Tomcat apr和tomcat-native

2015-1-22 9:53:25 org.apache.catalina.core.AprLifecycleListener init
信息: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files (x86)\Java\jdk1.6.0_13\bin;C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin
2015-1-22 9:53:25 org.apache.coyote.http11.Http11Protocol init
信息: Initializing Coyote HTTP/1.1 on http-8080
2015-1-22 9:53:25 org.apache.tomcat.util.net.jsse.JSSESocketFactory getKeystore
严重: Failed to load keystore type PKCS12 with path D:\\home\\tomcat.keystore due to DerInputStream.getLength(): lengthTag=109, too big.
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:544)
at sun.security.util.DerValue.init(DerValue.java:346)
at sun.security.util.DerValue.<init>(DerValue.java:302)
at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1200)
at java.security.KeyStore.load(KeyStore.java:1185)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:412)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:296)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:544)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:180)
at org.apache.catalina.connector.Connector.initialize(Connector.java:1123)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
2015-1-22 9:53:25 org.apache.coyote.http11.Http11Protocol init
严重: Error initializing endpoint
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:544)
at sun.security.util.DerValue.init(DerValue.java:346)
at sun.security.util.DerValue.<init>(DerValue.java:302)
at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1200)
at java.security.KeyStore.load(KeyStore.java:1185)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:412)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:296)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:544)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:180)
at org.apache.catalina.connector.Connector.initialize(Connector.java:1123)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
2015-1-22 9:53:25 org.apache.catalina.core.StandardService initialize
严重: Failed to initialize connector [Connector[HTTP/1.1-8443]]
LifecycleException:  Protocol handler initialization failed: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at org.apache.catalina.connector.Connector.initialize(Connector.java:1125)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
2015-1-22 9:53:25 org.apache.catalina.startup.Catalina load
信息: Initialization processed in 350 ms
2015-1-22 9:53:25 org.apache.catalina.core.StandardService start
信息: Starting service Catalina
2015-1-22 9:53:25 org.apache.catalina.core.StandardEngine start
信息: Starting Servlet Engine: Apache Tomcat/6.0.36
2015-1-22 9:53:25 org.apache.catalina.startup.HostConfig deployDescriptor
信息: Deploying configuration descriptor manager.xml
2015-1-22 9:53:25 org.apache.catalina.startup.HostConfig deployDirectory
信息: Deploying web application directory backsite
2015-1-22 9:53:26 org.apache.catalina.startup.HostConfig deployDirectory
信息: Deploying web application directory docs
2015-1-22 9:53:26 org.apache.catalina.startup.HostConfig deployDirectory
信息: Deploying web application directory ROOT
2015-1-22 9:53:26 org.apache.coyote.http11.Http11Protocol start
信息: Starting Coyote HTTP/1.1 on http-8080
2015-1-22 9:53:26 org.apache.tomcat.util.net.jsse.JSSESocketFactory getKeystore
严重: Failed to load keystore type PKCS12 with path D:\\home\\tomcat.keystore due to DerInputStream.getLength(): lengthTag=109, too big.
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:544)
at sun.security.util.DerValue.init(DerValue.java:346)
at sun.security.util.DerValue.<init>(DerValue.java:302)
at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1200)
at java.security.KeyStore.load(KeyStore.java:1185)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:412)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:296)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:544)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565)
at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:207)
at org.apache.catalina.connector.Connector.start(Connector.java:1196)
at org.apache.catalina.core.StandardService.start(StandardService.java:540)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
2015-1-22 9:53:26 org.apache.coyote.http11.Http11Protocol start
严重: Error starting endpoint
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:544)
at sun.security.util.DerValue.init(DerValue.java:346)
at sun.security.util.DerValue.<init>(DerValue.java:302)
at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1200)
at java.security.KeyStore.load(KeyStore.java:1185)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:412)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:296)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:544)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565)
at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:207)
at org.apache.catalina.connector.Connector.start(Connector.java:1196)
at org.apache.catalina.core.StandardService.start(StandardService.java:540)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
2015-1-22 9:53:26 org.apache.catalina.core.StandardService start
严重: Failed to start connector [Connector[HTTP/1.1-8443]]
LifecycleException:  service.getName(): "Catalina";  Protocol handler start failed: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at org.apache.catalina.connector.Connector.start(Connector.java:1203)
at org.apache.catalina.core.StandardService.start(StandardService.java:540)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
2015-1-22 9:53:26 org.apache.jk.common.ChannelSocket init
信息: JK: ajp13 listening on /0.0.0.0:8009
2015-1-22 9:53:26 org.apache.jk.server.JkMain start
信息: Jk running ID=0 time=0/0  config=null
2015-1-22 9:53:26 org.apache.catalina.startup.Catalina start
信息: Server startup in 1060 ms

http://www.linuxidc.com/Linux/2012-06/62254.htm

申请完证书（见http://www.linuxidc.com/Linux/2012-06/62253p2.htm），配置到tomcat（Windwos下）启动时报错

1. Connector attribute SSLCertificateFile must be defined when using SSL with APR  

通过查看tomcat7/webapps/docs/apr.html文件，添加了

SSLCertificateFile和SSLCertificateKeyFile两个参数的设置。

在Windows下tomcat可以正常启动，但在Linux下却不能启动，启动报错：

java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.  

对比了下两者的日志，发现windows下的tomcat的ProtocolHandler 是["http-apr-9443"]linux下的是["http-bio-9443"]
然后就去查查bio和apr到底是什么，查资料发现这是tomcat的运行模式，有三种，分别是：bio、nio和apr，下面介绍下三种模式。

bio 
默认的模式 blocking IO,性能非常低下,没有经过任何优化处理和支持.

nio 
利用java的异步io护理技术,no blocking IO技术。性能得到初步优化但与apr相比,还是有一些差距。

apr 
安装起来最困难,但是从操作系统级别来解决异步的IO问题,大幅度的提高性能。必须要安装apr和tomcat native，直接启动就支持apr。

原来是因为linux下没有安装apr和tomcat-native导致tomcat使用默认的bio模式启动。那就安装这两个东西呗。安装完后就可以启动了。

启动后发现ie，chrome。。。这些都可以识别证书，但firefox不信任，又是一番google，原来是没有配置好，firefox需要把startssl的根证书和sub class1的证书附上，因为是他们把证书颁发给你，firefox需要这张证书才认识你的证书。OK，问题解决。

关于整个详细配置过程，在这篇文章（http://www.linuxidc.com/Linux/2012-06/62253.htm）中给出。

参考资料：
HTTPS APR/native connector参数说明
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html

http://blog.csdn.net/xusongsong520/article/details/8009696

在启动tomcat的时候发现日志里有这么个奇怪的东西:信息: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files\Java\jre1.6.0_05\bin;D:\java\apache-tomcat-6.0.16\bin实际上是tomcat建议使用apache的apr,解决办法：是把tcnative-1.dll文件放至 Tomcat 6.0\bin 目录下,链接地址:http://tomcat.heanet.ie/native/1.1.10/binaries/win32/tcnative- 1.dll


转自http://wangxuan137450.blog.163.com/blog/static/11122469620104163315842/


------------------------------------------------------------------------------
我自己注：我出这个问题是在使用eclipse开发使用jndi和dbcp连mysql的测试例子的时候，在启动tomcat的时候报的这个错，那个文件已经在我的tomcat下了，只需要在环境变量中的path中，加上tomcat的bin目录就不会报这个信息了。还有就是其实这个东西就是tomcat 官网上下载中的tomcat native。

-------------------------------

哦，这个问题，官方的参考资料是：http://tomcat.apache.org/tomcat-6.0-doc/apr.html
tomcat整合本地apr会使效率提升：
一是，处理静态资源的时候速度更快，（注：有人用jmeter，对使用apr前后的tomcat进行压力测试，结果显示，性能是有一定的提升，但是没有想象中多，只有一点点，当然，这与运行的逻辑有关，但是我个人认为在大多数情况下这部分性能提升甚微）。
二是，我认为提升比较多的是对ssl的处理效率，当tomcat处理https的请求是，如果使用本地的openssl库，肯定会比前面提升的效率高。（虽然没有实际测试数据，但我推测这里的性能提升比例上要比第一点多得多）。

运行本地apr，需要一下三个库：
  * APR library
  * JNI wrappers for APR used by Tomcat (libtcnative)
  * OpenSSL libraries

补充一下，其实这个并不是eclipse或者是myeclipse的问题，而是tomcat本身一个调用本地库的提高运行效率的特性。tomcat没有找到相应的本地库，提示一下而已。

 

---------------------------------

D:\JAVA\apache-tomcat-6.0.26\conf\Catalina\localhost目录下的一个自己程序生成一个配置文件。
我删除这个配置文件后就不能运行了也报上面的错误，我问题解决是在项目--属性--tomcat 里面的is a tomcat project 那个钩取消再重新勾上后点击下面的OK退出再运行就好了

------------------------------------

在启动tomcat的时候发现日志里有这么个奇怪的东西:信息: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files\Java\jre1.6.0_05\bin;D:\java\apache-tomcat-6.0.16\bin

开始以为是错误,后来才知道这个实际上是tomcat建议使用apache的apr

在baidu里找了下apr有关的资料如下:

APR(Apache portable Run-time libraries，Apache可移植运行库)的目的如其名称一样，主要为上层的应用程序提供一个可以跨越多操作系统平台使用的底层支持接口库。
在早期的Apache版本中，应用程序本身必须能够处理各种具体操作系统平台的细节，并针对不同的平台调用不同的处理函数。随着Apache的进一步开发，Apache组织决定将这些通用的函数独立出来并发展成为一个新的项目。这样，APR的开发就从Apache中独立出来，Apache仅仅是使用APR而已。
目前APR主要还是由Apache使用，不过由于APR的较好的移植性，因此一些需要进行移植的C程序也开始使用APR，开源项目比如Flood loader tester(http://httpd.apache.org/test/flood/，该项目用于服务器压力测试，不仅仅适用于Apache)、FreeSwitch(www.freeswitch.org)，JXTA-C(http://jxta-c.jxta.org,C版本的JXTA点对点平台实现)；商业的项目则包括Blogline(http://www.bloglines.com/，covalent(http://www.covalent.net)等等。 APR使得平台细节的处理进行下移。对于应用程序而言，它们根本就不需要考虑具体的平台，不管是Unix、Linux还是Window，应用程序执行的接口基本都是统一一致的。因此对于APR而言，可移植性和统一的上层接口是其考虑的一个重点。而APR最早的目的并不是如此，它最早只是希望将Apache中用到的所有代码合并为一个通用的代码库，然而这不是一个正确的策略，因此后来APR改变了其目标。有的时候使用公共代码并不是一件好事，比如如何将一个请求映射到线程或者进程是平台相关的，因此仅仅一个公共的代码库并不能完成这种区分。
APR的目标则是希望安全合并所有的能够合并的代码而不需要牺牲性能。 APR的最早的一个目标就是为所有的平台(不是部分)提供一个公共的统一操作函数接口，这是一个非常了不起的目的，当然也是不现实的一个目标。我们不可能支持所有平台的所有特征，因此APR目前只能为大多数平台提供所有的APR特性支持，包括Win32、OS/2、BeOS、Darwin、Linux等等。为了能够实现这个目标，APR开发者必须为那些不能运行于所有平台的特性创建了一系列的特征宏(FEATURE MACROS)以在各个平台之间区分这些特征。这些特征宏定义非常简单，通常如下： APR_HAS_FEATURE 如果某个平台具有这个特性，则该宏必须设置为true，比如Linux和window都具有内存映射文件，同时APR提供了内存映射文件的操作接口，因此在这两个平台上，APR_HAS_MMAP宏必须设置，同时ap_mmap_*函数应该将磁盘文件映射为内存并返回适当的状态码。如果你的操作系统并不支持内存映射，那么APR_HAS_MMAP必须设置为0，而且所有的ap_mmap_*函数也可以不需要定义。第二步就是对于那些在程序中使用了不支持的函数必须提出警告。
APR中支持的基本类型
文件夹名称                         描述 
atomic/srclib/apr/atomic           原子操作 
dso/srclib/apr/dso                 动态加载共享库 
fileio/srclib/apr/file_io       文件IO处理 
mmap/srclib/apr/mmap             内存映射文件 
locks/srclib/apr/locks          进程和线程互斥锁 
memory/srclib/apr/memory           内存池操作 
network_io/srclib/apr/network_io 网络IO处理 
poll/srclib/apr/poll             轮询IO
table/srclib/apr/tables          Apache数组(堆栈)和表格以及哈希表 
process /srclib/apr/threadproc     进程和线程操作 
user /srclib/apr/user              用户和用户组操作 
time /srclib/apr/time              时间操作 
string/srclib/apr/strings       字符串操作 
password /srclib/apr/passwd        终端密码处理 
misc /srclib/apr/misc              大杂烩，不属于其余类的任何apr类型都可以放在里面 
shmem /srclib/apr/shmem          共享内存 
random /srclib/apr/random       随机数生成库

其实这个不用鸟他,如果要解决也可以,好像是下个什么dll文件放到system32下面去

http://tomcat.apache.org/tomcat-6.0-doc/apr.html#Windows

Table of Contents

Introduction Installation Windows Linux APR Components APR Lifecycle Listener Configuration AprLifecycleListener APR Connectors Configuration HTTP HTTPS AJP

Introduction

Tomcat can use the Apache Portable Runtime to provide superior scalability, performance, and better integration with native server technologies. The Apache Portable Runtime is a highly portable library that is at the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced IO functionality (such as sendfile, epoll and OpenSSL), OS level functionality (random number generation, system status, etc), and native process handling (shared memory, NT pipes and Unix sockets). These features allows making Tomcat a general purpose webserver, will enable much better integration with other native web technologies, and overall make Java much more viable as a full fledged webserver platform rather than simply a backend focused technology.

Installation

APR support requires three main native components to be installed: APR library JNI wrappers for APR used by Tomcat (libtcnative) OpenSSL libraries Windows Windows binaries are provided for tcnative-1, which is a statically compiled .dll which includes OpenSSL and APR. It can be downloaded from here as 32bit or AMD x86-64 binaries. In security conscious production environments, it is recommended to use separate shared dlls for OpenSSL, APR, and libtcnative-1, and update them as needed according to security bulletins. Windows OpenSSL binaries are linked from the Official OpenSSL website (see related/binaries). Linux Most Linux distributions will ship packages for APR and OpenSSL. The JNI wrapper (libtcnative) will then have to be compiled. It depends on APR, OpenSSL, and the Java headers. Requirements: APR 1.2+ development headers (libapr1-dev package) OpenSSL 0.9.7+ development headers (libssl-dev package) JNI headers from Java compatible JDK 1.4+ GNU development environment (gcc, make) The wrapper library sources are located in the Tomcat binary bundle, in the bin/tomcat-native.tar.gz archive. Once the build environment is installed and the source archive is extracted, the wrapper library can be compiled using (from the folder containing the configure script): ./configure && make && make install

APR Components

Once the libraries are properly installed and available to Java (if loading fails, the library path will be displayed), the Tomcat connectors will automatically use APR. Configuration of the connectors is similar to the regular connectors, but have a few extra attributes which are used to configure APR components. Note that the defaults should be well tuned for most use cases, and additional tweaking shouldn't be required. When APR is enabled, the following features are also enabled in Tomcat: Secure session ID generation by default on all platforms (platforms other than Linux required random number generation using a configured entropy) OS level statistics on memory usage and CPU usage by the Tomcat process are displayed by the status servlet

APR Lifecycle Listener Configuration

AprLifecycleListener Attribute Description SSLEngine Name of the SSLEngine to use. off: Do not use SSL, on: Use SSL but no specific ENGINE. The default value is on. This initializes the native SSL engine, then enable the use of this engine in the connector using the SSLEnabled attribute. Example: <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> See the Official OpenSSL website for more details on SSL hardware engines and manufacturers.

APR Connectors Configuration

HTTP When APR is enabled, the HTTP connector will use sendfile for handling large static files (all such files will be sent asynchronously using high performance kernel level calls), and will use a socket poller for keepalive, increasing scalability of the server. The following attributes are supported in the HTTP APR connector in addition to the ones supported in the regular HTTP connector: Attribute Description keepAliveTimeout The number of milliseconds this Connector will wait for another HTTP request before closing the connection. The default value is to use the value that has been set for the connectionTimeout attribute. This value also controls the timeout interval which is used for Comet connections. pollTime Duration of a poll call. Lowering this value will slightly decrease latency of connections being kept alive in some cases, but will use more CPU as more poll calls are being made. The default value is 2000 (5ms). pollerSize Amount of sockets that the poller responsible for polling kept alive connections can hold at a given time. Extra connections will be closed right away. The default value is 8192, corresponding to 8192 keepalive connections. pollerThreadCount Number of threads used to poll kept alive connections. On Windows the default is chosen so that the sockets managed by each thread is less than 1024. For Linux the default is 1. Changing the default on Windows is likely to have a negative performance impact. useSendfile Use kernel level sendfile for certain static files. The default value is true. sendfileSize Amount of sockets that the poller responsible for sending static files asynchronously can hold at a given time. Extra connections will be closed right away without any data being sent (resulting in a zero length file on the client side). Note that in most cases, sendfile is a call that will return right away (being taken care of "synchronously" by the kernel), and the sendfile poller will not be used, so the amount of static files which can be sent concurrently is much larger than the specified amount. The default value is 1024. sendFileThreadCount Number of threads used service sendfile sockets. On Windows the default is chosen so that the sockets managed by each thread is less than 1024. For Linux the default is 1. Changing the default on Windows is likely to have a negative performance impact. HTTPS When APR is enabled, the HTTPS connector will use a socket poller for keepalive, increasing scalability of the server. It also uses OpenSSL, which may be more optimized than JSSE depending on the processor being used, and can be complemented with many commercial accelerator components. Unlike the HTTP connector, the HTTPS connector cannot use sendfile to optimize static file processing. The HTTPS APR connector has the same basic attributes than the HTTP APR connector, but adds OpenSSL specific ones. For the full details on using OpenSSL, please refer to OpenSSL documentations and the many books available for it (see theOfficial OpenSSL website). The SSL specific attributes for the connector are: Attribute Description SSLEnabled Enable SSL on the socket, default value is false. Set this value to true to enable SSL handshake/encryption/decryption in the APR connector. SSLProtocol Protocol which may be used for communicating with clients. The default value is all, which is equivalent to TLSv1 with other acceptable values being SSLv2, SSLv3, TLSv1, TLSv1.1*, and TLSv1.2*. Starting with version 1.1.21 of the Tomcat native library any combination of these protocols concatenated with a plus sign is be supported. Note that both protocols SSLv2 and SSLv3 are inherently unsafe.  * The use of TLSv1.1 and TLSv1.2 require Tomcat native v1.1.32 or higher. SSLCipherSuite Ciphers which may be used for communicating with clients. The default is "ALL", with other acceptable values being a list of ciphers, with ":" used as the delimiter (see OpenSSL documentation for the list of ciphers supported). SSLCertificateFile Name of the file that contains the server certificate. The format is PEM-encoded. SSLCertificateKeyFile Name of the file that contains the server private key. The format is PEM-encoded. The default value is the value of "SSLCertificateFile" and in this case both certificate and private key have to be in this file (NOT RECOMMENDED). SSLDisableCompression Disables compression if set to true and OpenSSL supports disabling compression. Default is falsewhich inherits the default compression setting in OpenSSL. SSLHonorCipherOrder Set to true to enforce the server's cipher order (from the SSLCipherSuite setting) instead of allowing the client to choose the cipher (which is the default). SSLPassword Pass phrase for the encrypted private key. If "SSLPassword" is not provided, the callback function should prompt for the pass phrase. SSLVerifyClient Ask client for certificate. The default is "none", meaning the client will not have the opportunity to submit a certificate. Other acceptable values include "optional", "require" and "optionalNoCA". SSLVerifyDepth Maximum verification depth for client certificates. The default is "10". SSLCACertificateFile See the mod_ssl documentation. SSLCACertificatePath See the mod_ssl documentation. SSLCertificateChainFile See the mod_ssl documentation. SSLCARevocationFile See the mod_ssl documentation. SSLCARevocationPath See the mod_ssl documentation. An example SSL Connector declaration can be: <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" SSLCertificateFile="${catalina.base}/conf/localhost.crt" SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" /> AJP When APR is enabled, the AJP connector will use a socket poller for keepalive, increasing scalability of the server. As AJP is designed around a pool of persistent (or almost persistent) connections, this will reduce significantly the amount of processing threads needed by Tomcat. Unlike the HTTP connector, the AJP connector cannot use sendfile to optimize static file processing. The following attributes are supported in the AJP APR connector in addition to the ones supported in the regular AJP connector: Attribute Description pollTime Duration of a poll call. Lowering this value will slightly decrease latency of connections being kept alive in some cases, but will use more CPU as more poll calls are being made. The default value is 2000 (5ms). pollerSize Amount of sockets that the poller responsible for polling kept alive connections can hold at a given time. Extra connections will be closed right away. The default value is 8192, corresponding to 8192 keepalive connections.

来源：oschina

链接：https://my.oschina.net/u/1252623/blog/370475