Huxing, On 11/16/15 3:14 AM, Huxing Zhang wrote: > Following is a step by step guide for those who are interested in trying out > the HTTP/2 feature in tomcat9, > Please correct me if anything is wrong. > > Prerequisite: > * JDK8: suppose you've already installed > * tomcat 9.0.0.M1: > Please download from > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.0.M1/ > (a release candidate which is calling for votes.) > * openssl 1.0.2d: > For Unix: > 1) build from source code: > wget https://www.openssl.org/source/openssl-1.0.2d.tar.gz > tar -xf openssl-1.0.2d.tar.gz > cd openssl-1.0.2d > ./config -fPIC --prefix=/path/to/openssl/ > make > (sudo) make install > > For Mac OSX > 1) build from source code: > wget https://www.openssl.org/source/openssl-1.0.2d.tar.gz > tar -xf openssl-1.0.2d.tar.gz > cd openssl-1.0.2d > ./Configure darwin64-x86_64-cc --prefix=/path/to/openssl shared > make > (sudo) make install > 2) obtain from brew (recommended, but not tried yet)
+1 for brew, though it wants to install a bunch of things that might surprise you (I originally used to install gpg, I think). It *does* allow you to install any number of OpenSSL versions side-by-side, though. If you use brew to install multiple OpenSSLs, you'll want to specify which one you are using when building tcnative. You'll want to point --with-ssl at /usr/local/Cellar/openssl/[version] Current version of OpenSSL available through Brew is 1.0.2d. > * apr 1.4.0+ (latest version is 1.5.2) > build apr 1.5.2 from scratch if not installed: > download source code from https://apr.apache.org/download.cgi > tar -xf apr-1.5.2.tar.gz > cd apr-1.5.2 > ./configure > make > (sudo) make install > * tomcat native 1.2.2 (require apr 1.4.0+) > For Windows: > please download the binary release from > http://tomcat.apache.org/download-native.cgi > or build from source code(not tried yet) > > For Unix/Mac OSX > download the source code from: http://tomcat.apache.org/download-native.cgi > tar -xf tomcat-native-1.2.2-src.tar.gz > cd tomcat-native-1.2.2-src/native > ./configure --with-apr=/path/to/apr --with-ssl=/path/to/openssl > make > (sudo) make install > > * Genearte self-signed certificate: > /path/to/openssl req -x509 -newkey rsa:2048 -keyout /var/tmp/private-key.pem > -out /var/tmp/cert.pem -days 365 > (with passphrase: tomcat) > > Tomcat side configurations(APR connector) > 1. configure setenv.sh > CATALINA_OPTS="$CATALINA_OPTS -Djava.library.path=/path/to/your/tcnative/lib" > 2. configure server.xml > <Connector port="8443" > protocol="org.apache.coyote.http11.Http11Nio2Protocol" > maxThreads="150" SSLEnabled="true"> > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> > <SSLHostConfig honorCipherOrder="false" > > <Certificate certificateKeyFile="/var/tmp/private-key.pem" > certificateFile="/var/tmp/cert.pem" > certificateKeyPassword="tomcat" > type="RSA" /> > </SSLHostConfig> > </Connector> > 3. start tomcat > 4. visit https://localhost:8443/examples/servlets/serverpush/simpleimage > You should see the image if everything is all right. > > Tomcat side configurations(NIO/NIO2 connector, take NIO2 as an example) > 1. configure server.xml > <Connector port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol" > > sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation" > maxThreads="150" SSLEnabled="true"> > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> > <SSLHostConfig honorCipherOrder="false" > > <Certificate certificateKeyFile="/var/tmp/private-key.pem" > certificateFile="/var/tmp/cert.pem" > certificateKeyPassword="tomcat" > type="RSA" /> > </SSLHostConfig> > </Connector> > 2. start tomcat > 3. visit https://localhost:8443/examples/servlets/serverpush/simpleimage > You should see the image if everything is all right. > > NOTES: > * HTTP/2 is not supported for non-secured protocol currently. I'm no expert, but I thought that h2c was supported. > * HTTP/2 is not supported for JSSE implementation currently. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
