Tomcat runing on daemon with APR and SSL mode

Objective:

Provides a brief introduction to the three operating modes of Tomcat, recording the APR-based mode and the installation mode that supports SSL mode.

Environment:

This article is primarily based on the Ubuntu installation of Tomcat 7, and is not much different from CentOS-based, the main difference is the name of the dependent package, which gives the name of the dependency package required for CentOS.

Introduction to the pattern:

bio mode: blocks the retry I/O operation, which indicates that Tomcat uses traditional Java I/O operations (that is, the java.io package and its child packages). TOMCAT7 and the following versions run in bio mode by default, because each request is created with one thread to handle, the thread overhead is high, it cannot handle a highly concurrent scenario, and the performance is minimal in three modes.

NiO mode: A new I/O operation (i.e. the Java.nio package and its child packages) provided by Java SE 1.4 and subsequent versions. is a buffer-based Java API that provides non-blocking I/O operations with better concurrency performance than traditional I/O (bio). If you are using NIO mode, you need to configure the protocol value in Server.xml to the following values:

<connector port= "8080" protocol= "Org.apache.coyote.http11.Http11NioProtocol" connectiontimeout= "20 "redirectport=" 8443 "/>

The default is:

<connector port= "8080" protocol= "http/1.1" connectiontimeout= "20000" redirectport= "8443"/>

Note: Tomcat version 8 is used by default with NIO mode, without modification.

Apr mode: Simple understanding, is to solve the asynchronous IO problem from the operating system level, greatly improve the server processing and response performance, is also the preferred mode of tomcat running high concurrency applications.

The following describes the specific enable Apr mode.

Enable Apr mode :

In the official download Tomat 7, and unzip to the installation path/usr/local/tomcat/, download the decompression process slightly

Ubuntu Dependency Pack:

APR 1.2+ Development Headers (Libapr1-dev package) OpenSSL 0.9.7+ Development Headers (Libssl-dev package) JNI headers from Java compatible JDK 1.4+GNU development environment (GCC, make)

CentOS Dependency Packages:

Gccmakeopenssl-devel Apr-develapr-util-devel

Installation related dependencies:

Apt-get install Libapr1-dev libssl-dev gcc make openjdk-8-jdk-y

Install the APR dynamic Library:

Apr related source code is included in the Tomcat package, the bin directory under the tomcat-native.tar.gz file

Cd/usr/local/tomcat/bintar zxf TOMCAT-NATIVE.TAR.GZCD tomcat-native-1.2.10-src/native

Configure compilation Apr:

./configure--libdir=/usr/lib--prefix=/usr/local/tomcat/--with-apr=/usr/bin/apr-1-config--with-java-home=/usr/ LIB/JVM/JAVA-8-OPENJDK-AMD64--with-ssl=yesmake && make install

At this point, if SSL is not enabled, Tomcat can already run in APR mode, and if it is still running in bio or NIO mode, modify the Server.xml configuration file to configure the protocol value to the following value

<connector protocol= "Org.apache.coyote.http11.Http11Protocol" port= "8080" .../>

SSL-based Apr mode:

To have tomcat SSL run in APR mode, you need to configure an SSL certificate that can be purchased, requested, or generated for a free version or self-signed. This article uses a self-signed certificate to configure the experiment.

To issue a certificate:

OpenSSL genrsa-des3-out tomcat.key 1024openssl rsa-in tomcat.key-out tomcat_np.keyopenssl req-new-key Tomcat_np.key -out tomcat.csropenssl x509-req-days 365-in tomcat.csr-signkey tomcat_np.key-out tomcat.crt

Configure Server.xml to the following values

<connector port= "8443" protocol= "Org.apache.coyote.http11.Http11AprProtocol" maxthreads= "sslenabled=" Tru E "scheme=" https "secure=" true "sslcertificatefile=" ${CATALINA.BASE}/CONF/TOMCAT.CRT "Sslcertificateke Yfile= "${catalina.base}/conf/tomcat_np.key" sslverifyclient= "optional" sslprotocol= "tlsv1+tlsv1.1+tlsv1.2"/>

At this point, Tomcat is running in APR mode under both SSL and non-SSL, but the problem is that Tomcat is now running on the root user, and here's how to make Tomcat run under a non-root user, in daemon mode.

Running Tomcat based on daemon:

The Tomcat binary package provides the daemon script, but is implemented based on JSVC, so the commons-daemon-native.tar.gz package content needs to be compiled, jsvc execution files are generated

Installing JSVC

Cd/usr/local/tomcattar zxf COMMONS-DAEMON-NATIVE.TAR.GZCD Commons-daemon-1.0.15-native-src/unix./configure-- With-java=/usr/lib/jvm/java-8-openjdk-amd64/make

After make, the Jsvc file is generated under Tomcat/bin

Establish a running Tomcat user

Useradd tomcat-m-D/-s/usr/sbin/nologin

Edit daemon.sh Configure the following values

Test ". $TOMCAT _user" =.  && tomcat_user=tomcat# set Java_home to working JDK or jrejava_home=/usr/lib/jvm/java-8-openjdk-amd64# If not Set We ll try to guess the Java_home

Add the second line of the daemon.sh script

# Chkconfig:-80 20

Modify Related directory Permissions

Chown-r Tomcat.tomcat/usr/local/tomcat

Adding system Services

Ln-s/usr/local/tomcat/bin/daemon.sh/etc/init.d/tomcatchkconfig Tomcat on

At this point, SSL APR Daemon Three requirements have been realized

If you do a long instance of Tomcat, you still need to modify the daemon.sh script

Verify Apr

Tail Logs/catalina-daemon.out January 05, 2017 5:31:37 pm Org.apache.coyote.AbstractProtocol start Info: Starting Protocolhandler ["http-apr-8080"] January 05, 2017 5:31:37 pm Org.apache.coyote.AbstractProtocol start Info: Starting Protocolhandler ["http-apr-8443"] January 05, 2017 5:31:37 pm Org.apache.coyote.AbstractProtocol start Info: Starting Protocolhandler ["ajp-apr-8009"] January 05, 2017 5:31:37 pm Org.apache.catalina.startup.Catalina start info: Server Startup in 85 2 ms

Verify Daemon

ps -ef | grep tomcattomcat     55158  55157  0 17:31 ?        00:00:13  jsvc.exec -java-home /usr/lib/jvm/java-8-openjdk-amd64 -user tomcat -pidfile  /usr/local/tomcat/logs/catalina-daemon.pid -wait 10 -outfile /usr/local/tomcat/logs/ catalina-daemon.out -errfile &1 -classpath /usr/local/tomcat/bin/bootstrap.jar:/usr/ Local/tomcat/bin/commons-daemon.jar:/usr/local/tomcat/bin/tomcat-juli.jar -djava.util.logging.config.file =/usr/local/tomcat/conf/logging.properties -djava.util.logging.manager= org.apache.juli.classloaderlogmanager -djava.endorsed.dirs= -dcatalina.base=/usr/local/tomcat - dcatalina.home=/usr/local/tomcat -djava.io.tmpdir=/usr/local/tomcat/temp  Org.apache.catalina.startup.Bootstrap 

Reference

Http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

http://blog.csdn.net/xyang81/article/details/51502766

This article is from the "Morrowind" blog, make sure to keep this source http://morrowind.blog.51cto.com/1181631/1889462

Tomcat runing on daemon with APR and SSL mode