Chinaunix首页 | 论坛 | 博客
  • 博客访问: 2551661
  • 博文数量: 709
  • 博客积分: 12251
  • 博客等级: 上将
  • 技术积分: 7905
  • 用 户 组: 普通用户
  • 注册时间: 2005-07-17 00:00
个人简介

实现有价值的IT服务

文章存档

2012年(7)

2011年(147)

2009年(3)

2008年(5)

2007年(74)

2006年(431)

2005年(42)

分类: Java

2006-08-10 10:52:12

6)Session Configuration

Session Configuration

Session configuration occurs in three contexts: 

The block has a separate cookie configuration because the load-balancers need to detect and parse the session cookie on a server-wide basis to implement sticky sessions.

session-config

attribute

meaning

default

For persistent sessions, always query the database for updates

false

always-save-session

For persistent sessions, always save the session at the end of a request

false

cookie-append-server-index

Append the server's cluster index to the generated cookie (3.0.18)

false

cookie-domain

The host domain for the cookie, e.g. foo.com

none

cookie-length

The number of characters in the session cookie

18

cookie-max-age

How long a cookie should be stored in a browser

none - the browser session

cookie-modulo-cluster

Controls the cookie generation for sticky sessions and clustering

false

cookie-port

Controls the cookie's required port

none

cookie-secure

If true, the browser will only send the cookie on a secure connection

false

cookie-version

The specification number of the cookie spec

0

enable-cookies

If true, generate and use session cookie

true

enable-url-rewriting

If true, generate and use URL rewriting

true

ignore-serialization-errors

For persistent sessions, skip non-serializable attribute

false

invalidate-after-listener

If true, invalidate the session only after the session listeners are called

true

reuse-session-id

true|

 

save-only-on-shutdown

If true, persistent sessions are only saved when the server shuts down gracefully

false

session-max

The maximum number of sessions in memory at any time (LRU)

4096

session-timeout

How long an idle session should live before being timed out (in minutes)

30

use-persistent-store

If true, enable persistent storage for the session

false

The attributes belong in the <server> block

Attribute

Meaning

Default

alternate-session-url-prefix

An alternative URL prefix for sessions

none

session-cookie

The cookie to use for sessions

JSESSIONID

ssl-session-cookie

The cookie to use for sessions for an SSL port

JSESSIONID

session-url-prefix

The URL fragment to use for URL-rewriting

;jsessionid=

Retrieved from ""

 

 

Deployment

1)

Web-app-deploy

The directive configures the directory, i.e. a location where you can drop .war files and have them expanded to web-apps.

Essentially, it's an automatic directory for directives with archive-path attributes.

For example, in the default resin.conf, if you drop a foo.war in /webapps, it will expand to webapps/foo and be browseable at .

It's also possible to create a Web Application without a .war files by creating a directory in the webapps without

...

...

attribute

description

default

path

The location for both expansion directories and archives

none

archive-directory

The location for archive (.war) files

path

expand-directory

The directory where archives are expanded

path

expand-prefix

Prefix to generate the expanded directory

""

expand-suffix

Suffix to generate the expanded directory

""

url-prefix

Prefix for any URL access

none

expand-cleanup-fileset

List of files to delete on redeploy

delete entire archive

require-file

additional files which will force a reload

none

startup-mode

starting mode of deployed web-apps

automatic

redeploy-mode

mode for checking an redeploying web-apps

automatic

web-app-default

default configuration for all web-apps

none

web-app

overriding configuration for any deployed webapps

none

 

2)

Host-deploy

The directive configures a host expansion directory like the web-app's directory.

Essentially, it's an automatic directory for directives with archive-path attributes.

For example, in the default resin.conf, if you drop a foo.jar in /hosts, it will expand to hosts/foo and be browseable at .

It's also possible to create a without a .jar file by creating a directory in the hosts.

  ...

 

   

 

  ...

attribute

description

default

path

The location for both expansion directories and archives

none

archive-directory

The location for archive (.jar) files

path

expand-directory

The directory where archives are expanded

path

host-name

An EL expression for auto-generated host names

none

expand-cleanup-fileset

List of files to delete on redeploy

delete entire archive

require-file

additional files which will force a reload

none

startup-mode

starting mode of deployed hosts

"automatic"

redeploy-mode

mode for checking an redeploying hosts

"automatic"

host-default

default configuration for all hosts

none

 

3)

Startup-mode

The directive configures the initial deployment state of a <web-app> or <host>.

The default is "automatic" which is the correct choice for most applications. For sites with large numbers of web-apps or virtual hosts, the "lazy" startup-mode can save some memory.

 

 

4)

Redeploy-mode

controls how Resin restarts a <web-app> or <host> when it detects a change in the <web-app> or <host>.

 

5)

Dependency-check-interval

The directive configures how often Resin should check <web-app> or <host> dependencies for restarting. The restarting behavior is controlled by the <redeploy-mode> directive.

uses values.

During development, a of "2s" is appropriate. For deployment, a much large value like "1h" or "1d" is appropriate.

Retrieved from ""

 

 

6)

Dependency

The directive in the resin-web.xml lets Resin check additional files for automatic restart. Applications can add dependent files, e.g. for Struts or Spring or Hibernate so Resin will restart when they change.

 

7)

Archive-path

The directive assigns a .war file for a <web-app> or a .jar file for a <host>.

If the web-app is deployed using <web-app-deploy>, the .war file will be assigned automatically.

 

8)Dependency Checking

Dependency checking

 (Redirected from )

Resin restarts web-apps and when it detects a change in the <web-app> or <host>. The restart behavior is controlled by the <redeploy-mode> tag which defaults to "automatic".

Checked Resources

Resin checks the following resources to see if the web-app or host should be restarted:

Any classes in WEB-INF/classes

Any jars in WEB-INF/lib

Any additional classes or jars specified in a <> tag

Any WEB-INF/resin-web.xml

Any WEB-INF/web.xml

resin.conf

Any other configuration file read by a <resin:import>

A source .war file configured by <archive-path> or a <web-app-deploy> or <host-deploy>.

Any file added in a <dependency> tag

<dependency-check-interval>

The directive configures how often Resin should check <web-app> or <host> dependencies for restarting. The restarting behavior is controlled by the <redeploy-mode> directive.

uses values.

During development, a of "2s" is appropriate. For deployment, a much large value like "1h" or "1d" is appropriate.

Retrieved from ""

 

 

Security Configuration

1)

 

Authenticator

The directive configures Resin's built-in authentication for the Servlet login, i.e. to support and .

directives

directive

description

jndi-name

name to store the authenticator

type

Java class implementing the authenticator

init

Bean-style/Inversion of Control configuration for the authenticator

XmlAuthenticator

The XmlAuthenticator is a simple authentication scheme where an XML file or a configuration file specifies the users directly. XmlAuthenticator is useful when you have a small number of known users.

directives

directive

description

logout-on-session-timeout

If true, principals should be logged out when a session times out

true

password-digest

Password digest type of form: MD5-base64

MD5-base64

password-digest-algorithm

Sets the password digest algorithm

MD5

password-digest-realm

Sets the realm to use for the digest

resin

path

to an XML file containing the configuration

 

principal-cache-size

Size of the principal cache

4096

user

Inline user configuration in the form "name:password:roles"

 

Example

resin-web.xml

  
    com.caucho.server.security.XmlAuthenticator
    
      none
      Harry Potter:quidditch:user
    
  
  ...

JdbcAuthenticator

The JdbcAuthenticator uses a database to store user authentication.

directives

directive

description

cookie-auth-query

Sets a query for cookie-based authentication

cookie-auth-update

Sets the update SQL for cookie-based authentication

cookie-domain

Sets the domain value for cookie-based authentication

cookie-logout

If true remove cookie on logout

cookie-max-age

Sets the max-age value for cookie-based authentication

cookie-version

Sets the cookie version for cookie-based authentication

data-source

Specifies the configured <database>

required

logout-on-session-timeout

If true, principals should be logged out when a session times out

true

password-digest

Password digest type of form: MD5-base64

MD5-base64

password-digest-algorithm

Sets the password digest algorithm

MD5

password-digest-realm

Sets the realm to use for the digest

resin

password-query

Sets a custom password query

 

principal-cache-size

Size of the principal cache

4096

role-query

Specifies the query to test for a role

 

use-cookie

If true, use the resinauth cookie

 

Example

resin-web.xml

  
    
      jdbc:postgresql://localhost/test
      harry
    
  
 
  
    com.caucho.server.security.JdbcAuthenticator
    
      java:comp/env/jdbc/test
    
  
  ...


Here is how this needs to be configured for FORM authentication:

     
       
         jdbc/MyDataSource
         ...
         
            resin
            md5
            base64
         
       
     

JaasAuthenticator - using a JAAS LoginModule

Main article:

resin-web.xml

 
 
     
         com.sun.security.auth.module.Krb5LoginModule
         
              true
        
     
 
 

 

 

2)

Openssl


configures SSL for a <http> or <srun> port using the OpenSSL library. (Requires Resin Professional)

[]

directives

directive

description

default

ca-certificate-file

CA file for

 

ca-certificate-path

CA directory for

 

Certificate-file

The server's certificate

required

Certificate-chain-file

File containing the certificate chain for

 

Certificate-key-file

The server's private key file

required

cipher-suite

Specifies cryptographic algorithms allowed

 

Password

Specifies the private key password

required

Protocol

SSL3 or TLS

TLS

session-cache

If true, enables the OpenSSL session cache

true

session-cache-timeout

How long sessions should be kept in the session cache

 

unclean-shutdown

If true, closing SSL sockets will be forced instead of a clean shutdown

false

<>

Sets the options

 

verify-depth

How deep a verification chain to allow

 

cipher-suite

The tag restricts the ciphers allowed for SSL connections following the

 

  

     ...

     ...

     ...

     ALL:!aNULL:!ADH

 

 

Windows Specific Information

The most recent releases of Resin 3.0.x on Windows (.19+ for sure) are compiled against the more recent branch of OpenSSL, 0.9.8. Older releases, through .14 at least, are compiled against the specific version, 0.9.7c from gnuwin32, that's mentioned in the docs.

To set up OpenSSL in the latest releases, get the current 0.9.8 binary distribution from . Unfortunately, you can't just extract the DLL's, so you'll have to install it. The DLL's will go into your Windows system32 directory. There should be three DLL's:

·         ssleay32.dll

·         libeay32.dll

·         libssl32.dll

You can grab those once they're extracted by the installer and put them in your resin directory, or anywhere on the path (including leaving them where the installer put them). After that, your newer release of Resin should be able to start with OpenSSL.

 

 

3)

Jsse-ssl

directives

directive

description

default

alias

The JSSE key store alias

 

key-store-file

Location of the JSSE key store file

required

key-store-type

Key store type: jks or pkcs12

jks

key-manager-factory

Specifies a key-manager-factory class

 

ssl-context

Specifies a ssl-context class

 

verify-client

Specifies the

 

 

Clustering and Load Balancing

1)

Cluster

Cluster configuration documentation is at .

directive

directive

description

default

id

unique identifier of the cluster

""

cluster-ref

use the values from a directive

 

client-live-time

how long the load-balancer should keep an idle socket open

30s

client-dead-time

how long the load-balancer should treat a backend as dead

30s

client-read-timeout

timeout of load-balancer reads

30s

client-write-timeout

timeout of load-balancer writes

 

<srun>

configures an srun port

 

directive

directive

description

default

id

unique identifier of the cluster definition

""

client-live-time

how long the load-balancer should keep an idle socket open

30s

client-dead-time

how long the load-balancer should treat a backend as dead

30s

client-read-timeout

timeout of load-balancer reads

30s

client-write-timeout

timeout of load-balancer writes

 

<srun>

configures an srun port

 

example

Clustering and load balancing is configured in a directive inside the <server> block of the resin.conf.

A cluster with two machines might look like:

resin.conf

...
  
    30s
 
    
    
  
 
  ...

Load Balancing Timeouts

Load balancing has two sets of time outs, one set from the client (front-end) perspective, and one set from the server (back-end) perspective.

The client timeouts are configured directly in the directive. The server timeouts are configured in the individual <srun> directives.

client-read-timeout

How long the frontend should wait on a read before timing out

60s

client-write-timeout

How long the frontend should wait on a write before timing out

60s

client-live-time

How long the frontend should keep a socket alive before discarding it

60s

client-dead-time

How long the frontend should treat a backend as dead before retrying

15s

resin.conf

  60s
 
  

The server timeouts specify how long the backend will wait for new data from a frontend before giving up. This timeout should be longer than the client-live-time.

read-timeout

How long the backend should wait on a read before timing out

30s

write-timeout

How long the backend should wait on a write before timing out

30s

resin.conf

  ...
  
  ...

 

 

2)      Load Balancing Configuration

Load balancing

 (Redirected from )

Resin documentation is at

Load balancing spreads the load among multiple backend Resin servers in a Cluster. A frontend Resin server proxies requests to the backend servers and sends the results to the clients.

We'll use 192.168.0.10 as the frontend machine and 192.168.0.20 through 192.168.0.28 as the backend machines.

The frontend server and the backend cluster have different configurations since they perform different roles.

The Frontend Server

dispatches requests to the backend servers, generally using sticky sessions

acts as a for the backend cluster

pools the proxy sockets for efficiency

== The Backend Cluster

does the actual work: the database querying and form processing

manages persistent sessions

Frontend Configuration

The frontend needs to configure:

The external HTTP and HTTPS ports its listening to

The cluster-definition of the backend cluster

A LoadBalanceServlet to dispatch requests to the backend

frontend.conf

       xmlns:resin="">
  
    
    
      15s
      
      
    
    
    
      
        
                 servlet-class="com.caucho.servlets.LoadBalanceServlet">
          
            backend
          
        
        
      
    
  

Sharing Cluster configuration: cluster.xml and <resin:import>

Many sites will create a separate cluster.xml using resin's resin:import directive to share information between the frontend and backend:

cluster.xml

  30s
 
  
  

In the frontend.conf, you'll replace the <> content with a <resin:import>

frontend.xml

  ...
  
    
  
  ...

 

 

Cache Configuration

Cache configuration

 (Redirected from )

See for Resin's proxy caching. Documentation is at

The tag in the block enables and configures the proxy cache. If the tag is missing, then caching is disabled.

Attribute

Description

default

path

Location of the cache file

cache/cache.db

enable

True if the cache is enabled

true

enable-range

True if the cache should support HTTP Range requests

true

entries

Number of LRU entries in the cache

8192

memory-size

How much memory to allocate to memory buffers

8M

max-entry-size

Largest page size to be cached

1M

disk-size

The maximum size of the cache

2G

The sizes use the syntax for the sizes.

resin.conf

  ...
  
    
    ...
  

sets the or : headers on a cacheable page. Non-cacheable pages or pages with headers or Cache-Control: max-age are not affected.

A is a page with an or an header. Resin's FileServlet, for example, sets both headers but does not set an tag.

In other words, a JSP page or servlet that does not set any headers will not be affected by (since Resin doesn't consider it cacheable.)

uses the for its expire time.

resin-web.xml

  
  ...

 

 

阅读(2324) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~