Hongqing Liu | 7189829 | 2014-10-15 13:31:32 +0800 | [diff] [blame] | 1 | <html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Apache Tomcat 6.0 (6.0.41) - Apache Portable Runtime (APR) based Native library for Tomcat</title><meta name="author" content="Remy Maucherat"><style type="text/css" media="print">
|
Hongqing Liu | fd5ee81 | 2014-05-10 16:32:51 +0800 | [diff] [blame] | 2 | .noPrint {display: none;}
|
| 3 | td#mainBody {width: 100%;}
|
| 4 | </style></head><body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"><table border="0" width="100%" cellspacing="0"><!--PAGE HEADER--><tr><td><!--PROJECT LOGO--><a href="http://tomcat.apache.org/"><img src="./images/tomcat.gif" align="right" alt="
|
| 5 | The Apache Tomcat Servlet/JSP Container
|
Hongqing Liu | 7189829 | 2014-10-15 13:31:32 +0800 | [diff] [blame] | 6 | " border="0"></a></td><td><h1><font face="arial,helvetica,sanserif">Apache Tomcat 6.0</font></h1><font face="arial,helvetica,sanserif">Version 6.0.41, May 19 2014</font></td><td><!--APACHE LOGO--><a href="http://www.apache.org/"><img src="./images/asf-logo.gif" align="right" alt="Apache Logo" border="0"></a></td></tr></table><table border="0" width="100%" cellspacing="4"><!--HEADER SEPARATOR--><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><tr><!--LEFT SIDE NAVIGATION--><td width="20%" valign="top" nowrap="nowrap" class="noPrint"><p><strong>Links</strong></p><ul><li><a href="index.html">Docs Home</a></li><li><a href="http://wiki.apache.org/tomcat/FAQ">FAQ</a></li></ul><p><strong>User Guide</strong></p><ul><li><a href="introduction.html">1) Introduction</a></li><li><a href="setup.html">2) Setup</a></li><li><a href="appdev/index.html">3) First webapp</a></li><li><a href="deployer-howto.html">4) Deployer</a></li><li><a href="manager-howto.html">5) Manager</a></li><li><a href="realm-howto.html">6) Realms and AAA</a></li><li><a href="security-manager-howto.html">7) Security Manager</a></li><li><a href="jndi-resources-howto.html">8) JNDI Resources</a></li><li><a href="jndi-datasource-examples-howto.html">9) JDBC DataSources</a></li><li><a href="class-loader-howto.html">10) Classloading</a></li><li><a href="jasper-howto.html">11) JSPs</a></li><li><a href="ssl-howto.html">12) SSL</a></li><li><a href="ssi-howto.html">13) SSI</a></li><li><a href="cgi-howto.html">14) CGI</a></li><li><a href="proxy-howto.html">15) Proxy Support</a></li><li><a href="mbeans-descriptor-howto.html">16) MBean Descriptor</a></li><li><a href="default-servlet.html">17) Default Servlet</a></li><li><a href="cluster-howto.html">18) Clustering</a></li><li><a href="balancer-howto.html">19) Load Balancer</a></li><li><a href="connectors.html">20) Connectors</a></li><li><a href="monitoring.html">21) Monitoring and Management</a></li><li><a href="logging.html">22) Logging</a></li><li><a href="apr.html">23) APR/Native</a></li><li><a href="virtual-hosting-howto.html">24) Virtual Hosting</a></li><li><a href="aio.html">25) Advanced IO</a></li><li><a href="extras.html">26) Additional Components</a></li><li><a href="maven-jars.html">27) Mavenized</a></li></ul><p><strong>Reference</strong></p><ul><li><a href="RELEASE-NOTES.txt">Release Notes</a></li><li><a href="config/index.html">Configuration</a></li><li><a href="api/index.html">Javadocs</a></li><li><a href="http://tomcat.apache.org/connectors-doc/">JK 1.2 Documentation</a></li></ul><p><strong>Apache Tomcat Development</strong></p><ul><li><a href="building.html">Building</a></li><li><a href="changelog.html">Changelog</a></li><li><a href="http://wiki.apache.org/tomcat/TomcatVersions">Status</a></li><li><a href="developers.html">Developers</a></li><li><a href="architecture/index.html">Architecture</a></li><li><a href="funcspecs/index.html">Functional Specs.</a></li></ul></td><!--RIGHT SIDE MAIN BODY--><td width="80%" valign="top" align="left" id="mainBody"><h1>Apache Tomcat 6.0</h1><h2>Apache Portable Runtime (APR) based Native library for Tomcat</h2><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Table of Contents"><!--()--></a><a name="Table_of_Contents"><strong>Table of Contents</strong></a></font></td></tr><tr><td><blockquote>
|
Hongqing Liu | fd5ee81 | 2014-05-10 16:32:51 +0800 | [diff] [blame] | 7 | <ul><li><a href="#Introduction">Introduction</a></li><li><a href="#Installation">Installation</a><ol><li><a href="#Windows">Windows</a></li><li><a href="#Linux">Linux</a></li></ol></li><li><a href="#APR_Components">APR Components</a></li><li><a href="#APR_Lifecycle_Listener_Configuration">APR Lifecycle Listener Configuration</a><ol><li><a href="#AprLifecycleListener">AprLifecycleListener</a></li></ol></li><li><a href="#APR_Connectors_Configuration">APR Connectors Configuration</a><ol><li><a href="#HTTP">HTTP</a></li><li><a href="#HTTPS">HTTPS</a></li><li><a href="#AJP">AJP</a></li></ol></li></ul>
|
| 8 | </blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
|
| 9 |
|
| 10 | <p>
|
| 11 | Tomcat can use the <a href="http://apr.apache.org/">Apache Portable Runtime</a> to
|
| 12 | provide superior scalability, performance, and better integration with native server
|
| 13 | technologies. The Apache Portable Runtime is a highly portable library that is at
|
| 14 | the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced IO
|
| 15 | functionality (such as sendfile, epoll and OpenSSL), OS level functionality (random number
|
| 16 | generation, system status, etc), and native process handling (shared memory, NT
|
| 17 | pipes and Unix sockets).
|
| 18 | </p>
|
| 19 |
|
| 20 | <p>
|
| 21 | These features allows making Tomcat a general purpose webserver, will enable much better
|
| 22 | integration with other native web technologies, and overall make Java much more viable as
|
| 23 | a full fledged webserver platform rather than simply a backend focused technology.
|
| 24 | </p>
|
| 25 |
|
| 26 | </blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Installation"><strong>Installation</strong></a></font></td></tr><tr><td><blockquote>
|
| 27 |
|
| 28 | <p>
|
| 29 | APR support requires three main native components to be installed:
|
| 30 | <ul>
|
| 31 | <li>APR library</li>
|
| 32 | <li>JNI wrappers for APR used by Tomcat (libtcnative)</li>
|
| 33 | <li>OpenSSL libraries</li>
|
| 34 | </ul>
|
| 35 | </p>
|
| 36 |
|
| 37 | <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Windows"><strong>Windows</strong></a></font></td></tr><tr><td><blockquote>
|
| 38 |
|
| 39 | <p>
|
| 40 | Windows binaries are provided for tcnative-1, which is a statically compiled .dll which includes
|
| 41 | OpenSSL and APR. It can be downloaded from <a href="http://tomcat.apache.org/download-native.cgi">here</a>
|
| 42 | as 32bit or AMD x86-64 binaries.
|
| 43 | In security conscious production environments, it is recommended to use separate shared dlls
|
| 44 | for OpenSSL, APR, and libtcnative-1, and update them as needed according to security bulletins.
|
| 45 | Windows OpenSSL binaries are linked from the <a href="http://www.openssl.org">Official OpenSSL
|
| 46 | website</a> (see related/binaries).
|
| 47 | </p>
|
| 48 |
|
| 49 | </blockquote></td></tr></table>
|
| 50 |
|
| 51 | <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Linux"><strong>Linux</strong></a></font></td></tr><tr><td><blockquote>
|
| 52 |
|
| 53 | <p>
|
| 54 | Most Linux distributions will ship packages for APR and OpenSSL. The JNI wrapper (libtcnative) will
|
| 55 | then have to be compiled. It depends on APR, OpenSSL, and the Java headers.
|
| 56 | </p>
|
| 57 |
|
| 58 | <p>
|
| 59 | Requirements:
|
| 60 | <ul>
|
| 61 | <li>APR 1.2+ development headers (libapr1-dev package)</li>
|
| 62 | <li>OpenSSL 0.9.7+ development headers (libssl-dev package)</li>
|
| 63 | <li>JNI headers from Java compatible JDK 1.4+</li>
|
| 64 | <li>GNU development environment (gcc, make)</li>
|
| 65 | </ul>
|
| 66 | </p>
|
| 67 |
|
| 68 | <p>
|
| 69 | The wrapper library sources are located in the Tomcat binary bundle, in the
|
| 70 | <code>bin/tomcat-native.tar.gz</code> archive.
|
| 71 | Once the build environment is installed and the source archive is extracted, the wrapper library
|
| 72 | can be compiled using (from the folder containing the configure script):
|
| 73 | <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>./configure && make && make install</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
|
| 74 | </p>
|
| 75 |
|
| 76 | </blockquote></td></tr></table>
|
| 77 |
|
| 78 | </blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="APR Components"><!--()--></a><a name="APR_Components"><strong>APR Components</strong></a></font></td></tr><tr><td><blockquote>
|
| 79 |
|
| 80 | <p>
|
| 81 | Once the libraries are properly installed and available to Java (if loading fails, the library path
|
| 82 | will be displayed), the Tomcat connectors will automatically use APR. Configuration of the connectors
|
| 83 | is similar to the regular connectors, but have a few extra attributes which are used to configure
|
| 84 | APR components. Note that the defaults should be well tuned for most use cases, and additional
|
| 85 | tweaking shouldn't be required.
|
| 86 | </p>
|
| 87 |
|
| 88 | <p>
|
| 89 | When APR is enabled, the following features are also enabled in Tomcat:
|
| 90 | <ul>
|
| 91 | <li>Secure session ID generation by default on all platforms (platforms other than Linux required
|
| 92 | random number generation using a configured entropy)</li>
|
| 93 | <li>OS level statistics on memory usage and CPU usage by the Tomcat process are displayed by
|
| 94 | the status servlet</li>
|
| 95 | </ul>
|
| 96 | </p>
|
| 97 |
|
| 98 | </blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="APR Lifecycle Listener Configuration"><!--()--></a><a name="APR_Lifecycle_Listener_Configuration"><strong>APR Lifecycle Listener Configuration</strong></a></font></td></tr><tr><td><blockquote>
|
| 99 | <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="AprLifecycleListener"><strong>AprLifecycleListener</strong></a></font></td></tr><tr><td><blockquote>
|
Hongqing Liu | 7189829 | 2014-10-15 13:31:32 +0800 | [diff] [blame] | 100 | <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>SSLEngine</code></td><td align="left" valign="center">
|
Hongqing Liu | fd5ee81 | 2014-05-10 16:32:51 +0800 | [diff] [blame] | 101 | <p>
|
| 102 | Name of the SSLEngine to use. off: Do not use SSL, on: Use SSL but no specific ENGINE.
|
| 103 | The default value is <b>on</b>.
|
| 104 | This initializes the native SSL engine, then enable the use of this engine in the connector
|
| 105 | using the <code>SSLEnabled</code> attribute. Example:
|
| 106 | <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
|
| 107 | <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
|
| 108 | </pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
|
| 109 | </p>
|
| 110 | <p>See the <a href="http://www.openssl.org">Official OpenSSL
|
| 111 | website</a> for more details on SSL hardware engines and manufacturers.
|
| 112 | </p>
|
Hongqing Liu | 7189829 | 2014-10-15 13:31:32 +0800 | [diff] [blame] | 113 | </td></tr></table>
|
Hongqing Liu | fd5ee81 | 2014-05-10 16:32:51 +0800 | [diff] [blame] | 114 | </blockquote></td></tr></table>
|
| 115 | </blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="APR Connectors Configuration"><!--()--></a><a name="APR_Connectors_Configuration"><strong>APR Connectors Configuration</strong></a></font></td></tr><tr><td><blockquote>
|
| 116 |
|
| 117 | <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="HTTP"><strong>HTTP</strong></a></font></td></tr><tr><td><blockquote>
|
| 118 |
|
| 119 | <p>
|
| 120 | When APR is enabled, the HTTP connector will use sendfile for handling large static files (all such
|
| 121 | files will be sent asynchronously using high performance kernel level calls), and will use
|
| 122 | a socket poller for keepalive, increasing scalability of the server.
|
| 123 | </p>
|
| 124 |
|
| 125 | <p>
|
| 126 | The following attributes are supported in the HTTP APR connector in addition to the ones supported
|
| 127 | in the regular HTTP connector:
|
| 128 | </p>
|
| 129 |
|
| 130 | <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>keepAliveTimeout</code></td><td align="left" valign="center">
|
| 131 | <p>The number of milliseconds this <strong>Connector</strong> will wait for
|
| 132 | another HTTP request before closing the connection.
|
| 133 | The default value is to use the value that has been set for the
|
| 134 | connectionTimeout attribute. This value also controls the timeout interval which
|
| 135 | is used for Comet connections.</p>
|
| 136 | </td></tr><tr><td align="left" valign="center"><code>pollTime</code></td><td align="left" valign="center">
|
| 137 | <p>Duration of a poll call. Lowering this value will slightly decrease latency of connections
|
| 138 | being kept alive in some cases, but will use more CPU as more poll calls are being made. The
|
| 139 | default value is 2000 (5ms).</p>
|
| 140 | </td></tr><tr><td align="left" valign="center"><code>pollerSize</code></td><td align="left" valign="center">
|
| 141 | <p>Amount of sockets that the poller responsible for polling kept alive connections can hold at a
|
| 142 | given time. Extra connections will be closed right away. The default value is 8192, corresponding to
|
| 143 | 8192 keepalive connections.</p>
|
| 144 | </td></tr><tr><td align="left" valign="center"><code>pollerThreadCount</code></td><td align="left" valign="center">
|
| 145 | <p>Number of threads used to poll kept alive connections. On Windows the
|
| 146 | default is chosen so that the sockets managed by each thread is
|
| 147 | less than 1024. For Linux the default is 1. Changing the default on
|
| 148 | Windows is likely to have a negative performance impact.</p>
|
| 149 | </td></tr><tr><td align="left" valign="center"><code>useSendfile</code></td><td align="left" valign="center">
|
| 150 | <p>Use kernel level sendfile for certain static files. The default value is true.</p>
|
| 151 | </td></tr><tr><td align="left" valign="center"><code>sendfileSize</code></td><td align="left" valign="center">
|
| 152 | <p>Amount of sockets that the poller responsible for sending static files asynchronously can hold
|
| 153 | at a given time. Extra connections will be closed right away without any data being sent
|
| 154 | (resulting in a zero length file on the client side). Note that in most cases, sendfile is a call
|
| 155 | that will return right away (being taken care of "synchronously" by the kernel), and the sendfile
|
| 156 | poller will not be used, so the amount of static files which can be sent concurrently is much larger
|
| 157 | than the specified amount. The default value is 1024.</p>
|
| 158 | </td></tr><tr><td align="left" valign="center"><code>sendFileThreadCount</code></td><td align="left" valign="center">
|
| 159 | <p>Number of threads used service sendfile sockets. On Windows the
|
| 160 | default is chosen so that the sockets managed by each thread is
|
| 161 | less than 1024. For Linux the default is 1. Changing the default on
|
| 162 | Windows is likely to have a negative performance impact.</p>
|
| 163 | </td></tr></table>
|
| 164 |
|
| 165 | </blockquote></td></tr></table>
|
| 166 |
|
| 167 | <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="HTTPS"><strong>HTTPS</strong></a></font></td></tr><tr><td><blockquote>
|
| 168 |
|
| 169 | <p>
|
| 170 | When APR is enabled, the HTTPS connector will use a socket poller for keepalive, increasing
|
| 171 | scalability of the server. It also uses OpenSSL, which may be more optimized than JSSE depending
|
| 172 | on the processor being used, and can be complemented with many commercial accelerator components.
|
| 173 | Unlike the HTTP connector, the HTTPS connector cannot use sendfile to optimize static file
|
| 174 | processing.
|
| 175 | </p>
|
| 176 |
|
| 177 | <p>
|
| 178 | The HTTPS APR connector has the same basic attributes than the HTTP APR connector, but adds
|
| 179 | OpenSSL specific ones. For the full details on using OpenSSL, please refer to OpenSSL documentations
|
| 180 | and the many books available for it (see the <a href="http://www.openssl.org">Official OpenSSL
|
| 181 | website</a>). The SSL specific attributes for the connector are:
|
| 182 | </p>
|
| 183 |
|
| 184 | <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>SSLEnabled</code></td><td align="left" valign="center">
|
| 185 | <p>
|
| 186 | Enable SSL on the socket, default value is false. Set this value to true
|
| 187 | to enable SSL handshake/encryption/decryption in the APR connector.
|
| 188 | </p>
|
| 189 | </td></tr><tr><td align="left" valign="center"><code>SSLProtocol</code></td><td align="left" valign="center">
|
| 190 | <p>
|
| 191 | Protocol which may be used for communicating with clients. The default
|
| 192 | value is <code>all</code>, with other acceptable values being <code>SSLv2</code>,
|
| 193 | <code>SSLv3</code>, <code>TLSv1</code> and <code>SSLv2+SSLv3</code>.
|
| 194 | Starting with version 1.1.21 of the Tomcat native
|
| 195 | library any combination of the three protocols concatenated with a
|
| 196 | plus sign will be supported. Note that the protocol <code>SSLv2</code>
|
| 197 | is inherently unsafe.
|
| 198 | </p>
|
| 199 | </td></tr><tr><td align="left" valign="center"><code>SSLCipherSuite</code></td><td align="left" valign="center">
|
| 200 | <p>
|
| 201 | Ciphers which may be used for communicating with clients. The default is "ALL", with
|
| 202 | other acceptable values being a list of ciphers, with ":" used as the delimiter
|
| 203 | (see OpenSSL documentation for the list of ciphers supported).
|
| 204 | </p>
|
| 205 | </td></tr><tr><td align="left" valign="center"><strong><code>SSLCertificateFile</code></strong></td><td align="left" valign="center">
|
| 206 | <p>
|
| 207 | Name of the file that contains the server certificate. The format is PEM-encoded.
|
| 208 | </p>
|
| 209 | </td></tr><tr><td align="left" valign="center"><code>SSLCertificateKeyFile</code></td><td align="left" valign="center">
|
| 210 | <p>
|
| 211 | Name of the file that contains the server private key. The format is PEM-encoded.
|
| 212 | The default value is the value of "SSLCertificateFile" and in this case both certificate
|
| 213 | and private key have to be in this file (NOT RECOMMENDED).
|
| 214 | </p>
|
| 215 | </td></tr><tr><td align="left" valign="center"><code>SSLDisableCompression</code></td><td align="left" valign="center">
|
| 216 | <p>Disables compression if set to <code>true</code> and OpenSSL supports
|
| 217 | disabling compression. Default is <code>false</code> which inherits the
|
| 218 | default compression setting in OpenSSL.</p>
|
| 219 | </td></tr><tr><td align="left" valign="center"><code>SSLHonorCipherOrder</code></td><td align="left" valign="center">
|
| 220 | <p>Set to <code>true</code> to enforce the server's cipher order
|
| 221 | (from the <code>SSLCipherSuite</code> setting) instead of allowing
|
| 222 | the client to choose the cipher (which is the default).</p>
|
| 223 | </td></tr><tr><td align="left" valign="center"><code>SSLPassword</code></td><td align="left" valign="center">
|
| 224 | <p>
|
| 225 | Pass phrase for the encrypted private key. If "SSLPassword" is not provided, the callback function
|
| 226 | should prompt for the pass phrase.
|
| 227 | </p>
|
| 228 | </td></tr><tr><td align="left" valign="center"><code>SSLVerifyClient</code></td><td align="left" valign="center">
|
| 229 | <p>
|
| 230 | Ask client for certificate. The default is "none", meaning the client will not have the opportunity
|
| 231 | to submit a certificate. Other acceptable values include "optional", "require" and "optionalNoCA".
|
| 232 | </p>
|
| 233 | </td></tr><tr><td align="left" valign="center"><code>SSLVerifyDepth</code></td><td align="left" valign="center">
|
| 234 | <p>
|
| 235 | Maximum verification depth for client certificates. The default is "10".
|
| 236 | </p>
|
| 237 | </td></tr><tr><td align="left" valign="center"><code>SSLCACertificateFile</code></td><td align="left" valign="center">
|
| 238 | <p>
|
| 239 | See <a href="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatefile">the mod_ssl documentation</a>.
|
| 240 | </p>
|
| 241 | </td></tr><tr><td align="left" valign="center"><code>SSLCACertificatePath</code></td><td align="left" valign="center">
|
| 242 | <p>
|
| 243 | See <a href="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatepath">the mod_ssl documentation</a>.
|
| 244 | </p>
|
| 245 | </td></tr><tr><td align="left" valign="center"><code>SSLCertificateChainFile</code></td><td align="left" valign="center">
|
| 246 | <p>
|
| 247 | See <a href="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile">the mod_ssl documentation</a>.
|
| 248 | </p>
|
| 249 | </td></tr><tr><td align="left" valign="center"><code>SSLCARevocationFile</code></td><td align="left" valign="center">
|
| 250 | <p>
|
| 251 | See <a href="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcarevocationfile">the mod_ssl documentation</a>.
|
| 252 | </p>
|
| 253 | </td></tr><tr><td align="left" valign="center"><code>SSLCARevocationPath</code></td><td align="left" valign="center">
|
| 254 | <p>
|
| 255 | See <a href="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcarevocationpath">the mod_ssl documentation</a>.
|
| 256 | </p>
|
| 257 | </td></tr></table>
|
| 258 |
|
| 259 | <p>
|
| 260 | An example SSL Connector declaration can be:
|
| 261 | <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
|
| 262 | <Connector port="443" maxHttpHeaderSize="8192"
|
| 263 | maxThreads="150"
|
| 264 | enableLookups="false" disableUploadTimeout="true"
|
| 265 | acceptCount="100" scheme="https" secure="true"
|
| 266 | SSLEnabled="true"
|
| 267 | SSLCertificateFile="${catalina.base}/conf/localhost.crt"
|
| 268 | SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" /></pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
|
| 269 | </p>
|
| 270 |
|
| 271 | </blockquote></td></tr></table>
|
| 272 |
|
| 273 | <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="AJP"><strong>AJP</strong></a></font></td></tr><tr><td><blockquote>
|
| 274 |
|
| 275 | <p>
|
| 276 | When APR is enabled, the AJP connector will use a socket poller for keepalive, increasing
|
| 277 | scalability of the server. As AJP is designed around a pool of persistent (or almost
|
| 278 | persistent) connections, this will reduce significantly the amount of processing threads
|
| 279 | needed by Tomcat. Unlike the HTTP connector, the AJP connector cannot use sendfile to optimize
|
| 280 | static file processing.
|
| 281 | </p>
|
| 282 |
|
| 283 | <p>
|
| 284 | The following attributes are supported in the AJP APR connector in addition to the ones supported
|
| 285 | in the regular AJP connector:
|
| 286 | </p>
|
| 287 |
|
| 288 | <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>pollTime</code></td><td align="left" valign="center">
|
| 289 | <p>Duration of a poll call. Lowering this value will slightly decrease latency of connections
|
| 290 | being kept alive in some cases, but will use more CPU as more poll calls are being made. The
|
| 291 | default value is 2000 (5ms).</p>
|
| 292 | </td></tr><tr><td align="left" valign="center"><code>pollerSize</code></td><td align="left" valign="center">
|
| 293 | <p>Amount of sockets that the poller responsible for polling kept alive connections can hold at a
|
| 294 | given time. Extra connections will be closed right away. The default value is 8192, corresponding to
|
| 295 | 8192 keepalive connections.</p>
|
| 296 | </td></tr></table>
|
| 297 |
|
| 298 | </blockquote></td></tr></table>
|
| 299 |
|
| 300 | </blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><!--PAGE FOOTER--><tr><td colspan="2"><div align="center"><font color="#525D76" size="-1"><em>
|
| 301 | Copyright © 1999-2014, Apache Software Foundation
|
| 302 | </em></font></div></td></tr></table></body></html> |