All for Joomla All for Webmasters

SysAdmin

Apache HTTP Connectors

61 0
Want create site? Find Free WordPress Themes and plugins.

Tomcat comes with a preconfigured HTTP connector that can handle incoming HTTP requests from a browser, because of this Tomcat can act as a standalone Web server, it can handle both HTTP and HTTPS requests. Tomcat can be tied with both Apache and IIS, I will not be explaining IIS so I point you to the Tomcat Apache web site.

The Java-based HTTP/1.1 Connector is the default connector configured in Tomcat, there are additional connectors that can make use of high performance IO features of the Java NIO library and a native version of the HTTP Connector written in C/C++ and coded to APR (Apache Portable Runtime). Both of the additional Connectors are new and hopefully will be come the standard connector.

HTTP Connectors

HTTP connectors are Java classes that implement the HTTP protocol, by default the Connector listens on port 8080 but this can be changed. There are a number of HTTP Connectors available

  • Java-based HTTP/1.1 (Coyote) Connector
  • Java-based High performance NIO HTTP Connector
  • Native code-optimized APR HTTP Connector

The Coyote Connector is the most mature of the three and is a extremely stable Connector. The high performance Connector provides non-blocking IO and Comet support but this Connector still has a number of bugs. If your systems are heavily loaded then you might want to use the APR HTTP Connector it is the newest of the three Connectors but is the most optimized.

The Connector is setup in the server.xml file and can have many attributes

Connector Attributes
Attribute Description

Default value

acceptCount This is the maximum queue length for incoming connection requests when all possible request processing threads are in use, any requests when the queue is full will be refused .
address The IP address that Tomcat binds to, if not specified then all addresses are bound.

All addresses are bound

allowTrace This enables the TRACE HTTP method if set to true

false

compressibleMimeTypes This is a comma-separated list of MIME types for which HTTP compressions can be used

text/html, text/xml, text/plain

compression The Connector can use GZIP compression to get better bandwidth from the server

false

connectionLinger This set the number of milliseconds the socket connection stays around for after it has been closed

0

connectionTimeout This is the number of milliseconds that this Connector waits for after accepting a connection before requesting , default value is

60,000 milliseconds (60 seconds)

disableUploadTimeout Enables a separate timeout to be set for data uploads during a servlet execution

false

emptySessionPath Session path is used for cookies is all “/”

false

enableLookups all calls to request.getremote() will perform a DNS lookup

false

maxHttpHeaderSize controls the maximum size of the request and response headers

4KB

maxPostSize specifies the maximum size in bytes of the POST that can be handled by the container, setting this to 0 will disable this feature

2MB

maxSavePostSize specifies the maximum size in bytes of the POST that can be handled by the container during a client-cert or authentication operation, setting this to -1 will disable this feature

4KB

maxSpareThreads controls the maximum number of unused threads that are allowed to exist before Tomcat starts stopping the unused ones.

50

minSpareThreads specifies the minimum number of threads that are started when a Connector is initialized

4

maxThreads specifies the maximum number of threads that are created for this Connector

200

noCompressUserAgents comma-separated list that matches the HTTPUserAgent value of Web Browsers that have a broken support for HTTP/1.1 compression

n/a

port The port number the Connector will create on the server socket

8080

protocol specifies the HTTP protocol to use, by default it loads org.apache.coyote.http11.Http11Protocol

HTTP/1.1

implementation This is the default Java-based blocking Connector

org.apache.coyote.http11.Http11Protocol

proxyName used when Tomcat is running behind a proxy

n/a

proxyPort used in proxy conditions

n/a

redirectPort If the incoming request requests a SSL resource, Catalina will redirect this request to this port

8443

restrictUserAgents comma-separated list that matches the HTTPUserAgent value of Web Browsers that have a broken support for HTTP/1.1 keepalive behavior

n/a

scheme set to the name of the protocol

HTTP

secure set to true for SSL Connectors

false

server specifies the server header when sending the HTTP response

Apache-Coyote/1.1

socketBuffer specifies the size in bytes of the buffer to be used for socket output buffering , setting this to -1 turns off buffering

9KB

tcpNoDelay when set to true it enables the TCP_NO_DELAY network socket option

true

threadPriority specifies the Java thread priority for request handling threads created in the Java JVM

java.lang.Thread#NORM_PRIORITY

URIEncoding specifies the character encoding used to decode URI bytes

ISO-8859-1

useBodyEncodingForURI if set to true this attribute causes the URI encoding specified in the contentType to be used for encoding rather than the URLEncoding attribute

false

useIPVHosts if set to true this attribute causes the server to examine the incoming request IP address to direct the request to the corresponding virtual host

false

xpoweredBy if set to true an X-Powered-By header is output in servlet-generated responses returned by the Connector.

false

Configuring SSL

When configuring Tomcat to support HTTPS connections it must have its attribute secure set to true and its scheme set to https. The new SSL-related Connector attributes are as follows

Connector Attributes
Attribute Description

Default value

algorithm specifies the certificate encoding algorithm to use

Sun X509

ciphers a comma-separated list of encryption ciphers
clientAuth If set to true then the client connection would need to present a valid certificate

false

keystoreFile specifies the path to the keystore

<user homedir>/.keystore

keystorePass password to access the keystore

changeit

keystoreType specifies the keystore type , you can use pkcs11 or pkcs12

JKS

sslProtocol specifies the SSL protocol version to use

TLS

Example
SSL Connector example

<Connector port=”8443″
protocol=”HTTP/1.1″
maxThreads=”150″
scheme=”https”
secure=”true”
clientAuth=”false”
sslProtocol=”TLS”
/>

The Advanced NIO Connector

I am not going to discuss the advanced NIO connector due to the problems it has and also that I do not implement this particular Connector in any of my Tomcat servers. I thus leave you to search on the internet for any material on this Connector.

The Native APR Connector

APR works well in Windows and Linux environment, it is written using APR and compiled to native code for optimized platform specific performance. It is not a complete Connector, it actually makes use of the standard Java-based connector for most of its operations. It uses three main mechanism to increase performance

  • Use of a sendfile() kernel mode call to send large static files directly from the buffer cache
  • Use of a single native code keep alive poller to implement connection keep alive for a large number of connections
  • Use of the openSSL native code, which has the potential to accelerate SSL implementation for SSL handling (via hardware)

Many of the attributes overlap with the standard HTTP/1.1 Connector, so check out the above

Native APR Connector example <Connector port=”8080″
protocol=”org.apache.coyote.http11.Http11AprProtocol”
maxThreads=”150″
connectionTimeout=”20000″
redirectPort=”8843″
/>

Make sure the APR runtime library has been installed, see Tomcat Installation for more details.

CGI and SSI support

Tomcat can support both CGI and SSI but by default both are disabled, this is because of security reasons. Both CGI and SSI can bypass the security policies defined for programs in the catalina.policy file. Again i point you to the internet for more information on these configurations.

Running Behind a Proxy Server

Sometimes a Tomcat server runs behind a proxy server, in this case the hostname and port number of the proxy server must be returned to the client in the HTTP response. You use two attributes proxyName and proxyPort to achieve this

Apache Setup ProxyPass /servlets http://hostname:8080/servlets
ProxyPassReverse /servlets http://hostname:8080/servlets
Tomcat setup <Connector port=”8080″
proxyName=www.myproxy.com
proxyPort=”80″
/>

Performance Tuning

In the table below I describe when you should use a particular Connector

HTTP/1.1 Standard Connector used 99% of the time and works straight out of the box
NIO Ajax-style applications requiring long-lasting sessions between client and server
Native APR provides a high performance, scaleable and potentially faster solution.

Below are some attributes and JVM tuning tips that can be implemented to improve performance

tcpNoDelay setting this attribute to true enables the TCP_NO_DELAY network socket option. This improves performance as it disables the Nagle algorithm which is used to concatenate small buffer messages, which decreases the number of packets sent over the network
maxKeepAliveRequest This attribute controls the keep-alive behavior of HTTP requests, enabling persistent connections, it specifies the maximum number of requests that can be pipelined until the connection is closed by the server
socketBuffer specifies the size in bytes of the buffer to be used for socket output buffering
enableLookups setting this attribute to false disables lookups which can impact performance
maxThreads
maxSpareThreads
minSpareThreads
(thread pool)
using a thread can improve performance, three attributes can control the number of threads, the more important is probably the minSpareThreads making sure there are enough Threads available.
JVM settings JVM memory settings by default are low, thus you probably will need to increase these on a production server, using the -Xms and-Xmx JVM parameters will set the initial and maximum heap size.

I will be adding to this section as I become more experienced with Tomcat.

Did you find apk for android? You can find new Free Android Games and apps.

Leave A Reply