Spring Boot with Embedded Tomcat + APR/OpenSSL sample
This sample project shows how to build a Spring Boot 2.0 app using Embedded Tomcat leveraging both Tomcat's AprConnector, as well as Tomcat Native for handling SSL.
Why??
If you've ever perf tested JSSE's SSL handling, you'd know that it's SLOW! In order to
take advantage of native libraries, such as OpenSSL, the
Tomcat native library was built, along with
the org.apache.coyote.http11.Http11AprProtocol which comes built into Tomcat and
operates in conjunction with native bindings provided by tcnative.
Building
-
Build the included source
$ ./mvnw install
-
Build the docker image
$ docker build -t apr-sample . -
Run it!
$ docker run -itP --rm apr-sample
Running things locally (OSX)
-
Install OpenSSL 1.0.2+
$ brew install openssl
-
Install APR
$ brew install apr
-
Download the latest Tomcat release
-
Extract tomcat somewhere and cd into the
binfolder -
Extract the file
tomcat-native.tar.gz -
cd into
tomcat-native-<version>-src/native -
Configure using the aforementioned OpenSSL
$ ./configure --with-ssl=/usr/local/Cellar/openssl/1.0.2o
-
Copy your built libs to a well known location
$ cp ./.libs/* /usr/lib/tcnative -
Set the Java lib path appropriately
$ java ... -Djava.library.path=/usr/lib/tcnative ...
Creating certificates
-
Create a self-signed cert using OpenSSL
$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj '/CN=localhost' -
Import your key/cert into a Java Keystore
# First, create a PKCS12 file which contains both your pkey, along with your cert $ openssl pkcs12 -export -out keyStore.p12 -inkey key.pem -in cert.pem # Next, import your pkey/cert into a JKS file $ keytool -importkeystore -deststorepass password -destkeypass password -destkeystore keystore.jks -srckeystore keyStore.p12 -srcstoretype PKCS12 -srcstorepass password -alias 1