apache tomcat next
play

Apache Tomcat NEXT Progress Report Jean-Frederic Clere, Manager, - PowerPoint PPT Presentation

Mar 24, 2024 •589 likes •1.03k views

Apache Tomcat NEXT Progress Report Jean-Frederic Clere, Manager, Red Hat AGENDA Who I am New features from specifjcations Tomcat specifjc new features Tomcat features removed Internal changes Why Apache Tomcat 8.5?

  1. Apache Tomcat NEXT Progress Report Jean-Frederic Clere, Manager, Red Hat

  2. AGENDA Who I am • New features from specifjcations • Tomcat specifjc new features • Tomcat features removed • Internal changes • Why Apache Tomcat 8.5? • HTTP/2 and ALPN • SNI • OpenSSLImplementation • Migration from 8.0 to 8.5 • Get involved • Questions • 2

  3. Who I am Jean-Frederic Clere Red Hat Years writing JAVA code and server software Tomcat committer since 2001 Doing OpenSource since 1999 Cyclist/Runner etc Lived 15 years in Spain (Barcelona) Now in Neuchâtel (CH) 3

  4. Tomcat 4

  5. Tomcat versions Java Minimum 1 st Stable Tomcat Servlet JSP EL WebSocket JASPIC EOL EE Java SE Release 5.x 4 1.4 2.4 2.0 N/A N/A N/A 08 2004 09 2012 6.x 5 5 2.5 2.1 2.1 N/A N/A 02 2007 12 2016 7.x 6 6 3.0 2.2 2.2 1.1 N/A 01 2011 TBD 8.0.x 7 7 3.1 2.3 3.0 1.1 N/A 02 2014 xx 2016? 8.5.x 7 7 3.1 2.3 3.0 1.1 1.1 06 2016 TBD 9.x 8 8 4.0 2.4? 3.1? 2.0? 1.1? 2017 TBD xx: was 09 in June ;-) 8.0.38 released 11 October 5

  6. New features from specifjcations JavaEE 8 ● Key elements ● HTTP/2 ● Simplification ● Better integration for managed beans ● Better infrastructure for the cloud 6

  7. Specifjcations Servlet 4.0 ● HTTP/2 ● Usability improvements ● HttpFilter, default methods ● Clarifications ● Enhancement requests 7

  8. Specifjcations HTTP/2 ● HTTP/2 requires some TLS features ● Server Name Indication (SNI) ● Application Layer Protocol Negotiation (ALPN) ● Full support ● 8.5.3 considered stable. (since June 2016) ● h2c available (for proxies) ● h2 requires APR/native/OpenSSL due to ALPN requirements ● Server push available 8

  9. Specifjcations Servlet 4.0 HTTP/2 ● Java EE 8 must run on Java 8 ● Java EE 8 requires Servlet 4.0 ● Servlet 4.0 requires HTTP/2 ● HTTP/2 requires ALPN ● Java 8 does not support ALPN ● ALPN support will be available in Java 9 ● ALPN support will likely be backported to Java 8 at some point... 9

  10. Specifjcations Other ● WebSocket 1.2 (keep 1.1?) ● Standard extension for compression/multiplexing? ● JSP 2.4 (keep 2.3?) ● Imports to clarify (EL 3.0 related) ● EL 3.1 (keep 3.0?) ● Only minor improvements/clarifjcations needed ● JASPIC 1.1 (New!) ● Java Authentication Service Provider Interface for Containers. Used to support Oauth (login) 10

  11. Tomcat New Features TLS support improvements (1) ● Major rewrite of TLS support ● Tomcat 8 supports ● one TLS virtual host per connector ● one certificate per virtual host ● Tomcat 9 supports ● multiple virtual hosts per connector (SNI) ● multiple certificates per virtual host ● TLS configuration has changed to support this 11

  12. Tomcat New Features TLS support improvements (2) ● SNI and multiple certificates supported by all connectors ● APR/native support via the OpenSSL API ● JSSE support via parsing the initial handshake ● ALPN supported by APR/native or OpenSSLImplementation ● JSSE support is currently TBD ● Common (where possible) configuration for all connectors ● Some JSSE / OpenSSL differences remain. ● OpenSSL engine option of NIO and NIO2 connectors Allows OpenSSL performance with NIO/NIO2 APIs • Use automatically when tc-native is installed. • 12

  13. Tomcat Removed Features Old blocking O/I connectors... ● BIO HTTP and BIO AJP connectors ● Websocket and Servlet 3.1 require non-blocking IO ● Emulation of non-blocking is bad: • Complex • Not scalable • Risky: stuff that might break. • Decision remove them. Still 3 connectors: • NIO default connector • NIO2 introduced in Tomcat 8.0 • APR/Native still available. (requires tomcat-native libraries) • 13

  14. Tomcat Removed Features Comet ● Proprietary interface for asynchronous I/O ● Users are moving (have moved) to WebSocket ● Adds complexity to all the connectors ● Therefore decided to remove it 14

  15. Internal Changes Connectors ● Removed ● BIO ● Comet ● Reduce duplication ● HTTP upgrade from 12 classes to 3 ● HTTP/1.1 cleanup = removed ~ 50% (~2500 loc) ● AJP 1.3 cleanup = remove ~ 30% ● No connector specific HTTP/2 code ● Implementation specific per connector → Endpoint ● Implementation specific per connection → SocketWrapper 15

  16. Internal Changes Websocket ● Refactored I/O implementation Direct to Tomcat’s I/O layer ● Not via Servlet 3.1 non-blocking API ● ● Simpler ● Faster ● Extension support likely to require further refactoring? 16

  17. Internal Changes Other ● Remove use of system properties for configuration ● Move to per Context / Host / Server / Connector ● keep the system property as a default ● Made RFC 6265 CookieProcessor the default ● Note UTF-8 extension 17

  18. Why Tomcat 8.5? EE8 late... ● Tomcat 9 stable release is tied to the release of Java EE 8 ● Java EE 8 has been repeatedly delayed Currently delayed until at least H1 2017 ● ● Don't want users to have to wait another year+ to get access our new features: ● HTTP/2 ● OpenSSL encryption for JSSE ● TLS virtual hosting ● JASPIC ● Hence, Tomcat 8.5... 18

  19. What is Tomcat 8.5? Tomcat 9.0.0.M4... ● Started from Apache Tomcat 9.0.0M4 ● Reverted all Servlet 4.0 API changes ● Reworked code that required Java 8 ● Tomcat specific Push Server API ● Configuration compatible with 8.0.x ● “big” removal: ● Comet (migrate to WebSocket) ● BIO (Connector… probably not noticed) 19

  20. Tomcat 8.5 timing Possible roadmap ● ~6 months of 8.0.x and 8.5.x ● Extended if needed. ● ~ one month between releases ● ~ after no more 8.0.x releases ● First 8.5 release 24 March 2016 ● Current release: 8.5.6 stable ● Expect last 8.0.x soon: no date yet! 20

  21. Why HTTP/2 – HTTP/1.1: June 1999 (RFC 2616) ● 1999: – 1 page ~ 1kB HTML ● 2015: – 1 page ~ 3MB HTML + IMAGES + JS + CSS etc – Protocol: ● Not adapted / ineffjcient / etc 21

  22. HTTP/2 general HTTP/2: • Binary • Frame • Multiplex • Based on SPDY • TLS everywhere: • Browers use https and strong ciphers • No forward proxy • h2c: Clear text only with reverse proxy (proxy to back-end • server) 22

  23. HTTP/2 general HTTP/2 general Two specifjcations: • Hypertext Transfer Protocol version 2 - RFC7540 • HPACK - Header Compression for HTTP/2 - RFC7541 • By the Internet Engineering Task Force • ALPN Application-Layer Protocol Negotiation - RFC 7301 • 23

  24. HTTP/2 Multiplexed HTTP/2 Multiplexed Headers Headers Headers Headers Data Data Data Headers Headers Data Data Data Headers 24

  25. HTTP/2 : more • HTTP headers compression • ~ 80 % saved • Request priority • Both sides • Server Push • Prevents round trips to get page elements. • Faster / better rendering on browsers. 25

  26. HTTP/2 When Browsers • Browser with HTTP/2 and TLS • FireFox 34 • Chrome 40 (with ALPN before was NPN) • IE 11 • Opera and Safari 9 • Stats from docs.trafficserver and ci.trafficserver: • More than 50% is over HTTP/2 (data from April) • → go for it now! 26

  27. ALPN Client Hello (Firefox) 27

  28. ALPN Server Hello (tomcat) 28

  29. TC connector server.xml TC connector server.xml <Connector port="8002" scheme="https" SSLEnabled="true" ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" SSLCertifjcateFile="/home/jfclere/CERTS/newcert.pem" SSLCertifjcateKeyFile="/home/jfclere/CERTS/newkey.txt.pem" protocol="org.apache.coyote.http11.Http11AprProtocol"> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> <Connector/> <Connector port="8003" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" keystoreFile="conf/.keystore" keystorePass="changeit" socket.directBuffer="true" socket.directSslBuffer="true"> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> </Connector> <Connector port="8004" protocol="org.apache.coyote.http11.Http11AprProtocol"> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> </Connector> 29

  30. Tomcat / confjguration In bin/setenv.sh: LD_LIBRARY_PATH=/home/jfclere/tomcat-native/native/.libs export LD_LIBRARY_PATH And the libtcnative-1.so linked with openssl-1.0.2c, checking with ldd: libssl.so.1.0.0 => /home/jfclere/OPENSSL-1.0.2c/lib/libssl.so.1.0.0 (0x00007f6ab147b000) libcrypto.so.1.0.0 => /home/jfclere/OPENSSL-1.0.2c/lib/libcrypto.so.1.0.0 (0x00007f6ab1028000) libapr-1.so.0 => /home/jfclere/APR-1.4.x/lib/libapr-1.so.0 (0x00007f6ab0dfa000) Usually the openssl of recent distribution (fedora 23) will work. 30

  31. Tomcat / Performances Concurency 240 400000 350000 300000 250000 Kbytes / second coyote_nio_jsse_h1_https 200000 coyote_nio_jsse_h2_https 150000 100000 50000 0 4KiB.bin 8KiB.bin 16KiB.bin 32KiB.bin 64KiB.bin 128KiB.bin 256KiB.bin 512KiB.bin 1MiB.bin File Size 31

  32. Tomcat / Performances Concurency 240 90 80 70 60 CPU Usage 50 coyote_nio_jsse_h1_https 40 coyote_nio_jsse_h2_https 30 20 10 0 4KiB 8KiB 16KiB 32KiB 64KiB 128KiB 256KiB 512KiB 1MiB File Size 32

Recommend

TomcatCon Apache Tomcat and TLS Mark Thomas TM Introduction TM Why This Presentation? L o

TomcatCon Apache Tomcat and TLS Mark Thomas TM Introduction TM Why This Presentation? L o

T M TomcatCon Apache Tomcat and TLS Mark Thomas TM Introduction TM Why This Presentation? L o t s o f q u e s t i o n s a b o u t T L S o n t h e T o m c a t m a i l i n g l i s t s It is clear from the questions many folks dont

1.08k views • 41 slides
Monitoring Tomcat with JMX Christopher Schultz Chief Technology Offjcer Total Child Health, Inc.

Monitoring Tomcat with JMX Christopher Schultz Chief Technology Offjcer Total Child Health, Inc.

Monitoring Tomcat with JMX Christopher Schultz Chief Technology Offjcer Total Child Health, Inc. * Slides available on the Linux Foundation / ApacheCon2016 web site and at http://people.apache.org/~schultz/ApacheCon NA 2016/Monitoring Apache

738 views • 55 slides
Connecting Tomcat to the World What is a Connector? Tomcat's interface to the world

Connecting Tomcat to the World What is a Connector? Tomcat's interface to the world

Connecting Tomcat to the World What is a Connector? Tomcat's interface to the world Binds to a port Understands a protocol Dispatches requests Tomcat Connectors Java Blocking I/O (BIO or sometimes JIO) Java

339 views • 18 slides
PACKAGING TOMCAT FOR LINUX DISTRIBUTIONS COTY SUTHERLAND Senior Software Engineer, Red Hat

PACKAGING TOMCAT FOR LINUX DISTRIBUTIONS COTY SUTHERLAND Senior Software Engineer, Red Hat

PACKAGING TOMCAT FOR LINUX DISTRIBUTIONS COTY SUTHERLAND Senior Software Engineer, Red Hat AGENDA WHO AM I? WHY USE DISTRIBUTIONS? DISTRIBUTION OVERVIEW APACHE TOMCAT THE FEDORA DISTRIBUTION THE UBUNTU DISTRIBUTION SNAPS: UNIVERSAL LINUX

482 views • 34 slides
Installing a Web Server 1. Install a sample web server, which supports Servlets/JSPs. A light

Installing a Web Server 1. Install a sample web server, which supports Servlets/JSPs. A light

Installing a Web Server 1. Install a sample web server, which supports Servlets/JSPs. A light weight web server is Apache Tomcat server. You can get the server from http://tomcat.apache.org/ 2. Follow the installation directions and install the

199 views • 5 slides
Installing a Web Server 1. Install a sample web server, which supports Servlets/JSPs. A light

Installing a Web Server 1. Install a sample web server, which supports Servlets/JSPs. A light

Installing a Web Server 1. Install a sample web server, which supports Servlets/JSPs. A light weight web server is Apache Tomcat server. You can get the server from http://tomcat.apache.org/ 2. Follow the installation directions and install the

81 views • 5 slides
CSE 510 Web Data Engineering Java Servlets UB CSE 510 Web Data Engineering Install and Check

CSE 510 Web Data Engineering Java Servlets UB CSE 510 Web Data Engineering Install and Check

CSE 510 Web Data Engineering Java Servlets UB CSE 510 Web Data Engineering Install and Check Tomcat 2 UB CSE 510 Web Data Engineering Installing Tomcat Install stable production release We will be using Apache Tomcat version 6.0.20

512 views • 33 slides
Intro to Load-Balancing Tomcat with httpd and mod_jk Christopher Schultz Chief Technology

Intro to Load-Balancing Tomcat with httpd and mod_jk Christopher Schultz Chief Technology

Intro to Load-Balancing Tomcat with httpd and mod_jk Christopher Schultz Chief Technology Offjcer Total Child Health, Inc. * Slides available on the Linux Foundation / ApacheCon2015 web site and at http://people.apache.org/~schultz/ApacheCon

1.04k views • 69 slides
TomcatCon Tomcat Load-balancing Mark Thomas TM Introduction TM Terminology TM Terminology:

TomcatCon Tomcat Load-balancing Mark Thomas TM Introduction TM Terminology TM Terminology:

TM TomcatCon Tomcat Load-balancing Mark Thomas TM Introduction TM Terminology TM Terminology: Reverse Proxy /bugzilla /ooo bz.apache.org /SpamAssassin TM Terminology: Reverse Proxy Looks like a single host to the clients

637 views • 19 slides
Monitoring Tomcat with JMX Monitoring Tomcat with JMX Christopher Schultz Christopher Schultz

Monitoring Tomcat with JMX Monitoring Tomcat with JMX Christopher Schultz Christopher Schultz

Monitoring Tomcat with JMX Monitoring Tomcat with JMX Christopher Schultz Christopher Schultz Chief Technology Offcer Chief Technology Offcer Total Child Health, Inc. Total Child Health, Inc. * Slides available on the Linux Foundation /

1.21k views • 110 slides
Apache Felix Web Console Carsten Ziegeler | cziegeler@apache.org ApacheCon NA 2014 About

Apache Felix Web Console Carsten Ziegeler | cziegeler@apache.org ApacheCon NA 2014 About

Apache Felix Web Console Carsten Ziegeler | cziegeler@apache.org ApacheCon NA 2014 About cziegeler@apache.org @cziegeler RnD Team at Adobe Research Switzerland Member of the Apache So fu ware Foundation Apache Felix and Apache

725 views • 26 slides
Bug hunting with Apache Lucene Uwe Schindler Apache Lucene PMC &amp; Apache Software Foundation

Bug hunting with Apache Lucene Uwe Schindler Apache Lucene PMC &amp; Apache Software Foundation

Bug hunting with Apache Lucene Uwe Schindler Apache Lucene PMC &amp; Apache Software Foundation Member uschindler@apache.org http://www.thetaphi.de, http://blog.thetaphi.de @ThetaPh1 SD DataSolutions GmbH , Wtjenstr. 49, 28213 Bremen,

859 views • 51 slides
Integrating Apache Camel with Apache Syncope Dr. Colm higeartaigh, Talend. Speaker

Integrating Apache Camel with Apache Syncope Dr. Colm higeartaigh, Talend. Speaker

Integrating Apache Camel with Apache Syncope Dr. Colm higeartaigh, Talend. Speaker Introduction Introducing Apache Syncope Apache Syncope basics Apache Syncope is an Open Source system for managing digital identities in enterprise

929 views • 33 slides
How Apache works JB Onofr &lt;jbonofre@apache.org&gt; Who am I JB Onofr

How Apache works JB Onofr &lt;jbonofre@apache.org&gt; Who am I JB Onofr

How Apache works JB Onofr &lt;jbonofre@apache.org&gt; Who am I JB Onofr &lt;jbonofre@apache.org&gt; @jbonofre | http://blog.nanthrax.net Fellow /Software Architect at Talend Member of the Apache Software Foundation (started in 2004)

821 views • 45 slides
Apache Calcite for Enabling SQL Access to NoSQL Data Systems such as Apache Geode Christian

Apache Calcite for Enabling SQL Access to NoSQL Data Systems such as Apache Geode Christian

Apache Calcite for Enabling SQL Access to NoSQL Data Systems such as Apache Geode Christian Tzolov Whoami Christian Tzolov Engineer at Pivotal, Big-Data, Hadoop, Spring Cloud Dataflow, Apache Geode, Apache HAWQ, Apache Committer, Apache

796 views • 41 slides
Apache Lucene 5 New Features and Improvements for Apache Solr and Elasticsearch Uwe Schindler

Apache Lucene 5 New Features and Improvements for Apache Solr and Elasticsearch Uwe Schindler

Apache Lucene 5 New Features and Improvements for Apache Solr and Elasticsearch Uwe Schindler Apache Software Foundation | SD DataSolutions GmbH | PANGAEA My Background Committer and PMC member of Apache Lucene and Solr - main focus is on

1.09k views • 83 slides
Java Programming Unit 6 Inner Classes. Intro to HTML

Java Programming Unit 6 Inner Classes. Intro to HTML

Java Programming Unit 6 Inner Classes. Intro to HTML and Applets. Installing Apache Tomcat Server. (c) Farata Systems, L.L.C. 2014 Swing

684 views • 20 slides
Stream Processing with Apache Apex Thomas Weise Apache Apex PMC Chair thw@apache.org @thweise

Stream Processing with Apache Apex Thomas Weise Apache Apex PMC Chair thw@apache.org @thweise

Stream Processing with Apache Apex Thomas Weise Apache Apex PMC Chair thw@apache.org @thweise @atrato_io October 30, 2017, Dagstuhl Seminar Stream Processing with Apache Apex Real-time visualization, Transform / Analytics Data Sources Data

398 views • 22 slides
Apache Gearpump next-gen streaming engine Karol Brejna, Intel (karolbrejna@apache.org) Huafeng

Apache Gearpump next-gen streaming engine Karol Brejna, Intel (karolbrejna@apache.org) Huafeng

Apache Gearpump next-gen streaming engine Karol Brejna, Intel (karolbrejna@apache.org) Huafeng Wang, Intel (huafengw@apache.org) Apache: Big Data Europe 2016 Sevilla, Spain 14 November 2016 Agenda What is Gearpump? Why Apache

853 views • 60 slides
Apache Apex: Next Gen Big Data Analytics Thomas Weise &lt;thw@apache.org&gt; @thweise PMC Chair

Apache Apex: Next Gen Big Data Analytics Thomas Weise &lt;thw@apache.org&gt; @thweise PMC Chair

Apache Apex: Next Gen Big Data Analytics Thomas Weise &lt;thw@apache.org&gt; @thweise PMC Chair Apache Apex, Architect DataTorrent Apache Big Data Europe, Sevilla, Nov 14 th 2016 Stream Data Processing Real-time Data Delivery Transform /

632 views • 35 slides
Apache Arrow &amp; TDataFrame Giulio Eulisse (CERN) 22 Mar 2018 1 Apache Arrow: the project

Apache Arrow &amp; TDataFrame Giulio Eulisse (CERN) 22 Mar 2018 1 Apache Arrow: the project

Apache Arrow &amp; TDataFrame Giulio Eulisse (CERN) 22 Mar 2018 1 Apache Arrow: the project Apache Arrow is a cross-language development platform for in-memory data Well established. Top-Level Apache project backed by key developers of a

283 views • 7 slides
An Apache Based, Intelligent IoT Stack Trevor Grant PMC Apache Mahout Project PPMC Apache

An Apache Based, Intelligent IoT Stack Trevor Grant PMC Apache Mahout Project PPMC Apache

An Apache Based, Intelligent IoT Stack Trevor Grant PMC Apache Mahout Project PPMC Apache Streams-Incubator Open Source Evangelist, IBM @rawkintrevo About Me rawkintrevo@apache.org Trevor Grant http://rawkintrevo.org Huge shout out to Joe

564 views • 43 slides
TomcatCon Securing Tomcat For Your Environment Mark Thomas TM Introduction TM Agenda

TomcatCon Securing Tomcat For Your Environment Mark Thomas TM Introduction TM Agenda

TM TomcatCon Securing Tomcat For Your Environment Mark Thomas TM Introduction TM Agenda Background Passwords and configuration files Threats Web applications Keeping up to date Policy and process Operating system

842 views • 28 slides
Apache Sling A REST-based Web Application Framework Carsten Ziegeler | cziegeler@apache.org

Apache Sling A REST-based Web Application Framework Carsten Ziegeler | cziegeler@apache.org

Apache Sling A REST-based Web Application Framework Carsten Ziegeler | cziegeler@apache.org ApacheCon NA 2014 About cziegeler@apache.org @cziegeler RnD Team at Adobe Research Switzerland Member of the Apache So fu ware

847 views • 59 slides

More recommend