Skip to content

Configuring APR Connector for SSL on Martini Server Runtime

Overview

This guide outlines how to configure the APR (Apache Portable Runtime) connector for SSL on Martini Runtime. This setup is an optional configuration that enables you to securely handle HTTPS traffic, leveraging SSL certificates and the APR connector for enhanced performance. For the default implementation of SSL on Martini, please refer to the documentation at Configuring SSL.

Note

The Tomcat Native Library, along with the Apache Portable Runtime (APR), currently does not compile on Apple Silicon (ARM architecture). This means that users with devices powered by M1, M1 Pro, M1 Max, M2, or newer ARM-based processors may face challenges when trying to build both the Tomcat Native components and the APR. Consequently, features that rely on these libraries, such as enhanced performance and SSL support, will not be accessible on these systems.

Generate SSL Certificate

Follow these guidelines to generate SSL certificates suitable for different scenarios:

  • Public CA: Get step-by-step instructions on configuring SSL for your Martini Server Runtime.
  • Let's Encrypt: Get step-by-step instructions on configuring SSL for your Martini Server Runtime.
  • Self Signed: Get step-by-step instructions on configuring SSL for your Martini Server Runtime.

For this guide, we'll focus on using self-signed certificates pointed to localhost for demonstation purposes.

Install the libtcnative Library

Prerequisites

Ensure that apr and openssl are installed on your system. If not, install them using your package manager.

Installation Steps

  1. Download the tcnative library: Go to Apache Tomcat Native Downloads and download the 1.x version of the tcnative library. This version is compatible with Tomcat 9.0, which Martini Runtime uses.

  2. Unzip the downloaded file:

1
tar -xzf tomcat-native-1.x.x-src.tar.gz
  1. Navigate to the native directory:
1
cd tomcat-native-1.x.x-src/native
  1. Configure the build:

  2. For MacOS (Using homebrew):

    1
    ./configure --with-apr=$(brew --prefix apr) --with-ssl=$(brew --prefix openssl)

  3. For Linux:

    1
    ./configure --with-apr=/usr --with-ssl=/usr

  4. Build and install the library:

1
make

1
sudo make install
  1. Verify the installation: Check that the tcnative library is properly installed by running:
1
ls -l /usr/local/apr/lib

Martini Configuration

Edit the <martini-home>/conf/override.properties file to include the following settings:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
# Tomcat HTTP server port
# The default Martini port is 8080. Change it to 80 so browsers will redirect to HTTPS.
server.tomcat.http.port=80

# Tomcat HTTPS server port
# Enable this so browsers will use HTTPS with the assigned SSL certificate.
server.tomcat.https.port=8443

# Name of the file that contains the server certificate.
server.tomcat.https.SSLCertificateFile=/path/to/your/certificate/file

# Name of the file that contains the server private key.
server.tomcat.https.SSLCertificateKeyFile=/path/to/your/certificate/key/file

# This setting specifies the use of the APR (Apache Portable Runtime) protocol for handling HTTP connections.
server.tomcat.https.protocol=org.apache.coyote.http11.Http11AprProtocol

# This setting defines the SSL/TLS protocols that are allowed for secure connections.
server.tomcat.https.sslProtocol=TLSv1+TLSv1.1+TLSv1.2

Start Martini Runtime

To ensure that Martini Runtime detects the tcnative library, start it with the following command:

  • For MacOS:
1
sudo DYLD_LIBRARY_PATH=/usr/local/apr/lib ./toro-martini
  • For Linux:
1
sudo LD_LIBRARY_PATH=/usr/local/apr/lib ./toro-martini

Verification

Once the server is running, check the logs to ensure there are no errors related to the SSL configuration. Finally, visit https://localhost:8443 to verify that the SSL setup is functioning correctly.