Foreman » Installer

The APR connector for Tomcat implement the Apache Portable Runtime interface. Unlike other Tomcat interfaces, this one follows the Apache interface as well as using native bindings to libraries such as OpenSSL. Per the docs [1], the use of APR can increase performance in production especially in cases where lots of requests are being handled that involve SSL handshakes. Since APR uses the Apache interface, specification of SSL options to the server declaration are similar to those found in Apache webserver. That is, a java keystore is no longer needed as certificates can be delcared and used directly. The switch would require:

• candlepn RPM to drop requires on tomcatjss to allow installing tomcat-native
• update to Tomcat's server.xml to reflect new configuration for SSL
• updates to Cipher and SSL version declarations
• updates to puppet-certs to deploy / use regular certificates for Tomcat

[1] https://tomcat.apache.org/tomcat-7.0-doc/apr.html