Tomcat apr和tomcat-native

2015-1-22 9:53:25 org.apache.catalina.core.AprLifecycleListener init
信息: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files (x86)\Java\jdk1.6.0_13\bin;C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin
2015-1-22 9:53:25 org.apache.coyote.http11.Http11Protocol init
信息: Initializing Coyote HTTP/1.1 on http-8080
2015-1-22 9:53:25 org.apache.tomcat.util.net.jsse.JSSESocketFactory getKeystore
嚴重: Failed to load keystore type PKCS12 with path D:\\home\\tomcat.keystore due to DerInputStream.getLength(): lengthTag=109, too big.
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:544)
at sun.security.util.DerValue.init(DerValue.java:346)
at sun.security.util.DerValue.<init>(DerValue.java:302)
at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1200)
at java.security.KeyStore.load(KeyStore.java:1185)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:412)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:296)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:544)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:180)
at org.apache.catalina.connector.Connector.initialize(Connector.java:1123)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
2015-1-22 9:53:25 org.apache.coyote.http11.Http11Protocol init
嚴重: Error initializing endpoint
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:544)
at sun.security.util.DerValue.init(DerValue.java:346)
at sun.security.util.DerValue.<init>(DerValue.java:302)
at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1200)
at java.security.KeyStore.load(KeyStore.java:1185)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:412)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:296)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:544)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:180)
at org.apache.catalina.connector.Connector.initialize(Connector.java:1123)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
2015-1-22 9:53:25 org.apache.catalina.core.StandardService initialize
嚴重: Failed to initialize connector [Connector[HTTP/1.1-8443]]
LifecycleException:  Protocol handler initialization failed: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at org.apache.catalina.connector.Connector.initialize(Connector.java:1125)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
2015-1-22 9:53:25 org.apache.catalina.startup.Catalina load
信息: Initialization processed in 350 ms
2015-1-22 9:53:25 org.apache.catalina.core.StandardService start
信息: Starting service Catalina
2015-1-22 9:53:25 org.apache.catalina.core.StandardEngine start
信息: Starting Servlet Engine: Apache Tomcat/6.0.36
2015-1-22 9:53:25 org.apache.catalina.startup.HostConfig deployDescriptor
信息: Deploying configuration descriptor manager.xml
2015-1-22 9:53:25 org.apache.catalina.startup.HostConfig deployDirectory
信息: Deploying web application directory backsite
2015-1-22 9:53:26 org.apache.catalina.startup.HostConfig deployDirectory
信息: Deploying web application directory docs
2015-1-22 9:53:26 org.apache.catalina.startup.HostConfig deployDirectory
信息: Deploying web application directory ROOT
2015-1-22 9:53:26 org.apache.coyote.http11.Http11Protocol start
信息: Starting Coyote HTTP/1.1 on http-8080
2015-1-22 9:53:26 org.apache.tomcat.util.net.jsse.JSSESocketFactory getKeystore
嚴重: Failed to load keystore type PKCS12 with path D:\\home\\tomcat.keystore due to DerInputStream.getLength(): lengthTag=109, too big.
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:544)
at sun.security.util.DerValue.init(DerValue.java:346)
at sun.security.util.DerValue.<init>(DerValue.java:302)
at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1200)
at java.security.KeyStore.load(KeyStore.java:1185)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:412)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:296)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:544)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565)
at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:207)
at org.apache.catalina.connector.Connector.start(Connector.java:1196)
at org.apache.catalina.core.StandardService.start(StandardService.java:540)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
2015-1-22 9:53:26 org.apache.coyote.http11.Http11Protocol start
嚴重: Error starting endpoint
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:544)
at sun.security.util.DerValue.init(DerValue.java:346)
at sun.security.util.DerValue.<init>(DerValue.java:302)
at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1200)
at java.security.KeyStore.load(KeyStore.java:1185)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:412)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:296)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:544)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565)
at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:207)
at org.apache.catalina.connector.Connector.start(Connector.java:1196)
at org.apache.catalina.core.StandardService.start(StandardService.java:540)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
2015-1-22 9:53:26 org.apache.catalina.core.StandardService start
嚴重: Failed to start connector [Connector[HTTP/1.1-8443]]
LifecycleException:  service.getName(): "Catalina";  Protocol handler start failed: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at org.apache.catalina.connector.Connector.start(Connector.java:1203)
at org.apache.catalina.core.StandardService.start(StandardService.java:540)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
2015-1-22 9:53:26 org.apache.jk.common.ChannelSocket init
信息: JK: ajp13 listening on /0.0.0.0:8009
2015-1-22 9:53:26 org.apache.jk.server.JkMain start
信息: Jk running ID=0 time=0/0  config=null
2015-1-22 9:53:26 org.apache.catalina.startup.Catalina start
信息: Server startup in 1060 ms

http://www.linuxidc.com/Linux/2012-06/62254.htm

申請完證書（見http://www.linuxidc.com/Linux/2012-06/62253p2.htm），配置到tomcat（Windwos下）啓動時報錯

1. Connector attribute SSLCertificateFile must be defined when using SSL with APR  

經過查看tomcat7/webapps/docs/apr.html文件，添加了

SSLCertificateFile和SSLCertificateKeyFile兩個參數的設置。

在Windows下tomcat能夠正常啓動，但在Linux下卻不能啓動，啓動報錯：

java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.  

對比了下二者的日誌，發現windows下的tomcat的ProtocolHandler 是["http-apr-9443"]linux下的是["http-bio-9443"]
而後就去查查bio和apr究竟是什麼，查資料發現這是tomcat的運行模式，有三種，分別是：bio、nio和apr，下面介紹下三種模式。

bio 
默認的模式 blocking IO,性能很是低下,沒有通過任何優化處理和支持.

nio 
利用java的異步io護理技術,no blocking IO技術。性能獲得初步優化但與apr相比,仍是有一些差距。

apr 
安裝起來最困難,可是從操做系統級別來解決異步的IO問題,大幅度的提升性能。必需要安裝apr和tomcat native，直接啓動就支持apr。

原來是由於linux下沒有安裝apr和tomcat-native致使tomcat使用默認的bio模式啓動。那就安裝這兩個東西唄。安裝完後就能夠啓動了。

啓動後發現ie，chrome。。。這些均可以識別證書，但firefox不信任，又是一番google，原來是沒有配置好，firefox須要把startssl的根證書和sub class1的證書附上，由於是他們把證書頒發給你，firefox須要這張證書才認識你的證書。OK，問題解決。

關於整個詳細配置過程，在這篇文章（http://www.linuxidc.com/Linux/2012-06/62253.htm）中給出。

參考資料：
HTTPS APR/native connector參數說明
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html

http://blog.csdn.net/xusongsong520/article/details/8009696

在啓動tomcat的時候發現日誌裏有這麼個奇怪的東西:信息: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files\Java\jre1.6.0_05\bin;D:\java\apache-tomcat-6.0.16\bin其實是tomcat建議使用apache的apr,解決辦法：是把tcnative-1.dll文件放至 Tomcat 6.0\bin 目錄下,連接地址:http://tomcat.heanet.ie/native/1.1.10/binaries/win32/tcnative- 1.dll


轉自http://wangxuan137450.blog.163.com/blog/static/11122469620104163315842/


------------------------------------------------------------------------------
我本身注：我出這個問題是在使用eclipse開發使用jndi和dbcp連mysql的測試例子的時候，在啓動tomcat的時候報的這個錯，那個文件已經在個人tomcat下了，只須要在環境變量中的path中，加上tomcat的bin目錄就不會報這個信息了。還有就是其實這個東西就是tomcat 官網上下載中的tomcat native。

-------------------------------

哦，這個問題，官方的參考資料是：http://tomcat.apache.org/tomcat-6.0-doc/apr.html
tomcat整合本地apr會使效率提高：
一是，處理靜態資源的時候速度更快，（注：有人用jmeter，對使用apr先後的tomcat進行壓力測試，結果顯示，性能是有必定的提高，可是沒有想象中多，只有一點點，固然，這與運行的邏輯有關，可是我我的認爲在大多數狀況下這部分性能提高甚微）。
二是，我認爲提高比較多的是對ssl的處理效率，當tomcat處理https的請求是，若是使用本地的openssl庫，確定會比前面提高的效率高。（雖然沒有實際測試數據，但我推測這裏的性能提高比例上要比第一點多得多）。

運行本地apr，須要一下三個庫：
  * APR library
  * JNI wrappers for APR used by Tomcat (libtcnative)
  * OpenSSL libraries

補充一下，其實這個並非eclipse或者是myeclipse的問題，而是tomcat自己一個調用本地庫的提升運行效率的特性。tomcat沒有找到相應的本地庫，提示一下而已。

 

---------------------------------

D:\JAVA\apache-tomcat-6.0.26\conf\Catalina\localhost目錄下的一個本身程序生成一個配置文件。
我刪除這個配置文件後就不能運行了也報上面的錯誤，我問題解決是在項目--屬性--tomcat 裏面的is a tomcat project 那個鉤取消再從新勾上後點擊下面的OK退出再運行就行了

------------------------------------

在啓動tomcat的時候發現日誌裏有這麼個奇怪的東西:信息: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files\Java\jre1.6.0_05\bin;D:\java\apache-tomcat-6.0.16\bin

開始覺得是錯誤,後來才知道這個其實是tomcat建議使用apache的apr

在baidu裏找了下apr有關的資料以下:

APR(Apache portable Run-time libraries，Apache可移植運行庫)的目的如其名稱同樣，主要爲上層的應用程序提供一個能夠跨越多操做系統平臺使用的底層支持接口庫。
在早期的Apache版本中，應用程序自己必須可以處理各類具體操做系統平臺的細節，並針對不一樣的平臺調用不一樣的處理函數。隨着Apache的進一步開發，Apache組織決定將這些通用的函數獨立出來並發展成爲一個新的項目。這樣，APR的開發就從Apache中獨立出來，Apache僅僅是使用APR而已。
目前APR主要仍是由Apache使用，不過因爲APR的較好的移植性，所以一些須要進行移植的C程序也開始使用APR，開源項目好比Flood loader tester(http://httpd.apache.org/test/flood/，該項目用於服務器壓力測試，不只僅適用於Apache)、FreeSwitch(www.freeswitch.org)，JXTA-C(http://jxta-c.jxta.org,C版本的JXTA點對點平臺實現)；商業的項目則包括Blogline(http://www.bloglines.com/，covalent(http://www.covalent.net)等等。 APR使得平臺細節的處理進行下移。對於應用程序而言，它們根本就不須要考慮具體的平臺，不論是Unix、Linux仍是Window，應用程序執行的接口基本都是統一一致的。所以對於APR而言，可移植性和統一的上層接口是其考慮的一個重點。而APR最先的目的並非如此，它最先只是但願將Apache中用到的全部代碼合併爲一個通用的代碼庫，然而這不是一個正確的策略，所以後來APR改變了其目標。有的時候使用公共代碼並非一件好事，好比如何將一個請求映射到線程或者進程是平臺相關的，所以僅僅一個公共的代碼庫並不能完成這種區分。
APR的目標則是但願安全合併全部的可以合併的代碼而不須要犧牲性能。 APR的最先的一個目標就是爲全部的平臺(不是部分)提供一個公共的統一操做函數接口，這是一個很是了不得的目的，固然也是不現實的一個目標。咱們不可能支持全部平臺的全部特徵，所以APR目前只能爲大多數平臺提供全部的APR特性支持，包括Win3二、OS/二、BeOS、Darwin、Linux等等。爲了可以實現這個目標，APR開發者必須爲那些不能運行於全部平臺的特性建立了一系列的特徵宏(FEATURE MACROS)以在各個平臺之間區分這些特徵。這些特徵宏定義很是簡單，一般以下： APR_HAS_FEATURE 若是某個平臺具備這個特性，則該宏必須設置爲true，好比Linux和window都具備內存映射文件，同時APR提供了內存映射文件的操做接口，所以在這兩個平臺上，APR_HAS_MMAP宏必須設置，同時ap_mmap_*函數應該將磁盤文件映射爲內存並返回適當的狀態碼。若是你的操做系統並不支持內存映射，那麼APR_HAS_MMAP必須設置爲0，並且全部的ap_mmap_*函數也能夠不須要定義。第二步就是對於那些在程序中使用了不支持的函數必須提出警告。
APR中支持的基本類型
文件夾名稱                         描述 
atomic/srclib/apr/atomic           原子操做 
dso/srclib/apr/dso                 動態加載共享庫 
fileio/srclib/apr/file_io       文件IO處理 
mmap/srclib/apr/mmap             內存映射文件 
locks/srclib/apr/locks          進程和線程互斥鎖 
memory/srclib/apr/memory           內存池操做 
network_io/srclib/apr/network_io 網絡IO處理 
poll/srclib/apr/poll             輪詢IO
table/srclib/apr/tables          Apache數組(堆棧)和表格以及哈希表 
process /srclib/apr/threadproc     進程和線程操做 
user /srclib/apr/user              用戶和用戶組操做 
time /srclib/apr/time              時間操做 
string/srclib/apr/strings       字符串操做 
password /srclib/apr/passwd        終端密碼處理 
misc /srclib/apr/misc              大雜燴，不屬於其他類的任何apr類型均可以放在裏面 
shmem /srclib/apr/shmem          共享內存 
random /srclib/apr/random       隨機數生成庫

其實這個不用鳥他,若是要解決也能夠,好像是下個什麼dll文件放到system32下面去

http://tomcat.apache.org/tomcat-6.0-doc/apr.html#Windows

Table of Contents

Introduction Installation Windows Linux APR Components APR Lifecycle Listener Configuration AprLifecycleListener APR Connectors Configuration HTTP HTTPS AJP

Introduction

Tomcat can use the Apache Portable Runtime to provide superior scalability, performance, and better integration with native server technologies. The Apache Portable Runtime is a highly portable library that is at the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced IO functionality (such as sendfile, epoll and OpenSSL), OS level functionality (random number generation, system status, etc), and native process handling (shared memory, NT pipes and Unix sockets). These features allows making Tomcat a general purpose webserver, will enable much better integration with other native web technologies, and overall make Java much more viable as a full fledged webserver platform rather than simply a backend focused technology.

Installation

APR support requires three main native components to be installed: APR library JNI wrappers for APR used by Tomcat (libtcnative) OpenSSL libraries Windows Windows binaries are provided for tcnative-1, which is a statically compiled .dll which includes OpenSSL and APR. It can be downloaded from here as 32bit or AMD x86-64 binaries. In security conscious production environments, it is recommended to use separate shared dlls for OpenSSL, APR, and libtcnative-1, and update them as needed according to security bulletins. Windows OpenSSL binaries are linked from the Official OpenSSL website (see related/binaries). Linux Most Linux distributions will ship packages for APR and OpenSSL. The JNI wrapper (libtcnative) will then have to be compiled. It depends on APR, OpenSSL, and the Java headers. Requirements: APR 1.2+ development headers (libapr1-dev package) OpenSSL 0.9.7+ development headers (libssl-dev package) JNI headers from Java compatible JDK 1.4+ GNU development environment (gcc, make) The wrapper library sources are located in the Tomcat binary bundle, in the bin/tomcat-native.tar.gz archive. Once the build environment is installed and the source archive is extracted, the wrapper library can be compiled using (from the folder containing the configure script): ./configure && make && make install

APR Components

Once the libraries are properly installed and available to Java (if loading fails, the library path will be displayed), the Tomcat connectors will automatically use APR. Configuration of the connectors is similar to the regular connectors, but have a few extra attributes which are used to configure APR components. Note that the defaults should be well tuned for most use cases, and additional tweaking shouldn't be required. When APR is enabled, the following features are also enabled in Tomcat: Secure session ID generation by default on all platforms (platforms other than Linux required random number generation using a configured entropy) OS level statistics on memory usage and CPU usage by the Tomcat process are displayed by the status servlet

APR Lifecycle Listener Configuration

AprLifecycleListener Attribute Description SSLEngine Name of the SSLEngine to use. off: Do not use SSL, on: Use SSL but no specific ENGINE. The default value is on. This initializes the native SSL engine, then enable the use of this engine in the connector using the SSLEnabled attribute. Example: <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> See the Official OpenSSL website for more details on SSL hardware engines and manufacturers.

APR Connectors Configuration

HTTP When APR is enabled, the HTTP connector will use sendfile for handling large static files (all such files will be sent asynchronously using high performance kernel level calls), and will use a socket poller for keepalive, increasing scalability of the server. The following attributes are supported in the HTTP APR connector in addition to the ones supported in the regular HTTP connector: Attribute Description keepAliveTimeout The number of milliseconds this Connector will wait for another HTTP request before closing the connection. The default value is to use the value that has been set for the connectionTimeout attribute. This value also controls the timeout interval which is used for Comet connections. pollTime Duration of a poll call. Lowering this value will slightly decrease latency of connections being kept alive in some cases, but will use more CPU as more poll calls are being made. The default value is 2000 (5ms). pollerSize Amount of sockets that the poller responsible for polling kept alive connections can hold at a given time. Extra connections will be closed right away. The default value is 8192, corresponding to 8192 keepalive connections. pollerThreadCount Number of threads used to poll kept alive connections. On Windows the default is chosen so that the sockets managed by each thread is less than 1024. For Linux the default is 1. Changing the default on Windows is likely to have a negative performance impact. useSendfile Use kernel level sendfile for certain static files. The default value is true. sendfileSize Amount of sockets that the poller responsible for sending static files asynchronously can hold at a given time. Extra connections will be closed right away without any data being sent (resulting in a zero length file on the client side). Note that in most cases, sendfile is a call that will return right away (being taken care of "synchronously" by the kernel), and the sendfile poller will not be used, so the amount of static files which can be sent concurrently is much larger than the specified amount. The default value is 1024. sendFileThreadCount Number of threads used service sendfile sockets. On Windows the default is chosen so that the sockets managed by each thread is less than 1024. For Linux the default is 1. Changing the default on Windows is likely to have a negative performance impact. HTTPS When APR is enabled, the HTTPS connector will use a socket poller for keepalive, increasing scalability of the server. It also uses OpenSSL, which may be more optimized than JSSE depending on the processor being used, and can be complemented with many commercial accelerator components. Unlike the HTTP connector, the HTTPS connector cannot use sendfile to optimize static file processing. The HTTPS APR connector has the same basic attributes than the HTTP APR connector, but adds OpenSSL specific ones. For the full details on using OpenSSL, please refer to OpenSSL documentations and the many books available for it (see theOfficial OpenSSL website). The SSL specific attributes for the connector are: Attribute Description SSLEnabled Enable SSL on the socket, default value is false. Set this value to true to enable SSL handshake/encryption/decryption in the APR connector. SSLProtocol Protocol which may be used for communicating with clients. The default value is all, which is equivalent to TLSv1 with other acceptable values being SSLv2, SSLv3, TLSv1, TLSv1.1*, and TLSv1.2*. Starting with version 1.1.21 of the Tomcat native library any combination of these protocols concatenated with a plus sign is be supported. Note that both protocols SSLv2 and SSLv3 are inherently unsafe.  * The use of TLSv1.1 and TLSv1.2 require Tomcat native v1.1.32 or higher. SSLCipherSuite Ciphers which may be used for communicating with clients. The default is "ALL", with other acceptable values being a list of ciphers, with ":" used as the delimiter (see OpenSSL documentation for the list of ciphers supported). SSLCertificateFile Name of the file that contains the server certificate. The format is PEM-encoded. SSLCertificateKeyFile Name of the file that contains the server private key. The format is PEM-encoded. The default value is the value of "SSLCertificateFile" and in this case both certificate and private key have to be in this file (NOT RECOMMENDED). SSLDisableCompression Disables compression if set to true and OpenSSL supports disabling compression. Default is falsewhich inherits the default compression setting in OpenSSL. SSLHonorCipherOrder Set to true to enforce the server's cipher order (from the SSLCipherSuite setting) instead of allowing the client to choose the cipher (which is the default). SSLPassword Pass phrase for the encrypted private key. If "SSLPassword" is not provided, the callback function should prompt for the pass phrase. SSLVerifyClient Ask client for certificate. The default is "none", meaning the client will not have the opportunity to submit a certificate. Other acceptable values include "optional", "require" and "optionalNoCA". SSLVerifyDepth Maximum verification depth for client certificates. The default is "10". SSLCACertificateFile See the mod_ssl documentation. SSLCACertificatePath See the mod_ssl documentation. SSLCertificateChainFile See the mod_ssl documentation. SSLCARevocationFile See the mod_ssl documentation. SSLCARevocationPath See the mod_ssl documentation. An example SSL Connector declaration can be: <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" SSLCertificateFile="${catalina.base}/conf/localhost.crt" SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" /> AJP When APR is enabled, the AJP connector will use a socket poller for keepalive, increasing scalability of the server. As AJP is designed around a pool of persistent (or almost persistent) connections, this will reduce significantly the amount of processing threads needed by Tomcat. Unlike the HTTP connector, the AJP connector cannot use sendfile to optimize static file processing. The following attributes are supported in the AJP APR connector in addition to the ones supported in the regular AJP connector: Attribute Description pollTime Duration of a poll call. Lowering this value will slightly decrease latency of connections being kept alive in some cases, but will use more CPU as more poll calls are being made. The default value is 2000 (5ms). pollerSize Amount of sockets that the poller responsible for polling kept alive connections can hold at a given time. Extra connections will be closed right away. The default value is 8192, corresponding to 8192 keepalive connections.