Tomcat – SSL Setup , Heap Config , Enable GZIP Compression

Posted by

Tomcat – SSL Setup

1. Download Tomcat from https://tomcat.apache.org

2. Generate Self Signed Certificate

keytool -genkey -alias keystore -keyalg RSA -keystore keystore.jks

3. Modify conf/server.xml

<Connector protocol="org.apache.coyote.http11.Http11Protocol"
	port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true"
	keystoreFile="conf/keystore.jks" keystorePass="changeme" clientAuth="false"
	sslProtocol="TLS" compression="on" compressionMinSize="1024"
	noCompressionUserAgents="gozilla, traviata"
	compressableMimeType="text/html,text/xml,text/json,text/javascript,text/css,text/plain,
application/javascript,application/xml,application/xml+xhtml" />

clientAuth – Enable/Disable Mutual Auth
sslProtocol – sslv3,TLSV1,TLSV2

4. Access https://localhost:8443/

Tomcat – Heap Config

It is recommended to create a file named setenv.bat (Windows) or setenv.sh (Linux) and place it in the Tomcat bin directory. With this file (which is run by the catalina.bat and catalina.sh scripts), we can change the following Tomcat environment settings.

export CATALINA_OPTS="$CATALINA_OPTS -Xms%XmsSize%"
export CATALINA_OPTS="$CATALINA_OPTS -Xmx%XmxSize%"
export CATALINA_OPTS="$CATALINA_OPTS -XX:MaxPermSize=%PermSize%"

OR

JAVA_OPTS="-Xms128m -Xmx1024m"
set "JAVA_OPTS=%JAVA_OPTS% -Xms128m -Xmx1024m -XX:MaxPermSize=256m -server"

Tomcat – Enable GZIP Compression

If gzip is enabled in app/web servers, the response (scripts) are first compressed and then send to client. Hence this increase performance by many folds during first page load.

<Connector protocol="org.apache.coyote.http11.Http11Protocol"
	port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true"
	keystoreFile="conf/keystore.jks" keystorePass="changeme" clientAuth="false"
	sslProtocol="TLS" compression="on" compressionMinSize="1024"
	noCompressionUserAgents="gozilla, traviata"
	compressableMimeType="text/html,text/xml,text/json,text/javascript,text/css,text/plain,
application/javascript,application/xml,application/xml+xhtml" />

Leave a Reply

Your email address will not be published.