| Links User Guide Reference Apache Tomcat Development | Apache Portable Runtime (APR) based Native library for Tomcat| Introduction |  | 
  
      Tomcat can use the Apache Portable Runtime to
      provide superior scalability, performance, and better integration with native server
      technologies. The Apache Portable Runtime is a highly portable library that is at
      the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced IO
      functionality (such as sendfile, epoll and OpenSSL), OS level functionality (random number
      generation, system status, etc), and native process handling (shared memory, NT
      pipes and Unix sockets).
   
      These features allows making Tomcat a general purpose webserver, will enable much better
      integration with other native web technologies, and overall make Java much more viable as
      a full fledged webserver platform rather than simply a backend focused technology.
   | 
 | Installation |  | 
    
      APR support requires three main native components to be installed:
     
      APR libraryJNI wrappers for APR used by Tomcat (libtcnative)OpenSSL libraries | Windows |  | 
    
      Windows binaries are provided for tcnative-1, which is a statically compiled .dll which includes
      OpenSSL and APR. It can be downloaded from here
      as 32bit or AMD x86-64 binaries.
      In security conscious production environments, it is recommended to use separate shared dlls
      for OpenSSL, APR, and libtcnative-1, and update them as needed according to security bulletins.
      Windows OpenSSL binaries are linked from the Official OpenSSL
      website (see related/binaries).
     | 
 | Linux |  | 
    
      Most Linux distributions will ship packages for APR and OpenSSL. The JNI wrapper (libtcnative) will
      then have to be compiled. It depends on APR, OpenSSL, and the Java headers.
     
      Requirements:
     
      APR 1.2+ development headers (libapr1-dev package)OpenSSL 0.9.7+ development headers (libssl-dev package)JNI headers from Java compatible JDK 1.4+GNU development environment (gcc, make) 
      The wrapper library sources are located in the Tomcat binary bundle, in the
      bin/tomcat-native.tar.gzarchive.
      Once the build environment is installed and the source archive is extracted, the wrapper library
      can be compiled using (from the folder containing the configure script): ./configure && make && make install
 | 
 | 
 | APR Components |  | 
  
    Once the libraries are properly installed and available to Java (if loading fails, the library path
    will be displayed), the Tomcat connectors will automatically use APR. Configuration of the connectors
    is similar to the regular connectors, but have a few extra attributes which are used to configure
    APR components. Note that the defaults should be well tuned for most use cases, and additional
    tweaking shouldn't be required.
   
    When APR is enabled, the following features are also enabled in Tomcat:
   
    Secure session ID generation by default on all platforms (platforms other than Linux required
        random number generation using a configured entropy)OS level statistics on memory usage and CPU usage by the Tomcat process are displayed by
        the status servlet | 
 | APR Lifecycle Listener Configuration |  | 
    | AprLifecycleListener |  | 
    | Attribute | Description | 
|---|
 | SSLEngine | 
      Name of the SSLEngine to use. off: Do not use SSL, on: Use SSL but no specific ENGINE.
      The default value is on.
      This initializes the native SSL engine, then enable the use of this engine in the connector
      using the SSLEnabledattribute. Example: <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
See the Official OpenSSL
       website for more details on SSL hardware engines and manufacturers.
     | 
 | 
 | 
 | APR Connectors Configuration |  | 
    | HTTP/HTTPS |  | 
      For HTTP configuration, see the HTTP
      connector configuration documentation. For HTTPS configuration, see the
      HTTPS connector configuration
      documentation. An example SSL Connector declaration is: <Connector port="443" maxHttpHeaderSize="8192"
                 maxThreads="150"
                 enableLookups="false" disableUploadTimeout="true"
                 acceptCount="100" scheme="https" secure="true"
                 SSLEnabled="true"
                 SSLCertificateFile="${catalina.base}/conf/localhost.crt"
                 SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" />
 | 
 | AJP |  | 
      For AJP configuration, see the AJP
      connector configuration documentation. | 
 | 
 |