-
Notifications
You must be signed in to change notification settings - Fork 41.2k
Use AprLifecycleListener with embedded Tomcat by default #10079
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Thanks for the PR, @candrews. I think it'd be good to update the javadoc to list the lifecycle listeners that are registered by default. |
I see that this Listener is still configured in Tomcat 9.0, but I'm a bit confused about the need to configure it by default. It seems that at least one performance benchmark show that NIO/NIO2 + OpenSSL implementation perform better than APR + OpenSSL (probably because of JNI and the particular use case chosen for this benchmark). Also, @markt-asf said that, when using OpenSSL, APR and NIO have roughly the same performance and that it really depends on the traffic your application is dealing with. He also mentioned NIO as a good choice for a default connector (check out this presentation recording, starting 41:25). Benchmarks are hard to get right and can be really misleading, so I'm a bit torn between following Tomcat's defaults and following the latest advice from Tomcat committers. Unless I totally missed something here, I'm voting against this change. |
This PR isn't for changing the connector - NIO is still used. |
The APR lifecycle listener does NOT use the APR library directly to accelerate TLS. You need the Tomcat Native library (which depends on APR and OpenSSL) to do that. The APR lifecycle listener only looks for the Tomcat Native library. Also, there are NO benefits w.r.t threading. The Tomcat Native connector enables two features:
In Tomcat 9 and 8.5 you need the Tomcat Native library to use HTTP/2 if you are running on Java 8 or earlier. In Tomcat 9 (and soon in Tomcat 8.5) on Java 9 or later, HTTP/2 is supported without the Tomcat Native Library. If you are using TLS, the Tomcat Native library generally offers performance improvements compared to JSSE (either via the APR/Native connector or with NIO[2] with OpenSSL). However those performance differences vary with configuration and exact Java version so it is worth testing to see what the benefit is for any given scenario. Generally, I would recommend using the Tomcat Native library if you need to support TLS. In terms of APR/native vs NIO+OpenSSL, the Tomcat community is leaning towards NIO+OpenSSL with the possibility that the APR/native connector will be removed in Tomcat 10. |
After a discussion with @candrews on https://gitter.im/spring-projects/spring-boot, here's the current status of this. The With that, we should see how this choice fits in #10043 and how it should be documented, even if it's not used in the HTTP/2 context. |
AprLifecycleListener enabled Tomcat to use APR for accelerating SSL and threading if APR is available (if it's not available, then pure Java is used and there is no loss): https://tomcat.apache.org/tomcat-8.0-doc/apr.html#AprLifecycleListener
The default configuration that Tomcat distributes enables AprLifecycleListener: https://github.com/apache/tomcat/blob/TOMCAT_8_0_0/conf/server.xml#L27 Therefore, since Tomcat has been enabling it by default for years, I think Spring Boot should as well (I was surprised it didn't).
Note that AprLifecycleListener does not enable HTTP/2 or anything else; it's purely a performance improvement.