Gitiles
Code Review Sign In
source.supwisdom.com / UniIdentify / tomcat / 7189829bb2c240044551576d8e7a5404b9798f64 / . / tomcat-uidm / webapps / docs / apr.html
blob: 7f8e05dd1e5e1b9f18571510eaf65cb8e89def53 [file] [log] [blame]
Hongqing Liu71898292014-10-15 13:31:32 +0800[diff] [blame^]1<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Apache Tomcat 6.0 (6.0.41) - Apache Portable Runtime (APR) based Native library for Tomcat</title><meta name="author" content="Remy Maucherat"><style type="text/css" media="print">
Hongqing Liufd5ee812014-05-10 16:32:51 +0800[diff] [blame]2 .noPrint {display: none;}
3 td#mainBody {width: 100%;}
4 </style></head><body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"><table border="0" width="100%" cellspacing="0"><!--PAGE HEADER--><tr><td><!--PROJECT LOGO--><a href="http://tomcat.apache.org/"><img src="./images/tomcat.gif" align="right" alt="
5 The Apache Tomcat Servlet/JSP Container
Hongqing Liu71898292014-10-15 13:31:32 +0800[diff] [blame^]6 " border="0"></a></td><td><h1><font face="arial,helvetica,sanserif">Apache Tomcat 6.0</font></h1><font face="arial,helvetica,sanserif">Version 6.0.41, May 19 2014</font></td><td><!--APACHE LOGO--><a href="http://www.apache.org/"><img src="./images/asf-logo.gif" align="right" alt="Apache Logo" border="0"></a></td></tr></table><table border="0" width="100%" cellspacing="4"><!--HEADER SEPARATOR--><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><tr><!--LEFT SIDE NAVIGATION--><td width="20%" valign="top" nowrap="nowrap" class="noPrint"><p><strong>Links</strong></p><ul><li><a href="index.html">Docs Home</a></li><li><a href="http://wiki.apache.org/tomcat/FAQ">FAQ</a></li></ul><p><strong>User Guide</strong></p><ul><li><a href="introduction.html">1) Introduction</a></li><li><a href="setup.html">2) Setup</a></li><li><a href="appdev/index.html">3) First webapp</a></li><li><a href="deployer-howto.html">4) Deployer</a></li><li><a href="manager-howto.html">5) Manager</a></li><li><a href="realm-howto.html">6) Realms and AAA</a></li><li><a href="security-manager-howto.html">7) Security Manager</a></li><li><a href="jndi-resources-howto.html">8) JNDI Resources</a></li><li><a href="jndi-datasource-examples-howto.html">9) JDBC DataSources</a></li><li><a href="class-loader-howto.html">10) Classloading</a></li><li><a href="jasper-howto.html">11) JSPs</a></li><li><a href="ssl-howto.html">12) SSL</a></li><li><a href="ssi-howto.html">13) SSI</a></li><li><a href="cgi-howto.html">14) CGI</a></li><li><a href="proxy-howto.html">15) Proxy Support</a></li><li><a href="mbeans-descriptor-howto.html">16) MBean Descriptor</a></li><li><a href="default-servlet.html">17) Default Servlet</a></li><li><a href="cluster-howto.html">18) Clustering</a></li><li><a href="balancer-howto.html">19) Load Balancer</a></li><li><a href="connectors.html">20) Connectors</a></li><li><a href="monitoring.html">21) Monitoring and Management</a></li><li><a href="logging.html">22) Logging</a></li><li><a href="apr.html">23) APR/Native</a></li><li><a href="virtual-hosting-howto.html">24) Virtual Hosting</a></li><li><a href="aio.html">25) Advanced IO</a></li><li><a href="extras.html">26) Additional Components</a></li><li><a href="maven-jars.html">27) Mavenized</a></li></ul><p><strong>Reference</strong></p><ul><li><a href="RELEASE-NOTES.txt">Release Notes</a></li><li><a href="config/index.html">Configuration</a></li><li><a href="api/index.html">Javadocs</a></li><li><a href="http://tomcat.apache.org/connectors-doc/">JK 1.2 Documentation</a></li></ul><p><strong>Apache Tomcat Development</strong></p><ul><li><a href="building.html">Building</a></li><li><a href="changelog.html">Changelog</a></li><li><a href="http://wiki.apache.org/tomcat/TomcatVersions">Status</a></li><li><a href="developers.html">Developers</a></li><li><a href="architecture/index.html">Architecture</a></li><li><a href="funcspecs/index.html">Functional Specs.</a></li></ul></td><!--RIGHT SIDE MAIN BODY--><td width="80%" valign="top" align="left" id="mainBody"><h1>Apache Tomcat 6.0</h1><h2>Apache Portable Runtime (APR) based Native library for Tomcat</h2><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Table of Contents"><!--()--></a><a name="Table_of_Contents"><strong>Table of Contents</strong></a></font></td></tr><tr><td><blockquote>
Hongqing Liufd5ee812014-05-10 16:32:51 +0800[diff] [blame]7<ul><li><a href="#Introduction">Introduction</a></li><li><a href="#Installation">Installation</a><ol><li><a href="#Windows">Windows</a></li><li><a href="#Linux">Linux</a></li></ol></li><li><a href="#APR_Components">APR Components</a></li><li><a href="#APR_Lifecycle_Listener_Configuration">APR Lifecycle Listener Configuration</a><ol><li><a href="#AprLifecycleListener">AprLifecycleListener</a></li></ol></li><li><a href="#APR_Connectors_Configuration">APR Connectors Configuration</a><ol><li><a href="#HTTP">HTTP</a></li><li><a href="#HTTPS">HTTPS</a></li><li><a href="#AJP">AJP</a></li></ol></li></ul>
8</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
9
10 <p>
11 Tomcat can use the <a href="http://apr.apache.org/">Apache Portable Runtime</a> to
12 provide superior scalability, performance, and better integration with native server
13 technologies. The Apache Portable Runtime is a highly portable library that is at
14 the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced IO
15 functionality (such as sendfile, epoll and OpenSSL), OS level functionality (random number
16 generation, system status, etc), and native process handling (shared memory, NT
17 pipes and Unix sockets).
18 </p>
19
20 <p>
21 These features allows making Tomcat a general purpose webserver, will enable much better
22 integration with other native web technologies, and overall make Java much more viable as
23 a full fledged webserver platform rather than simply a backend focused technology.
24 </p>
25
26 </blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Installation"><strong>Installation</strong></a></font></td></tr><tr><td><blockquote>
27
28 <p>
29 APR support requires three main native components to be installed:
30 <ul>
31 <li>APR library</li>
32 <li>JNI wrappers for APR used by Tomcat (libtcnative)</li>
33 <li>OpenSSL libraries</li>
34 </ul>
35 </p>
36
37 <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Windows"><strong>Windows</strong></a></font></td></tr><tr><td><blockquote>
38
39 <p>
40 Windows binaries are provided for tcnative-1, which is a statically compiled .dll which includes
41 OpenSSL and APR. It can be downloaded from <a href="http://tomcat.apache.org/download-native.cgi">here</a>
42 as 32bit or AMD x86-64 binaries.
43 In security conscious production environments, it is recommended to use separate shared dlls
44 for OpenSSL, APR, and libtcnative-1, and update them as needed according to security bulletins.
45 Windows OpenSSL binaries are linked from the <a href="http://www.openssl.org">Official OpenSSL
46 website</a> (see related/binaries).
47 </p>
48
49 </blockquote></td></tr></table>
50
51 <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Linux"><strong>Linux</strong></a></font></td></tr><tr><td><blockquote>
52
53 <p>
54 Most Linux distributions will ship packages for APR and OpenSSL. The JNI wrapper (libtcnative) will
55 then have to be compiled. It depends on APR, OpenSSL, and the Java headers.
56 </p>
57
58 <p>
59 Requirements:
60 <ul>
61 <li>APR 1.2+ development headers (libapr1-dev package)</li>
62 <li>OpenSSL 0.9.7+ development headers (libssl-dev package)</li>
63 <li>JNI headers from Java compatible JDK 1.4+</li>
64 <li>GNU development environment (gcc, make)</li>
65 </ul>
66 </p>
67
68 <p>
69 The wrapper library sources are located in the Tomcat binary bundle, in the
70 <code>bin/tomcat-native.tar.gz</code> archive.
71 Once the build environment is installed and the source archive is extracted, the wrapper library
72 can be compiled using (from the folder containing the configure script):
73 <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>./configure &amp;&amp; make &amp;&amp; make install</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
74 </p>
75
76 </blockquote></td></tr></table>
77
78 </blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="APR Components"><!--()--></a><a name="APR_Components"><strong>APR Components</strong></a></font></td></tr><tr><td><blockquote>
79
80 <p>
81 Once the libraries are properly installed and available to Java (if loading fails, the library path
82 will be displayed), the Tomcat connectors will automatically use APR. Configuration of the connectors
83 is similar to the regular connectors, but have a few extra attributes which are used to configure
84 APR components. Note that the defaults should be well tuned for most use cases, and additional
85 tweaking shouldn't be required.
86 </p>
87
88 <p>
89 When APR is enabled, the following features are also enabled in Tomcat:
90 <ul>
91 <li>Secure session ID generation by default on all platforms (platforms other than Linux required
92 random number generation using a configured entropy)</li>
93 <li>OS level statistics on memory usage and CPU usage by the Tomcat process are displayed by
94 the status servlet</li>
95 </ul>
96 </p>
97
98 </blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="APR Lifecycle Listener Configuration"><!--()--></a><a name="APR_Lifecycle_Listener_Configuration"><strong>APR Lifecycle Listener Configuration</strong></a></font></td></tr><tr><td><blockquote>
99 <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="AprLifecycleListener"><strong>AprLifecycleListener</strong></a></font></td></tr><tr><td><blockquote>
Hongqing Liu71898292014-10-15 13:31:32 +0800[diff] [blame^]100 <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>SSLEngine</code></td><td align="left" valign="center">
Hongqing Liufd5ee812014-05-10 16:32:51 +0800[diff] [blame]101 <p>
102 Name of the SSLEngine to use. off: Do not use SSL, on: Use SSL but no specific ENGINE.
103 The default value is <b>on</b>.
104 This initializes the native SSL engine, then enable the use of this engine in the connector
105 using the <code>SSLEnabled</code> attribute. Example:
106 <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
107&lt;Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /&gt;
108 </pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
109 </p>
110 <p>See the <a href="http://www.openssl.org">Official OpenSSL
111 website</a> for more details on SSL hardware engines and manufacturers.
112 </p>
Hongqing Liu71898292014-10-15 13:31:32 +0800[diff] [blame^]113 </td></tr></table>
Hongqing Liufd5ee812014-05-10 16:32:51 +0800[diff] [blame]114 </blockquote></td></tr></table>
115 </blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="APR Connectors Configuration"><!--()--></a><a name="APR_Connectors_Configuration"><strong>APR Connectors Configuration</strong></a></font></td></tr><tr><td><blockquote>
116
117 <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="HTTP"><strong>HTTP</strong></a></font></td></tr><tr><td><blockquote>
118
119 <p>
120 When APR is enabled, the HTTP connector will use sendfile for handling large static files (all such
121 files will be sent asynchronously using high performance kernel level calls), and will use
122 a socket poller for keepalive, increasing scalability of the server.
123 </p>
124
125 <p>
126 The following attributes are supported in the HTTP APR connector in addition to the ones supported
127 in the regular HTTP connector:
128 </p>
129
130 <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>keepAliveTimeout</code></td><td align="left" valign="center">
131 <p>The number of milliseconds this <strong>Connector</strong> will wait for
132 another HTTP request before closing the connection.
133 The default value is to use the value that has been set for the
134 connectionTimeout attribute. This value also controls the timeout interval which
135 is used for Comet connections.</p>
136 </td></tr><tr><td align="left" valign="center"><code>pollTime</code></td><td align="left" valign="center">
137 <p>Duration of a poll call. Lowering this value will slightly decrease latency of connections
138 being kept alive in some cases, but will use more CPU as more poll calls are being made. The
139 default value is 2000 (5ms).</p>
140 </td></tr><tr><td align="left" valign="center"><code>pollerSize</code></td><td align="left" valign="center">
141 <p>Amount of sockets that the poller responsible for polling kept alive connections can hold at a
142 given time. Extra connections will be closed right away. The default value is 8192, corresponding to
143 8192 keepalive connections.</p>
144 </td></tr><tr><td align="left" valign="center"><code>pollerThreadCount</code></td><td align="left" valign="center">
145 <p>Number of threads used to poll kept alive connections. On Windows the
146 default is chosen so that the sockets managed by each thread is
147 less than 1024. For Linux the default is 1. Changing the default on
148 Windows is likely to have a negative performance impact.</p>
149 </td></tr><tr><td align="left" valign="center"><code>useSendfile</code></td><td align="left" valign="center">
150 <p>Use kernel level sendfile for certain static files. The default value is true.</p>
151 </td></tr><tr><td align="left" valign="center"><code>sendfileSize</code></td><td align="left" valign="center">
152 <p>Amount of sockets that the poller responsible for sending static files asynchronously can hold
153 at a given time. Extra connections will be closed right away without any data being sent
154 (resulting in a zero length file on the client side). Note that in most cases, sendfile is a call
155 that will return right away (being taken care of "synchronously" by the kernel), and the sendfile
156 poller will not be used, so the amount of static files which can be sent concurrently is much larger
157 than the specified amount. The default value is 1024.</p>
158 </td></tr><tr><td align="left" valign="center"><code>sendFileThreadCount</code></td><td align="left" valign="center">
159 <p>Number of threads used service sendfile sockets. On Windows the
160 default is chosen so that the sockets managed by each thread is
161 less than 1024. For Linux the default is 1. Changing the default on
162 Windows is likely to have a negative performance impact.</p>
163 </td></tr></table>
164
165 </blockquote></td></tr></table>
166
167 <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="HTTPS"><strong>HTTPS</strong></a></font></td></tr><tr><td><blockquote>
168
169 <p>
170 When APR is enabled, the HTTPS connector will use a socket poller for keepalive, increasing
171 scalability of the server. It also uses OpenSSL, which may be more optimized than JSSE depending
172 on the processor being used, and can be complemented with many commercial accelerator components.
173 Unlike the HTTP connector, the HTTPS connector cannot use sendfile to optimize static file
174 processing.
175 </p>
176
177 <p>
178 The HTTPS APR connector has the same basic attributes than the HTTP APR connector, but adds
179 OpenSSL specific ones. For the full details on using OpenSSL, please refer to OpenSSL documentations
180 and the many books available for it (see the <a href="http://www.openssl.org">Official OpenSSL
181 website</a>). The SSL specific attributes for the connector are:
182 </p>
183
184 <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>SSLEnabled</code></td><td align="left" valign="center">
185 <p>
186 Enable SSL on the socket, default value is false. Set this value to true
187 to enable SSL handshake/encryption/decryption in the APR connector.
188 </p>
189 </td></tr><tr><td align="left" valign="center"><code>SSLProtocol</code></td><td align="left" valign="center">
190 <p>
191 Protocol which may be used for communicating with clients. The default
192 value is <code>all</code>, with other acceptable values being <code>SSLv2</code>,
193 <code>SSLv3</code>, <code>TLSv1</code> and <code>SSLv2+SSLv3</code>.
194 Starting with version 1.1.21 of the Tomcat native
195 library any combination of the three protocols concatenated with a
196 plus sign will be supported. Note that the protocol <code>SSLv2</code>
197 is inherently unsafe.
198 </p>
199 </td></tr><tr><td align="left" valign="center"><code>SSLCipherSuite</code></td><td align="left" valign="center">
200 <p>
201 Ciphers which may be used for communicating with clients. The default is "ALL", with
202 other acceptable values being a list of ciphers, with ":" used as the delimiter
203 (see OpenSSL documentation for the list of ciphers supported).
204 </p>
205 </td></tr><tr><td align="left" valign="center"><strong><code>SSLCertificateFile</code></strong></td><td align="left" valign="center">
206 <p>
207 Name of the file that contains the server certificate. The format is PEM-encoded.
208 </p>
209 </td></tr><tr><td align="left" valign="center"><code>SSLCertificateKeyFile</code></td><td align="left" valign="center">
210 <p>
211 Name of the file that contains the server private key. The format is PEM-encoded.
212 The default value is the value of "SSLCertificateFile" and in this case both certificate
213 and private key have to be in this file (NOT RECOMMENDED).
214 </p>
215 </td></tr><tr><td align="left" valign="center"><code>SSLDisableCompression</code></td><td align="left" valign="center">
216 <p>Disables compression if set to <code>true</code> and OpenSSL supports
217 disabling compression. Default is <code>false</code> which inherits the
218 default compression setting in OpenSSL.</p>
219 </td></tr><tr><td align="left" valign="center"><code>SSLHonorCipherOrder</code></td><td align="left" valign="center">
220 <p>Set to <code>true</code> to enforce the server's cipher order
221 (from the <code>SSLCipherSuite</code> setting) instead of allowing
222 the client to choose the cipher (which is the default).</p>
223 </td></tr><tr><td align="left" valign="center"><code>SSLPassword</code></td><td align="left" valign="center">
224 <p>
225 Pass phrase for the encrypted private key. If "SSLPassword" is not provided, the callback function
226 should prompt for the pass phrase.
227 </p>
228 </td></tr><tr><td align="left" valign="center"><code>SSLVerifyClient</code></td><td align="left" valign="center">
229 <p>
230 Ask client for certificate. The default is "none", meaning the client will not have the opportunity
231 to submit a certificate. Other acceptable values include "optional", "require" and "optionalNoCA".
232 </p>
233 </td></tr><tr><td align="left" valign="center"><code>SSLVerifyDepth</code></td><td align="left" valign="center">
234 <p>
235 Maximum verification depth for client certificates. The default is "10".
236 </p>
237 </td></tr><tr><td align="left" valign="center"><code>SSLCACertificateFile</code></td><td align="left" valign="center">
238 <p>
239 See <a href="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatefile">the mod_ssl documentation</a>.
240 </p>
241 </td></tr><tr><td align="left" valign="center"><code>SSLCACertificatePath</code></td><td align="left" valign="center">
242 <p>
243 See <a href="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatepath">the mod_ssl documentation</a>.
244 </p>
245 </td></tr><tr><td align="left" valign="center"><code>SSLCertificateChainFile</code></td><td align="left" valign="center">
246 <p>
247 See <a href="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile">the mod_ssl documentation</a>.
248 </p>
249 </td></tr><tr><td align="left" valign="center"><code>SSLCARevocationFile</code></td><td align="left" valign="center">
250 <p>
251 See <a href="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcarevocationfile">the mod_ssl documentation</a>.
252 </p>
253 </td></tr><tr><td align="left" valign="center"><code>SSLCARevocationPath</code></td><td align="left" valign="center">
254 <p>
255 See <a href="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcarevocationpath">the mod_ssl documentation</a>.
256 </p>
257 </td></tr></table>
258
259 <p>
260 An example SSL Connector declaration can be:
261 <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
262 &lt;Connector port="443" maxHttpHeaderSize="8192"
263 maxThreads="150"
264 enableLookups="false" disableUploadTimeout="true"
265 acceptCount="100" scheme="https" secure="true"
266 SSLEnabled="true"
267 SSLCertificateFile="${catalina.base}/conf/localhost.crt"
268 SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" /&gt;</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
269 </p>
270
271 </blockquote></td></tr></table>
272
273 <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="AJP"><strong>AJP</strong></a></font></td></tr><tr><td><blockquote>
274
275 <p>
276 When APR is enabled, the AJP connector will use a socket poller for keepalive, increasing
277 scalability of the server. As AJP is designed around a pool of persistent (or almost
278 persistent) connections, this will reduce significantly the amount of processing threads
279 needed by Tomcat. Unlike the HTTP connector, the AJP connector cannot use sendfile to optimize
280 static file processing.
281 </p>
282
283 <p>
284 The following attributes are supported in the AJP APR connector in addition to the ones supported
285 in the regular AJP connector:
286 </p>
287
288 <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>pollTime</code></td><td align="left" valign="center">
289 <p>Duration of a poll call. Lowering this value will slightly decrease latency of connections
290 being kept alive in some cases, but will use more CPU as more poll calls are being made. The
291 default value is 2000 (5ms).</p>
292 </td></tr><tr><td align="left" valign="center"><code>pollerSize</code></td><td align="left" valign="center">
293 <p>Amount of sockets that the poller responsible for polling kept alive connections can hold at a
294 given time. Extra connections will be closed right away. The default value is 8192, corresponding to
295 8192 keepalive connections.</p>
296 </td></tr></table>
297
298 </blockquote></td></tr></table>
299
300 </blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><!--PAGE FOOTER--><tr><td colspan="2"><div align="center"><font color="#525D76" size="-1"><em>
301 Copyright &copy; 1999-2014, Apache Software Foundation
302 </em></font></div></td></tr></table></body></html>