Tomcat Web Hosting Blog - Java, JSP, EJB, Hibernate

Chapter 10: HTTP Connectors . redirectPort . SSLEnabled . scheme . secure . URI Encoding . useBodyEncodingForURI . use IPV Hosts . xpoweredBy Other APR Connector specific attributes are described in the sections to follow. Kernel Mode File Transfer Sendfile() Optimization One of the core features of enabling APR is the ability to send a large file via a kernel-level sendfile() system call. This call is optimized for sending large static files through a socket. Instead of repeatedly copying the file data to higher level buffers, such as those maintained in byte arrays within the Java VM, the kernel mode API takes care of sending the file directly from the file system s buffer cache. Although this sendfile() operation is performed synchronously by the kernel, it is asynchronous with respect to the Java VM. This theoretically enables the Tomcat server to perform other work while the file is being sent by the lower-level call. This feature cuts down on CPU time spent on data copying as well as minimizing the context switches between the Java VM and kernel mode operations during the sending of very large file. On systems without the kernel mode sendfile() system call, the Tomcat Connector gracefully falls back on the Java-based buffer IO to send large static files. In addition, the sendfile()operation does not take effect when SSL is used with the connector. The default Servlet, configured in the conf/web.xml file, is responsible for serving static content and has a sendfileSize attribute that you can configure to control the minimal size of a static file being considered for transmission via the sendfile()call. Scalable Keep-Alive Poller The keep-alive poller is an APR component responsible for maintaining keep-alive connections. The number of kernel modes to the Java VM context switches is reduced when a native code component is used to keep track of keep-alive connections. The following additional attributes are available for configuration with the APR Connector enhancements: . firstReadTimeout: This value, in milliseconds, controls the timeout set on a connection s first read call. If this timeout is reached, the connection is handed off to the keep-alive poller. Note that if this timeout value is never reached, the keep-alive poller does not get involved with the connection. If you want to use the keep-alive poller every time, you can set the value to 0, -1. Both will hand off connections to the poller on every read; however, 0tells the poller to use a very short timeout, and -1 indicates the use of the connection s configured socket timeout value. Default value is -1. Note that -2 can also be used to request the runtime to bypass the use of the poller as much as possible.

For reliable and cheap web hosting services please check cheap web hosting website.

Chapter 10: HTTP Connectors Enabling the APR Connector The APR Connector is configured under the following conditions: . The protocol attribute is set to org.apache.coyote.http11.Http11AprProtocol. . The APR library is located in the PATH environment variable (Windows) or the LD_LIBRARY_ PATH(*nix/Linux). If you do not have the APR library already installed for your platform (most Linux distributions come with the APR already installed), you may need to download a binary distribution first. At the current time, the source and binaries for the Windows APR connector implementation (with OpenSSL) can be downloaded from the following URL: http://tomcat.heanet.ie/native/ The location may change in the future. For Linux, the source is included with the Tomcat distribution; you can find it in the bin/tomcat-native.tar.gzfile. See Chapter 3 for information on installing APR on Linux. As an example, if you have a Win32 system (XP, Vista, and so on), download the binaries from the preceding URL. Place the two downloaded binary files tcnative-1.dlland openssl.exe into the $CATALINA_HOME/bin directory. For example, the following element configures an instance of an APR Connector, provided the PATHor LD_LIBRARY_PATH environment variable contains a path to the APR libraries. Configurable Connector Attributes The setting of configurable attributes on this Connector overlaps with the standard HTTP Connector. The following are attributes from the standard HTTP Connector that are also applicable to the native APR Connector. See the standard HTTP/1.1 Connector section, earlier in this chapter, for a description of these attributes. . allowTrace . emptySessionPath . enableLookups . maxPostSize . maxSavePostSize . protocol . proxyName . proxyPort

If you looking for unlimited one inclusive web hosting plan please check web hosting plan website.

Chapter 10: HTTP Connectors Comet Asynchronous IO Support If Servlets need to take advantage of the non-blocking IO capabilities, the NIO connector must be explicitly coded for asynchronous IO. This asynchronous IO support is called Comet. Using Comet, a Servlet can respond to incoming events from a client instead of blocking in a read; it can also write responses asynchronously. Comet Servlets implement the org.apache.catalina.CometProcessorinterface, instead of the usual Servlet interface. Through this interface, the Servlet can receive a sequence of events. The following describes some of the events that a Comet Servlet can receive: . BEGIN: The Servlet responds to this event by performing any initialization; this signifies the beginning of the request/response lifecycle; the response object will be available for writing back to the client, but access must be synchronized if multiple threads are involved in this stage. . READ: An event that signifies to the Servlet that one read may be performed on the request stream without blocking; the Servlet must perform this read. Multiple READ events will be fired as request data becomes available. . END: The Servlet is notified that the request processing should now end; the Servlet should complete the writing of the response and reset any initialized fields on the request or response objects. . ERROR: This event from Tomcat 6 notifies the Servlet that an IO Exception or other fatal error has occurred during processing. While servicing any of the preceding events, the Servlet can decide to end processing by calling the close()method on the event. Because the benefit of asynchronous IO can be enjoyed only by Servlets that are explicitly coded to the preceding event-driven model, there is very little reason to configure the NIO Connector for Web applications consisting exclusively of regular servlets that do not support Comet. The Native APR Connector APR is the Apache Portable Runtime, which is a native code library that enables C/C++ software to be written in a platform-independent fashion. APR works well across Windows, Linux, and *nix systems. The Native APR Connector is written using APR, and compiled to native code for optimized platform- specific performance. The Native APR Connector is not a complete Connector in the strictest sense. It actually makes use of the standard Java-based connector for most of its operations. However, when the native code APR connector is enabled, the Java code will switch to native implementation for several performance- and scalability-sensitive operations. The APR Connector optimizes performance and enhances scalability via three main mechanisms: . Use of a sendfile() kernel mode call to send large static files directly from the buffer cache . Use of a single native code keep alive poller to implement connection keep alive for a large number of connections . Use of the OpenSSL native code, which has the potential to accelerate SSL implementation for SSL handling (via hardware)

For high quality java hosting services please check java web hosting website.

Chapter 10: HTTP Connectors changed, the redirectPort attribute for all the non-SSL Connectors must be changed to that port number, too. As mentioned, the non-SSL Connectors redirect users to this port if they try to access pages with a security constraint that specifies that SSL is required. For more on installing an SSL certificate that you have purchased from a Certificate Authority, and/ or creating your own self-signed certificate for testing, see the section Encryption with SSL in Chapter 14 . A different set of SSL configuration attributes is required when OpenSSLis used with the native code APR Connector. Please see the later section on configuration for the native APR connector. Note that when you startup Tomcat and examine the output of the console, you are very likely to see the following message: INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: c:jdk … This message appears because a listener is enabled by default to look for the APR support libraries; this message indicates that the APR libraries are not found. You need these libraries only if you are configuring the APR connector. See the Native APR Connector section in this chapter for more details. The Advanced NIO Connector The NIO Connector is an HTTP Connector written in Java, but takes advantage of the NIO libraries of Java 5 to provide the following features, which are above and beyond those provided by the standard HTTP Connector: . Non-blocking operations . Support for Comet This Connector has the same configuration attributes as the standard HTTP Connector. It is activated when the protocol attribute is set to org.apache.coyote.http11.Http11NioProtocol. For example, the following element configures an instance of an NIO Connector:

For high quality website hosting services please check cheap web hosting website.

Chapter 10: HTTP Connectors . xpoweredBy: If set to true(the default value is false), an X-Powered-Byheader is output in servlet-generated responses returned by the Connector. The value of the header is Servlet/2.5, as shown in the following sample HTTP response header: HTTP/1.1 200 OK X-Powered-By: Servlet/2.5 Content-Type: text/html Content-Length: 1437 Date: Thu, 07 Aug 2007 17:25:52 GMT Server: Apache-Coyote/1.1 In addition to these attributes, there are others that are specific to SSL Connectors. These are valid only if the secureattribute is set to true, and are discussed next. Configuring Tomcat 6 for SSL The Connector for the Catalina instance that supports HTTPS connections must have its secureattribute set to trueand its schemeattribute set to https. Unlike Tomcat 4. x, no Factory element is required for SSL-related configuration, although it is still supported for backward compatibility. The new SSL-related Connector attributes are as follows: . algorithm: Specifies the certificate encoding algorithm to use. This defaults to SunX509. . ciphers: A comma-separated list of encryption ciphers. . clientAuth: Can be set to either trueor false(the default is false). When set to true , the client connection would need to present a valid certificate. However, if clientAuthis set to false, and the Web resource being requested is protected by CLIENT-CERTauthentication, the latter would take precedence (that is, the client would still need to present a certificate). . keystoreFile: Specifies the pathname to the keystore file. The keystore file contains the server s public and private keys in the form of certificates. keystoreFiledefaults to .keystorein the user s home directory. The home directory varies by operating system (for example, /home/ user_namein Linux; and C:Documents and Settings windows user name for Windows). . keystorePass: Should be set to the password required to access the keystoreFile . The default password is changeit. . keystoreType: Specifies the keystore file type. It defaults to JKS (Java Keystore). This format is SUN s format supported by the underlying Java SE platform implementation and need not be changed if you are setting up a new Java keystore. If your underlying operating system already has a keystore in another format, and you have installed a JCE provider that supports that format in your JDK, you may be able to use it. For example, pkcs11 and pkcs12 are supported by some JDK and operating system combinations. . sslProtocol: This indicates which version of the SSL protocol to use (the default value is TLS). The default value is fine for most configurations, as TLS is essentially SSL3. For backward compatibility with some older JVM, if you are running on old Java VMs, you may need to change this to SSL. Following is an example Connector with SSL configuration. This configuration is already present in the $CATALINA_HOME/conf/server.xml file, but is commented out. Note that if the SSL port (8443) is

If you looking for unlimited one inclusive web hosting plan please check unlimited web hosting website.

Chapter 10: HTTP Connectors selected. The APR connector is also used if the APR library is available via either the PATHvariable in Windows or LD_LIBRARY_PATHvariable in Linux/*nix. . proxyName: The proxyNameattribute (along with the proxyPortattribute) is used when Tomcat is run behind a proxy server. It specifies the server name to be returned for request .getServerName() calls. See the section Running Tomcat Behind a Proxy Server later in this chapter for more information. . proxyPort: As mentioned, the proxyPort attribute is used in proxy configurations. It specifies the port number to be returned for request.getServerPort()calls. See the section Running Tomcat Behind a Proxy Server later in this chapter for more information. . redirectPort: If the Connector supports only non-SSL requests and a user request is sent to this Connector for an SSL resource, Catalina will redirect that request to the redirectPortport number. The default Tomcat configuration specifies 8443 as the redirect port, as shown in the sample configuration presented earlier. If this is omitted, it defaults to 443. . restrictedUserAgents: This is a comma-separated list that matches the HTTP UserAgent value of Web browsers that have a broken support for HTTP/1.1 keep-alive behavior. Regular expressions can be used here. . scheme: The scheme attribute is set to the name of the protocol. The value specified in scheme is returned by the request.getScheme()method call. The default value is http. For an SSL Connector, this would be set to https. . secure: This attribute is set to true for an SSL Connector. This value is returned by the request.getScheme()method calls. The default value is false. . server: Specifies the server header when sending the HTTP response. If this attribute is not set, the Server string output in the HTTP header that identifies the Web server defaults to Apache-Coyote/1.1. Some security experts don t like this, as it broadcasts to the world information about the Web server software. If there are any known security exploits of this Web server, they then can be used by malicious users. Setting this to an empty string suppresses the printing of the Serverstring. . socketBuffer: This specifies the size, in bytes, of the buffer to be used for socket output buffering. Use of a socket buffer helps to improve performance. By default, a buffer of size 9,000 bytes is used, and setting socketBufferto -1 turns buffering off. . tcpNoDelay: When this attribute is set to true, it enables the TCP_NO_DELAYnetwork socket option. This improves performance, as explained in the section Performance Tuning, later in this chapter. The default value is true. . threadPriority: Specifies the Java thread priority for request handling threads created in the Java VM. The default value is java.lang.Thread#NORM_PRIORITY. . URIEncoding: Specifies the character encoding used to decode URI bytes. It defaults to ISO-8859-1. . useBodyEncodingForURI: If set to true, this attribute causes the URI encoding specified in the contentTypeto be used for encoding, rather than the URIEncodingattribute. This defaults to false. . useIPVHosts: Default is false. If set to true, this attribute causes the server to examine the incoming request IP address to direct the request to the corresponding virtual host.

For high quality jboss hosting services please check jboss web hosting website.

Chapter 10: HTTP Connectors . disableUploadTimeout: This attribute enables a separate timeout to be set (or not set) for data uploads during a servlet execution. The attribute s value defaults to false. . emptySessionPath: Default is false. The session path used for cookies is all / if set to true. In general, set this to true only when the server is used to run applications written to the Port- lets specification. . enableLookups: When this is set to true, all calls to request.getRemoteHost()perform a DNS lookup to return the host name for the remote client. When this attribute is false, the DNS lookup is skipped and only the IP address is returned. The default value for enableLookupsis false. Keeping this attribute turned off increases performance, which enables you to avoid the overhead required for the DNS lookup. These and other performance considerations are discussed in the section Performance Tuning, later in this chapter. . maxHttpHeaderSize: This attribute controls the maximum size of the request and response headers. The unit is bytes. The default value is 4096 (4K). . maxKeepAliveRequest: This attribute controls the keep-alive behavior of HTTP requests that enables persistent connections (that is, multiple requests to be sent over the same HTTP connection). It specifies the maximum number of requests that can be pipelined until the connection is closed by the server. The default value of maxKeepAliveRequestis 100, and setting it to 1disables HTTP keep-alive behavior and pipelining. . maxPostSize: This specifies the maximum size, in bytes, of the POSTthat can be handled by the container. It defaults to 2,097,152 (2MB). If set to 0 or a negative number, this feature is disabled. . maxSavePostSize: This specifies the maximum size, in bytes, of the POSTthat can be handled by the container during a client-cert or form authentication operation. It defaults to 4096 (4K). If set to -1, this feature is disabled and POSTed data is not saved during the two types of authentication. . maxSpareThreads: The maxSpareThreads attribute controls the maximum number of unused threads that are allowed to exist before Tomcat starts stopping the unused ones. maxSpareThreadsdefaults to 50. . minSpareThreads: The minSpareThreads attribute specifies the minimum number of threads that are started when the Connector is initialized. minSpareThreadsdefaults to 4. . maxThreads: This attribute specifies the maximum number of threads that are created for this Connector to process requests. This, in turn, specifies the maximum number of concurrent requests that the Connector can handle. maxThreads defaults to 200 threads. . noCompressionUserAgents: This is a comma-separated list that matches the HTTP UserAgent value of Web browsers that have a broken support for HTTP/1.1 compression. Regular expressions can be used here. . port: The port attribute specifies the TCP port number on which this Connector will create a server socket and await incoming connections. Only one server application can bind to a particular port number IP address combination. . protocol: This specifies the HTTP protocol to use, and must be set to HTTP/1.1(the default). This loads the default org.apache.coyote.http11.Http11Protocol. . implementation: This is the default Java-based blocking connector. If you specify org .apache.coyote.http11.Http11NioProtocol, the non-blocking NIO connector is selected. If you specify org.apache.coyote.http11.Http11AprProtocol, the APR connector is

For reliable and cheap web hosting services please check cheap web hosting website.

Chapter 10: HTTP Connectors a native code interface level. After this connector has been fully field tested by the production Tomcat 6 user community, it is likely to become the Connector of choice on platforms that are supported by the Connector (currently including Win32 and Linux platforms). This chapter explores the properties and configuration of each implementation in more detail. Tomcat 6 HTTP /1.1 Connector The standard Java-based HTTP/1.1 Connector in the Tomcat 6 server is the Coyote Connector. This Connector is the most mature and stable of all the available Tomcat 6 HTTP connectors. HTTP /1.1 Connector Configuration A typical standard HTTP/1.1 Connector configuration is as follows (taken from $CATALINA_HOME/ conf/server.xml): Although the only mandatory attribute for the Connector configuration is the port attribute, numerous other important attributes can be configured, as described in the following list: . acceptCount: This is the maximum queue length for incoming connection requests when all possible request processing threads are in use. Any requests received when the queue is full will be refused. This value is passed as the backlog parameter while creating a Tomcat server socket. The default queue length is 10, and the maximum is operating system-dependent. . address: This attribute specifies the IP address to which the Tomcat server binds. If the address attribute is not specified, Tomcat would bind to all addresses (if the host has multiple IP addresses). . allowTrace: This enables the TRACEHTTPmethod if set to true. The default is false. . compressibleMimeTypes: This is a comma-separated list of MIME types for which HTTP compressions (see the next attribute) can be used. The default value is text/html,text/xml, text/plain. . compression: The Connector can use HTTP/1.1 GZIP compression to get better bandwidth from the server. This can be enabled via the compression attribute. The valid values are off (disables compression), on (enables compression), force (forces compression in all cases), or a numerical value that specifies the minimum amount of data required before the output is compressed. The default value of the compression attribute is off. . connectionLinger: This sets the number of milliseconds for which socket connections will persist after the connection is closed. A value less than 0means don t linger (this is the default). . connectionTimeout: This is the number of milliseconds that this Connector waits after accepting a connection before requesting the URI line to be presented. The default value is 60,000 milliseconds (60 seconds).

If you looking for unlimited one inclusive web hosting plan please check cheap web hosting website.

Chapter 10: HTTP Connectors The following areas are covered in this chapter: . Using Tomcat 6 default Java HTTP/1.1 Connector . Using Tomcat 6 Java NIO (Advanced IO) HTTP/1.1 Connector . Using Tomcat 6 native APR (native code) HTTP/1.1 Connector . Blocking and non-blocking operations . Supporting Comet . Running Tomcat behind a proxy server . Setting up SSL . Performance tuning HTTP Connectors The standard HTTP Connectors included with Tomcat 6 provide the ability to run Tomcat in a standalone mode. In this mode, Tomcat can respond to HTTP requests directly from users browsers without the assistance of a separate Web server. In addition to requests for servlets and JSPs, the HTTP connectors also respond to requests for static contents, such as static Web pages and images. The HTTP Connectors are Java classes that implement the HTTP protocol. An HTTP connector is invoked when there is an HTTP request on the Connector port. The port that the Connector listens on is specified in the $CATALINA_HOME/conf/server.xmlconfiguration file, and is set to 8080 by default. The Connector class has code to parse the HTTP request and take the required action of either serving up static content or passing the request through the Tomcat Servlet Engine. The HTTP Connector implements the HTTP/1.1 protocol, and all protocol features. For clients that support only HTTP/1.0, the Connector degrades gracefully to support the legacy protocol. There are multiple HTTP Connector implementations available with Tomcat 6. These include: . Java-based HTTP/1.1 (Coyote) Connector . Java-based High Performance NIO HTTP Connector . Native code optimized APR HTTP Connector The Java-based Coyote Connector is the most mature of the three variations, it is extremely stable, works well, has great performance, and should be the choice for most situations especially if you are just beginning to use Tomcat 6. The high-performance NIO HTTP connector provides non-blocking IO and Comet support, if you are using a software library that requires (or benefits from) this additional support, you may want to use this connector instead. Be aware, however, even as late as Java SE 5, there are serious bugs in the Java NIO library that may affect stability of your Tomcat server. On highly loaded systems, the optimization possibilities offered by the APR HTTP Connector can be very attractive. This is the newest of the three connector implementations, but potentially offers the highest level of performance improvement by leveraging proven operating system level optimization on

For high quality website hosting services please check cheap web hosting website.

HTTP Connectors When used out of the box to run Web applications, Tomcat can serve HTML pages without any additional configuration. This works because Tomcat has been preconfigured with an HTTP Connector that can handle requests from a user s Web browser. Because of this Connector, Tomcat can function as a standalone Web server. It can serve static HTML pages, as well as handle servlets and JSP pages. Tomcat Connectors provide the external interface (over HTTP or HTTPS) to Tomcat clients. There are two kinds of Connectors those that implement an HTTP stack of their own (called HTTP Connectors) and those that tie Tomcat to an external Web server such as Apache or IIS (called Web server Connectors). This chapter examines in detail the configuration of the various HTTP Connectors available in Tomcat 6. Chapters 11 and 12 discuss Web server Connectors. The Java-based HTTP/1.1 Connector is the default Connector configured for Tomcat 6. It is an evolved version of the Java-based HTTP/1.0 and HTTP/1.1 Connectors appearing earlier in Tomcat 5. x.x versions. An earlier version of this mature Java-based connector is called the Coyote Connector, and has been available as an add-on from as far back as Tomcat 3. x. In addition to the default configured Java-based HTTP Connector, Tomcat 6 provides a variety of alternative HTTP Connectors. A Java HTTP Connector written to take advantage of the high performance IO features of the Java 5 NIO library is available. In addition, a native version of the HTTP Connector, written in C/C++ and coded to APR (Apache Portable Runtime) is also available. While both of these alternative Connectors are relatively new compared to their default Java Connector cousin, they hold much promise for the near future. Even though very little additional configuration is required to get the HTTP Connector working, you may want to fine-tune some of its features. This chapter describes what to do when your Connector configuration needs to be modified, such as for specific deployments (for example, running Tomcat behind a proxy), SSL setup, or performance tuning.

For reliable and cheap web hosting services please check tomcat web hosting website.