(cache) Tomcat 9 を HTTP/2 サーバーにする

Tomcat 9 の server.xml を見ていたら次のような記述がありました。HTTP/2 をサポートしているようです。

    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
         This connector uses the APR/native implementation. When using the
         APR/native implementation or the OpenSSL engine with NIO or NIO2 then
         the OpenSSL configuration attributes must be used.
    -->
    <!--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig honorCipherOrder="false" >
            <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
                         certificateFile="conf/localhost-rsa-cert.pem"
                         certificateChainFile="conf/localhost-rsa-chain.pem"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>
    -->

<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2

This connector uses the APR/native implementation. When using the

APR/native implementation or the OpenSSL engine with NIO or NIO2 then

the OpenSSL configuration attributes must be used.

-->

<!--

<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"

maxThreads="150" SSLEnabled="true" >

<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"

certificateFile="conf/localhost-rsa-cert.pem"

certificateChainFile="conf/localhost-rsa-chain.pem"

type="RSA" />

</SSLHostConfig>

</Connector>

-->

すぐに使う予定はないけれども動作確認してみたのでメモ。

環境は CentOS 7

Let’s Encrypt で証明書を用意してこの設定をアンコメントしてみました。が、これだけでは起動してくれませんでした。

17-Feb-2016 23:51:15.022 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-8443]]
 org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
	at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
	at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:855)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:497)
	at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
Caused by: org.apache.catalina.LifecycleException: The configured protocol [org.apache.coyote.http11.Http11AprProtocol] requires the APR/native library which is not available
	at org.apache.catalina.connector.Connector.initInternal(Connector.java:997)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
	... 12 more

17-Feb-2016 23:51:15.022 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-8443]]

org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]

at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)

at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)

at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)

at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:855)

at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)

at org.apache.catalina.startup.Catalina.load(Catalina.java:606)

at org.apache.catalina.startup.Catalina.load(Catalina.java:629)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:497)

at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)

at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)

Caused by: org.apache.catalina.LifecycleException: The configured protocol [org.apache.coyote.http11.Http11AprProtocol] requires the APR/native library which is not available

at org.apache.catalina.connector.Connector.initInternal(Connector.java:997)

at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)

... 12 more

The configured protocol [org.apache.coyote.http11.Http11AprProtocol] requires the APR/native library which is not available

1	The configured protocol [org.apache.coyote.http11.Http11AprProtocol] requires the APR/native library which is not available

ということで Tomcat Native Library とやらが必要なようです。

sudo yum install apr-devel
tar xvf tomcat-native-1.2.4-src.tar.gz
cd tomcat-native-1.2.4-src/native
./configure --prefix=/usr --libdir=/usr/lib64 --with-java-home=/usr/java/latest --with-ssl
make
sudo make install

sudo yum install apr-devel

tar xvf tomcat-native-1.2.4-src.tar.gz

cd tomcat-native-1.2.4-src/native

./configure --prefix=/usr --libdir=/usr/lib64 --with-java-home=/usr/java/latest --with-ssl

make

sudo make install

これで libtcnative がインストールされました

$ ls /usr/lib64/libtcnative-1.*
/usr/lib64/libtcnative-1.a   /usr/lib64/libtcnative-1.so    /usr/lib64/libtcnative-1.so.0.2.4
/usr/lib64/libtcnative-1.la  /usr/lib64/libtcnative-1.so.0

$ ls /usr/lib64/libtcnative-1.*

/usr/lib64/libtcnative-1.a /usr/lib64/libtcnative-1.so /usr/lib64/libtcnative-1.so.0.2.4

/usr/lib64/libtcnative-1.la /usr/lib64/libtcnative-1.so.0

が、うまく行かない。

18-Feb-2016 00:11:57.657 SEVERE [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to initialize the SSLEngine.
 org.apache.tomcat.jni.Error: 70023: This function has not been implemented on this platform
	at org.apache.tomcat.jni.SSL.initialize(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:497)
	at org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:283)
	at org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:135)
	at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:94)
	at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:401)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:104)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:497)
	at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)

18-Feb-2016 00:11:57.657 SEVERE [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to initialize the SSLEngine.

org.apache.tomcat.jni.Error: 70023: This function has not been implemented on this platform

at org.apache.tomcat.jni.SSL.initialize(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:497)

at org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:283)

at org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:135)

at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:94)

at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:401)

at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:104)

at org.apache.catalina.startup.Catalina.load(Catalina.java:606)

at org.apache.catalina.startup.Catalina.load(Catalina.java:629)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:497)

at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)

at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)

18-Feb-2016 00:11:58.253 WARNING [main] org.apache.tomcat.util.net.openssl.OpenSSLEngine.<clinit> Failed getting cipher list
 java.lang.Exception: Not implemented
	at org.apache.tomcat.jni.SSL.newSSL(Native Method)
	at org.apache.tomcat.util.net.openssl.OpenSSLEngine.<clinit>(OpenSSLEngine.java:81)
	at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:365)
	at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:790)
	at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:547)
	at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:66)
	at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
	at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
	at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:855)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:497)
	at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)

18-Feb-2016 00:11:58.361 WARNING [main] org.apache.tomcat.util.net.AprEndpoint.bind Secure re-negotiation is not supported by the SSL library null
18-Feb-2016 00:11:58.380 WARNING [main] org.apache.tomcat.util.net.AprEndpoint.bind Honor cipher order option is not supported by the SSL library null
18-Feb-2016 00:11:58.386 WARNING [main] org.apache.tomcat.util.net.AprEndpoint.bind Disable compression option is not supported by the SSL library null
18-Feb-2016 00:11:58.386 WARNING [main] org.apache.tomcat.util.net.AprEndpoint.bind Disable TLS Session Tickets option is not supported by the SSL library null

18-Feb-2016 00:11:58.253 WARNING [main] org.apache.tomcat.util.net.openssl.OpenSSLEngine.<clinit> Failed getting cipher list

java.lang.Exception: Not implemented

at org.apache.tomcat.jni.SSL.newSSL(Native Method)

at org.apache.tomcat.util.net.openssl.OpenSSLEngine.<clinit>(OpenSSLEngine.java:81)

at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:365)

at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:790)

at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:547)

at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:66)

at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)