Configuring APR Connector for SSL on Martini Server Runtime
Overview
This guide outlines how to configure the APR (Apache Portable Runtime) connector for SSL on Martini Runtime. This setup is an optional configuration that enables you to securely handle HTTPS traffic, leveraging SSL certificates and the APR connector for enhanced performance. For the default implementation of SSL on Martini, please refer to the documentation at Configuring SSL.
Generate SSL Certificate
Follow these guidelines to generate SSL certificates suitable for different scenarios:
1 2 3 |
|
For this guide, we'll focus on using self-signed certificates pointed to localhost
for testing purposes.
Install the libtcnative Library
Prerequisites
Ensure that apr
and openssl
are installed on your system. If not, install them using your package manager.
Installation Steps
-
Download the tcnative library: Go to Apache Tomcat Native Downloads and download the 1.x version of the tcnative library. This version is compatible with Tomcat 9.0, which Martini Runtime uses.
-
Unzip the downloaded file:
1
tar -xzf tomcat-native-1.x.x-src.tar.gz
-
Navigate to the native directory:
1
cd tomcat-native-1.x.x-src/native
-
Configure the build:
- For MacOS:
1
./configure --with-apr=$(brew --prefix apr) --with-ssl=$(brew --prefix openssl)
-
For Linux:
1
./configure --with-apr=/usr --with-ssl=/usr
-
Build and install the library:
1 2
make sudo make install
-
Verify the installation: Check that the tcnative library is properly installed by running:
1
ls -l /usr/local/apr/lib
Martini Configuration
Edit the <martini-home>/conf/override.properties
file to include the following settings:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
|
Start Martini Runtime
To ensure that Martini Runtime detects the tcnative library, start it with the following command:
-
For MacOS:
1
sudo DYLD_LIBRARY_PATH=/usr/local/apr/lib ./toro-martini
-
For Linux:
1
sudo LD_LIBRARY_PATH=/usr/local/apr/lib ./toro-martini
Verification
Once the server is running, check the logs to ensure there are no errors related to the SSL configuration. Finally, visit https://localhost:8443 to verify that the SSL setup is functioning correctly.