Skip to content

Configuring APR Connector for SSL on Martini Server Runtime

Overview

This guide outlines how to configure the APR (Apache Portable Runtime) connector for SSL on Martini Runtime. This setup is an optional configuration that enables you to securely handle HTTPS traffic, leveraging SSL certificates and the APR connector for enhanced performance. For the default implementation of SSL on Martini, please refer to the documentation at Configuring SSL.

Generate SSL Certificate

Follow these guidelines to generate SSL certificates suitable for different scenarios:

1
2
3
- **[Public CA](ssl/public-ca.md)**: Get step-by-step instructions on configuring SSL for your Martini Server Runtime.
- **[Let's Encrypt](ssl/lets-encrypt.md)**: Get step-by-step instructions on configuring SSL for your Martini Server Runtime.
- **[Self Signed](ssl/self-signed.md)**: Get step-by-step instructions on configuring SSL for your Martini Server Runtime.

For this guide, we'll focus on using self-signed certificates pointed to localhost for testing purposes.

Install the libtcnative Library

Prerequisites

Ensure that apr and openssl are installed on your system. If not, install them using your package manager.

Installation Steps

  1. Download the tcnative library: Go to Apache Tomcat Native Downloads and download the 1.x version of the tcnative library. This version is compatible with Tomcat 9.0, which Martini Runtime uses.

  2. Unzip the downloaded file: 

    1
    tar -xzf tomcat-native-1.x.x-src.tar.gz

  3. Navigate to the native directory: 

    1
    cd tomcat-native-1.x.x-src/native

  4. Configure the build:

  5. For MacOS: 
    1
    ./configure --with-apr=$(brew --prefix apr) --with-ssl=$(brew --prefix openssl)

  6. For Linux: 

    1
    ./configure --with-apr=/usr --with-ssl=/usr

  7. Build and install the library: 

    1
2
    make
sudo make install

  8. Verify the installation: Check that the tcnative library is properly installed by running: 

    1
    ls -l /usr/local/apr/lib

Martini Configuration

Edit the <martini-home>/conf/override.properties file to include the following settings:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
# Tomcat HTTP server port
# The default Martini port is 8080. Change it to 80 so browsers will redirect to HTTPS.
server.http.port=80

# Tomcat HTTPS server port
# Enable this so browsers will use HTTPS with the assigned SSL certificate.
server.https.port=8443

# Name of the file that contains the server certificate.
server.tomcat.https.SSLCertificateFile=/path/to/your/certificate/file

# Name of the file that contains the server private key.
server.tomcat.https.SSLCertificateKeyFile=/path/to/your/certificate/key/file

server.tomcat.https.protocol=org.apache.coyote.http11.Http11AprProtocol
server.tomcat.https.sslProtocol=TLSv1+TLSv1.1+TLSv1.2

Start Martini Runtime

To ensure that Martini Runtime detects the tcnative library, start it with the following command:

  • For MacOS: 

    1
    sudo DYLD_LIBRARY_PATH=/usr/local/apr/lib ./toro-martini

  • For Linux: 

    1
    sudo LD_LIBRARY_PATH=/usr/local/apr/lib ./toro-martini

Verification

Once the server is running, check the logs to ensure there are no errors related to the SSL configuration. Finally, visit https://localhost:8443 to verify that the SSL setup is functioning correctly.