The document provides an overview and progress report on Apache Tomcat NEXT. It discusses new features required by specifications like Java EE 8 and Servlet 4.0. Key changes include full support for HTTP/2, TLS improvements like SNI and multiple certificates, and removal of outdated features. Internal changes improved connectors and refactored WebSocket handling. The rationale for Apache Tomcat 8.5 was to provide new features sooner than waiting for Java EE 8's delayed release. HTTP/2, OpenSSL encryption, and TLS virtual hosting are highlighted.
Tomcat is an open source servlet container that is used to run Java servlets and JSP pages to build web applications. It originated from a combination of the JServ and Sun Microsystems servlet engines. Tomcat adheres closely to Java servlet and JSP specifications, is highly customizable, and provides features like automatic reloading for development and thread pooling for production performance. It is installed by extracting binary files, setting environment variables, and can be started or stopped using scripts.
The document discusses installing and configuring the Tomcat web server, including downloading and extracting Tomcat, configuring ports for multiple instances, directory structure, creating web applications, and basic server configuration using files like server.xml.
The document provides instructions for installing Apache Tomcat 8 application server on CentOS. It describes downloading and installing Java 8, downloading and extracting the Tomcat archive, configuring environment variables and ports, starting Tomcat, creating user accounts, deploying WAR files, and customizing the Java virtual machine settings. It also discusses using Nginx as a reverse proxy to route port 80 traffic to Tomcat running on port 8080.
The document provides an overview of the Apache Tomcat web server and servlet container. It discusses Tomcat's history and architecture, how applications are deployed, and how requests are processed. Performance optimization techniques are also covered, noting that Tomcat is designed for scalability out of the box with minimal tuning typically required.
The document discusses setting up and configuring an Apache Tomcat server. It includes steps to install Java, download and extract the Tomcat source package, set environment paths, start and stop the Tomcat server, and test functionality using HTML, JSP and Servlet files. The server runs on port 8080 by default and can host Java web applications built with Servlets and JSP.
Tomcat is an open-source servlet container developed by the Apache Software Foundation that implements Java Servlet and JavaServer Pages technologies. It is written in Java and can run on several operating systems. Tomcat allows developers to deploy web applications and services built using Java technologies. The document provides examples of using servlets and JSPs with Tomcat and describes how to configure and deploy web applications on Tomcat.
The document provides an overview of Tomcat and JBoss, open-source servlet containers. It discusses the origins and frameworks of Tomcat and JBoss, how to get started with Tomcat configuration, deployment, security, and load balancing of Tomcat instances with Apache HTTP Server. Key configuration files for Tomcat are also summarized.
Mark Thomas presented on optimizing and tuning Apache Tomcat performance. He discussed:
1) Tuning options like logging configuration, connectors, content caching, and JVM settings to improve performance.
2) Following a process of understanding bottlenecks, setting targets, measuring, identifying causes, and repeating.
3) Scaling Tomcat through load balancing multiple instances and clustering for failover and session replication.
Tomcat is an open source servlet container that is used to run Java servlets and JSP pages to build web applications. It originated from a combination of the JServ and Sun Microsystems servlet engines. Tomcat adheres closely to Java servlet and JSP specifications, is highly customizable, and provides features like automatic reloading for development and thread pooling for production performance. It is installed by extracting binary files, setting environment variables, and can be started or stopped using scripts.
The document discusses installing and configuring the Tomcat web server, including downloading and extracting Tomcat, configuring ports for multiple instances, directory structure, creating web applications, and basic server configuration using files like server.xml.
The document provides instructions for installing Apache Tomcat 8 application server on CentOS. It describes downloading and installing Java 8, downloading and extracting the Tomcat archive, configuring environment variables and ports, starting Tomcat, creating user accounts, deploying WAR files, and customizing the Java virtual machine settings. It also discusses using Nginx as a reverse proxy to route port 80 traffic to Tomcat running on port 8080.
The document provides an overview of the Apache Tomcat web server and servlet container. It discusses Tomcat's history and architecture, how applications are deployed, and how requests are processed. Performance optimization techniques are also covered, noting that Tomcat is designed for scalability out of the box with minimal tuning typically required.
The document discusses setting up and configuring an Apache Tomcat server. It includes steps to install Java, download and extract the Tomcat source package, set environment paths, start and stop the Tomcat server, and test functionality using HTML, JSP and Servlet files. The server runs on port 8080 by default and can host Java web applications built with Servlets and JSP.
Tomcat is an open-source servlet container developed by the Apache Software Foundation that implements Java Servlet and JavaServer Pages technologies. It is written in Java and can run on several operating systems. Tomcat allows developers to deploy web applications and services built using Java technologies. The document provides examples of using servlets and JSPs with Tomcat and describes how to configure and deploy web applications on Tomcat.
The document provides an overview of Tomcat and JBoss, open-source servlet containers. It discusses the origins and frameworks of Tomcat and JBoss, how to get started with Tomcat configuration, deployment, security, and load balancing of Tomcat instances with Apache HTTP Server. Key configuration files for Tomcat are also summarized.
Mark Thomas presented on optimizing and tuning Apache Tomcat performance. He discussed:
1) Tuning options like logging configuration, connectors, content caching, and JVM settings to improve performance.
2) Following a process of understanding bottlenecks, setting targets, measuring, identifying causes, and repeating.
3) Scaling Tomcat through load balancing multiple instances and clustering for failover and session replication.
An OpenEJB presentation on "Apache TomEE"
TomEE aims to provide a fully certified Java EE 6 Web profile stack based on Tomcat, allowing you to use Java EE features in your lightweight Tomcat applications.
A stack that's assembled and maintained by the Apache OpenEJB project
This document provides an overview of Apache Tomcat, a free and open-source web server and servlet container developed by the Apache Software Foundation (ASF) that implements the Java Servlet and JavaServer Pages (JSP) technologies. It discusses what Tomcat is, its role as a web application container, how to install and configure it, enable features like CGI and SSI, and addresses some common issues. The advantages of using Tomcat include that it is open source, lightweight, easily configured, stable, well documented, and free.
The document discusses web containers and how they work. It begins with definitions of key terms like web container, web server, application server, and EJB container. It then explains that a web container is responsible for managing the lifecycle of servlets and mapping URLs to servlets. The document also discusses how web containers use servlet engines to execute servlets and JSP engines to execute Java Server Pages. It provides details on the popular Apache Tomcat web container, including how to install, configure, deploy applications to, and develop applications on Tomcat.
This document provides an introduction and overview of the Apache Tomcat application server. It defines what an application server is and explains that Apache Tomcat is an open source implementation of Java Servlet, JSP, JSTL, and WebSocket technologies. It describes the key components of Tomcat, including Catalina, Coyote, Jasper, and how they enable Tomcat to function as a web and application server. It also provides basic installation instructions for setting up Tomcat on an Amazon EC2 instance.
Tomcat clustering allows multiple Tomcat application servers to work together as a single unit to provide scalability and high availability. There are two types of clustering: vertical scaling uses multiple servers on a single machine, while horizontal scaling uses independent servers across multiple machines for better performance. A typical Tomcat cluster uses a load balancer like Apache mod_jk for request distribution and a session replication method for shared state. Configuring a cluster involves setting up multiple Tomcat instances, configuring the load balancer and workers, and enabling session sharing if needed.
This document introduces Apache TomEE, which is Apache Tomcat combined with Java EE functionality. It discusses TomEE's core values of being small, being based on Tomcat, and being Java EE certified. It also summarizes the minimal changes required to standard Tomcat to create TomEE and notes that TomEE works with common Tomcat tools.
The document discusses using OpenSSL to improve Tomcat performance. It describes Tomcat connectors like NIO, NIO2, and APR and how the new OpenSSLImplementation replaces the default JSSE implementation. Performance tests show the OpenSSLImplementation outperforms JSSE, with NIO and NIO2 performing similarly. Throughput is highest for all connectors with larger file sizes. The OpenSSLImplementation enables features like HTTP/2 and ALPN that improve Tomcat.
The document discusses using OpenSSL to improve performance in Tomcat. It describes Tomcat connectors like NIO, NIO2, and APR and the new OpenSSL implementation. Performance tests show the OpenSSL implementation outperforms JSSE and has throughput similar to NIO and NIO2. APR is not needed. OpenSSL is currently needed for HTTP/2 support until Java 9. The presentation concludes that OpenSSL significantly boosts performance over JSSE.
Upgrading to Apache Tomcat 7 covers the key changes in upgrading from older versions of Tomcat to version 7, including specification changes to support Servlet 3.0 and new features like asynchronous servlets and annotations. It outlines new management, performance, security, deployment, and embedding capabilities in Tomcat 7. The presentation also provides an overview of WebSocket support in Tomcat 7 and future plans, as well as useful resources for more information.
Tomcat New Evolution discusses the new features introduced in Tomcat 6 and 7. Some key highlights include:
- Tomcat 6 introduced features like memory leak prevention, CSRF protection, session fixation protection, NIO connector, Comet support, logging improvements, web services support, and clustering.
- Tomcat 7 features included externalizing static resources, WebSocket support, easier embedded usage, and asynchronous logging.
- Both versions aimed to improve performance, security, and scalability through these new capabilities. Tomcat continues evolving to support newer standards and address common issues.
The document describes how to monitor Apache Tomcat application instances using Verax NMS monitoring software. It includes adding the Tomcat application to the device inventory in Verax NMS, configuring availability sensors and performance counters, and an overview of the features provided by the Verax NMS Apache Tomcat plugin for monitoring things like general information, applications, request processors, connectors and thread pools.
(ATS4-PLAT01) Core Architecture Changes in AEP 9.0 and their Impact on Admini...BIOVIA
AEP 9.0 will see several changes to the core infrastructure which will require changes to the way the server is managed as well as new deployment options that may affect the ways that protocol developers deliver content to their users. We will cover the addition of Tomcat as a new side by side service with Apache, new administration features: exporting and importing server configurations, maintenance mode, and new deployment options: HTTPS and HTTP only modes, deploying behind reverse proxies, and HTTP load balancing.
This document discusses developing and deploying client modules for platform integration. It covers logging platforms like Log4J and Splunk, cache platforms like Ehcache and Redis, and JDBC drivers for databases like MySQL, Oracle and Cubrid. It also mentions downloading MySQL JDBC drivers from the MySQL website and using them to connect to a MySQL database.
This document provides an overview of Java servlets, including what servlets are, their advantages over other technologies like CGI scripts, their lifecycle and program structure, deploying servlets on Tomcat, HTTP request methods, accessing request data, and redirecting URLs. Servlets are Java classes that extend functionality to handle HTTP requests and responses. They have advantages like faster performance than CGI scripts and reuse of the Java platform. The servlet lifecycle involves initialization, processing requests, and destruction. Servlets are deployed on a web container like Tomcat by compiling, configuring in web.xml, and placing in the webapps folder.
Mark Thomas gave a presentation on Tomcat 7 and the new features in Servlet 3.0. Some of the major changes covered included support for asynchronous processing, web fragments, dynamic configuration through programmatic additions of servlets and filters, and additional annotations. The timeline for finalizing Servlet 3.0 was discussed, as well as the current status of Tomcat 7 development to support the new specification.
Jean-Frederic Clere presented an overview of new features and changes in Apache Tomcat 8.5. Key points include: support for HTTP/2 and TLS improvements like SNI and multiple certificates; removal of outdated connectors and Comet; and internal refactoring. Tomcat 8.5 provides new capabilities ahead of Java EE 8 to support needs like HTTP/2. Users can get involved in development through the Apache SVN and mailing lists.
Tomcat is an open-source web server that implements Java servlet and JavaServer Pages (JSP) technologies to deploy web applications. The document discusses Tomcat's origins as a servlet container donated to the Apache Software Foundation by Sun Microsystems. It provides an overview of installing and running Tomcat, including setting environment variables, starting and stopping the server, and accessing applications through HTTP. The conclusion compares features of different web servers and factors to consider when selecting one.
Ansible is an open source automation tool that allows users to configure, manage, and deploy software on remote machines without requiring an agent. It uses SSH to connect to nodes and executes modules written in Python. Playbooks allow users to automate multiple tasks by defining YAML files containing a list of commands. Ansible is agentless and can manage hundreds of nodes with a single command.
(WEB401) Optimizing Your Web Server on AWS | AWS re:Invent 2014Amazon Web Services
Tuning your EC2 web server will help you to improve application server throughput and cost-efficiency as well as reduce request latency. In this session we will walk through tactics to identify bottlenecks using tools such as CloudWatch in order to drive the appropriate allocation of EC2 and EBS resources. In addition, we will also be reviewing some performance optimizations and best practices for popular web servers such as Nginx and Apache in order to take advantage of the latest EC2 capabilities.
An OpenEJB presentation on "Apache TomEE"
TomEE aims to provide a fully certified Java EE 6 Web profile stack based on Tomcat, allowing you to use Java EE features in your lightweight Tomcat applications.
A stack that's assembled and maintained by the Apache OpenEJB project
This document provides an overview of Apache Tomcat, a free and open-source web server and servlet container developed by the Apache Software Foundation (ASF) that implements the Java Servlet and JavaServer Pages (JSP) technologies. It discusses what Tomcat is, its role as a web application container, how to install and configure it, enable features like CGI and SSI, and addresses some common issues. The advantages of using Tomcat include that it is open source, lightweight, easily configured, stable, well documented, and free.
The document discusses web containers and how they work. It begins with definitions of key terms like web container, web server, application server, and EJB container. It then explains that a web container is responsible for managing the lifecycle of servlets and mapping URLs to servlets. The document also discusses how web containers use servlet engines to execute servlets and JSP engines to execute Java Server Pages. It provides details on the popular Apache Tomcat web container, including how to install, configure, deploy applications to, and develop applications on Tomcat.
This document provides an introduction and overview of the Apache Tomcat application server. It defines what an application server is and explains that Apache Tomcat is an open source implementation of Java Servlet, JSP, JSTL, and WebSocket technologies. It describes the key components of Tomcat, including Catalina, Coyote, Jasper, and how they enable Tomcat to function as a web and application server. It also provides basic installation instructions for setting up Tomcat on an Amazon EC2 instance.
Tomcat clustering allows multiple Tomcat application servers to work together as a single unit to provide scalability and high availability. There are two types of clustering: vertical scaling uses multiple servers on a single machine, while horizontal scaling uses independent servers across multiple machines for better performance. A typical Tomcat cluster uses a load balancer like Apache mod_jk for request distribution and a session replication method for shared state. Configuring a cluster involves setting up multiple Tomcat instances, configuring the load balancer and workers, and enabling session sharing if needed.
This document introduces Apache TomEE, which is Apache Tomcat combined with Java EE functionality. It discusses TomEE's core values of being small, being based on Tomcat, and being Java EE certified. It also summarizes the minimal changes required to standard Tomcat to create TomEE and notes that TomEE works with common Tomcat tools.
The document discusses using OpenSSL to improve Tomcat performance. It describes Tomcat connectors like NIO, NIO2, and APR and how the new OpenSSLImplementation replaces the default JSSE implementation. Performance tests show the OpenSSLImplementation outperforms JSSE, with NIO and NIO2 performing similarly. Throughput is highest for all connectors with larger file sizes. The OpenSSLImplementation enables features like HTTP/2 and ALPN that improve Tomcat.
The document discusses using OpenSSL to improve performance in Tomcat. It describes Tomcat connectors like NIO, NIO2, and APR and the new OpenSSL implementation. Performance tests show the OpenSSL implementation outperforms JSSE and has throughput similar to NIO and NIO2. APR is not needed. OpenSSL is currently needed for HTTP/2 support until Java 9. The presentation concludes that OpenSSL significantly boosts performance over JSSE.
Upgrading to Apache Tomcat 7 covers the key changes in upgrading from older versions of Tomcat to version 7, including specification changes to support Servlet 3.0 and new features like asynchronous servlets and annotations. It outlines new management, performance, security, deployment, and embedding capabilities in Tomcat 7. The presentation also provides an overview of WebSocket support in Tomcat 7 and future plans, as well as useful resources for more information.
Tomcat New Evolution discusses the new features introduced in Tomcat 6 and 7. Some key highlights include:
- Tomcat 6 introduced features like memory leak prevention, CSRF protection, session fixation protection, NIO connector, Comet support, logging improvements, web services support, and clustering.
- Tomcat 7 features included externalizing static resources, WebSocket support, easier embedded usage, and asynchronous logging.
- Both versions aimed to improve performance, security, and scalability through these new capabilities. Tomcat continues evolving to support newer standards and address common issues.
The document describes how to monitor Apache Tomcat application instances using Verax NMS monitoring software. It includes adding the Tomcat application to the device inventory in Verax NMS, configuring availability sensors and performance counters, and an overview of the features provided by the Verax NMS Apache Tomcat plugin for monitoring things like general information, applications, request processors, connectors and thread pools.
(ATS4-PLAT01) Core Architecture Changes in AEP 9.0 and their Impact on Admini...BIOVIA
AEP 9.0 will see several changes to the core infrastructure which will require changes to the way the server is managed as well as new deployment options that may affect the ways that protocol developers deliver content to their users. We will cover the addition of Tomcat as a new side by side service with Apache, new administration features: exporting and importing server configurations, maintenance mode, and new deployment options: HTTPS and HTTP only modes, deploying behind reverse proxies, and HTTP load balancing.
This document discusses developing and deploying client modules for platform integration. It covers logging platforms like Log4J and Splunk, cache platforms like Ehcache and Redis, and JDBC drivers for databases like MySQL, Oracle and Cubrid. It also mentions downloading MySQL JDBC drivers from the MySQL website and using them to connect to a MySQL database.
This document provides an overview of Java servlets, including what servlets are, their advantages over other technologies like CGI scripts, their lifecycle and program structure, deploying servlets on Tomcat, HTTP request methods, accessing request data, and redirecting URLs. Servlets are Java classes that extend functionality to handle HTTP requests and responses. They have advantages like faster performance than CGI scripts and reuse of the Java platform. The servlet lifecycle involves initialization, processing requests, and destruction. Servlets are deployed on a web container like Tomcat by compiling, configuring in web.xml, and placing in the webapps folder.
Mark Thomas gave a presentation on Tomcat 7 and the new features in Servlet 3.0. Some of the major changes covered included support for asynchronous processing, web fragments, dynamic configuration through programmatic additions of servlets and filters, and additional annotations. The timeline for finalizing Servlet 3.0 was discussed, as well as the current status of Tomcat 7 development to support the new specification.
Jean-Frederic Clere presented an overview of new features and changes in Apache Tomcat 8.5. Key points include: support for HTTP/2 and TLS improvements like SNI and multiple certificates; removal of outdated connectors and Comet; and internal refactoring. Tomcat 8.5 provides new capabilities ahead of Java EE 8 to support needs like HTTP/2. Users can get involved in development through the Apache SVN and mailing lists.
Tomcat is an open-source web server that implements Java servlet and JavaServer Pages (JSP) technologies to deploy web applications. The document discusses Tomcat's origins as a servlet container donated to the Apache Software Foundation by Sun Microsystems. It provides an overview of installing and running Tomcat, including setting environment variables, starting and stopping the server, and accessing applications through HTTP. The conclusion compares features of different web servers and factors to consider when selecting one.
Ansible is an open source automation tool that allows users to configure, manage, and deploy software on remote machines without requiring an agent. It uses SSH to connect to nodes and executes modules written in Python. Playbooks allow users to automate multiple tasks by defining YAML files containing a list of commands. Ansible is agentless and can manage hundreds of nodes with a single command.
(WEB401) Optimizing Your Web Server on AWS | AWS re:Invent 2014Amazon Web Services
Tuning your EC2 web server will help you to improve application server throughput and cost-efficiency as well as reduce request latency. In this session we will walk through tactics to identify bottlenecks using tools such as CloudWatch in order to drive the appropriate allocation of EC2 and EBS resources. In addition, we will also be reviewing some performance optimizations and best practices for popular web servers such as Nginx and Apache in order to take advantage of the latest EC2 capabilities.
Mule management console installation with TomcatSudha Ch
This document provides instructions for installing and configuring Tomcat and Mule ESB, deploying services on Mule, and configuring alerts. It discusses:
1. Installing Tomcat by downloading the installer, accepting licenses, choosing an installation directory, and installing Java.
2. Deploying Mule services on Tomcat by packaging the Mule application as a WAR file and copying it to Tomcat's webapps directory.
3. Configuring Mule services by creating servers and adding deployable files to the Mule repository, deploying services from the repository to servers, and creating and modifying alerts in the Mule management console.
Ansible is a configuration management and provisioning tool that automates server configuration and setup. It allows users to control remote machines via SSH without needing any client installation. Ansible uses YAML files to define variables, INI files to group hosts in an inventory, roles to execute tasks and templates, and playbooks to run a series of roles on groups of machines.
Tomcat es un servidor de aplicaciones web Java. Este documento explica cómo instalar y administrar Tomcat 6 en Debian, incluyendo el despliegue de aplicaciones a través de la interfaz web o la terminal, y la configuración de ficheros como server.xml y context.xml. También cubre temas como seguridad HTTPS, registro y referencias.
Java ee com apache tom ee e tomee+ tdc - 2014Daniel Cunha
Este documento descreve a história e o desenvolvimento do Apache TomEE e TomEE+, que fornecem suporte completo para Java EE em um pacote pequeno baseado no Tomcat. Ele começa explicando como o TomEE surgiu para preencher as lacunas do Tomcat e do OpenEJB, e desde então se tornou um superconjunto certificado do OpenEJB que incorpora componentes adicionais como MyFaces e fornece uma implementação completa do perfil web do Java EE.
Este documento describe los pasos para instalar Apache Tomcat 8 en un servidor Linux. Incluye instalar Java, descargar e instalar Tomcat, configurar el puerto, crear un usuario administrador, y probar las aplicaciones de ejemplo para verificar que Tomcat funciona correctamente.
Apache TomEE, Java EE 6 Web Profile {and more} on TomcatTomitribe
Apache TomEE combines the simplicity of Tomcat with the power of Java EE. This updated presentation traverses the world of TomEE and shows how Tomcat applications leveraging Java EE technologies can become simpler and lighter with a Java EE–certified solution built right on Tomcat. The first part jumps right into action and gives a coding tour of TomEE, including quickly bootstrapping projects, doing proper testing with Arquillian, and setting up environments. The second part gives insight into how TomEE was created and explores the budding TomEE ecosystem of tools, platforms, and the latest community advancements.
This document provides a summary of common Git commands for setting up and working with repositories, saving changes, inspecting history, undoing changes, rewriting history, syncing with remote repositories, branching, and merging. It discusses initializing and cloning repositories, adding and committing changes, viewing logs and checking out commits, reverting and resetting changes, amending commits and rebasing, fetching and pushing to remote repositories, branching, and merging branches. It also cautions against amending shared commits or force pushing to avoid overwriting others' work.
This document discusses different methods for session clustering in Tomcat, including on-premise and AWS approaches. It provides details on using L2 Multicast and DynamoDB for session management in AWS. The key steps outlined are: creating an IAM user for Tomcat to access DynamoDB, installing Tomcat on two EC2 instances, downloading and configuring the DynamoDB session manager jar, modifying the Tomcat context.xml file, creating a DynamoDB table for sessions, and testing session replication across the instances.
This document provides an overview of web service specifications and standards including SOAP, WSDL, WS-Addressing, WS-Security, WS-Reliable Messaging, and BPEL. It discusses how WS-Addressing specifies endpoints and message addressing, how WS-Security provides identification, authentication, authorization, integrity and confidentiality, and how WS-Reliable Messaging ensures reliable message delivery. It also summarizes WS-I goals of achieving interoperability and its Basic Profile 1.0 recommendations.
Jean-Frederic Clere presented on the state of HTTP/2 and SSL/TLS in Apache Tomcat, Apache Traffic Server, and Apache HTTP Server. He discussed how HTTP/2 provides benefits like header compression, request multiplexing and priority over HTTP/1.1. All three servers now support HTTP/2 through TLS, with Tomcat and HTTPD having full support and Traffic Server missing some features. Performance tests showed HTTP/2 providing higher throughput and lower CPU usage than HTTP/1.1. The presentation concluded that applications are ready to use HTTP/2 without modifications to see performance gains.
HTTP/2, HTTP/3 and SSL/TLS State of the Art in Our ServersJean-Frederic Clere
Jean-Frederic Clere presented on HTTP/2, HTTP/3 and SSL/TLS in servers. He discussed the latest developments in HTTP/3 using QUIC and TLS 1.3 over UDP. For HTTP/2, he covered implementations in Apache Tomcat, Apache HTTP Server, and Traffic Server. He demonstrated improved performance of HTTP/2 over HTTP/1.1 and discussed configuration requirements and options for enabling HTTP/2 in each server. The presentation concluded that HTTP/2 is ready for production use without server modifications to realize performance gains.
Eduardo Silva is an open source engineer at Treasure Data working on projects like Fluentd and Fluent Bit. He created the Monkey HTTP server, which is optimized for embedded Linux and has a modular plugin architecture. He also created Duda I/O, a scalable web services stack built on top of Monkey using a friendly C API. Both projects aim to provide lightweight, high performance solutions for collecting and processing data from IoT and embedded devices.
The document discusses moving a Tomcat cluster to the cloud. It describes how Tomcat uses multicast for session replication in a cluster, but this does not work in the cloud. The solution presented uses the Kubernetes API to discover cluster nodes instead of multicast, allowing session replication to function in OpenShift. The architecture includes a DynamicMembershipService that refreshes the node list from a KubernetesMemberProvider accessing the Kubernetes API. This allows a Tomcat cluster to run in OpenShift with external session replication.
Netty is used extensively at Apple for building scalable networking services. Some key points:
- Netty is used in over 400,000 instances processing 10s of petabytes of data and 10s of millions of requests per second.
- Apple engineers contribute back to Netty's open source development, submitting over 250 commits in one year.
- The native Netty implementation optimized for Linux provides significantly better performance than the Java NIO implementation, reducing garbage collection pressure and memory fragmentation.
The Cisco Open SDN Controller is a commercial distribution of OpenDaylight that delivers business agility through automation of standards-based network infrastructure.
Built as a highly scalable software-defined networking (SDN) platform, the Open SDN Controller abstracts away the complexity of managing heterogeneous networks to improve service delivery and reduce operating costs.
The controller exposes REST APIs to allow other applications to take advantage capabilities of the controller and unlock the power of the underlying network infrastructure, and JAVA APIs to allow for the creation of new network services.
This session will present the basic constructs of the controller and the capabilities of the REST and JAVA APIs to demonstrate how the Open SDN Controller abstracts away the complexity of managing heterogeneous networks to improve service delivery and reduce operating costs.
OpenShift 4.6 introduces several new features:
- Bare metal installation is now generally available using the new installer-provisioned infrastructure (IPI) which fully automates OpenShift installation on bare metal nodes.
- OpenShift can now be deployed on the AWS GovCloud and Microsoft Azure Government clouds to support sensitive government workloads.
- Extended update support is provided for OpenShift 4.6 through May 2022 along with support for layered products and add-ons like OpenShift Logging and Container Storage.
Python And The MySQL X DevAPI - PyCaribbean 2019Dave Stokes
The document discusses the MySQL X DevAPI and how it allows developers to work with MySQL as a document store using a modern programming style. Some key points:
- X DevAPI wraps powerful concepts in a simple API, allowing applications to establish logical sessions to MySQL server instances running the X Plugin without code changes for single or clustered deployments.
- Documents are stored in Collections and CRUD (create, read, update, delete) operations can be performed on them directly rather than embedding SQL strings.
- An example Python program uses the MySQL Connector/Python library to connect to a MySQL server, retrieve a document from a collection using a filter, and print the result.
- The emphasis is on working
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)Ericom Software
WebSockets couples the performance and flexibility of TCP with the reach of HTTP Prediction: WebSockets will replace simple TCP as preferred underlying protocol.
To see how Websockets are used in a popular HTML5-based remote access solution, by visiting the following URL: http://j.mp/1luquBQ
We're talking about serious log crunching and intelligence gathering with Elastic, Logstash, and Kibana.
ELK is an end-to-end stack for gathering structured and unstructured data from servers. It delivers insights in real time using the Kibana dashboard giving unprecedented horizontal visibility. The visualization and search tools will make your day-to-day hunting a breeze.
During this brief walkthrough of the setup, configuration, and use of the toolset, we will show you how to find the trees from the forest in today's modern cloud environments and beyond.
This document summarizes experiences from a proof of concept (PoC) federated STUN/TURN service. Key points include:
- The PoC used STUN, TURN, and ICE to enable real-time communications across firewalls and NATs.
- It explored different authentication methods like long-term credentials, REST APIs, and OAuth.
- The distributed service was deployed across multiple research networks in Europe.
- Lessons learned from the PoC included designing for security, using open source components, and supporting multiple authentication standards.
Balázs Bucsay - XFLTReaT: Building a Tunnelhacktivity
XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and offers the capability to the users to take care of only those things that matter. It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol or to deal with interfaces and routing. Any protocol can be converted to a module, which works in a plug-and-play fashion; authentication and encryption can be configured and customised on all traffic and it is also worth mentioning that the framework was designed to be easy to configure, use and develop. In case there is a need to send packets over ICMP, RDP or SSH then this can be done in a matter of minutes, instead of developing a new tool from scratch. The potential use (or abuse) cases are plentiful, such as bypassing network restrictions of an ISP, the proxy of a workplace or obtaining Internet connectivity through bypassing captive portals in the middle of the Atlantic Ocean or at an altitude of 12km on an airplane.
This framework is not just a tool; it unites different technologies in the field of tunnelling. It will be show how to tunnel data over a Windows jumpbox utilising RDP (including the dirty low level "secrets") or how to exfiltrate data over ICMP from barely secured networks. We have simplified the whole process and created a framework that is responsible for everything but the communication itself, we rethought the old way of tunnelling and tried to give something new to the community. After the initial setup the framework takes care of everything. With the check functionality we can even find out, which module can be used on the network, there is no need for any low-level packet fu and hassle. I guarantee that you won’t be disappointed with the tool and the talk, actually you will be richer with an open-source tool.
This document provides an overview of a hands-on workshop on the Constrained Application Protocol (CoAP). It outlines the agenda which includes introductions to CoAP, the Californium CoAP framework, and hands-on projects. Attendees will work through example CoAP client and server code using the Californium libraries and test their implementations. Advanced CoAP topics like security, proxies, and resource directories are also discussed.
The document provides an overview of adding IEEE 802.15.4 and 6LoWPAN support to an embedded Linux device. It discusses the motivation, including the header size problem in IEEE 802.15.4 frames and how 6LoWPAN addresses this. It then describes the Linux-wpan project, supported hardware, configuration tools, and communication with RIOT and Contiki operating systems.
PLNOG16: Obsługa 100M pps na platformie PC, Przemysław Frasunek, Paweł Mała...PROIDEA
Modern CPUs have many cores and advanced instruction sets like AVX that allow performing multiple operations simultaneously. To handle 100 million packets per second, a platform needs network interfaces with speeds of at least 10 Gbps and a PCIe bus and memory fast enough to keep up. The Linux networking stack is not optimized for these speeds, so achieving line rate requires implementing the network processing in userspace using techniques like DPDK that avoid kernel overhead.
Camel K allows building and deploying Apache Camel integration applications on Kubernetes in about 1 second. It provides a lightweight runtime for Camel on Kubernetes that enables low-code/no-code integration using Camel's Java DSL. Camel K applications can take advantage of serverless capabilities provided by Knative like autoscaling and scaling to zero. Quarkus is a Kubernetes-native Java stack that provides a minimal footprint and container-first experience for building microservices. It works well with Camel/Camel K by enabling native compilation of Camel routes for very fast startup times and low memory usage.
The venerable Servlet Container still has some performance tricks up its sleeve - this talk will demonstrate Apache Tomcat's stability under high load, describe some do's (and some don'ts!), explain how to performance test a Servlet-based application, troubleshoot and tune the container and your application and compare the performance characteristics of the different Tomcat connectors. The presenters will share their combined experience supporting real Tomcat applications for over 20 years and show how a few small changes can make a big, big difference.
From Fixed-Function to Programmable Switching Chip for Network Packet Broker ...Junho Suh
Junho Suh presented on developing a network packet broker using programmable switching chips. He discussed limitations of fixed-function switching ASICs and how using a programmable chip like Tofino and the P4 language allows building flexible packet processing pipelines. The current work involves designing a P4 program to implement network packet broker functionality, integrating it with OpenSwitch, and testing it with 5G probes. Future work may include stateful registers, offloading NetFlow generation, and layer 7 matching.
Panama is a Java project that provides a foreign function interface for calling native code more safely than with JNI. The document discusses using Panama to call the OpenSSL library from Java code to provide TLS functionality for the Apache Tomcat web server. It describes generating wrapper code with the Jextract tool, designing the code to match OpenSSL's lifecycle model, and addressing challenges like API changes. Initial performance tests showed it was around 10% slower than JNI, but custom Java 19 builds reduced this to 5%. The roadmap aims for a stable integrated version supporting OpenSSL and working out of the box on Java 22.
The document discusses proxying Tomcat with Apache HTTPD. It covers proxy protocols like AJP, HTTP/1.1, HTTP/2, and others. It discusses when to use each protocol and the advantages and limitations. It provides configuration examples for mod_jk, mod_proxy_ajp, mod_proxy_http, and HTTP/2. It also discusses HTTPS/TLS proxying and provides examples of encrypting traffic between httpd and Tomcat as well as getting client certificates. The document concludes with a demo of these various proxy configurations.
01_clere_Having fun with a solar panel, camera and raspberry. How with a few ...Jean-Frederic Clere
This document discusses how the presenter created an Internet of Things (IoT) project using a Raspberry Pi, solar panel, and camera for under $100. It started as a way to reuse old Raspberry Pis but faced issues with battery life. The presenter then developed a solution using a MOSFET, ATTiny microcontroller, and shell scripts to power off the Pi when battery voltage is low to extend battery life. The current version can send sensor and camera data over WiFi to a server when powered by a small solar panel and battery. The code and instructions are available online for others to replicate the project.
This document discusses running Kubernetes on Raspberry Pi 4 boards to create a low-cost Kubernetes cloud. It describes setting up the infrastructure including an HTTP server, DHCP server, and DNS registry. It then covers building a custom Raspberry Pi 4 kernel, installing it on the boards, and configuring WiFi. Next, it discusses deploying Kubernetes with one master node and two worker nodes. Finally, it demonstrates running a multi-container Tomcat application on the Kubernetes cluster.
This document summarizes Jean-Frederic Clere's presentation on moving a Tomcat cluster to the cloud. It discusses session replication in Tomcat clusters and challenges in the cloud like lack of multicast. It introduces solutions like KUBEPing and DNSPing that enable peer discovery through the Kubernetes API and DNS lookups. The presentation demonstrates these solutions in Katacoda tutorials and shows an operator that automates deployment. It aims to make Tomcat highly available in cloud environments like Kubernetes.
This document discusses Apache httpd reverse proxies and Tomcat. It covers why to use a proxy, common proxy protocols like AJP, HTTP/HTTPS, and HTTP/2. It also provides configuration examples for mod_jk, mod_proxy_ajp, and mod_proxy_http when using Apache httpd as a reverse proxy for Tomcat. Performance comparisons are shown between mod_jk, mod_proxy, and Nginx. The document concludes that a proxy is useful for load balancing, protocol upgrades, and SSL termination between the application server and internet.
This document summarizes a presentation on TLS/SSL certificates validation with Apache httpd. It covers TLS basics, client and server certificates signed by a CA like Let's Encrypt, mod_md for automating certificate renewal, OCSP stapling for revocation checking, and demos of httpd configuration for certificates. It also discusses TLS 1.3 changes, Let's Encrypt, and upcoming support for ACME v2 in mod_md and httpd.
This document discusses moving a Tomcat cluster to the cloud. It begins with an introduction of the speaker and overview of sessions replication in a Tomcat cluster. It then covers challenges in moving a cluster to the cloud due to lack of multicast support and proposes a solution using Kubernetes APIs for peer discovery. The rest of the document demonstrates setting up Tomcat on OpenShift/Kubernetes, including creating Docker images, configuring roles and users, and deploying Tomcat pods. It ends with suggestions for next steps in building an on-premise cloud and links to further resources.
This document discusses moving a Tomcat cluster that uses session replication to the cloud. It begins with an overview of session replication in a Tomcat cluster. The challenges of replicating sessions in the cloud are discussed, where multicast is not available. An external session replication solution is proposed that uses Kubernetes' API to discover cluster nodes, instead of multicast. The document provides code samples and steps to set up a proof of concept Tomcat cluster on Raspberry Pi nodes using Kubernetes and Docker. It summarizes the key components needed and issues to address in migrating a Tomcat cluster configuration to the cloud.
The document discusses Jean-Frederic Clere's work with various Raspberry Pi and Apache projects. It begins with an introduction and agenda, then covers using a Raspberry Pi 3 with Fedora 24 to set up an access point, install Java and Tomcat, and demonstrate HTTP/2. It also discusses using Astro Hats and ActiveMQ with the Raspberry Pi, as well as using Industruinos for industrial applications and connecting to ActiveMQ via Modbus. The document promotes Apache projects like MyNewt and Edgent as well as provides references for learning more.
The document shows performance test results of different file sizes ranging from 4KiB to 1MiB using three Apache Tomcat connectors: coyote_apr_https, coyote_nio_jssehttps, and coyote_nio_opensslhttps. The results are presented in two graphs displaying file size on the x-axis and throughput in kilobytes per second on the y-axis for both Native 1.2.8 and Native 1.2.8 improvements.
Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. ITSarthak Sobti
Network Security and Cyber Laws
Detailed Course Content
Unit 1: Introduction to Network Security
- Introduction to Network Security
- Goals of Network Security
- ISO Security Architecture
- Attacks and Categories of Attacks
- Network Security Services & Mechanisms
- Authentication Applications: Kerberos, X.509 Directory Authentication Service
Unit 2: Application Layer Security
- Security Threats and Countermeasures
- SET Protocol
- Electronic Mail Security
- Pretty Good Privacy (PGP)
- S/MIME
- Transport Layer Security: Secure Socket Layer & Transport Layer Security
- Wireless Transport Layer Security
Unit 3: IP Security and System Security
- Authentication Header
- Encapsulating Security Payloads
- System Security: Intruders, Intrusion Detection System, Viruses
- Firewall Design Principles
- Trusted Systems
- OS Security
- Program Security
Unit 4: Introduction to Cyber Law
- Cyber Crime, Cyber Criminals, Cyber Law
- Object and Scope of the IT Act: Genesis, Object, Scope of the Act
- E-Governance and IT Act 2000
- Legal Recognition of Electronic Records
- Legal Recognition of Digital Signatures
- Use of Electronic Records and Digital Signatures in Government and its Agencies
- IT Act in Detail
- Basics of Network Security: IP Addresses, Port Numbers, and Sockets
- Hiding and Tracing IP Addresses
- Scanning: Traceroute, Ping Sweeping, Port Scanning, ICMP Scanning
- Fingerprinting: Active and Passive Email
Unit 5: Advanced Attacks
- Different Kinds of Buffer Overflow Attacks: Stack Overflows, String Overflows, Heap and Integer Overflows
- Internal Attacks: Emails, Mobile Phones, Instant Messengers, FTP Uploads, Dumpster Diving, Shoulder Surfing
- DOS Attacks: Ping of Death, Teardrop, SYN Flooding, Land Attacks, Smurf Attacks, UDP Flooding
- Hybrid DOS Attacks
- Application-Specific Distributed DOS Attacks
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Cloud computing is revolutionizing the digital age by providing organizations with efficiency and flexibility globally. However, there are drawbacks to this convenience as well. Renowned Miami expert Alec Kassir highlights the growing significance of comprehending and reducing cloud-based security risks.
EASY TUTORIAL OF HOW TO USE CiCi AI BY: FEBLESS HERNANE Febless Hernane
Cici AI simplifies tasks like writing and research with its user-friendly platform. Users sign up, input queries, customize responses, and edit content as needed. It offers efficient saving and exporting options, making it ideal for enhancing productivity through AI assistance.
10 Conversion Rate Optimization (CRO) Techniques to Boost Your Website’s Perf...Web Inspire
What is CRO?
Conversion Rate Optimization, or CRO, is the process of enhancing your website to increase the percentage of visitors who take a desired action. This could be anything from purchasing a product to signing up for a newsletter. Essentially, CRO is about making your website more effective in turning visitors into customers.
Why is CRO Important?
CRO is crucial because it directly impacts your bottom line. A higher conversion rate means more customers and revenue without needing to increase your website traffic. Plus, a well-optimized site improves user experience, which can lead to higher customer satisfaction and loyalty.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Decentralized Justice in Gaming and EsportsFederico Ast
Discover how Kleros is transforming the landscape of dispute resolution in the gaming and eSports industry through the power of decentralized justice.
This presentation, delivered by Federico Ast, CEO of Kleros, explores the innovative application of blockchain technology, crowdsourcing, and incentivized mechanisms to create fair and efficient arbitration processes.
Key Highlights:
- Introduction to Decentralized Justice: Learn about the foundational principles of Kleros and how it combines blockchain with crowdsourcing to develop a novel justice system.
- Challenges in Traditional Arbitration: Understand the limitations of conventional arbitration methods, such as high costs and long resolution times, particularly for small claims in the gaming sector.
- How Kleros Works: A step-by-step guide on the functioning of Kleros, from the initiation of a smart contract to the final decision by a jury of peers.
- Case Studies in eSports: Explore real-world scenarios where Kleros has been applied to resolve disputes in eSports, including issues like cheating, governance, player behavior, and contractual disagreements.
- Practical Implementation: Detailed walkthroughs of how disputes are handled in eSports tournaments, emphasizing speed, cost-efficiency, and fairness.
- Enhanced Transparency: The role of blockchain in providing an immutable and transparent record of proceedings, ensuring trust in the resolution process.
- Future Prospects: The potential expansion of decentralized justice mechanisms across various sectors within the gaming industry.
For more information, visit kleros.io or follow Federico Ast and Kleros on social media:
• Twitter: @federicoast
• Twitter: @kleros_io
2. 2
AGENDA
• Who I am
• New features required by specifications
• Tomcat specific new features
• Tomcat features removed
• Internal changes
• Why Apache Tomcat 8.5?
• HTTP/2 and ALPN
• SNI
• OpenSSLImplementation
• Migration from 8.0 to 8.5
• Get involved
• Questions
3. 3
Who I am
Jean-Frederic Clere
Red Hat
Years writing JAVA code and server software
Tomcat committer since 2001
Doing OpenSource since 1999
Cyclist/Runner etc
Lived 15 years in Spain (Barcelona)
Now in Neuchâtel (CH)
8. 8
Specifications
HTTP2
●
HTTP/2 requires some TLS features
●
Server Name Indication (SNI)
●
Application Layer Protocol Negotiation (ALPN)
●
Full support
●
8.5.3 considered stable.
●
h2c available (for proxies)
●
h2 requires APR/native/OpenSSL due to ALPN
requirements
●
Server push available
9. 9
Specifications
Servlet 4.0 HTTP2
●
Java EE 8 must run on Java 8
●
Java EE 8 requires Servlet 4.0
●
Servlet 4.0 requires HTTP/2
●
HTTP/2 requires ALPN
●
Java 8 does not, and will not, support ALPN
●
ALPN support should be available from Java 9
10. 10
Specifications
Other
●
WebSocket 1.2 (keep 1.1?)
●
Standard extension for compression/multiplexing?
●
JSP 2.4 (keep 2.3?)
●
Imports to clarify (EL 3.0 related)
●
EL 3.1 (keep 3.0?)
●
Only minor improvements/clarifications needed
●
JASPIC 1.1 (New!)
●
Java Authentication Service Provider Interface for
Containers. For OAuth
11. 11
Tomcat New Features
TLS support improvements (1)
●
Major rewrite of TLS support
●
Tomcat 8 supports
●
one TLS virtual host per connector
●
one certificate per virtual host
●
Tomcat 9 supports
●
multiple virtual hosts per connector (SNI)
●
multiple certificates per virtual host
●
TLS configuration has changed to support this
12. 12
Tomcat New Features
TLS support improvements (2)
●
SNI and multiple certificates supported by all connectors
●
APR/native support via the OpenSSL API
●
JSSE support via parsing the initial handshake
●
ALPN supported by APR/native or OpenSSLImplementation
●
JSSE support is currently TBD
●
Common (where possible) configuration for all connectors
●
Some JSSE / OpenSSL differences remain.
• OpenSSL engine option of NIO and NIO2 connectors
• Allows openssl performance with NIO/NIO2 APIs
• Use automagically when tc-native is installed.
13. 13
Tomcat Removed Features
Old blocking O/I connectors...
●
BIO HTTP and BIO AJP connectors
●
Websocket and Servlet 3.1 require non-blocking IO
●
Emulation of non-blocking bad:
• Complex
• No scalable
• Risky: stuff that might break.
• Decision remove them.
• Still 3 connectors:
• NIO default connectors
• NIO2 introducted in Tomcat8
• APR/Native still available. (require native libraries)
14. 14
Tomcat Removed Features
Comet
●
Proprietary interface for asynchronous I/O
●
Users are moving (have moved) to WebSocket
●
Adds complexity to all the connectors
●
Therefore decided to remove it
15. 15
Internal Changes
Connectors
●
Removed
●
BIO
●
Comet
●
Reduce duplication
●
HTTP upgrade from 12 classes to 3
●
HTTP/1.1 cleanup = removed ~ 50% (~2500 loc)
●
AJP 1.3 cleanup = remove ~ 30%
●
No connector specific HTTP/2 code
●
Implementation specific per connector → Endpoint
●
Implementation specific per connection → SocketWrapper
16. 16
Internal Changes
Websocket
● Refactored I/O implementation
● Direct to Tomcat’s I/O layer
● Not via Servlet 3.1 non-blocking API
● Simpler
● Faster
● Extension support likely to require further refactoring?
17. 17
Internal Changes
Other
● Remove use of system properties for configuration
● Move to per Context / Host / Server / Connector
● keep the system property as a default
● Made RFC 6265 CookieProcessor the default
● Note UTF-8 extension
18. 18
Why Tomcat 8.5?
EE8 late...
● Tomcat 9 stable release is tied to the release of Java EE 8
● Java EE 8 has been repeatedly delayed
● Currently delayed until at least H1 2017
● Don't want users to have to wait another year+ to get
access our new features:
● HTTP/2
● OpenSSL encryption for JSSE
● TLS virtual hosting
● JASPIC
● Hence, Tomcat 8.5...
19. 19
What is Tomcat 8.5?
Tomcat 9.0.0.M4...
● Started from Apache Tomcat 9.0.0M4
● Reverted all Servlet 4.0 API changes
● Reworked code that required Java 8
● Tomcat specific Push Server API
● Configuration compatible with 8.0.x
● “big” removal:
● Comet (migrate to WebSocket)
● BIO (Connector… probably not noticed)
• We might reintroduce stuff if needed (no one asked till
now)
20. 20
Tomcat 8.5 timing
Possible roadmap
● 6 months of 8.0.x and 8.5.x
● Extended if needed.
● ~ one month between releases
● ~ after no more 8.0.x releases
● First 8.5 release 24 March 2016
● Current release: 8.5.3 stable
● Expect last 8.0.x around end of September 2016.
22. 22
HTTP/2 general
• HTTP/2:
• Binary
• Frame
• Multiplex
• Based on SPDY
• TLS everywhere:
• Browers use https and strong ciphers
• No forward proxy
• h2c: Clear text only with reverse proxy (proxy to back-end
server)
23. 23
HTTP/2 generalHTTP/2 general
• Two specifications:
• Hypertext Transfer Protocol version 2 - RFC7540
• HPACK - Header Compression for HTTP/2 - RFC7541
• By the Internet Engineering Task Force
• ALPN Application-Layer Protocol Negotiation - RFC 7301
25. 25
HTTP/2 : more
• HTTP headers compression
• ~ 80 % save
• Request priority
• Both sides
• Server Push
• Prevents round trips to get page elements.
• Faster / better rendering on browsers.
26. 26
HTTP/2 When Browsers
• Browser with HTTP/2 and TLS
• FireFox 34
• Chrome 40 (with ALPN before was NPN)
• IE 11
• Opera and Safari 9
• Stats from docs.trafficserver and ci.trafficserver:
• More than 50% is over HTTP/2 (data from April)
• → go for it now!
30. 30
Tomcat / configuration
In bin/setenv.sh:
LD_LIBRARY_PATH=/home/jfclere/tomcat-native/native/.libs
export LD_LIBRARY_PATH
And the libtcnative-1.so linked with openssl-1.0.2c, checking with ldd:
libssl.so.1.0.0 => /home/jfclere/OPENSSL-1.0.2c/lib/libssl.so.1.0.0 (0x00007f6ab147b000)
libcrypto.so.1.0.0 => /home/jfclere/OPENSSL-1.0.2c/lib/libcrypto.so.1.0.0 (0x00007f6ab1028000)
libapr-1.so.0 => /home/jfclere/APR-1.4.x/lib/libapr-1.so.0 (0x00007f6ab0dfa000)
Usually the openssl of recent distribution (fedora 23) will work.
33. 33
Tomcat / Demo
• No server push (may be change it: SimpleImagePush)
• Multiplexing
• headers compression
• Page html page:
• That requires a lot (~1000) of (~4Kbytes) images to
render.
36. 36
Tomcat / Demo
• 2 pairs of key/certificate
• local1.com
• local2.com
• /etc/hosts
• 127.0.0.1 localhost local1.com local2.com
• SNI allows to select the right key/certificate
37. 37
Why a new SSLImplementation
• JSSE:
• Very slow
• Missing features: like ALPN (JEP 244: TLS Application-Layer Protocol
Negotiation)
• Hardware acceleration used to be very partial (like AES in early java8)
• Native connector:
• Fast but a lot of native code
• Use OpenSSL for SSL/TLS.
• New OpenSSL implemetation:
• Fast.
• Uses only a OpenSSL for native code (no native socket, poller etc).
• Works with NIO and NIO2.
• Uses OpenSSL for SSL/TLS. (warp, unwarp, handshake etc).
38. 38
OpenSSLImplementation
• Code orginates from netty-tcnative a forked Tomcat
Native
• Prototype (last year):
• Done with the BeFriNe University
• Tested and ported to tc_trunk last summer
• SSL Configuration compatible with the JSSE
configuration style (*)
• Uses keystores (*)
• Uses SSL BIO to wrap/unwarp, handshake
• Uses java NIO or NIO2 Sockets for the reads and writes
• Automatically enabled when TC native is
installed/enabled (*)
39. 39
How TLS is done in Tomcat
Tomcat
JSSE Con.
Javastdlib
JSSE SSL Engine
NIO/NIO2
Tomcat Native
APR JNIs
Webserver
APR Internals
APR Connector
OpenSSL OS Sockets
JavaC/Native
Webserver
OpenSSL Impl.
40. 40
How does that works
SSLContext
JSSESSLContext OpenSSLContext
SSLEngine
SSLContext
OpenSSLEngine
createSSLEngine() createSSLEngine()
wrap()
unwrap()
getSession()
etc...
Overrides
41. 41
How does wrap works
wrap(plaintext, encrypted)
internalBIO networkBIO
BIO_new_bio_pair
SSL_set_bio
writePlainTextData
write_ToSSL
SSL_write
readEncryptedData
readFromBIO
BIO_read
42. 42
How does unwrap works
unwrap(encrypted, plaintext)
internalBIO networkBIO
BIO_new_bio_pair
SSL_set_bio
writeEncryptedData
writeToBIO
BIO_write
readPlaintextData
readFromSSL
SSL_read
45. 45
Migration from Apache Tomcat 8.0.x
● Aiming to make it a seamless process for most users
● Some users will have some work to do
● Configuration files can be re-used
● Will need migration to use new TLS features
● Some removed features will not be replaced
● Comet (Stick with final 8.0, revert 7.0 or migrate WebSocket)
● Work arounds may be added for some removed features
● BIO
● Removed deprecated code may be restored
● Manager, Context, RealmBase
46. 46
GET INVOLVED
Help is welcomed ;-)
• SVN:
• http://svn.apache.org/repos/asf/tomcat/tc8.5.x/trunk/
• http://svn.apache.org/repos/asf/tomcat/trunk/
• MAIL LISTS:
• dev@tomcat.apache.org Dev list.
• users@tomcat.apache.org Users list.
• WIKI:
• http://wiki.apache.org/tomcat/FrontPage