-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dejan,
On 5/19/15 2:08 PM, Christopher Schultz wrote:
> Dejan,
>
> On 5/19/15 11:58 AM, Dejan Stamenov wrote:
>> Maybe I have messed up really bad, so I can't solve it now. I
>> will start over with this, can you tell me if this are the steps
>> I need to do for it to work:
>
>> install libapr1-devinstall tcnativeWill I need to make that
>> specific .sh file in the Tomcat /bin directory after I have done
>> these 2 steps?
>
> If it were me, I would:
>
> 1. Remove all traces of the APR source and binary that you
> downloaded and built for yourself. 2. Make sure that the packages
> libapr1 and libapr1-dev are installed via apt-get 3. Make sure you
> build tcnative such that, after:
>
> $ make distclean $ ./configure [...] $ make
>
> ... you have some .so files sitting-around somewhere.
>
> 4. Copy those files into CATALINA_BASE/bin
>
> 5. When you launch, make sure that java.library.path includes
> CATALINA_BASE/bin
>
>> Also, can I use something else than APR library connector?
>
> Yes. All Tomcat connectors support TLS.
>
> The APR-based connector will outperform all other connectors when
> using TLS by an order of magnitude. If you are serious about
> performance, you should either use the APR-based connector or
> terminate TLS elsewhere (like a reverse proxy) and not have Tomcat
> do any crypto at all.
>
>> I have been trying to make it work now with a keystore, but when
>> I access my application I get "The connection was reset" error.
>> In my keystore, I have my server certificate, my intermediate
>> file and primary cert file which have been given to me (the last
>> 2). Also, when I look into the logs of the server there is no
>> error/warning about using this second Connector, but it still
>> won't work.
>
> Taking PEM files and putting them into a keystore is a real pain
> in the neck.
>
> This is the magic formula I've been using for a while, when
> starting with PEM files and creating a keystore from scratch:
>
> $ openssl pkcs12 -export -in ${HOSTNAME}.crt \ -inkey
> ${HOSTNAME}.key \ -certfile CA-intermediate.crt -out
> ${HOSTNAME}.p12 -chain
>
> $ $JAVA_HOME/bin/keytool -importkeystore \ -srckeystore
> ${HOSTNAME}.p12 \ -destkeystore ${HOSTNAME}.jks \ -srcstoretype
> pkcs12
>
> Hope that helps, -chris
FWIW, this is the portion of my Tomcat package testing script. This
script is completely automated and fetches a release candidate, builds
everything, and tests everything. You should be able to see how
everything is built and where it all goes.
Some environment variables are not set, because this is only the snip
of the script that deals with tcnative. Note that I don't show the
launch of the JVM, so you don't see where java.library.dir is set. I
have also not corrected for line wrapping/formatting.
I hope this helps,
- -chris
echo Building tcnative...
mkdir -p "${BASE_SOURCE_DIR}/output/build/bin/native"
tar xz --directory "${BASE_SOURCE_DIR}/output/build/bin/native" -f
"${BASE_DIR}/
downloads/tomcat-native"*"/tomcat-native"*".tar.gz"
if [ "0" != "$?" ] ; then
echo "* Failed to unpack tcnative. Quitting."
exit
fi
OWD=`pwd`
cd "${BASE_SOURCE_DIR}/output/build/bin/native/tomcat-native-"*/jni/nati
ve
./configure --with-apr=/usr/bin --with-ssl=yes
- --with-java-home="${TEST_JAVA_HOME}"
# /usr/lib/jvm/java-6-sun/
result=$?
if [ "0" != "$result" ] ; then
echo "* !! tcnative configure returned non-zero result ($result).
Quitting."
exit
fi
cd "${OWD}"
make -C
"${BASE_SOURCE_DIR}/output/build/bin/native/tomcat-native-"*/jni/native
result=$?
if [ "0" != "$result" ] ; then
echo "* !! tcnative make returned non-zero result ($result). Quitting.
"
exit
else
echo "* tcnative builds cleanly"
fi
cp -d
"${BASE_SOURCE_DIR}/output/build/bin/native/tomcat-native-"*/jni/native/
.libs/*
"${BASE_SOURCE_DIR}/output/build/bin/native"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVW4vSAAoJEBzwKT+lPKRYRwMQAIWp4DODO4kOyRGXUmpa2WZt
CZ230wXRf1Mgl7j620S5tlDPTLpLnc8GA2TmKydvuDwAmcof0UixIvSFJVr9l3d5
unRG3sP/trfBH0iSbzWue9Ep2CZYNx5l6wjfhKlSVT18OU3zPshIKIXl+BZIGvX/
p7YkXY1Jvb4xgg5jIbVZPSAq+dyQCJEGeS8FwiqnpsYDQooK/GEF+uqU/qiXw8BP
yqhVCV3ZJhtR8I/V5CJaCl0apzXI2MMGZ8f8zG2vTflpo7sH5GhwcpH69i8VeLwb
hdHypjdUW3C5TSPO59wzxCZA7DHLfKHxr2QPYxnkjwVf6zZ+JsCrAJ8jMrNt2sUD
BnAGxmK8v4Pnf6EzLOgycyIJT+sYETmHMk5t68d503zu9xAlToisMIDhlyb3WUoG
9IhNEweHAK3n8W7C21wWktZFBO5TPhlGrcClEBj4Kr/V9KV0xK/NfiLLL0dV6GqN
fDhU/KWZgQDx5hn3jajlWhfMrsAYCn9WPwbBSwMk4QVJlosIo0RIXM/nWHfZDtW1
LTV7UHyU6Me0xTaebokhAh97Si0Hd2d056RotZJb6RwEEaHe36C4En8ZuN4R6zAG
Fe7h9Gs1gglHeyejo4wvCWQxT0fQe9SlwuEMyZJjCG4IPhRxPHEuyp8UgNwGZfpx
oM7ZXPB5J3s2RQRDsjxU
=6Ym+
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
