<?xml version="1.0"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!DOCTYPE document [
<!ENTITY project SYSTEM "project.xml">
]>
<document url="http.html">
&project;
<properties>
<author email="craigmcc@apache.org">Craig R. McClanahan</author>
<author email="yoavs@apache.org">Yoav Shapira</author>
<title>The HTTP Connector</title>
</properties>
<body>
<section name="Table of Contents">
<toc/>
</section>
<section name="Introduction">
<p>The <strong>HTTP Connector</strong> element represents a
<strong>Connector</strong> component that supports the HTTP/1.1 protocol.
It enables Catalina to function as a stand-alone web server, in addition
to its ability to execute servlets and JSP pages. A particular instance
of this component listens for connections on a specific TCP port number
on the server. One or more such <strong>Connectors</strong> can be
configured as part of a single <a href="service.html">Service</a>, each
forwarding to the associated <a href="engine.html">Engine</a> to perform
request processing and create the response.</p>
<p>If you wish to configure the <strong>Connector</strong> that is used
for connections to web servers using the AJP protocol (such as the
<code>mod_jk 1.2.x</code> connector for Apache 1.3), see
<a href="ajp.html">here</a> instead.</p>
<p>Each incoming request requires
a thread for the duration of that request. If more simultaneous requests
are received than can be handled by the currently available request
processing threads, additional threads will be created up to the
configured maximum (the value of the <code>maxThreads</code> attribute).
If still more simultaneous requests are received, they are stacked up
inside the server socket created by the <strong>Connector</strong>, up to
the configured maximum (the value of the <code>acceptCount</code>
attribute). Any further simultaneous requests will receive "connection
refused" errors, until resources are available to process them.</p>
</section>
<section name="Attributes">
<subsection name="Common Attributes">
<p>All implementations of <strong>Connector</strong>
support the following attributes:</p>
<attributes>
<attribute name="allowTrace" required="false">
<p>A boolean value which can be used to enable or disable the TRACE
HTTP method. If not specified, this attribute is set to false.</p>
</attribute>
<attribute name="emptySessionPath" required="false">
<p>If set to <code>true</code>, all paths for session cookies will be set
to <code>/</code>. This can be useful for portlet specification implementations.
If not specified, this attribute is set to <code>false</code>.<br/>
A side effect to setting this to true, is that if Tomcat creates a new session it will attempt to use the
cookie session id if supplied by the client.<br/>
<a href="http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/Request.java?diff_format=h&view=log#rev303682">SVN check in</a><br/>
<a href="http://tomcat.markmail.org/search/?q=emptysessionpath%20reuse#query:emptysessionpath%20reuse%20date%3A200502%20+page:1+mid:2bocwjhn3cczsoii+state:results">Dev discussion</a><br/>
<a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=47298">Work around</a>
</p>
</attribute>
<attribute name="enableLookups" required="false">
<p>Set to <code>true</code> if you want calls to
<code>request.getRemoteHost()</code> to perform DNS lookups in
order to return the actual host name of the remote client. Set
to <code>false</code> to skip the DNS lookup and return the IP
address in String form instead (thereby improving performance).
By default, DNS lookups are disabled.</p>
</attribute>
<attribute name="maxHeaderCount" required="false">
<p>The maximum number of headers in a request that are allowed by the
container. A request that contains more headers than the specified limit
will be rejected. A value of less than 0 means no limit.
If not specified, a default of 100 is used.</p>
</attribute>
<attribute name="maxParameterCount" required="false">
<p>The maximum number of parameters (GET plus POST) which will be
automatically parsed by the container. A value of less than 0 means no
limit. If not specified, a default of 10000 is used. Note that
<code>FailedRequestFilter</code> <a href="filter.html">filter</a> can be
used to reject requests that hit the limit.</p>
</attribute>
<attribute name="maxPostSize" required="false">
<p>The maximum size in bytes of the POST which will be handled by
the container FORM URL parameter parsing. The limit can be disabled by
setting this attribute to a value less than or equal to 0.
If not specified, this attribute is set to 2097152 (2 megabytes).</p>
</attribute>
<attribute name="maxSavePostSize" required="false">
<p>The maximum size in bytes of the POST which will be saved/buffered by
the container during FORM or CLIENT-CERT authentication. For both types
of authentication, the POST will be saved/buffered before the user is
authenticated. For CLIENT-CERT authentication, the POST is buffered for
the duration of the SSL handshake and the buffer emptied when the request
is processed. For FORM authentication the POST is saved whilst the user
is re-directed to the login form and is retained until the user
successfully authenticates or the session associated with the
authentication request expires. The limit can be disabled by setting this
attribute to -1. Setting the attribute to zero will disable the saving of
POST data during authentication. If not specified, this attribute is set
to 4096 (4 kilobytes).</p>
</attribute>
<attribute name="parseBodyMethods" required="false">
<p>A comma-separated list of HTTP methods for which request
bodies will be parsed for request parameters identically
to POST. This is useful in RESTful applications that want to
support POST-style semantics for PUT requests.
Note that any setting other than <code>POST</code> causes Tomcat
to behave in a way that does against the intent of the servlet
specification.
The HTTP method TRACE is specifically forbidden here in accordance
with the HTTP specification.
The default is <code>POST</code></p>
</attribute>
<attribute name="port" required="true">
<p>The TCP port number on which this <strong>Connector</strong>
will create a server socket and await incoming connections. Your
operating system will allow only one server application to listen
to a particular port number on a particular IP address.</p>
</attribute>
<attribute name="protocol" required="false">
<p>
Sets the protocol to handle incoming traffic.
The default value is <code>HTTP/1.1</code> and configures the
<code>org.apache.coyote.http11.Http11Protocol</code>. This is the blocking Java connector.<br/>
If the <code>PATH</code> (Windows) or <code>LD_LIBRARY_PATH</code> (on most unix systems)
environment variables contain the Tomcat native library, the APR connector
will automatically be configured. Please be advised that the APR connector has different
settings for HTTPS than the default Java connector.<br/>
Other values for this attribute are, but not limited to:<br/>
<code>org.apache.coyote.http11.Http11Protocol</code> - same as HTTP/1.1<br/>
<code>org.apache.coyote.http11.Http11NioProtocol</code> - non blocking Java connector<br/>
<code>org.apache.coyote.http11.Http11AprProtocol</code> - the APR connector.<br/>
Take a look at our <a href="#Connector Comparison">Connector Comparison</a> chart.
The configuration for both Java connectors are identical, both for http and https. <br/>
For more information on the APR connector and APR specific SSL settings please
visit the <a href="../apr.html">APR documentation</a>
</p>
</attribute>
<attribute name="proxyName" required="false">
<p>If this <strong>Connector</strong> is being used in a proxy
configuration, configure this attribute to specify the server name
to be returned for calls to <code>request.getServerName()</code>.
See <a href="#Proxy Support">Proxy Support</a> for more
information.</p>
</attribute>
<attribute name="proxyPort" required="false">
<p>If this <strong>Connector</strong> is being used in a proxy
configuration, configure this attribute to specify the server port
to be returned for calls to <code>request.getServerPort()</code>.
See <a href="#Proxy Support">Proxy Support</a> for more
information.</p>
</attribute>
<attribute name="redirectPort" required="false">
<p>If this <strong>Connector</strong> is supporting non-SSL
requests, and a request is received for which a matching
<code><security-constraint></code> requires SSL transport,
Catalina will automatically redirect the request to the port
number specified here.</p>
</attribute>
<attribute name="SSLEnabled" required="false">
<p>
Use this attribute to enable SSL traffic on a connector.
To turn on SSL handshake/encryption/decryption on a connector
set this value to <code>true</code>.
The default value is <code>false</code>.
When turning this value <code>true</code> you will want to set the
<code>scheme</code> and the <code>secure</code> attributes as well
to pass the correct <code>request.getScheme()</code> and
<code>request.isSecure()</code> values to the servlets
See <a href="#SSL Support">SSL Support</a> for more information.
</p>
</attribute>
<attribute name="scheme" required="false">
<p>Set this attribute to the name of the protocol you wish to have
returned by calls to <code>request.getScheme()</code>. For
example, you would set this attribute to "<code>https</code>"
for an SSL Connector. The default value is "<code>http</code>".
</p>
</attribute>
<attribute name="secure" required="false">
<p>Set this attribute to <code>true</code> if you wish to have
calls to <code>request.isSecure()</code> to return <code>true</code>
for requests received by this Connector. You would want this on an
SSL Connector or a non SSL connector that is receiving data from a
SSL accelerator, like a crypto card, a SSL appliance or even a webserver.
The default value is <code>false</code>.</p>
</attribute>
<attribute name="URIEncoding" required="false">
<p>This specifies the character encoding used to decode the URI bytes,
after %xx decoding the URL. If not specified, ISO-8859-1 will be used.
</p>
</attribute>
<attribute name="useBodyEncodingForURI" required="false">
<p>This specifies if the encoding specified in contentType should be used
for URI query parameters, instead of using the URIEncoding. This
setting is present for compatibility with Tomcat 4.1.x, where the
encoding specified in the contentType, or explicitly set using
Request.setCharacterEncoding method was also used for the parameters from
the URL. The default value is <code>false</code>.
</p>
</attribute>
<attribute name="useIPVHosts" required="false">
<p>Set this attribute to <code>true</code> to cause Tomcat to use
the IP address that the request was received on to determine the Host
to send the request to. The default value is <code>false</code>.</p>
</attribute>
<attribute name="xpoweredBy" required="false">
<p>Set this attribute to <code>true</code> to cause Tomcat to advertise
support for the Servlet specification using the header recommended in the
specification. The default value is <code>false</code>.</p>
</attribute>
</attributes>
</subsection>
<subsection name="Standard Implementation">
<p>
HTTP supports the following additional attributes (in addition to the
common attributes listed above):</p>
<attributes>
<attribute name="acceptCount" required="false">
<p>The maximum queue length for incoming connection requests when
all possible request processing threads are in use. Any requests
received when the queue is full will be refused. The default
value is 100.</p>
</attribute>
<attribute name="address" required="false">
<p>For servers with more than one IP address, this attribute
specifies which address will be used for listening on the specified
port. By default, this port will be used on all IP addresses
associated with the server.</p>
</attribute>
<attribute name="bufferSize" required="false">
<p>The size (in bytes) of the buffer to be provided for input
streams created by this connector. By default, buffers of
2048 bytes will be provided.</p>
</attribute>
<attribute name="compressableMimeType" required="false">
<p>The value is a comma separated list of MIME types for which HTTP
compression may be used.
The default value is <code>text/html,text/xml,text/plain</code>.</p>
</attribute>
<attribute name="compression" required="false">
<p>The <strong>Connector</strong> may use HTTP/1.1 GZIP compression in
an attempt to save server bandwidth. The acceptable values for the
parameter is "off" (disable compression), "on" (allow compression, which
causes text data to be compressed), "force" (forces compression in all
cases), or a numerical integer value (which is equivalent to "on", but
specifies the minimum amount of data before the output is compressed). If
the content-length is not known and compression is set to "on" or more
aggressive, the output will also be compressed. If not specified, this
attribute is set to "off".</p>
<p><em>Note</em>: There is a tradeoff between using compression (saving
your bandwidth) and using the sendfile feature (saving your CPU cycles).
If the connector supports the sendfile feature, e.g. the NIO connector,
using sendfile will take precedence over compression. The symptoms will
be that static files greater that 48 Kb will be sent uncompressed.
You can turn off sendfile by setting <code>useSendfile</code> attribute
of the connector, as documented below, or change the sendfile usage
threshold in the configuration of the
<a href="../default-servlet.html">DefaultServlet</a> in the default
<code>conf/web.xml</code> or in the <code>web.xml</code> of your web
application.
</p>
</attribute>
<attribute name="connectionLinger" required="false">
<p>The number of seconds during which the sockets used by this
<strong>Connector</strong> will linger when they are closed. Setting this
attribute to <code>-1</code> will disable connection linger. The default
value for the BIO and AJP connectors is 100. The default value for the NIO
connection is 25.</p>
</attribute>
<attribute name="connectionTimeout" required="false">
<p>The number of milliseconds this <strong>Connector</strong> will wait,
after accepting a connection, for the request URI line to be
presented. The default value is 60000 (i.e. 60 seconds).</p>
</attribute>
<attribute name="executor" required="false">
<p>A reference to the name in an <a href="executor.html">Executor</a> element.
If this attribute is enabled, and the named executor exists, the connector will
use the executor, and all the other thread attributes will be ignored.</p>
</attribute>
<attribute name="keepAliveTimeout" required="false">
<p>The number of milliseconds this <strong>Connector</strong> will wait for
another HTTP request before closing the connection.
The default value is to use the value that has been set for the
connectionTimeout attribute.</p>
</attribute>
<attribute name="disableUploadTimeout" required="false">
<p>This flag allows the servlet container to use a different, longer
connection timeout while a servlet is being executed, which in the end
allows either the servlet a longer amount of time to complete its
execution, or a longer timeout during data upload. If not specified,
this attribute is set to "true".</p>
</attribute>
<attribute name="maxHttpHeaderSize" required="false">
<p>The maximum size of the request and response HTTP header, specified
in bytes.
If not specified, this attribute is set to 8192 (8 KB).</p>
</attribute>
<attribute name="maxKeepAliveRequests" required="false">
<p>The maximum number of HTTP requests which can be pipelined until
the connection is closed by the server. Setting this attribute to 1 will
disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and
pipelining. Setting this to -1 will allow an unlimited amount of
pipelined or keep-alive HTTP requests.
If not specified, this attribute is set to 100.</p>
</attribute>
<attribute name="maxThreads" required="false">
<p>The maximum number of request processing threads to be created
by this <strong>Connector</strong>, which therefore determines the
maximum number of simultaneous requests that can be handled. If
not specified, this attribute is set to 200. If an executor is associated
with this connector, this attribute is ignored as the connector will
execute tasks using the executor rather than an internal thread pool.</p>
</attribute>
<attribute name="noCompressionUserAgents" required="false">
<p>The value is a comma separated list of regular expressions matching
user-agents of HTTP clients for which compression should not be used,
because these clients, although they do advertise support for the
feature, have a broken implementation.
The default value is an empty String (regexp matching disabled).</p>
</attribute>
<attribute name="port" required="true">
<p>The TCP port number on which this <strong>Connector</strong>
will create a server socket and await incoming connections. Your
operating system will allow only one server application to listen
to a particular port number on a particular IP address.</p>
</attribute>
<attribute name="restrictedUserAgents" required="false">
<p>The value is a comma separated list of regular expressions matching
user-agents of HTTP clients for which HTTP/1.1 or HTTP/1.0 keep alive
should not be used, even if the clients advertise support for these
features.
The default value is an empty String (regexp matching disabled).</p>
</attribute>
<attribute name="server" required="false">
<p>Overrides the Server header for the http response. If set, the value
for this attribute overrides the Tomcat default and any Server header set
by a web application. If not set, any value specified by the application
is used. If the application does not specify a value then
<code>Apache-Coyote/1.1</code> is used. Unless you are paranoid, you won't
need this feature.
</p>
</attribute>
<attribute name="socketBuffer" required="false">
<p>The size (in bytes) of the buffer to be provided for socket
output buffering. -1 can be specified to disable the use of a buffer.
By default, a buffers of 9000 bytes will be used.</p>
</attribute>
<attribute name="tcpNoDelay" required="false">
<p>If set to <code>true</code>, the TCP_NO_DELAY option will be
set on the server socket, which improves performance under most
circumstances. This is set to <code>true</code> by default.</p>
</attribute>
<attribute name="threadPriority" required="false">
<p>The priority of the request processing threads within the JVM.
The default value is <code>java.lang.Thread#NORM_PRIORITY</code>.
See the JavaDoc for the java.lang.Thread class for more details on
what this priority means.
</p>
</attribute>
</attributes>
</subsection>
<subsection name="Nio Implementation">
<p>The NIO connector exposes all the low level socket properties that can be used to tune the connector.
Most of these attributes are directly linked to the socket implementation in the JDK so you can find out
about the actual meaning in the JDK API documentation.<br/>
<strong>Note:</strong> On some JDK versions, setTrafficClass causes a problem, a work around for this is to add
the <code>-Djava.net.preferIPv4Stack=true</code> value to your command line</p>
<attributes>
<attribute name="useSendfile" required="false">
<p>(bool)Use this attribute to enable or disable sendfile capability.
The default value is <code>true</code>
</p>
</attribute>
<attribute name="useExecutor" required="false">
<p>(bool)Set to true to use the NIO thread pool executor. The default value is <code>true</code>.
If set to false, it uses a thread pool based on a stack for its execution.
Generally, using the executor yields a little bit slower performance, but yields a better
fairness for processing connections in a high load environment as the traffic gets queued through a
FIFO queue. If set to true(default) then the max pool size is the <code>maxThreads</code> attribute
and the core pool size is the <code>minSpareThreads</code>.
This value is ignored if the <code>executor</code> attribute is present and points to a valid shared thread pool.
</p>
</attribute>
<attribute name="executor" required="false">
<p>A reference to the name in an <a href="executor.html">Executor</a> element.
If this attribute is enabled, and the named executor exists, the connector will
use the executor, and all the other thread attributes will be ignored.</p>
</attribute>
<attribute name="acceptorThreadCount" required="false">
<p>(int)The number of threads to be used to accept connections. Increase this value on a multi CPU machine,
although you would never really need more than <code>2</code>. Also, with a lot of non keep alive connections,
you might want to increase this value as well. Default value is <code>1</code>.</p>
</attribute>
<attribute name="pollerThreadCount" required="false">
<p>(int)The number of threads to be used to run for the polling events.
Default value is <code>1</code> per processor. Can't see a reason to go
above that. But experiment and find your own results.</p>
</attribute>
<attribute name="pollerThreadPriority" required="false">
<p>(int)The priority of the poller threads.
The default value is <code>java.lang.Thread#NORM_PRIORITY</code>.
See the JavaDoc for the java.lang.Thread class for more details on
what this priority means.
</p>
</attribute>
<attribute name="acceptorThreadPriority" required="false">
<p>(int)The priority of the acceptor threads. The threads used to accept new connections.
The default value is <code>java.lang.Thread#NORM_PRIORITY</code>.
See the JavaDoc for the java.lang.Thread class for more details on
what this priority means.
</p>
</attribute>
<attribute name="selectorTimeout" required="false">
<p>(int)The time in milliseconds to timeout on a select() for the poller.
This value is important, since connection clean up is done on the same thread, so do not set this
value to an extremely high one. The default value is <code>1000</code> milliseconds.</p>
</attribute>
<attribute name="useComet" required="false">
<p>(bool)Whether to allow comet servlets or not, Default value is <code>true</code>.</p>
</attribute>
<attribute name="processorCache" required="false">
<p>(int)The protocol handler caches Http11NioProcessor objects to speed up performance.
This setting dictates how many of these objects get cached.
<code>-1</code> means unlimited, default is <code>200</code>. Set this value somewhere close to your maxThreads value.
</p>
</attribute>
<attribute name="maxKeepAliveRequests" required="false">
<p>The maximum number of HTTP requests which can be pipelined until
the connection is closed by the server. Setting this attribute to 1 will
disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and
pipelining. Setting this to -1 will allow an unlimited amount of
pipelined or keep-alive HTTP requests.
If not specified, this attribute is set to 100.</p>
</attribute>
<attribute name="socket.directBuffer" required="false">
<p>(bool)Boolean value, whether to use direct ByteBuffers or java mapped ByteBuffers. Default is <code>false</code>
<br/>When you are using direct buffers, make sure you allocate the appropriate amount of memory for the
direct memory space. On Sun's JDK that would be something like <code>-XX:MaxDirectMemorySize=256m</code></p>
</attribute>
<attribute name="socket.rxBufSize" required="false">
<p>(int)The socket receive buffer (SO_RCVBUF) size in bytes. Default value is <code>25188</code></p>
</attribute>
<attribute name="socket.txBufSize" required="false">
<p>(int)The socket send buffer (SO_SNDBUF) size in bytes. Default value is <code>43800</code></p>
</attribute>
<attribute name="socket.appReadBufSize" required="false">
<p>(int)Each connection that is opened up in Tomcat get associated with a read and a write ByteBuffer
This attribute controls the size of these buffers. By default this read buffer is sized at <code>8192</code> bytes.
For lower concurrency, you can increase this to buffer more data.
For an extreme amount of keep alive connections, decrease this number or increase your heap size.</p>
</attribute>
<attribute name="socket.appWriteBufSize" required="false">
<p>(int)Each connection that is opened up in Tomcat get associated with a read and a write ByteBuffer
This attribute controls the size of these buffers. By default this write buffer is sized at <code>8192</code> bytes.
For low concurrency you can increase this to buffer more response data.
For an extreme amount of keep alive connections, decrease this number or increase your heap size.
<br/>
The default value here is pretty low, you should up it if you are not dealing with tens of thousands
concurrent connections.</p>
</attribute>
<attribute name="socket.bufferPool" required="false">
<p>(int)The Nio connector uses a class called NioChannel that holds elements linked to a socket.
To reduce garbage collection, the Nio connector caches these channel objects.
This value specifies the size of this cache.
The default value is <code>500</code>, and represents that the cache will hold 500 NioChannel objects.
Other values are <code>-1</code>. unlimited cache, and <code>0</code>, no cache.</p>
</attribute>
<attribute name="socket.bufferPoolSize" required="false">
<p>(int)The NioChannel pool can also be size based, not used object based. The size is calculated as follows:<br/>
NioChannel <code>buffer size = read buffer size + write buffer size</code><br/>
SecureNioChannel <code>buffer size = application read buffer size + application write buffer size + network read buffer size + network write buffer size</code><br/>
The value is in bytes, the default value is <code>1024*1024*100</code> (100MB)
</p>
</attribute>
<attribute name="socket.processorCache" required="false">
<p>(int)Tomcat will cache SocketProcessor objects to reduce garbage collection.
The integer value specifies how many objects to keep in the cache at most.
The default is <code>500</code>.
Other values are <code>-1</code>. unlimited cache, and <code>0</code>, no cache.</p>
</attribute>
<attribute name="socket.keyCache" required="false">
<p>(int)Tomcat will cache KeyAttachment objects to reduce garbage collection.
The integer value specifies how many objects to keep in the cache at most.
The default is <code>500</code>.
Other values are <code>-1</code>. unlimited cache, and <code>0</code>, no cache.</p>
</attribute>
<attribute name="socket.eventCache" required="false">
<p>(int)Tomcat will cache PollerEvent objects to reduce garbage collection.
The integer value specifies how many objects to keep in the cache at most.
The default is <code>500</code>.
Other values are <code>-1</code>. unlimited cache, and <code>0</code>, no cache.</p>
</attribute>
<attribute name="socket.tcpNoDelay" required="false">
<p>(bool)same as the standard setting <code>tcpNoDelay</code>. Default value is <code>false</code></p>
</attribute>
<attribute name="socket.soKeepAlive" required="false">
<p>(bool)Boolean value for the socket's keep alive setting (SO_KEEPALIVE). Default is <code>false</code>. </p>
</attribute>
<attribute name="socket.ooBInline" required="false">
<p>(bool)Boolean value for the socket OOBINLINE setting. Default value is <code>true</code></p>
</attribute>
<attribute name="socket.soReuseAddress" required="false">
<p>(bool)Boolean value for the sockets reuse address option (SO_REUSEADDR). Default value is <code>true</code></p>
</attribute>
<attribute name="socket.soLingerOn" required="false">
<p>(bool)Boolean value for the sockets so linger option (SO_LINGER). Default value is <code>true</code>.
This option is paired with the <code>soLingerTime</code> value.</p>
</attribute>
<attribute name="socket.soLingerTime" required="false">
<p>(bool)Value in seconds for the sockets so linger option (SO_LINGER). Default value is <code>25</code> seconds.
This option is paired with the soLinger value.</p>
</attribute>
<attribute name="socket.soTimeout" required="false">
<p>(int)Value in milliseconds for the sockets read timeout (SO_TIMEOUT). Default value is <code>5000</code> milliseconds.</p>
</attribute>
<attribute name="socket.soTrafficClass" required="false">
<p>(byte)Value between <code>0</code> and <code>255</code> for the traffic class on the socket, <code>0x04 | 0x08 | 0x010</code></p>
</attribute>
<attribute name="socket.performanceConnectionTime" required="false">
<p>(int)The first value for the performance settings. Default is <code>1</code>, see <a href="http://docs.oracle.com/javase/1.5.0/docs/api/java/net/Socket.html#setPerformancePreferences(int,%20int,%20int)">Socket Performance Options</a></p>
</attribute>
<attribute name="socket.performanceLatency" required="false">
<p>(int)The second value for the performance settings. Default is <code>0</code>, see <a href="http://docs.oracle.com/javase/1.5.0/docs/api/java/net/Socket.html#setPerformancePreferences(int,%20int,%20int)">Socket Performance Options</a></p>
</attribute>
<attribute name="socket.performanceBandwidth" required="false">
<p>(int)The third value for the performance settings. Default is <code>1</code>, see <a href="http://docs.oracle.com/javase/1.5.0/docs/api/java/net/Socket.html#setPerformancePreferences(int,%20int,%20int)">Socket Performance Options</a></p>
</attribute>
<attribute name="selectorPool.maxSelectors" required="false">
<p>(int)The max selectors to be used in the pool, to reduce selector contention.
Use this option when the command line <code>org.apache.tomcat.util.net.NioSelectorShared</code> value is set to false.
Default value is <code>200</code>.</p>
</attribute>
<attribute name="selectorPool.maxSpareSelectors" required="false">
<p>(int)The max spare selectors to be used in the pool, to reduce selector contention.
When a selector is returned to the pool, the system can decide to keep it or let it be GC:ed.
Use this option when the command line <code>org.apache.tomcat.util.net.NioSelectorShared</code> value is set to false.
Default value is <code>-1</code> (unlimited)</p>
</attribute>
<attribute name="command-line-options" required="false">
<p>The following command line options are available for the NIO connector:<br/>
<code>-Dorg.apache.tomcat.util.net.NioSelectorShared=true|false</code>
- default is <code>true</code>. Set this value to <code>false</code> if you wish to
use a selector for each thread. When you set it to <code>false</code>, you can
control the size of the pool of selectors by using the
<strong>selectorPool.maxSelectors</strong> attribute</p>
</attribute>
<attribute name="oomParachute" required="false">
<p>(int)The NIO connector implements an OutOfMemoryError strategy called parachute.
It holds a chunk of data as a byte array. In case of an OOM,
this chunk of data is released and the error is reported. This will give the VM enough room
to clean up. The <code>oomParachute</code> represent the size in bytes of the parachute(the byte array).
The default value is <code>1024*1024</code>(1MB).
Please note, this only works for OOM errors regarding the Java Heap space, and there is absolutely no
guarantee that you will be able to recover at all.
If you have an OOM outside of the Java Heap, then this parachute trick will not help.
</p>
</attribute>
<attribute name="socket.unlockTimeout" required="false">
<p>(int) The timeout for a socket unlock. When a connector is stopped, it will try to release the acceptor thread by opening a connector to itself.
The default value is <code>250</code> and the value is in milliseconds</p>
</attribute>
</attributes>
</subsection>
</section>
<section name="Nested Components">
<p>None at this time.</p>
</section>
<section name="Special Features">
<subsection name="HTTP/1.1 and HTTP/1.0 Support">
<p>This <strong>Connector</strong> supports all of the required features
of the HTTP/1.1 protocol, as described in RFC 2616, including persistent
connections, pipelining, expectations and chunked encoding. If the client
(typically a browser) supports only HTTP/1.0, the
<strong>Connector</strong> will gracefully fall back to supporting this
protocol as well. No special configuration is required to enable this
support. The <strong>Connector</strong> also supports HTTP/1.0
keep-alive.</p>
<p>RFC 2616 requires that HTTP servers always begin their responses with
the highest HTTP version that they claim to support. Therefore, this
<strong>Connector</strong> will always return <code>HTTP/1.1</code> at
the beginning of its responses.</p>
</subsection>
<subsection name="Proxy Support">
<p>The <code>proxyName</code> and <code>proxyPort</code> attributes can
be used when Tomcat is run behind a proxy server. These attributes
modify the values returned to web applications that call the
<code>request.getServerName()</code> and <code>request.getServerPort()</code>
methods, which are often used to construct absolute URLs for redirects.
Without configuring these attributes, the values returned would reflect
the server name and port on which the connection from the proxy server
was received, rather than the server name and port to whom the client
directed the original request.</p>
<p>For more information, see the
<a href="../proxy-howto.html">Proxy Support HOW-TO</a>.</p>
</subsection>
<subsection name="SSL Support">
<p>You can enable SSL support for a particular instance of this
<strong>Connector</strong> by setting the <code>SSLEnabled</code> attribute to
<code>true</code>.</p>
<p>You will also need to set the <code>scheme</code> and <code>secure</code> attributes
to the values <code>https</code> and <code>true</code> respectively,
to pass correct information to the servlets.</p>
<p>In addition, you may need to configure the following
attributes:</p>
<attributes>
<attribute name="algorithm" required="false">
<p>The certificate encoding algorithm to be used. This defaults to
<code>KeyManagerFactory.getDefaultAlgorithm()</code> which returns
<code>SunX509</code> for Sun JVMs. IBM JVMs return
<code>IbmX509</code>. For other vendors, consult the JVM
documentation for the default value.</p>
</attribute>
<attribute name="clientAuth" required="false">
<p>Set to <code>true</code> if you want the SSL stack to require a
valid certificate chain from the client before accepting a connection.
Set to <code>want</code> if you want the SSL stack to request a client
Certificate, but not fail if one isn't presented. A <code>false</code>
value (which is the default) will not require a certificate chain
unless the client requests a resource protected by a security
constraint that uses <code>CLIENT-CERT</code> authentication. See the
<a href="../ssl-howto.html">SSL HowTo</a> for an example.</p>
</attribute>
<attribute name="clientCertProvider" required="false">
<p>When client certificate information is presented in a form other than
instances of <code>java.security.cert.X509Certificate</code> it needs to
be converted before it can be used and this property controls which JSSE
provider is used to perform the conversion. For example it is used with
the <a href="ajp.html">AJP connectors</a>, the HTTP APR connector and
with the <a href="valve.html#SSL_Authenticator_Valve">
org.apache.catalina.valves.SSLValve</a>. If not specified, the default
provider will be used.</p>
</attribute>
<attribute name="keystoreFile" required="false">
<p>The pathname of the keystore file where you have stored the
server certificate to be loaded. By default, the pathname is
the file "<code>.keystore</code>" in the operating system home
directory of the user that is running Tomcat. If your
<code>keystoreType</code> doesn't need a file use <code>""</code>
(empty string) for this parameter.</p>
</attribute>
<attribute name="keystorePass" required="false">
<p>The password used to access the server certificate from the
specified keystore file. The default value is "<code>changeit</code>".
</p>
</attribute>
<attribute name="keystoreType" required="false">
<p>The type of keystore file to be used for the server certificate.
If not specified, the default value is "<code>JKS</code>".</p>
</attribute>
<attribute name="keystoreProvider" required="false">
<p>The name of the keystore provider to be used for the server
certificate. If not specified, the list of registered providers is
traversed in preference order and the first provider that supports the
<code>keystoreType</code> is used.
</p>
</attribute>
<attribute name="sslProtocol" required="false">
<p>The version of the SSL protocol to use. If not specified,
the default is "<code>TLS</code>".</p>
</attribute>
<attribute name="ciphers" required="false">
<p>The comma separated list of encryption ciphers that this socket is
allowed to use. By default, the default ciphers for the JVM will be used.
Note that this usually means that the weak export grade ciphers will be
included in the list of available ciphers. The ciphers are specified using
the JSSE cipher naming convention.</p>
</attribute>
<attribute name="keyAlias" required="false">
<p>The alias used to for the server certificate in the keystore. If not
specified the first key read in the keystore will be used.</p>
</attribute>
<attribute name="trustManagerClassName" required="false">
<p>The name of a custom trust manager class to use to validate client
certificates. The class must have a zero argument constructor and must
also implement <code>javax.net.ssl.X509TrustManager</code>. If this
attribute is set, the trust store attributes may be ignored.
</p>
</attribute>
<attribute name="truststoreFile" required="false">
<p>The trust store file to use to validate client certificates. The
default is the value of the <code>javax.net.ssl.trustStore</code> system
property. If neither this attribute nor the default system property is
set, no trust store will be configured.</p>
</attribute>
<attribute name="truststorePass" required="false">
<p>The password to access the trust store. The default is the value of the
<code>javax.net.ssl.trustStorePassword</code> system property. If that
property is null, the value of <code>keystorePass</code> is used as the
default. If an invalid trust store password is specified, a warning will
be logged and an attempt will be made to access the trust store without a
password which will skip validation of the trust store contents. If the
trust store password is defined as <code>""</code> then no
password will be used to access the store which will also skip validation
of the trust store contents.</p>
</attribute>
<attribute name="truststoreType" required="false">
<p>The type of key store used for the trust store. The default is the
value of the <code>javax.net.ssl.trustStoreType</code> system property. If
that property is null, the value of <code>keystoreType</code> is used as
the default.</p>
</attribute>
<attribute name="truststoreProvider" required="false">
<p>The name of the truststore provider to be used for the server
certificate. The default is the value of the
<code>javax.net.ssl.trustStoreProvider</code> system property. If
that property is null, the value of <code>keystoreProvider</code> is used
as the default. If neither this attribute, the default system property nor
<code>keystoreProvider</code>is set, the list of registered providers is
traversed in preference order and the first provider that supports the
<code>truststoreType</code> is used.
</p>
</attribute>
<attribute name="sessionCacheSize" required="false">
<p>The number of SSL sessions to maintain in the session cache. Use 0 to
specify an unlimited cache size. If not specified, a default of 0 is
used.</p>
</attribute>
<attribute name="sessionTimeout" required="false">
<p>The time, in seconds, after the creation of an SSL session that it will
timeout. Use 0 to specify an unlimited timeout. If not specified, a
default of 86400 (24 hours) is used.</p>
</attribute>
<attribute name="crlFile" required="false">
<p>The certificate revocation list file to use to validate client
certificates.</p>
</attribute>
<attribute name="allowUnsafeLegacyRenegotiation" required="false">
<p>Is unsafe legacy TLS renegotiation allowed which is likely to expose
users to CVE-2009-3555, a man-in-the-middle vulnerability in the TLS
protocol that allows an attacker to inject arbitrary data into the user's
request. If not specified, a default of <code>false</code> is used. This
attribute only has an effect if the JVM does not support RFC 5746 as
indicated by the presence of the pseudo-ciphersuite
TLS_EMPTY_RENEGOTIATION_INFO_SCSV. This is available JRE/JDK 6 update 22
onwards. Where RFC 5746 is supported the renegotiation - including support
for unsafe legacy renegotiation - is controlled by the JVM configuration.
</p>
</attribute>
</attributes>
<p>For more information, see the
<a href="../ssl-howto.html">SSL Configuration HOW-TO</a>.</p>
</subsection>
<subsection name="Connector Comparison">
<p>Below is a small chart that shows how the connectors differentiate.</p>
<source>
Java Blocking Connector Java Nio Blocking Connector APR Connector
Classname Http11Protocol Http11NioProtocol Http11AprProtocol
Tomcat Version 3.x 4.x 5.x 6.x 6.x 5.5.x 6.x
Support Polling NO YES YES
Polling Size N/A Unlimited - Restricted by mem Unlimited - Configurable
Read HTTP Request Blocking Non Blocking Blocking
Read HTTP Body Blocking Sim Blocking Blocking
Write HTTP Response Blocking Sim Blocking Blocking
SSL Support Java SSL Java SSL OpenSSL
SSL Handshake Blocking Non blocking Blocking
Max Connections maxThreads See polling size See polling size
</source>
</subsection>
</section>
</body>
</document>