Skip to content

Use AprLifecycleListener with embedded Tomcat by default #10079

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from

Conversation

candrews
Copy link
Contributor

AprLifecycleListener enabled Tomcat to use APR for accelerating SSL and threading if APR is available (if it's not available, then pure Java is used and there is no loss): https://tomcat.apache.org/tomcat-8.0-doc/apr.html#AprLifecycleListener

The default configuration that Tomcat distributes enables AprLifecycleListener: https://github.com/apache/tomcat/blob/TOMCAT_8_0_0/conf/server.xml#L27 Therefore, since Tomcat has been enabling it by default for years, I think Spring Boot should as well (I was surprised it didn't).

Note that AprLifecycleListener does not enable HTTP/2 or anything else; it's purely a performance improvement.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Aug 25, 2017
@wilkinsona wilkinsona added type: enhancement A general enhancement priority: normal and removed status: waiting-for-triage An issue we've not yet triaged labels Aug 29, 2017
@wilkinsona
Copy link
Member

Thanks for the PR, @candrews. I think it'd be good to update the javadoc to list the lifecycle listeners that are registered by default.

@wilkinsona wilkinsona added this to the 2.0.0.RC1 milestone Aug 29, 2017
@bclozel
Copy link
Member

bclozel commented Sep 4, 2017

I see that this Listener is still configured in Tomcat 9.0, but I'm a bit confused about the need to configure it by default.

It seems that at least one performance benchmark show that NIO/NIO2 + OpenSSL implementation perform better than APR + OpenSSL (probably because of JNI and the particular use case chosen for this benchmark).

Also, @markt-asf said that, when using OpenSSL, APR and NIO have roughly the same performance and that it really depends on the traffic your application is dealing with. He also mentioned NIO as a good choice for a default connector (check out this presentation recording, starting 41:25).

Benchmarks are hard to get right and can be really misleading, so I'm a bit torn between following Tomcat's defaults and following the latest advice from Tomcat committers.

Unless I totally missed something here, I'm voting against this change.

@candrews
Copy link
Contributor Author

candrews commented Sep 4, 2017

This PR isn't for changing the connector - NIO is still used.
Granted, the APR lifecycle listener allows for the use of the APR connector, but that's not what this PR does not is it the only thing the life cycle listener does. It also allows Tomcat to use APR threads and OpenSSL for improving NIO connector performance.
As far as I can tell, enabling the life cycle listener never harms performance, can improve it, and was and is in the default Tomcat configuration so it should be in the default Spring Boot configuration.

@markt-asf
Copy link

The APR lifecycle listener does NOT use the APR library directly to accelerate TLS. You need the Tomcat Native library (which depends on APR and OpenSSL) to do that. The APR lifecycle listener only looks for the Tomcat Native library.

Also, there are NO benefits w.r.t threading.

The Tomcat Native connector enables two features:

  • the APR/native connector
  • the ability to use OpenSSL with the NIO and NIO2 connectors

In Tomcat 9 and 8.5 you need the Tomcat Native library to use HTTP/2 if you are running on Java 8 or earlier. In Tomcat 9 (and soon in Tomcat 8.5) on Java 9 or later, HTTP/2 is supported without the Tomcat Native Library.

If you are using TLS, the Tomcat Native library generally offers performance improvements compared to JSSE (either via the APR/Native connector or with NIO[2] with OpenSSL). However those performance differences vary with configuration and exact Java version so it is worth testing to see what the benefit is for any given scenario.

Generally, I would recommend using the Tomcat Native library if you need to support TLS. In terms of APR/native vs NIO+OpenSSL, the Tomcat community is leaning towards NIO+OpenSSL with the possibility that the APR/native connector will be removed in Tomcat 10.

@bclozel
Copy link
Member

bclozel commented Sep 7, 2017

After a discussion with @candrews on https://gitter.im/spring-projects/spring-boot, here's the current status of this.

The AprLifecycleListener should be useful (and in most cases improve things), as long as the application is using TLS. Otherwise, it's not really useful to have it configured by default (even if users should be able to configure it manually).

With that, we should see how this choice fits in #10043 and how it should be documented, even if it's not used in the HTTP/2 context.

@bclozel bclozel self-assigned this Sep 7, 2017
@philwebb philwebb modified the milestones: 2.0.0.RC1, 2.0.0.M6 Sep 20, 2017
@bclozel bclozel removed this from the 2.0.0.M6 milestone Nov 3, 2017
@bclozel bclozel added status: duplicate A duplicate of another issue and removed priority: normal type: enhancement A general enhancement labels Nov 3, 2017
@bclozel
Copy link
Member

bclozel commented Nov 3, 2017

Fixed in #10043
Thanks @candrews !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status: duplicate A duplicate of another issue
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants