Menu
This is the connector in server.xml:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150"
SSLEnabled="true"
scheme="https"
compression="off"
connectionTimeout="1190"
address="0.0.0.0"
>
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="/etc/ssl/certs/private.key"
certificateFile="/etc/ssl/certs/public.pem"
/>
</SSLHostConfig>
</Connector>
The goal with this connector is speed with HTTP2 and APR, along with HTTPS.
We installed tomcat native using the OS package tomcat-native.
Log output on startup:
INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library [1.2.16] using APR version [1.6.3].
INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
Everything looks great, except for the useAprConnector [false]
So is APR actually doing anything?
I can't find anything in the relevant documentation:
https://tomcat.apache.org/tomcat-8.0-doc/config/http.html#SSL_Support
https://tomcat.apache.org/tomcat-8.0-doc/apr.html
421
The Apache Portable Runtime (APR) is used by Tomcat to provide a number of enhanced features and performance. For example, the APR needs to be present in order to get the increased performance provided by OpenSSL for HTTPS.
Most common issue with Tomcat note starting is that Java is not configured properly, user trying to start Tomcat does not have permissions to do so, or another program is using port 8080 on that server.
connectionTimeout. The number of milliseconds this Connector will wait, after accepting a connection, for the request URI line to be presented. Use a value of -1 to indicate no (i.e. infinite) timeout. The default value is 60000 (i.e. 60 seconds) but note that the standard server.
The current default in Tomcat 8.5 is to use the Java NIO connector with OpenSSL as the crypto engine. libtcnative is still required, which requires libapr, but the "APR Connector" itself is not being used.
That means that Tomcat is using a pure-Java connector with the OpenSSL engine for crypto. You get the benefits of OpenSSL's speed without some of the downsides of the APR connector itself.
IMO this is the best configuration option available to you, so you should leave it unless you have a compelling reason to use the APR connector explicitly.
If you really want to use the APR connector, then you will need to set the useAprConnector attribute on your AprLifecycleListener to true.
120
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
