You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Huxing Zhang <hu...@alibaba-inc.com> on 2015/11/16 09:14:34 UTC
A step by step guide to try out the HTTP/2 feature in tomcat9
Following is a step by step guide for those who are interested in trying out the HTTP/2 feature in tomcat9,
Please correct me if anything is wrong.
Prerequisite:
* JDK8: suppose you've already installed
* tomcat 9.0.0.M1:
Please download from https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.0.M1/
(a release candidate which is calling for votes.)
* openssl 1.0.2d:
For Unix:
1) build from source code:
wget https://www.openssl.org/source/openssl-1.0.2d.tar.gz
tar -xf openssl-1.0.2d.tar.gz
cd openssl-1.0.2d
./config -fPIC --prefix=/path/to/openssl/
make
(sudo) make install
For Mac OSX
1) build from source code:
wget https://www.openssl.org/source/openssl-1.0.2d.tar.gz
tar -xf openssl-1.0.2d.tar.gz
cd openssl-1.0.2d
./Configure darwin64-x86_64-cc --prefix=/path/to/openssl shared
make
(sudo) make install
2) obtain from brew (recommended, but not tried yet)
* apr 1.4.0+ (latest version is 1.5.2)
build apr 1.5.2 from scratch if not installed:
download source code from https://apr.apache.org/download.cgi
tar -xf apr-1.5.2.tar.gz
cd apr-1.5.2
./configure
make
(sudo) make install
* tomcat native 1.2.2 (require apr 1.4.0+)
For Windows:
please download the binary release from http://tomcat.apache.org/download-native.cgi
or build from source code(not tried yet)
For Unix/Mac OSX
download the source code from: http://tomcat.apache.org/download-native.cgi
tar -xf tomcat-native-1.2.2-src.tar.gz
cd tomcat-native-1.2.2-src/native
./configure --with-apr=/path/to/apr --with-ssl=/path/to/openssl
make
(sudo) make install
* Genearte self-signed certificate:
/path/to/openssl req -x509 -newkey rsa:2048 -keyout /var/tmp/private-key.pem -out /var/tmp/cert.pem -days 365
(with passphrase: tomcat)
Tomcat side configurations(APR connector)
1. configure setenv.sh
CATALINA_OPTS="$CATALINA_OPTS -Djava.library.path=/path/to/your/tcnative/lib"
2. configure server.xml
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol"
maxThreads="150" SSLEnabled="true">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig honorCipherOrder="false" >
<Certificate certificateKeyFile="/var/tmp/private-key.pem"
certificateFile="/var/tmp/cert.pem"
certificateKeyPassword="tomcat"
type="RSA" />
</SSLHostConfig>
</Connector>
3. start tomcat
4. visit https://localhost:8443/examples/servlets/serverpush/simpleimage
You should see the image if everything is all right.
Tomcat side configurations(NIO/NIO2 connector, take NIO2 as an example)
1. configure server.xml
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol"
sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
maxThreads="150" SSLEnabled="true">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig honorCipherOrder="false" >
<Certificate certificateKeyFile="/var/tmp/private-key.pem"
certificateFile="/var/tmp/cert.pem"
certificateKeyPassword="tomcat"
type="RSA" />
</SSLHostConfig>
</Connector>
2. start tomcat
3. visit https://localhost:8443/examples/servlets/serverpush/simpleimage
You should see the image if everything is all right.
NOTES:
* HTTP/2 is not supported for non-secured protocol currently.
* HTTP/2 is not supported for JSSE implementation currently.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: A step by step guide to try out the HTTP/2 feature in tomcat9
Posted by Huxing Zhang <hu...@alibaba-inc.com>.
Mark,
Thanks for pointing me out, and I will have a try on h2c using curl.
Huxing
------------------------------------------------------------------
From:Mark Thomas <ma...@apache.org>
Time:2015 Nov 17 (Tue) 15:24
To:Tomcat Developers List <de...@tomcat.apache.org>
Subject:Re: A step by step guide to try out the HTTP/2 feature in tomcat9
On 17 November 2015 00:49:00 GMT+00:00, Huxing Zhang <hu...@alibaba-inc.com> wrote:
>Chris,
>
>>> NOTES:
>>> * HTTP/2 is not supported for non-secured protocol currently.
>
>> I'm no expert, but I thought that h2c was supported.
>
>Actually I tried to configure HTTP/2 in non-secured connector, the
>configuration I tried in server.xml is as follows:
>
><Connector port="8080"
>protocol="org.apache.coyote.http11.Http11AprProtocol"
> connectionTimeout="20000"
> redirectPort="8443" >
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
> </Connector>
>
>When tomcat started, I observed the following log:
>17-Nov-2015 08:35:20.149 INFO [main]
>org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol
>The ["http-apr-8080"] connector has been configured to support HTTP
>upgrade to [h2c]
>
>However, when I tried the server push example:
>http://localhost:8080/examples/servlets/serverpush/simpleimage
>
>The following error occurred:
>
>java.lang.UnsupportedOperationException: Server push requests are not
>supported by the HTTP/1.1 protocol
> org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:937)
> org.apache.coyote.Request.action(Request.java:392)
> http2.SimpleImagePush.doGet(SimpleImagePush.java:37)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
> org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
>
>Am I missing something?
>
>Best Regards,
>Huxing
>------------------------------------------------------------------
>From:Christopher Schultz <ch...@christopherschultz.net>
>Time:2015 Nov 17 (Tue) 06:44
>To:Tomcat Developers List <de...@tomcat.apache.org>
>Subject:Re: A step by step guide to try out the HTTP/2 feature in
>tomcat9
>
>
>Huxing,
>
>On 11/16/15 3:14 AM, Huxing Zhang wrote:
>> Following is a step by step guide for those who are interested in
>trying out the HTTP/2 feature in tomcat9,
>> Please correct me if anything is wrong.
>>
>> Prerequisite:
>> * JDK8: suppose you've already installed
>> * tomcat 9.0.0.M1:
>> Please download from
>https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.0.M1/
>> (a release candidate which is calling for votes.)
>> * openssl 1.0.2d:
>> For Unix:
>> 1) build from source code:
>> wget https://www.openssl.org/source/openssl-1.0.2d.tar.gz
>> tar -xf openssl-1.0.2d.tar.gz
>> cd openssl-1.0.2d
>> ./config -fPIC --prefix=/path/to/openssl/
>> make
>> (sudo) make install
>>
>> For Mac OSX
>> 1) build from source code:
>> wget https://www.openssl.org/source/openssl-1.0.2d.tar.gz
>> tar -xf openssl-1.0.2d.tar.gz
>> cd openssl-1.0.2d
>> ./Configure darwin64-x86_64-cc --prefix=/path/to/openssl shared
>> make
>> (sudo) make install
>> 2) obtain from brew (recommended, but not tried yet)
>
>+1 for brew, though it wants to install a bunch of things that might
>surprise you (I originally used to install gpg, I think). It *does*
>allow you to install any number of OpenSSL versions side-by-side,
>though. If you use brew to install multiple OpenSSLs, you'll want to
>specify which one you are using when building tcnative. You'll want to
>point --with-ssl at /usr/local/Cellar/openssl/[version]
>
>Current version of OpenSSL available through Brew is 1.0.2d.
>
>> * apr 1.4.0+ (latest version is 1.5.2)
>> build apr 1.5.2 from scratch if not installed:
>> download source code from https://apr.apache.org/download.cgi
>> tar -xf apr-1.5.2.tar.gz
>> cd apr-1.5.2
>> ./configure
>> make
>> (sudo) make install
>> * tomcat native 1.2.2 (require apr 1.4.0+)
>> For Windows:
>> please download the binary release from
>http://tomcat.apache.org/download-native.cgi
>> or build from source code(not tried yet)
>>
>> For Unix/Mac OSX
>> download the source code from:
>http://tomcat.apache.org/download-native.cgi
>> tar -xf tomcat-native-1.2.2-src.tar.gz
>> cd tomcat-native-1.2.2-src/native
>> ./configure --with-apr=/path/to/apr --with-ssl=/path/to/openssl
>> make
>> (sudo) make install
>>
>> * Genearte self-signed certificate:
>> /path/to/openssl req -x509 -newkey rsa:2048 -keyout
>/var/tmp/private-key.pem -out /var/tmp/cert.pem -days 365
>> (with passphrase: tomcat)
>>
>> Tomcat side configurations(APR connector)
>> 1. configure setenv.sh
>> CATALINA_OPTS="$CATALINA_OPTS
>-Djava.library.path=/path/to/your/tcnative/lib"
>> 2. configure server.xml
>> <Connector port="8443"
>protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>> maxThreads="150" SSLEnabled="true">
>> <UpgradeProtocol
>className="org.apache.coyote.http2.Http2Protocol" />
>> <SSLHostConfig honorCipherOrder="false" >
>> <Certificate
>certificateKeyFile="/var/tmp/private-key.pem"
>> certificateFile="/var/tmp/cert.pem"
>> certificateKeyPassword="tomcat"
>> type="RSA" />
>> </SSLHostConfig>
>> </Connector>
>> 3. start tomcat
>> 4. visit
>https://localhost:8443/examples/servlets/serverpush/simpleimage
>> You should see the image if everything is all right.
>>
>> Tomcat side configurations(NIO/NIO2 connector, take NIO2 as an
>example)
>> 1. configure server.xml
>> <Connector port="8443"
>protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>>
>sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
>> maxThreads="150" SSLEnabled="true">
>> <UpgradeProtocol
>className="org.apache.coyote.http2.Http2Protocol" />
>> <SSLHostConfig honorCipherOrder="false" >
>> <Certificate
>certificateKeyFile="/var/tmp/private-key.pem"
>> certificateFile="/var/tmp/cert.pem"
>> certificateKeyPassword="tomcat"
>> type="RSA" />
>> </SSLHostConfig>
>> </Connector>
>> 2. start tomcat
>> 3. visit
>https://localhost:8443/examples/servlets/serverpush/simpleimage
>> You should see the image if everything is all right.
>>
>> NOTES:
>> * HTTP/2 is not supported for non-secured protocol currently.
>
>I'm no expert, but I thought that h2c was supported.
>
>> * HTTP/2 is not supported for JSSE implementation currently.
>
>-chris
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: dev-help@tomcat.apache.org
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: dev-help@tomcat.apache.org
Most browsers don't support h2c. Tomcat does. You can test this with a recent build of curl.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: A step by step guide to try out the HTTP/2 feature in tomcat9
Posted by Mark Thomas <ma...@apache.org>.
On 17 November 2015 00:49:00 GMT+00:00, Huxing Zhang <hu...@alibaba-inc.com> wrote:
>Chris,
>
>>> NOTES:
>>> * HTTP/2 is not supported for non-secured protocol currently.
>
>> I'm no expert, but I thought that h2c was supported.
>
>Actually I tried to configure HTTP/2 in non-secured connector, the
>configuration I tried in server.xml is as follows:
>
><Connector port="8080"
>protocol="org.apache.coyote.http11.Http11AprProtocol"
> connectionTimeout="20000"
> redirectPort="8443" >
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
> </Connector>
>
>When tomcat started, I observed the following log:
>17-Nov-2015 08:35:20.149 INFO [main]
>org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol
>The ["http-apr-8080"] connector has been configured to support HTTP
>upgrade to [h2c]
>
>However, when I tried the server push example:
>http://localhost:8080/examples/servlets/serverpush/simpleimage
>
>The following error occurred:
>
>java.lang.UnsupportedOperationException: Server push requests are not
>supported by the HTTP/1.1 protocol
> org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:937)
> org.apache.coyote.Request.action(Request.java:392)
> http2.SimpleImagePush.doGet(SimpleImagePush.java:37)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
> org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
>
>Am I missing something?
>
>Best Regards,
>Huxing
>------------------------------------------------------------------
>From:Christopher Schultz <ch...@christopherschultz.net>
>Time:2015 Nov 17 (Tue) 06:44
>To:Tomcat Developers List <de...@tomcat.apache.org>
>Subject:Re: A step by step guide to try out the HTTP/2 feature in
>tomcat9
>
>
>Huxing,
>
>On 11/16/15 3:14 AM, Huxing Zhang wrote:
>> Following is a step by step guide for those who are interested in
>trying out the HTTP/2 feature in tomcat9,
>> Please correct me if anything is wrong.
>>
>> Prerequisite:
>> * JDK8: suppose you've already installed
>> * tomcat 9.0.0.M1:
>> Please download from
>https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.0.M1/
>> (a release candidate which is calling for votes.)
>> * openssl 1.0.2d:
>> For Unix:
>> 1) build from source code:
>> wget https://www.openssl.org/source/openssl-1.0.2d.tar.gz
>> tar -xf openssl-1.0.2d.tar.gz
>> cd openssl-1.0.2d
>> ./config -fPIC --prefix=/path/to/openssl/
>> make
>> (sudo) make install
>>
>> For Mac OSX
>> 1) build from source code:
>> wget https://www.openssl.org/source/openssl-1.0.2d.tar.gz
>> tar -xf openssl-1.0.2d.tar.gz
>> cd openssl-1.0.2d
>> ./Configure darwin64-x86_64-cc --prefix=/path/to/openssl shared
>> make
>> (sudo) make install
>> 2) obtain from brew (recommended, but not tried yet)
>
>+1 for brew, though it wants to install a bunch of things that might
>surprise you (I originally used to install gpg, I think). It *does*
>allow you to install any number of OpenSSL versions side-by-side,
>though. If you use brew to install multiple OpenSSLs, you'll want to
>specify which one you are using when building tcnative. You'll want to
>point --with-ssl at /usr/local/Cellar/openssl/[version]
>
>Current version of OpenSSL available through Brew is 1.0.2d.
>
>> * apr 1.4.0+ (latest version is 1.5.2)
>> build apr 1.5.2 from scratch if not installed:
>> download source code from https://apr.apache.org/download.cgi
>> tar -xf apr-1.5.2.tar.gz
>> cd apr-1.5.2
>> ./configure
>> make
>> (sudo) make install
>> * tomcat native 1.2.2 (require apr 1.4.0+)
>> For Windows:
>> please download the binary release from
>http://tomcat.apache.org/download-native.cgi
>> or build from source code(not tried yet)
>>
>> For Unix/Mac OSX
>> download the source code from:
>http://tomcat.apache.org/download-native.cgi
>> tar -xf tomcat-native-1.2.2-src.tar.gz
>> cd tomcat-native-1.2.2-src/native
>> ./configure --with-apr=/path/to/apr --with-ssl=/path/to/openssl
>> make
>> (sudo) make install
>>
>> * Genearte self-signed certificate:
>> /path/to/openssl req -x509 -newkey rsa:2048 -keyout
>/var/tmp/private-key.pem -out /var/tmp/cert.pem -days 365
>> (with passphrase: tomcat)
>>
>> Tomcat side configurations(APR connector)
>> 1. configure setenv.sh
>> CATALINA_OPTS="$CATALINA_OPTS
>-Djava.library.path=/path/to/your/tcnative/lib"
>> 2. configure server.xml
>> <Connector port="8443"
>protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>> maxThreads="150" SSLEnabled="true">
>> <UpgradeProtocol
>className="org.apache.coyote.http2.Http2Protocol" />
>> <SSLHostConfig honorCipherOrder="false" >
>> <Certificate
>certificateKeyFile="/var/tmp/private-key.pem"
>> certificateFile="/var/tmp/cert.pem"
>> certificateKeyPassword="tomcat"
>> type="RSA" />
>> </SSLHostConfig>
>> </Connector>
>> 3. start tomcat
>> 4. visit
>https://localhost:8443/examples/servlets/serverpush/simpleimage
>> You should see the image if everything is all right.
>>
>> Tomcat side configurations(NIO/NIO2 connector, take NIO2 as an
>example)
>> 1. configure server.xml
>> <Connector port="8443"
>protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>>
>sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
>> maxThreads="150" SSLEnabled="true">
>> <UpgradeProtocol
>className="org.apache.coyote.http2.Http2Protocol" />
>> <SSLHostConfig honorCipherOrder="false" >
>> <Certificate
>certificateKeyFile="/var/tmp/private-key.pem"
>> certificateFile="/var/tmp/cert.pem"
>> certificateKeyPassword="tomcat"
>> type="RSA" />
>> </SSLHostConfig>
>> </Connector>
>> 2. start tomcat
>> 3. visit
>https://localhost:8443/examples/servlets/serverpush/simpleimage
>> You should see the image if everything is all right.
>>
>> NOTES:
>> * HTTP/2 is not supported for non-secured protocol currently.
>
>I'm no expert, but I thought that h2c was supported.
>
>> * HTTP/2 is not supported for JSSE implementation currently.
>
>-chris
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: dev-help@tomcat.apache.org
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: dev-help@tomcat.apache.org
Most browsers don't support h2c. Tomcat does. You can test this with a recent build of curl.
Mark
Re: A step by step guide to try out the HTTP/2 feature in tomcat9
Posted by Huxing Zhang <hu...@alibaba-inc.com>.
Chris,
>> NOTES:
>> * HTTP/2 is not supported for non-secured protocol currently.
> I'm no expert, but I thought that h2c was supported.
Actually I tried to configure HTTP/2 in non-secured connector, the configuration I tried in server.xml is as follows:
<Connector port="8080" protocol="org.apache.coyote.http11.Http11AprProtocol"
connectionTimeout="20000"
redirectPort="8443" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
</Connector>
When tomcat started, I observed the following log:
17-Nov-2015 08:35:20.149 INFO [main] org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The ["http-apr-8080"] connector has been configured to support HTTP upgrade to [h2c]
However, when I tried the server push example:
http://localhost:8080/examples/servlets/serverpush/simpleimage
The following error occurred:
java.lang.UnsupportedOperationException: Server push requests are not supported by the HTTP/1.1 protocol
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:937)
org.apache.coyote.Request.action(Request.java:392)
http2.SimpleImagePush.doGet(SimpleImagePush.java:37)
javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
Am I missing something?
Best Regards,
Huxing
------------------------------------------------------------------
From:Christopher Schultz <ch...@christopherschultz.net>
Time:2015 Nov 17 (Tue) 06:44
To:Tomcat Developers List <de...@tomcat.apache.org>
Subject:Re: A step by step guide to try out the HTTP/2 feature in tomcat9
Huxing,
On 11/16/15 3:14 AM, Huxing Zhang wrote:
> Following is a step by step guide for those who are interested in trying out the HTTP/2 feature in tomcat9,
> Please correct me if anything is wrong.
>
> Prerequisite:
> * JDK8: suppose you've already installed
> * tomcat 9.0.0.M1:
> Please download from https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.0.M1/
> (a release candidate which is calling for votes.)
> * openssl 1.0.2d:
> For Unix:
> 1) build from source code:
> wget https://www.openssl.org/source/openssl-1.0.2d.tar.gz
> tar -xf openssl-1.0.2d.tar.gz
> cd openssl-1.0.2d
> ./config -fPIC --prefix=/path/to/openssl/
> make
> (sudo) make install
>
> For Mac OSX
> 1) build from source code:
> wget https://www.openssl.org/source/openssl-1.0.2d.tar.gz
> tar -xf openssl-1.0.2d.tar.gz
> cd openssl-1.0.2d
> ./Configure darwin64-x86_64-cc --prefix=/path/to/openssl shared
> make
> (sudo) make install
> 2) obtain from brew (recommended, but not tried yet)
+1 for brew, though it wants to install a bunch of things that might
surprise you (I originally used to install gpg, I think). It *does*
allow you to install any number of OpenSSL versions side-by-side,
though. If you use brew to install multiple OpenSSLs, you'll want to
specify which one you are using when building tcnative. You'll want to
point --with-ssl at /usr/local/Cellar/openssl/[version]
Current version of OpenSSL available through Brew is 1.0.2d.
> * apr 1.4.0+ (latest version is 1.5.2)
> build apr 1.5.2 from scratch if not installed:
> download source code from https://apr.apache.org/download.cgi
> tar -xf apr-1.5.2.tar.gz
> cd apr-1.5.2
> ./configure
> make
> (sudo) make install
> * tomcat native 1.2.2 (require apr 1.4.0+)
> For Windows:
> please download the binary release from http://tomcat.apache.org/download-native.cgi
> or build from source code(not tried yet)
>
> For Unix/Mac OSX
> download the source code from: http://tomcat.apache.org/download-native.cgi
> tar -xf tomcat-native-1.2.2-src.tar.gz
> cd tomcat-native-1.2.2-src/native
> ./configure --with-apr=/path/to/apr --with-ssl=/path/to/openssl
> make
> (sudo) make install
>
> * Genearte self-signed certificate:
> /path/to/openssl req -x509 -newkey rsa:2048 -keyout /var/tmp/private-key.pem -out /var/tmp/cert.pem -days 365
> (with passphrase: tomcat)
>
> Tomcat side configurations(APR connector)
> 1. configure setenv.sh
> CATALINA_OPTS="$CATALINA_OPTS -Djava.library.path=/path/to/your/tcnative/lib"
> 2. configure server.xml
> <Connector port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol"
> maxThreads="150" SSLEnabled="true">
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
> <SSLHostConfig honorCipherOrder="false" >
> <Certificate certificateKeyFile="/var/tmp/private-key.pem"
> certificateFile="/var/tmp/cert.pem"
> certificateKeyPassword="tomcat"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
> 3. start tomcat
> 4. visit https://localhost:8443/examples/servlets/serverpush/simpleimage
> You should see the image if everything is all right.
>
> Tomcat side configurations(NIO/NIO2 connector, take NIO2 as an example)
> 1. configure server.xml
> <Connector port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol"
> sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
> maxThreads="150" SSLEnabled="true">
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
> <SSLHostConfig honorCipherOrder="false" >
> <Certificate certificateKeyFile="/var/tmp/private-key.pem"
> certificateFile="/var/tmp/cert.pem"
> certificateKeyPassword="tomcat"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
> 2. start tomcat
> 3. visit https://localhost:8443/examples/servlets/serverpush/simpleimage
> You should see the image if everything is all right.
>
> NOTES:
> * HTTP/2 is not supported for non-secured protocol currently.
I'm no expert, but I thought that h2c was supported.
> * HTTP/2 is not supported for JSSE implementation currently.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: A step by step guide to try out the HTTP/2 feature in tomcat9
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Huxing,
On 11/16/15 3:14 AM, Huxing Zhang wrote:
> Following is a step by step guide for those who are interested in trying out the HTTP/2 feature in tomcat9,
> Please correct me if anything is wrong.
>
> Prerequisite:
> * JDK8: suppose you've already installed
> * tomcat 9.0.0.M1:
> Please download from https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.0.M1/
> (a release candidate which is calling for votes.)
> * openssl 1.0.2d:
> For Unix:
> 1) build from source code:
> wget https://www.openssl.org/source/openssl-1.0.2d.tar.gz
> tar -xf openssl-1.0.2d.tar.gz
> cd openssl-1.0.2d
> ./config -fPIC --prefix=/path/to/openssl/
> make
> (sudo) make install
>
> For Mac OSX
> 1) build from source code:
> wget https://www.openssl.org/source/openssl-1.0.2d.tar.gz
> tar -xf openssl-1.0.2d.tar.gz
> cd openssl-1.0.2d
> ./Configure darwin64-x86_64-cc --prefix=/path/to/openssl shared
> make
> (sudo) make install
> 2) obtain from brew (recommended, but not tried yet)
+1 for brew, though it wants to install a bunch of things that might
surprise you (I originally used to install gpg, I think). It *does*
allow you to install any number of OpenSSL versions side-by-side,
though. If you use brew to install multiple OpenSSLs, you'll want to
specify which one you are using when building tcnative. You'll want to
point --with-ssl at /usr/local/Cellar/openssl/[version]
Current version of OpenSSL available through Brew is 1.0.2d.
> * apr 1.4.0+ (latest version is 1.5.2)
> build apr 1.5.2 from scratch if not installed:
> download source code from https://apr.apache.org/download.cgi
> tar -xf apr-1.5.2.tar.gz
> cd apr-1.5.2
> ./configure
> make
> (sudo) make install
> * tomcat native 1.2.2 (require apr 1.4.0+)
> For Windows:
> please download the binary release from http://tomcat.apache.org/download-native.cgi
> or build from source code(not tried yet)
>
> For Unix/Mac OSX
> download the source code from: http://tomcat.apache.org/download-native.cgi
> tar -xf tomcat-native-1.2.2-src.tar.gz
> cd tomcat-native-1.2.2-src/native
> ./configure --with-apr=/path/to/apr --with-ssl=/path/to/openssl
> make
> (sudo) make install
>
> * Genearte self-signed certificate:
> /path/to/openssl req -x509 -newkey rsa:2048 -keyout /var/tmp/private-key.pem -out /var/tmp/cert.pem -days 365
> (with passphrase: tomcat)
>
> Tomcat side configurations(APR connector)
> 1. configure setenv.sh
> CATALINA_OPTS="$CATALINA_OPTS -Djava.library.path=/path/to/your/tcnative/lib"
> 2. configure server.xml
> <Connector port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol"
> maxThreads="150" SSLEnabled="true">
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
> <SSLHostConfig honorCipherOrder="false" >
> <Certificate certificateKeyFile="/var/tmp/private-key.pem"
> certificateFile="/var/tmp/cert.pem"
> certificateKeyPassword="tomcat"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
> 3. start tomcat
> 4. visit https://localhost:8443/examples/servlets/serverpush/simpleimage
> You should see the image if everything is all right.
>
> Tomcat side configurations(NIO/NIO2 connector, take NIO2 as an example)
> 1. configure server.xml
> <Connector port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol"
> sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
> maxThreads="150" SSLEnabled="true">
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
> <SSLHostConfig honorCipherOrder="false" >
> <Certificate certificateKeyFile="/var/tmp/private-key.pem"
> certificateFile="/var/tmp/cert.pem"
> certificateKeyPassword="tomcat"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
> 2. start tomcat
> 3. visit https://localhost:8443/examples/servlets/serverpush/simpleimage
> You should see the image if everything is all right.
>
> NOTES:
> * HTTP/2 is not supported for non-secured protocol currently.
I'm no expert, but I thought that h2c was supported.
> * HTTP/2 is not supported for JSSE implementation currently.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org