. If not specified, the
+ default of <code>org.apache.tomcat.util.net.jsse.JSSEImplementation</code>
+ will be used which wraps JVM's default JSSE provider. Note that the
+ JVM can be configured to use a different JSSE provider as the default.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">sslProtocol</code></td><td align="left" valign="center">
+ <p>The SSL protocol(s) to use (a single value may enable multiple
+ protocols - see the JVM documentation for details). If not specified, the
+ default is <code>TLS</code>. The permitted values may be obtained from the
+ JVM documentation for the allowed values for algorithm when creating an
+ <code>SSLContext</code> instance e.g.
+ <a href="http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#SSLContext">
+ Oracle Java 6</a> and
+ <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext">
+ Oracle Java 7</a>. Note: There is overlap between this attribute and
+ <code>sslEnabledProtocols</code>.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">trustManagerClassName</code></td><td align="left" valign="center">
+ <p>The name of a custom trust manager class to use to validate client
+ certificates. The class must have a zero argument constructor and must
+ also implement <code>javax.net.ssl.X509TrustManager</code>. If this
+ attribute is set, the trust store attributes may be ignored.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">trustMaxCertLength</code></td><td align="left" valign="center">
+ <p>The maximum number of intermediate certificates that will be allowed
+ when validating client certificates. If not specified, the default value
+ of 5 will be used.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">truststoreAlgorithm</code></td><td align="left" valign="center">
+ <p>The algorithm to use for truststore. If not specified, the default
+ value returned by
+ <code>javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm()</code> is
+ used.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">truststoreFile</code></td><td align="left" valign="center">
+ <p>The trust store file to use to validate client certificates. The
+ default is the value of the <code>javax.net.ssl.trustStore</code> system
+ property. If neither this attribute nor the default system property is
+ set, no trust store will be configured. The file may be specified using a
+ URL, an absolute path or a relative (to CATALINA_BASE) path.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">truststorePass</code></td><td align="left" valign="center">
+ <p>The password to access the trust store. The default is the value of the
+ <code>javax.net.ssl.trustStorePassword</code> system property. If that
+ property is null, no trust store password will be configured. If an
+ invalid trust store password is specified, a warning will be logged and an
+ attempt will be made to access the trust store without a password which
+ will skip validation of the trust store contents.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">truststoreProvider</code></td><td align="left" valign="center">
+ <p>The name of the truststore provider to be used for the server
+ certificate. The default is the value of the
+ <code>javax.net.ssl.trustStoreProvider</code> system property. If
+ that property is null, the value of <code>keystoreProvider</code> is used
+ as the default. If neither this attribute, the default system property nor
+ <code>keystoreProvider</code>is set, the list of registered providers is
+ traversed in preference order and the first provider that supports the
+ <code>truststoreType</code> is used.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">truststoreType</code></td><td align="left" valign="center">
+ <p>The type of key store used for the trust store. The default is the
+ value of the <code>javax.net.ssl.trustStoreType</code> system property. If
+ that property is null, the value of <code>keystoreType</code> is used as
+ the default.</p>
+ </td></tr></table>
+
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="SSL Support - APR/Native"><!--()--></a><a name="SSL_Support_-_APR/Native"><strong>SSL Support - APR/Native</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>When APR/native is enabled, the HTTPS connector will use a socket poller
+ for keep-alive, increasing scalability of the server. It also uses OpenSSL,
+ which may be more optimized than JSSE depending on the processor being used,
+ and can be complemented with many commercial accelerator components. Unlike
+ the HTTP connector, the HTTPS connector cannot use sendfile to optimize static
+ file processing.</p>
+
+ <p>The HTTPS APR/native connector has the same attributes than the HTTP
+ APR/native connector, but adds OpenSSL specific ones. For the full details on
+ using OpenSSL, please refer to OpenSSL documentations and the many books
+ available for it (see the <a href="http://www.openssl.org">Official OpenSSL
+ website</a>). The SSL specific attributes for the APR/native connector are:
+ </p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code class="attributeName">SSLCACertificateFile</code></td><td align="left" valign="center">
+ <p>See <a href="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatefile">
+ the mod_ssl documentation</a>.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">SSLCACertificatePath</code></td><td align="left" valign="center">
+ <p>See <a href="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatepath">
+ the mod_ssl documentation</a>.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">SSLCARevocationFile</code></td><td align="left" valign="center">
+ <p>See <a href="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcarevocationfile">
+ the mod_ssl documentation</a>.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">SSLCARevocationPath</code></td><td align="left" valign="center">
+ <p>See <a href="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcarevocationpath">
+ the mod_ssl documentation</a>.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">SSLCertificateChainFile</code></td><td align="left" valign="center">
+ <p>See <a href="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile">
+ the mod_ssl documentation</a>.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">SSLCACertificateFile</code></td><td align="left" valign="center">
+ <p>Name of the file that contains the concatenated certificates for the
+ trusted certificate authorities. The format is PEM-encoded.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">SSLCACertificatePath</code></td><td align="left" valign="center">
+ <p>Name of the directory that contains the certificates for the trusted
+ certificate authorities. The format is PEM-encoded.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">SSLCARevocationFile</code></td><td align="left" valign="center">
+ <p>Name of the file that contains the concatenated certificate revocation
+ lists for the certificate authorities. The format is PEM-encoded.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">SSLCARevocationPath</code></td><td align="left" valign="center">
+ <p>Name of the directory that contains the certificate revocation lists
+ for the certificate authorities. The format is PEM-encoded.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">SSLCertificateChainFile</code></td><td align="left" valign="center">
+ <p>Name of the file that contains concatenated certifcates for the
+ certificate authorities which form the certifcate chain for the server
+ certificate. The format is PEM-encoded.</p>
+ </td></tr><tr><td align="left" valign="center"><strong><code class="attributeName">SSLCertificateFile</code></strong></td><td align="left" valign="center">
+ <p>Name of the file that contains the server certificate. The format is
+ PEM-encoded.</p>
+ <p>In addition to the certificate, the file can also contain as optional
+ elements DH parameters and/or an EC curve name for ephemeral keys, as
+ generated by <code>openssl dhparam</code> and <code>openssl ecparam</code>,
+ respectively. The output of the respective OpenSSL command can simply
+ be concatenated to the certificate file. This feature needs APR/native
+ version 1.1.34 or later.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">SSLCertificateKeyFile</code></td><td align="left" valign="center">
+ <p>Name of the file that contains the server private key. The format is
+ PEM-encoded. The default value is the value of "SSLCertificateFile" and in
+ this case both certificate and private key have to be in this file (NOT
+ RECOMMENDED).</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">SSLCipherSuite</code></td><td align="left" valign="center">
+ <p>Ciphers which may be used for communicating with clients. The default
+ is "HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA". See the OpenSSL
+ documentation for details of the cipher configuration options.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">SSLDisableCompression</code></td><td align="left" valign="center">
+ <p>Disables compression if set to <code>true</code> and OpenSSL supports
+ disabling compression. Default is <code>false</code> which inherits the
+ default compression setting in OpenSSL.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">SSLHonorCipherOrder</code></td><td align="left" valign="center">
+ <p>Set to <code>true</code> to enforce the server's cipher order
+ (from the <code>SSLCipherSuite</code> setting) instead of allowing
+ the client to choose the cipher (which is the default).</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">SSLPassword</code></td><td align="left" valign="center">
+ <p>Pass phrase for the encrypted private key. If "SSLPassword" is not
+ provided, the callback function should prompt for the pass phrase.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">SSLProtocol</code></td><td align="left" valign="center">
+ <p>The names of the protocols to support when communicating with clients.
+ This should be a list of any combination of the following:
+ </p>
+ <ul><li>SSLv2</li><li>SSLv3</li><li>TLSv1</li>
+ <li>TLSv1.1</li><li>TLSv1.2</li><li>all</li></ul>
+ <p>Each token in the list can be prefixed with a plus sign ("+")
+ or a minus sign ("-"). A plus sign adds the protocol, a minus sign
+ removes it form the current list. The list is built starting from
+ an empty list.</p>
+ <p>The token <code>all</code> is an alias for
+ <code>TLSv1+TLSv1.1+TLSv1.2</code>.</p>
+ <p>If more than one protocol is specified for an OpenSSL
+ based secure connector it will always support <code>SSLv2Hello</code>. If a
+ single protocol is specified it will not support
+ <code>SSLv2Hello</code>.</p>
+ <p>Note that <code>SSLv2</code> and <code>SSLv3</code> are inherently
+ unsafe.</p>
+ <p>If not specified, the default value of <code>all</code> will be
+ used.</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">SSLVerifyClient</code></td><td align="left" valign="center">
+ <p>Ask client for certificate. The default is "none", meaning the client
+ will not have the opportunity to submit a certificate. Other acceptable
+ values include "optional", "require" and "optionalNoCA".</p>
+ </td></tr><tr><td align="left" valign="center"><code class="attributeName">SSLVerifyDepth</code></td><td align="left" valign="center">
+ <p>Maximum verification depth for client certificates. The default is
+ "10".</p>
</td></tr></table>
- <p>For more information, see the
- <a href="../ssl-howto.html">SSL Configuration HOW-TO</a>.</p>
+ </blockquote></td></tr></table>
</blockquote></td></tr></table>
<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Connector Comparison"><!--()--></a><a name="Connector_Comparison"><strong>Connector Comparison</strong></a></font></td></tr><tr><td><blockquote>
- <p>Below is a small chart that shows how the connectors differentiate.</p>
- <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
- Java Blocking Connector Java Nio Blocking Connector APR Connector
- Classname Http11Protocol Http11NioProtocol Http11AprProtocol
- Tomcat Version 3.x 4.x 5.x 6.x 6.x 5.5.x 6.x
- Support Polling NO YES YES
- Polling Size N/A Unlimited - Restricted by mem Unlimited - Configurable
- Read HTTP Request Blocking Non Blocking Blocking
- Read HTTP Body Blocking Sim Blocking Blocking
- Write HTTP Response Blocking Sim Blocking Blocking
- SSL Support Java SSL Java SSL OpenSSL
- SSL Handshake Blocking Non blocking Blocking
- Max Connections maxThreads See polling size See polling size
-
-
- </pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+ <p>Below is a small chart that shows how the connectors differ.</p>
+ <div class="codeBox"><pre><code>
+ Java Blocking Connector Java Non Blocking Connector APR/native Connector
+ BIO NIO APR
+ Classname Http11Protocol Http11NioProtocol Http11AprProtocol
+ Tomcat Version 3.x onwards 6.x onwards 5.5.x onwards
+ Support Polling NO YES YES
+ Polling Size N/A maxConnections maxConnections
+ Read Request Headers Blocking Non Blocking Blocking
+ Read Request Body Blocking Blocking Blocking
+ Write Response Blocking Blocking Blocking
+ Wait for next Request Blocking Non Blocking Non Blocking
+ SSL Support Java SSL Java SSL OpenSSL
+ SSL Handshake Blocking Non blocking Blocking
+ Max Connections maxConnections maxConnections maxConnections
+
+
+ </code></pre></div>
</blockquote></td></tr></table>
-</blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><!--PAGE FOOTER--><tr><td colspan="2"><div align="center"><font color="#525D76" size="-1"><em>
- Copyright © 1999-2014, Apache Software Foundation
+</blockquote></td></tr></table></td></tr><tr class="noPrint"><td width="20%" valign="top" nowrap class="noPrint"></td><td width="80%" valign="top" align="left"><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="comments_section" id="comments_section"><strong>Comments</strong></a></font></td></tr><tr><td><blockquote><p class="notice"><strong>Notice: </strong>This comments section collects your suggestions
+ on improving documentation for Apache Tomcat.<br><br>
+ If you have trouble and need help, read
+ <a href="http://tomcat.apache.org/findhelp.html">Find Help</a> page
+ and ask your question on the tomcat-users
+ <a href="http://tomcat.apache.org/lists.html">mailing list</a>.
+ Do not ask such questions here. This is not a Q&A section.<br><br>
+ The Apache Comments System is explained <a href="../comments.html">here</a>.
+ Comments may be removed by our moderators if they are either
+ implemented or considered invalid/off-topic.</p><script type="text/javascript"><!--//--><![CDATA[//><!--
+ var comments_shortname = 'tomcat';
+ var comments_identifier = 'http://tomcat.apache.org/tomcat-7.0-doc/config/http.html';
+ (function(w, d) {
+ if (w.location.hostname.toLowerCase() == "tomcat.apache.org") {
+ d.write('<div id="comments_thread"><\/div>');
+ var s = d.createElement('script');
+ s.type = 'text/javascript';
+ s.async = true;
+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+ }
+ else {
+ d.write('<div id="comments_thread"><strong>Comments are disabled for this page at the moment.<\/strong><\/div>');
+ }
+ })(window, document);
+ //--><!]]></script></blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td colspan="2"><hr noshade size="1"></td></tr><!--PAGE FOOTER--><tr><td colspan="2"><div align="center"><font color="#525D76" size="-1"><em>
+ Copyright © 1999-2017, Apache Software Foundation
</em></font></div></td></tr></table></body></html>
\ No newline at end of file