Caucho maker of Resin Server | Application Server (Java EE Certified) and Web Server


home
 

Resin Documentation

home company docs 
app server 		 Resin Server | Application Server (Java EE Certified) and Web Server
 

resin.xml: ports, virtual hosts, clustering and threads

Describes the resin, server, host, and port configuration in the resin.xml.

  1. See Also
  2. <cluster>
  3. <min-free-memory>
  4. <resin>
  5. root-directory
  6. security-manager
  7. security-provider
  8. server
    1. EL variables and functions
  9. shutdown-wait-max
  10. <thread-pool>
  11. user-name
  12. Common Tags
    1. fileset
  13. Startup and Redeploy Mode
  14. See Also
  15. <accept-listen-backlog>
  16. <accept-thread-max>
  17. <accept-thread-min>
  18. <address>
  19. <cluster-port>
  20. <group-name>
  21. <http>
  22. <jvm-arg>
  23. <jvm-classpath>
  24. <keepalive-max>
  25. <keepalive-select-enable>
  26. <keepalive-select-thread-timeout>
  27. <keepalive-timeout>
  28. <load-balance-connect-timeout>
  29. <load-balance-recover-time>
  30. <load-balance-idle-time>
  31. <load-balance-warmup-time>
  32. <load-balance-weight>
  33. <memory-free-min>
  34. <port>
  35. <port-default>
  36. <protocol>
  37. <server>
    1. EL variables and functions
  38. <server-default>
  39. <shutdown-wait-max>
  40. <socket-timeout>
  41. <thread-idle-max>
  42. <thread-idle-min>
  43. <thread-max>
  44. <user-name>
  45. <watchdog-arg>
  46. <watchdog-port>
  47. <cookie-domain>
  48. <cookie-domain-regexp>
  49. <cookie-length>
  50. <cookie-max-age>
  51. <cookie-version>
  52. <ignore-serialization-errors>
  53. <session-config>
  54. <session-max>
  55. <save-mode>
  56. <session-timeout>
  57. Maven Deploy Client
  58. Ant Deploy Client
  59. See Also
  60. <accept-listen-backlog>
  61. <accept-thread-max>
  62. <accept-thread-min>
  63. <address>
  64. <ca-certificate-file> (OpenSSL)
  65. <ca-certificate-path> (OpenSSL)
  66. <ca-revocation-file> (OpenSSL)
  67. <ca-revocation-path> (OpenSSL)
  68. <certificate-file> (OpenSSL)
  69. <certificate-chain-file> (OpenSSL)
  70. <certificate-key-file> (OpenSSL)
  71. <cipher-suite> (OpenSSL)
  72. <cipher-suite-forbidden> (JSSE)
  73. <cluster-port>
  74. <connection-max>
  75. <http>
  76. <jsse-ssl>
  77. <keepalive-max>
  78. <openssl>
  79. <password> (OpenSSL)
  80. <port>
  81. <protocol>
  82. <protocol> (OpenSSL)
  83. <session-cache> (OpenSSL)
  84. <session-cache-timeout> (OpenSSL)
  85. <socket-timeout>
  86. <tcp-no-delay>
  87. <unclean-shutdown> (OpenSSL)
  88. <verify-client> (OpenSSL)
  89. <verify-depth> (OpenSSL)

See Also

  • See the index for a list of all the tags.
  • See Web Application configuration for web.xml (Servlet) configuration.
  • See Environment configuration for resources: classloader, databases, connectors, and resources.
  • See Log configuration for access log configuration, java.util.logging, and stdout/stderr logging.

<cluster>

child of <resin>

<cluster> configures a set of servers used for load-balancing and for sharing distributed sessions.

<resin xmlns="http://caucho.com/ns/resin">
  <cluster id="app-tier">
    <server id="a" address="192.168.0.1"/>
    <server id="b" address="192.168.0.2"/>

    <host id="">
      <web-app-deploy path="webapps"
           expand-preserve-fileset="WEB-INF/work/**"/>
    </host>
  </cluster>
</resin>
<cluster> Attributes
ATTRIBUTEDESCRIPTIONDEFAULT
idName of the clusterrequired

<min-free-memory>

child of <resin>

For reliability, Resin periodically checks the amount of free memory available. When the free memory drops below <min-free-memory>, even after garbage collection, Resin will force a JVM restart.

In general, application developers should use a heap profiler to eliminate memory leaks and OutOfMemoryErrors. Because an OutOfMemoryError can cause severe problems with the application, Resin detects the low memory before those errors can be thrown.

default 1M

<resin>

<resin> is the top-level configuration tag for the resin.xml file. The <resin> tag needs to specify the Resin namespace, to allow for validation of the configuration file.

The environment of the top-level <resin> is the global classpath. This environment can be important for <log> configuration for threads which run with using only the global class loader. Because the <resin> environment does not have a dynamic class loader, dynamically loaded classes, like custom jars in resin/lib are not available.

resin
<resin xmlns="http://caucho.com/ns/resin">
  <cluster id="web-tier">
    <server id="">
      <http address="*" port="8080"/>
    </server id="">

    <resin:import path="app-default.xml"/>

    <host id=""/>
      <web-app id="/"/>
    </host>
  </cluster>
</resin>
EL variables defined by <resin>
VARIABLECORRESPONDING API
resin-homeCauchoSystem.getResinHome()
server-rootCauchoSystem.getServerRoot()

root-directory

child of <server>,<host>

Specifies the root directory for the <server> and <host> contexts. All EL-style directory paths are relative to the root-directory.

security-manager

Enable the use of the security manager for the JVM. 

<resin xmlns="http://caucho.com/ns/resin"
       xmlns:resin="http://caucho.com/ns/resin/core">

  ...
  <security-manager/>
  ...

See also:

security-provider

Add one or more security providers. Each entry specifies the name of a security provider class. The name is used to instantiate an instance of the object, which is then passed to java.security.Security#addProvider(). 

<resin xmlns="http://caucho.com/ns/resin"
       xmlns:resin="http://caucho.com/ns/resin/core">

  ...

  <security-provider>
    com.sun.net.ssl.internal.ssl.Provider
  </security-provider>
  <security-provider>
    example.MyProvider
  </security-provider>

  ...

server

child of <resin>

Main configuration for the server, configuring ports, threads and virtual hosts.

  • Common resources for all virtual hosts and web-apps.
  • Thread pooling
  • HTTP and Server/Cluster ports
  • Caching
  • virtual host configuration and common web-app-default

The <server> will generally contain a <class-loader> configuration which loads the resin/lib jars dynamically, allowing for system-wide jars to be dropped into resin/lib. <server> configures the main dynamic environment. Database pools common to all virtual hosts, for example, should be configured in the <server> block.

The <server> configures the <thread-pool> and a set of <http> and <server> ports which share the thread pool. Requests received on those ports will use worker threads from the thread pool.

server Attributes
ATTRIBUTEDESCRIPTIONDEFAULT
alternate-session-url-prefixa prefix to add the session to the beginning of the URL as a path prefix instead of the standard ;jsessionid= suffix. For clients like mobile devices with limited memory, this will allow careful web designers to minimize the page size.null
keepalive-maxthe maximum number of keepalive connections
keepalive-timeoutthe maximum time a connection is maintained in the keepalive state120s
alternate-session-url-prefix
<server>
  ...
  <alternate-session-url-prefix>/~J=</alternate-session-url-prefix>
  ...

EL variables and functions

EL variables defined by <server>
VARIABLECORRESPONDING API
serverIdserver.getServerId()
root-dirserver.getRootDirectory()
server-rootserver.getRootDirectory()
EL functions defined by <server>
FUNCTIONCORRESPONDING API
jndiJndi.lookup(String)

shutdown-wait-max

child of <resin>

Configures the maximum time Resin will wait for the server to shutdown gracefully before forcing an exit.

default 60s

<thread-pool>

child of <server>

<thread-pool> configures the thread pool shared among all ports.

<thread-pool> Attributes
ATTRIBUTEDESCRIPTIONDEFAULT
thread-maxmaximum number of working threads200
spare-thread-minminimum number of spare working threads5

<thread-max> is the absolute maximum number of connection worker threads allowed. <thread-max> may be limited by OS/JVM restrictions, especially the stack size. -Xss and/or ulimit -s may be required for large numbers of threads, e.g. "ulimit -s 2048" on some versions of Linux would allow for 1024 total threads in the JVM.

<spare-thread-min> configures Resin's adaptive thread pooling. Resin tries to keep <spare-thead-min> idle threads available at all time. Sites with large spikes in connection loads may need to increase the <spare-thread-min> value.

user-name

child of <resin>

Note: at present, this directive is deprecated because of timing issues with log file creation and ownership. It is recommended that you use some other method to remap port 80 to port 8080.

Configures the Unix setuid user name used after Resin binds the reserved ports as root.

Common Tags

There are some conventions for tag names that provide similar functionality.

fileset

<fileset> provides the ability to match a set of files. It is modelled after the ant tag by the same name.

ATTRIBUTEDESCRIPTIONDEFAULT
dirthe starting directoryrequired
includean include patterndo not include all files
excludean exclude patterndo not exclude any files

A pattern can contain two special characters: '*' and '**'. '*' matches any part of path, but does not match the path separator. '**' matches any part of a path, including the path separator. 

<fileset dir="lib">
  <include name="*.jar"/>
</fileset>

MATCH    lib/foo.jar
MATCH    lib/bar.jar
NO MATCH lib/baz/foo.jar

<fileset dir="lib">
  <include name="**/*.jar"/>
</fileset>

MATCH    lib/foo.jar
MATCH    lib/bar.jar
MATCH    lib/baz/foo.jar

Startup and Redeploy Mode

The <startup-mode> is used in a number of places to determine the behaviour of a resource when the server starts.

The startup-mode has three values: "automatic", "lazy", and "manual".

  • automatic - starts the resource on server start (default)
  • lazy - starts the resource on the first use
  • manual - waits for JMX to start the resource

The <redeploy-mode> is used in a number of places to determine the behaviour of a resource when it is replaced or modified while the server is running.

The redeploy-mode has two values: "automatic", and "manual".

  • automatic - restarts the resource when it is modified (web.xml, *.class, *.war, etc).
  • manual - waits for JMX to restart the resource when changes occur.

See Also

  • See the index for a list of all the tags.
  • See <cluster> tag configuration

<accept-listen-backlog>

child of <http>,<connection-port>,<protocol>

<accept-listen-backlog> configures operating system TCP listen queue size for the port.

When a browser connects to a server, the server's operating system handles the TCP initialization before handing the socket to the server's application. The operating system will hold the opened connections in a small queue, until the application is ready to receive them. When the queue fills up, the operating system will start refusing new connections.

default 100

<accept-thread-max>

child of <http>,<connection-port>,<protocol>

<accept-thread-max> configures the maximum number of threads listening for new connections on this port. <accept-thread-max> works with <accept-thread-min> to handle spiky loads without creating and destroying too many threads.

Socket connections are associated with a thread which handles the request. In Resin, a number of threads wait to accept a new connection and then handle the request. <accept-thread-max> specifies the maximum number of threads which are waiting for a new connection.

Larger values handle spiky loads better but require more threads to wait for the connections. Smaller values use less threads, but may be slower handling spikes.

default 10

<accept-thread-min>

child of <http>,<connection-port>,<protocol>

<accept-thread-min> configures the minimum number of threads listening for new connections on this port <accept-thread-min> works with <accept-thread-max> to handle spiky loads without creating and destroying too many threads.

Socket connections are associated with a thread which handles the request. In Resin, a number of threads wait to accept a new connection and then handle the request. <accept-thread-min> specifies the minimum number of threads which are waiting for a new connection. If many connections appear rapidly with a small value of <accept-thread-min>, the application may pause until a new thread is available for the new connection.

Larger values handle spiky loads better but require more threads to wait for the connections. Smaller values use less threads, but may be slower handling spikes.

<address>

child of <server>

The server <address> defines the IP interface for Resin cluster communication and load balancing. It will be an internal IP address like 192.168.* for a clustered configuration or 127.* for a single-server configuration. No wild cards are allowed because the other cluster servers and load balancer use the address to connect to the server.

default 127.0.0.1
server address
<resin xmlns="http://caucho.com/ns/resin">
  <cluster id="web-tier">
    <server-default>
      <http port="80"/>
    </server-default>

    <server id="web-a" address="192.168.1.1" port="6800"/>
    <server id="web-b" address="192.168.1.2" port="6800"/>

    ...
  </cluster>

  <cluster id="app-tier">
    <server id="app-a" address="192.168.2.11" port="6800"/>
    <server id="app-b" address="192.168.2.12" port="6800"/>

    ...
  </cluster>
</resin>

<cluster-port>

child of <server>

<cluster-port> configures the cluster and load balancing socket, for load balancing, distributed sessions, and distributed management.

When configuring Resin in a load-balanced cluster, each Resin instance will have its own <server> configuration, which Resin uses for distributed session management and for the load balancing itself.

When configuring multiple JVMs, each <server> has a unique <server-id> which allows the -server command-line to select which ports the server should listen to.

<cluster-port> Attributes
ATTRIBUTEDESCRIPTIONDEFAULT
addresshostname of the interface to listen to*
jsse-sslconfigures the port to use JSSE for SSLnone
opensslconfigures the port to use OpenSSLnone
portport to listen torequired
read-timeouttimeout waiting to read from idle client65s
write-timeouttimeout waiting to write to idle client65s
accept-listen-backlogThe socket factory's listen backlog for receiving sockets100
tcp-no-delaysets the NO_DELAY socket parametertrue

<group-name>

child of <server>

<group-name> configures the operating system group Resin should run as. Since the HTTP port 80 is protected in Unix, the web server needs to start as root to bind to port 80. For security, Resin should switch to a non-root user after binding to port 80.

resin.xml with user-name
<resin xmlns="http://caucho.com/ns/resin">
  <cluster id="app-tier">

    <server-default>
      <http port="80"/>

      <user-name>resin</user-name>
      <group-name>www</group-name>
    </server-default>

    <server id="web-a"/>
    ...
  </cluster>
</resin>

<http>

child of <server>

<http> configures a HTTP or HTTPS port listening for HTTP requests.

When configuring multiple JVMs, each <http> will have a unique <server-id> which allows the -server command-line to select which ports the server should listen to.

<http> Attributes
ATTRIBUTEDESCRIPTIONDEFAULT
addressIP address of the interface to listen to*
portport to listen torequired
tcp-no-delaysets the NO_DELAY socket parametertrue
read-timeouttimeout waiting to read from idle client65s
write-timeouttimeout waiting to write to idle client65s
socket-listen-backlogThe socket factory's listen backlog for receiving sockets100
virtual-hostforces all requests to this <http> to use the named virtual hostnone
opensslconfigures the port to use OpenSSLnone
jsse-sslconfigures the port to use JSSE for SSLnone

The virtual-host attribute overrides the browser's Host directive, specifying the explicit host and port for request.getServerName() and getServerPort(). It is not used in most virtual host configurations. Only IP-based virtual hosts which wish to ignore the browser's Host will use @virtual-host.

<jvm-arg>

child of <server>

<jvm-arg> configures JVM arguments to be passed to Resin on the command line, typically -X memory parameters and -D defines.

standard jvm-args
<resin xmlns="http://caucho.com/ns/resin">
  <cluster id="web-tier">
    <server-default>
      <jvm-arg>-Xmx512m</jvm-arg>
      <jvm-arg>-Xss1m</jvm-arg>
      <jvm-arg>-verbosegc</jvm-arg>
    </server-default>

    <server id="app-a" address="192.168.2.10"/>

    ...
  </cluster>
</resin>

<jvm-classpath>

child of <server>

<jvm-classpath> adds a classpath entry when starting the JVM. This classpath has priority over Resin's classpath (allowing you to use JPA 2.1+ instead of Reisn's JPA 2.0, for example). To check the server's classpath order, start Resin with the --verbose flag or use jconsole.

adding a classpath
<resin xmlns="http://caucho.com/ns/resin">
  <cluster id="web-tier">
    <server-default>
      <jvm-classpath>/tmp/jpa-2.1-api.jar</jvm-classpath>
      <jvm-classpath>/tmp/jpa-2.1-impl.jar</jvm-classpath>
    </server-default>

    <server id="app-a" address="192.168.2.10"/>

    ...
  </cluster>
</resin>

<keepalive-max>

child of <server>

<keepalive-max> configures the maximum number of sockets which can be used directly for keepalive connections. In Resin Professional, the select manager allows for a much larger number of keepalive sockets, since it can detach threads from connections. Without the select manager, each connection is associated with a thread.

A value of -1 disables keepalives.

Keepalives are an important TCP technique used with HTTP and Resin's load-balancing to avoid the heavy network cost of creating a new socket. Since an initial HTTP request is usually immediately followed by extra requests to load files like images and stylesheets, it's generally more efficient to keep the socket open for a short time instead of creating a new one. The socket keepalive is even more important for Resin's load balancing, to avoid creating extra sockets between the web-tier and the app-tier and to make distributed sessions more efficient.

Higher values of <keepalive-max> improve network efficiency but increase the number of threads waiting for new client data.

default 100
keepalive-thread-max in resin.xml
<resin xmlns="http://caucho.com/ns/resin">
  <cluster id="web-tier">
    <server-default>
      <http port="80"/>

      <thread-max>512</thread-max>

      <keepalive-max>100</keepalive-max>
    </server-default>

    <server id="web-a" address="192.168.0.10"/>
        ...
  </cluster>
</resin>

<keepalive-select-enable>

child of <server>

<keepalive-select-enable> enables the select manager for keepalives. The select manager is a Resin Professional feature allowing more keepalives by detaching threads from sockets.

Normally, this should be left enabled.

default true

<keepalive-select-thread-timeout>

child of <server>

<keepalive-select-thread-timeout> is a short timeout allowing the select manager to wait for a keepalive before detaching the thread. This value would not normally be changed.d wou

default 1s

<keepalive-timeout>

child of <server>

<keepalive-timeout> configures how long a keepalive connection should wait for a new request before closing.

Keepalives are used both for HTTP connections and for load-balancing and clustering connections. HTTP connections generally have a single HTML page, followed by a number of image requests. By using keepalives, all the requests can use a single socket. The <keepalive-timeout> should be long enough to catch all the HTTP burst requests, but can close after the burst is complete. A value of 5s or 15s is generally sufficient.

The load-balancing and clustering keepalives have a different timeout behavior. Since load-balancing sockets are reused for multiple clients, they can have longer timeouts.

default 120s
keepalive-thread-max in resin.xml
<resin xmlns="http://caucho.com/ns/resin">
  <cluster id="web-tier">
    <server-default>
      <http port="80"/>

      <thread-max>512</thread-max>

      <keepalive-max>100</keepalive-max>
      <keepalive-timeout>15s</keepalive-timeout>
    </server-default>

    <server id="web-a" address="192.168.0.10"/>
        ...
  </cluster>
</resin>

<load-balance-connect-timeout>

child of <server>

<load-balance-connect-timeout> configures the maximum time a client connection to a cluster-port should take. The load balance and persistent sessions use load-balance-connect-timeout to connect to backend or peer servers in the cluster.

Lower values detect failed servers more quickly, but a too-low value can timeout too quickly for a live server with some network congestion.

default 5s
load-balance-connect-timeout
<resin xmlns="http://caucho.com/ns/resin">
    <cluster id="app-tier">
        <server-default>
          <load-balance-connect-timeout>2s</load-balance-connect-timeout>
        </server-default>

        <server id="a" address="192.168.0.10" port="6800"/>
        <server id="b" address="192.168.0.11" port="6800"/>

        <host id="">
          ...
    </cluster>
</resin>

<load-balance-recover-time>

child of <server>

<load-balance-recover-time> is the maximum time the load balancer will consider the server dead after a failure before retrying the connection.

Resin uses the load-balance-recover-time to avoid wasting time trying to connect to an unavailable app-tier server.

Lower values let the load balancer use a restarted app-tier server faster, but lower values also increase the overhead of trying to contact unavailable servers.

default 15s
load-balance-recover-time
<resin xmlns="http://caucho.com/ns/resin">
    <cluster id="app-tier">
        <server-default>
          <load-balance-recover-time>10s</load-balance-recover-time>
        </server-default>

        <server id="a" address="192.168.0.10" port="6800"/>
        <server id="b" address="192.168.0.11" port="6800"/>

        <host id="">
          ...
    </cluster>
</resin>

<load-balance-idle-time>

child of <server>

<load-balance-idle-time> is the maximum time the load balancer and distributed sessions will leave an idle socket before closing it.

The default value is normally sufficient, since it tracks the keepalive of the cluster port.

load-balance-idle-time must be less than the keepalive value of the target cluster-port.

The load balancer and distributed sessions reuse sockets to the cluster peer and app-tier servers to improve TCP performance. The load-balance-idle-time limits the amount of time those sockets can remain idle.

Higher values may improve the socket pooling, but may also increase the chance of connecting to a closed server.

default keepalive-timeout - 1s

<load-balance-warmup-time>

child of <server>

The time the load balancer uses to throttle connections to an app-tier server that's just starting up.

Java web-applications often start slowly while they initialize caches. So a newly-started application will often be slower and consume more resources than a long-running application. The warmup-time increases Resin's reliability by limiting the number of requests to a new app-tier server until the server has warmed up.

Larger values give the application a longer time to warm up.

default 60s
load-balance-warmup-time
<resin xmlns="http://caucho.com/ns/resin">
    <cluster id="app-tier">
        <server-default>
          <load-balance-warmup-time>60s</load-balance-warmup-time>
        </server-default>

        <server id="a" address="192.168.0.10" port="6800"/>
        <server id="b" address="192.168.0.11" port="6800"/>

        <host id="">
          ...
    </cluster>
</resin>

<load-balance-weight>

child of <server>

load-balance-weight assigns a load-balance weight to a backend server. Servers with higher values get more requests. Servers with lower values get fewer requests.

In some cases, some app-tier servers may be more powerful than others. load-balance-weight lets the load-balancer assign more connections to the more powerful machines.

Test and profiling servers can also use load-balance-weight to receive a small number of connections for profiling purposes.

Larger values tell the load-balancer to assign more requests to the app-tier server.

default 100
load-balance-weight
<resin xmlns="http://caucho.com/ns/resin">
    <cluster id="app-tier">
        <server id="a" address="192.168.0.10" port="6800"/>
        <server id="b" address="192.168.0.10" port="6800"/>

        <server id="test" address="192.168.0.100" port="6800">
            <load-balance-weight>1</load-balance-weight>
        </server>

        <host id="">
          ...
    </cluster>
</resin>

<memory-free-min>

child of <server>

<memory-free-min> improves server reliability by detecting low-memory situations caused by memory leaks and forcing a clean server restart. Since Resin's watchdog service reliably restarts the server, a website can improve stability by forcing a restart before memory becomes a major problem. The memory-free-min restart will also log a warning, notifying the developers that a potential memory leak needs to be resolved.

When free heap memory gets very low, the garbage collector can run continually trying to free up extra memory. This continual garbage collection can send the CPU time to 100%, cause the site to become completely unresponsive, and yet take a long time before finally failing to an out of memory error (forcing an unclean restart). To avoid this situation, Resin will detect the low-memory condition and gracefully restart the server when free memory becomes too low.

The ultimate solution to any memory leak issues is to get a memory profiler, find the leaking memory and fix it. <memory-free-min> is just a temporary bandage to keep the site running reliably until the memory leak can be found and fixed.

default 1m
memory-free-min resin.xml
<resin xmlns="http://caucho.com/ns/resin">
  <cluster id="web-tier">
    <server-default>
      <thread-max>512</thread-max>

      <memory-free-min>1m</memory-free-min>
    </server-default>

    <server id="web-a" address="192.168.0.10"/>
        ...
  </cluster>
</resin>

<port>

child of <server>

The server <port> defines the TCP port for Resin cluster communication and load balancing. Most server instances will use a common port like 6800, while machines with multiple servers may use multiple ports like 6800 and 6801.

default 6800
multipl servers on a machine 
<resin xmlns="http://caucho.com/ns/resin">
  <cluster id="app-tier">
    <server id="app-a" address="192.168.1.11" port="6800"/>
    <server id="app-b" address="192.168.1.11" port="6801"/>

    <server id="app-b" address="192.168.2.12" port="6800"/>
    <server id="app-c" address="192.168.2.12" port="6801"/>

    ...
  </cluster>
</resin>

<port-default>

child of <server>

Defines default port parameters for all <http>, <protocol>, and <cluster-port>.

<protocol>

child of <server>

<protocol> configures custom socket protocols using Resin's thread and connection management.

The custom protocol will extend from com.caucho.server.port.Protocol.

<resin xmlns="http://caucho.com/ns/resin">
<cluster id="web-tier">

  <server id="a">
    <protocol address="localhost" port="8888">
      <type>example.Magic8BallProtocol</type>
    </port>
  </server>

</cluster>
</resin>

<server>

child of <cluster>

<server> configures a JVM instance in the cluster. Each <server> is uniquely identified by its id attribute. The id will match the -server command line argument.

The server listens to an internal network address, e.g. 192.168.0.10:6800 for clustering, load balancing, and administration.

The current server is managed with a ServerMXBean. The ObjectName is resin:type=Server.

Peer servers are managed with ServerConnectorMXBean. The ObjectName is resin:type=ServerConnector,name=server-id.

<server> Attributes
ATTRIBUTEDESCRIPTIONDEFAULT
idunique server identifierrequired
addressIP address of the cluster port127.0.0.1
portThe cluster port6800
server
<resin xmlns="http://caucho.com/ns/resin">
    <cluster id="web-tier">
        <server id="a" address="192.168.0.10" port="6800">
          <http port="8080"/>
        </server>

        <server id="b" address="192.168.0.11" server-port="6800">
          <http port="8080"/>
        </server>

        <server id="c" address="192.168.0.12" server-port="6800">
          <http port="8080"/>
        </server>

        <host id="">
          ...
    </cluster>
</resin>

Main configuration for the server, configuring ports, threads and virtual hosts.

  • Common resources for all virtual hosts and web-apps.
  • Thread pooling
  • HTTP and Server/Cluster ports
  • Caching
  • virtual host configuration and common web-app-default

The <server> will generally contain a <class-loader> configuration which loads the resin/lib jars dynamically, allowing for system-wide jars to be dropped into resin/lib. <server> configures the main dynamic environment. Database pools common to all virtual hosts, for example, should be configured in the <server> block.

The <server> configures the <thread-pool> and a set of <http> and <server> ports which share the thread pool. Requests received on those ports will use worker threads from the thread pool.

<server> Attributes
ATTRIBUTEDESCRIPTIONDEFAULT
alternate-session-url-prefixa prefix to add the session to the beginning of the URL as a path prefix instead of the standard ;jsessionid= suffix. For clients like mobile devices with limited memory, this will allow careful web designers to minimize the page size.null
keepalive-maxthe maximum number of keepalive connections
keepalive-timeoutthe maximum time a connection is maintained in the keepalive state120s
alternate-session-url-prefix
<server>
  ...
  <alternate-session-url-prefix>/~J=</alternate-session-url-prefix>
  ...

EL variables and functions

EL variables defined by <server>
VARIABLECORRESPONDING API
serverIdserver.getServerId()
root-dirserver.getRootDirectory()
server-rootserver.getRootDirectory()
EL functions defined by <server>
FUNCTIONCORRESPONDING API
jndiJndi.lookup(String)

<server-default>

child of <cluster>

<server-default> defines default values for all <server> instances. Since most <server> configuration is identical for all server instances, the shared configuration belongs in a <server-default>. For example, <http> ports, timeouts, JVM arguments, and keepalives are typically identical for all server instances and therefore belong in a server-default.

server
<resin xmlns="http://caucho.com/ns/resin">
    <cluster id="web-tier">
        <server-default>
           <thread-max>512</thread-max>

           <jvm-arg>-Xmx512m -Xss1m</jvm-arg>

           <http port="8080"/>
        </server-default>

        <server id="a" address="192.168.0.10" port="6800"/>
        <server id="b" address="192.168.0.11" port="6800"/>
        <server id="c" address="192.168.0.12" port="6800"/>

        <host id="">
          ...
    </cluster>
</resin>

<shutdown-wait-max>

child of <server>

<shutdown-wait-max> configures the maximum time the server will wait for the graceful shutdown before forcing an exit.

default 60s

<socket-timeout>

child of <http>,<cluster-port>,<protocol>,<server>

<socket-timeout> is the maximum time a socket load balancer and distributed sessions will wait for a read or write to a cluster socket.

Crashed servers may never respond to a read request or accept a write. The socket-timeout lets Resin recover from these kinds of crashes.

Lower values can detect crashes more quickly, but too-low values may report bogus failures when the server machine is just a little slow.

default 60s
socket-timeout
<resin xmlns="http://caucho.com/ns/resin">
    <cluster id="app-tier">
        <server-default>
          <socket-timeout>60s</socket-timeout>
        </server-default>

        <server id="a" address="192.168.0.10" port="6800"/>
        <server id="b" address="192.168.0.11" port="6800"/>

        <host id="">
          ...
    </cluster>
</resin>

<thread-idle-max>

child of <server>

<thread-idle-max> configures the maximum number of idle threads in the thread pool. <thread-idle-max> works with <thread-idle-min> to maintain a steady number of idle threads, avoiding the creation or destruction threads when possible.

<thread-idle-max> should be set high enough beyond <thread-idle-min> so a spiky load will avoid creating a thread and then immediately destroying it.

default 10
thread-idle-max in resin.xml
<resin xmlns="http://caucho.com/ns/resin">
  <cluster id="web-tier">
    <server-default>
      <thread-max>512</thread-max>

      <thread-idle-min>10</thread-idle-min>
      <thread-idle-max>20</thread-idle-max>

      <jvm-arg>-Xss1m -Xmx1024m</jvm-arg>
    </server-default>

    <server id="web-a" address="192.168.0.10"/>
        ...
  </cluster>
</resin>

<thread-idle-min>

child of <server>

<thread-idle-min> configures the minimum number of idle threads in the thread pool. <thread-idle-min> helps spiky loads, avoiding delays for thread requests by keeping threads ready for future requests. When the number of idle threads drops below <thread-idle-min>, Resin creates a new thread.

<thread-idle-min> should be set high enough to deal with load spikes. Since idle threads are relatively inexpensive in modern operating systems, having a number of idle threads is not a major resource hog, especially since these threads are idle, waiting for a new job.

<thread-idle-min> works together with <thread-idle-max> to avoid thread allocation thrashing, i.e. avoiding creating a new thread because of <thread-idle-min> and then quickly destroying it because of <thread-idle-max>.

default 5
thread-idle-min in resin.xml
<resin xmlns="http://caucho.com/ns/resin">
  <cluster id="web-tier">
    <server-default>
      <thread-max>512</thread-max>

      <thread-idle-min>10</thread-idle-min>
      <thread-idle-max>20</thread-idle-max>

      <jvm-arg>-Xss1m -Xmx1024m</jvm-arg>
    </server-default>

    <server id="web-a" address="192.168.0.10"/>
        ...
  </cluster>
</resin>

<thread-max>

child of <server>

<thread-max> configures the maximum number of threads managed by Resin's thread pool. Resin's thread pool is used for connection threads, timers, and Resin worker threads for JMS and EJB. Since Resin's thread pool only manages Resin threads, the actual number of threads in the JVM will be higher.

Modern operating systems can handle a fairly large number of threads, so values of 512 or 1024 are often reasonable values for thread-max. The main limitation for thread-max is virtual memory. Since each thread takes up stack space (configured with -Xss), a 32-bit system might have a thread limit based on virtual memory.

For example, on Linux the user space is only 2G. If the heap memory is 1024m (-Xmx1024m) and the stack size is 1m (-Xss1m), the maximum number of threads is somewhat less than 1024.

In general, JVMs do not handle running out of threads very well, either freezing or throwing out of memory errors. Although it may be necessary to limit the number of threads to avoid running out of memory, <thread-max> should generally be set to a high value.

thread-max in resin.xml
<resin xmlns="http://caucho.com/ns/resin">
  <cluster id="web-tier">
    <server-default>
      <thread-max>512</thread-max>

      <jvm-arg>-Xss1m -Xmx1024m</jvm-arg>
    </server-default>

    <server id="web-a" address="192.168.0.10"/>
        ...
  </cluster>
</resin>
default 4096

<user-name>

child of <server>

<user-name> configures the operating system user Resin should run as. Since the HTTP port 80 is protected in Unix, the web server needs to start as root to bind to port 80. For security, Resin should switch to a non-root user after binding to port 80.

resin.xml with user-name
<resin xmlns="http://caucho.com/ns/resin">
  <cluster id="app-tier">

    <server-default>
      <http port="80"/>

      <user-name>resin</user-name>
    </server-default>

    <server id="web-a"/>
    ...
  </cluster>
</resin>

<watchdog-arg>

child of <server>

The <watchdog-arg> configures arguments for the watchdog process. The watchdog improves reliability by monitoring the Resin instance, restarting it if necessary.

The <watchdog-arg> typically is used to enable jconsole for the watchdog JVM.

resin.xml
<resin xmlns="http://caucho.com/ns/resin">
  <cluster id="app-tier">
    <server-default>

      <watchdog-arg>-Dcom.sun.management.jmxremote</watchdog-arg>

    </server-default>

    ...
       
  </cluster>
</resin>

<watchdog-port>

child of <server>

<watchdog-port> configures the administration port for the watchdog JVM. The watchdog launches the server JVM and monitors its health, restarting the JVM when necessary to improve site reliability. The command line arguments use the watchdog-port for the "start" and "stop" commands to tell the watchdog to start and stop the server JVM. The administration also uses the watchdog port for watchdog administration.

The watchdog port will use the same <address> as the server, so it will always be an internal network address, never an external internet address.

default 6700

<cookie-domain>

child of <session-config>

<cookie-domain> configures the host domain to use for sessions, i.e. value of the Domain cookie attributes.

By default, browsers only send cookies back to the exact host which sent them. In some virtual host cases, it makes sense to share the same cookie value for multiple virtual hosts in the same domain. For example, caucho.com might want a single cookie to be used for both gryffindor.caucho.com and slytherin.caucho.com. In this case the cookie-domain would be set to caucho.com.

cookie-domain for caucho.com
<resin xmlns="http://caucho.com/ns/resin">
<cluster id="app-tier">

  <host id="caucho.com">
    <host-alias>gryffindor.caucho.com</host-alias>
    <host-alias>slytherin.caucho.com</host-alias>

    <web-app-default>

      <session-config cookie-domain="caucho.com"/>

    </web-app-default>
  </host>

</cluster>
</resin>

<cookie-domain-regexp>

child of <session-config>

<cookie-domain-regexp> configures the host domain to use for sessions, i.e. value of the Domain cookie attributes.

This setting serves a case when a single web-app is accessed via a number of domains while session cookie must belong to the domain at requested URI. e.g. domains www.foo.com zoo.xyz.foo.com must have cookie set to foo.com while domains www.1-foo.com zoo.xyz.1-foo.com must have cookie set to 1-foo.com

cookie-domain-regexp for foo.com 1-foo.com
<resin xmlns="http://caucho.com/ns/resin">
<cluster id="app-tier">

  <host id="caucho.com">
    <host-alias>gryffindor.foo.com</host-alias>
    <host-alias>slytherin.foo.com</host-alias>
    <host-alias>gryffindor.1-foo.com</host-alias>
    <host-alias>slytherin.1-foo.com</host-alias>

    <web-app-default>

      <session-config cookie-domain-regexp="[^.]*\.[^.]*$"/>

    </web-app-default>
  </host>

</cluster>
</resin>

<cookie-length>

child of <session-config>

<cookie-length> sets the length of the generated cookie value. In some rare cases, the cookie-length might need to be shortened or the cookie-length might be extended to add randomness to the cookie value. For the most part, this value should be left alone.

default 14

<cookie-max-age>

child of <session-config>

<cookie-max-age> sets how long the browser should keep the session cookie.

By default, browsers keep cookies as long as they are open. When the browser is restarted, the cookies are dropped. cookie-max-age tells the browser to keep the cookie for a certain time period. Applications can make this time "infinite" by setting a large number.

<cookie-version>

<cookie-version> sets the version of the cookie spec for sessions.

default 1.0

<ignore-serialization-errors>

child of <session-config>

<ignore-serialization-errors> is used with persistent sessions in certain rare cases where some session data is serializable and other data is not serializable. <ignore-serialization-errors> simply skips session values which do not implement java.io.Serializable when serializing the session.

default true

<session-config>

Session configuration parameters.

Servlet 2.4 definition for session-timeout
ATTRIBUTEDESCRIPTIONDEFAULT
session-timeoutThe session timeout in minutes, 0 means never timeout.30 minutes

Resin adds a number of session-config tags.

Resin extensions to session-config
ATTRIBUTEDESCRIPTIONDEFAULT
always-load-sessionReload data from the store on every request. (resin 1.2)false
always-save-sessionSave session data to the store on every request. (resin 1.2)false
cookie-versionVersion of the cookie spec for sessions. (resin 1.2)1.0
cookie-domainDomain for session cookies. (resin 1.2)none
cookie-max-ageMax age for persistent session cookies. (resin 2.0)none
cookie-lengthMaximum length of the cookie. (resin 2.1.1)Integer.MAX_VALUE
enable-cookiesEnable cookies for sessions. (resin 1.1)true
enable-url-rewritingEnable URL rewriting for sessions. (resin 1.1)true
ignore-serialization-errorsWhen persisting a session, ignore any values which don't implement java.io.Serializabletrue
invalidate-after-listenerInvalidate the session after notifying session listeners.false
reuse-session-idReuse the session id even if the session has timed out. (resin 2.0.4)true
save-only-on-shutdownOnly save session when the application shuts down. (resin 1.2.3)false
ssl-cookie-nameSet a different cookie name to use for SSL connections, and add the "secure" flag when setting the cookie in the browser.
session-maxMaximum active sessions8192
use-persistent-storeUses the current persistent-store to save sessions. (resin 3.0.8)none

By default, both enable-cookies and enable-url-rewriting are true. To force url rewriting, you would create a configuration like:

<web-app id='/'>

  <session-config
   enable-cookies='false'
   enable-url-rewriting='true'/>

</web-app>

The session-timeout and session-max are usually used together to control the number of sessions. Sessions are stored in an LRU cache. When the number of sessions in the cache fills up past session-max, the oldest sessions are recovered. In addition, sessions idle for longer than session-timeout are purged.

using session-config and session-timeout to control the number of sessions
<web-app id='/dir'>

  <session-config>
     <!-- 2 hour timeout -->
     <session-timeout>120</session-timeout>
     <session-max>4096</session-max>
  </session-config>

</web-app>

cookie-length is used to limit the maximum length for the session's generated cookie for special situations like WAP devices. Reducing this value reduces the randomness in the cookie and increases the chance of session collisions.

reuse-session-id defaults to true so that Resin can share the session id amongst different web-apps.

The class that corresponds to <session-config> is com.caucho.server.session.SessionManager

<session-max>

child of <session-config>

<session-max> sets the maximum number of sessions stored in memory for a particular <web-app>. The total number of persisted sessions may be larger.

default 4096

<save-mode>

child of <session-config>

<save-mode> configures when Resin should save a persistence session during a request. The values are:

<save-mode> Attributes
ATTRIBUTEDESCRIPTION
after-requestSave the session after the request has been served and completed
before-headersSave the session before sending headers to the browser
on-shutdownOnly save the session when Resin is shutting down

In some situations, like redirects, a fast browser can send a request back to Resin before the session is persisted with the after-request save-mode. If the server is configured without sticky sessions, the load balancer might send the request to a different server, which may not get the updated session. In the situation, either the save-mode should be changed to before-headers or sticky sessions should be enabled.

If the save-mode is before-headers, the application should take care to make any session changes before sending data to the browser.

default after-request

<session-timeout>

child of <session-config>

<session-timeout> sets how long a <web-app> should keep an idle session before invalidating it. The value is specified in minutes.

default 30min

Maven Deploy Client

Configuring the Maven Plugin in a pom.xml file
<?xml version="1.0"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" 
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
            xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
 http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>com.test</groupId>
  <artifactId>test</artifactId>
  <packaging>war</packaging>
  <version>1.0-SNAPSHOT</version>
  <name>test Maven Webapp</name>
  <url>http://maven.apache.org</url>

  <dependencies>
  ...
  </dependencies>

  <pluginRepositories>
    <pluginRepository>
      <snapshots>
        <enabled>true</enabled>
        <updatePolicy>always</updatePolicy>
        <checksumPolicy>ignore</checksumPolicy>
      </snapshots>
      <id>caucho</id>
      <name>Caucho</name>
      <url>http://caucho.com/m2-snapshot</url>
    </pluginRepository>
  </pluginRepositories>

  <build>
    <finalName>foo</finalName>

    <plugins>
      <plugin>
        <groupId>com.caucho</groupId>
        <artifactId>resin-maven-plugin</artifactId>
        <version>4.0-SNAPSHOT</version>
        <configuration>
          <server>127.0.0.1</server>
          <port>8086</port>
          <user>foo</user>
          <password>test</password>
        </configuration>
      </plugin>
    </plugins>
  </build>
</project>
Maven Mojo Reference
MOJOPARAMETER NAMESYSTEM PROPERTYREQUIRED?DEFAULTDESCRIPTION
COMMON PROPERTIES FOR ALL MOJOSserverresin.serverYesN/AThe IP or address of the Resin server
portresin.portYesN/AThe port of the Resin server's HTTP port
userresin.userYesN/AThe user to use when logging into the Resin server
passwordresin.passwordYesN/AThe password to use when logging into the Resin server
commitMessageresin.commitMessageNoN/AThe commit message to log for any changes to the application repository
RESIN:UPLOAD-WARwarFileresin.warFileYes${project.build.directory}/ ${project.build.finalName}.war (the war file produced for the project)The war file to upload to the Resin server
stageresin.stageNo"default"The stage to use for the deployed application
virtualHostresin.virtualHostNo"default"The virtual host to use for the deployed application
contextRootresin.contextRootYes/${project.build.finalName}
(the "final name" of the project)		The context root of the deployed application
versionresin.versionNoN/AThe version to use for the deployed application
archiveresin.archiveNofalseWhen set to true, an archive tag is set in addition to the main tag. Can also be an explicit tag.
writeHeadresin.writeHeadNotrueWhen set to true and using versioning, a "head" tag is also set.
RESIN:COPY-TAGstageresin.stageNo"default"The stage of the target tag
virtualHostresin.virtualHostNo"default"The virtual host of the target tag
contextRootresin.contextRootYes (if tag not given)/${project.build.finalName}
(the "final name" of the project)		The context root of the target tag
versionresin.versionNoN/AThe version of the target tag
sourceStageresin.sourceStageNo"default"The stage of the source tag
sourceVirtualHostresin.sourceVirtualHostNo"default"The virtual host of the source tag
sourceContextRootresin.sourceContextRootYes (if sourceTag not given)N/AThe context root of the source tag
sourceVersionresin.sourceVersionNoN/AThe version of the source tag
tagresin.tagYes (if contextRoot not given)N/AAn explicit target tag
sourceTagresin.sourceTagYes (if sourceContextRoot not given)N/AAn explicit source tag
RESIN:DELETE-TAGstageresin.stageNo"default"The stage of the tag to be deleted
virtualHostresin.virtualHostNo"default"The virtual host of the tag to be deleted
contextRootresin.contextRootYes (if tag not given)/${project.build.finalName}
(the "final name" of the project)		The context root of the tag to be deleted
versionresin.versionNoN/AThe version of the tag to be deleted
tagresin.tagYes (if contextRoot not given)N/AAn explicit tag to be deleted
RESIN:QUERY-TAGS stageresin.stageYes (At least one pattern (either stage, virtualHost, contextRoot, version, or pattern) must be given"default"The query pattern for the stage portion of tags in the repository
virtualHostresin.virtualHostYes (At least one pattern (either stage, virtualHost, contextRoot, version, or pattern) must be given"default"The query pattern for the virtual host portion of tags in the repository
contextRootresin.contextRootYes (At least one pattern (either stage, virtualHost, contextRoot, version, or pattern) must be given/${project.build.finalName}
(the "final name" of the project)		The query pattern for the context root portion of tags in the repository
versionresin.versionYes (At least one pattern (either stage, virtualHost, contextRoot, version, or pattern) must be givenN/AThe query pattern for the version portion of tags in the repository
patternresin.patternYes (At least one pattern (either stage, virtualHost, contextRoot, version, or pattern) must be givenN/AAn explicit query pattern for entire tags in the repository

Ant Deploy Client

Using the Ant tasks
<project xmlns:resin="antlib:com.caucho.ant">
  <-- if resin-ant.jar is not installed locally -->
  <taskdef uri="antlib:com.caucho.ant"
           resource="com/caucho/ant/antlib.xml"
           classpath="path/to/resin-ant.jar"/>

  <resin:upload-war server="192.168.0.10"
                    port="8080"
                    user="admin"
                    password="myadminpass"
                    warFile="clustered-app.war"
                    version="1.0"/>
</project>
Ant Task Reference
TASK NAMEPARAMETER NAMEREQUIRED?DEFAULTDESCRIPTION
COMMON PROPERTIES FOR ALL TASKSserverYesN/AThe IP or address of the Resin server
portYesN/AThe port of the Resin server's HTTP port
userYesN/AThe user to use when logging into the Resin server
passwordYesN/AThe password to use when logging into the Resin server
commitMessageNoN/AThe commit message to log for any changes to the application repository
RESIN-UPLOAD-WAR (COM.CAUCHO.ANT.RESINUPLOADWAR)warFileYesN/AThe war file to upload to the Resin server
stageNo"default"The stage to use for the deployed application
virtualHostNo"default"The virtual host to use for the deployed application
contextRootNo/[war file prefix]The context root of the deployed application
versionNoN/AThe version to use for the deployed application
archiveNofalseWhen set to true, an archive tag is set in addition to the main tag. Can also be an explicit tag.
writeHeadNotrueWhen set to true and using versioning, a "head" tag is also set.
RESIN-COPY-TAG (COM.CAUCHO.ANT.RESINCOPYTAG)stageNo"default"The stage of the target tag
virtualHostNo"default"The virtual host of the target tag
contextRootYes (if tag not given)N/AThe context root of the target tag
versionNoN/AThe version of the target tag
sourceStageNo"default"The stage of the source tag
sourceVirtualHostNo"default"The virtual host of the source tag
sourceContextRootYes (if sourceTag not given)N/AThe context root of the source tag
sourceVersionNoN/AThe version of the source tag
tagYes (if contextRoot not given)N/AAn explicit target tag
sourceTagYes (if sourceContextRoot not given)N/AAn explicit source tag
RESIN-DELETE-TAG (COM.CAUCHO.ANT.RESINDELETETAG) stageNo"default"The stage of the tag to be deleted
resin.virtualHostNo"default"The virtual host of the tag to be deleted
contextRootYes (if tag not given)N/AThe context root of the tag to be deleted
versionNoN/AThe version of the tag to be deleted
tagYes (if contextRoot not given)N/AAn explicit tag to be deleted
RESIN-QUERY-TAGS (COM.CAUCHO.ANT.RESINQUERYTAGS)stageYes (At least one pattern (either stage, virtualHost, contextRoot, version, or pattern) must be given"default"The query pattern for the stage portion of tags in the repository
virtualHostYes (At least one pattern (either stage, virtualHost, contextRoot, version, or pattern) must be given"default"The query pattern for the virtual host portion of tags in the repository
contextRootYes (At least one pattern (either stage, virtualHost, contextRoot, version, or pattern) must be given".*"The query pattern for the context root portion of tags in the repository
versionYes (At least one pattern (either stage, virtualHost, contextRoot, version, or pattern) must be givenN/AThe query pattern for the version portion of tags in the repository
patternYes (At least one pattern (either stage, virtualHost, contextRoot, version, or pattern) must be givenN/AAn explicit query pattern for entire tags in the repository

See Also

  • See the index for a list of all the tags.
  • See <cluster> tag configuration

<accept-listen-backlog>

child of <http>,<connection-port>,<protocol>

<accept-listen-backlog> configures operating system TCP listen queue size for the port.

<accept-thread-max>

child of <http>,<connection-port>,<protocol>

<accept-thread-max> configures the maximum number of threads listening for new connections on this port.

<accept-thread-min>

child of <http>,<connection-port>,<protocol>

<accept-thread-min> configures the minimum number of threads listening for new connections on this port.

<address>

child of <server>

The <address> defines the IP interface for a port. A value of '*' binds to all ports. Because the <address> is specific to a server, it should only be defined in a <server> tag, not a <server-default>.

default *
http address
<resin xmlns="http://caucho.com/ns/resin">
  <cluster id="web-tier">
    <server id="web-a" address="192.168.1.1" port="6800">
      <http address="10.0.1.1" port="80"/>
    </server>

    <server id="web-b" address="192.168.1.2" port="6800">
      <http address="10.0.1.2" port="80"/>
    </server>

    ...
  </cluster>
</resin>

<ca-certificate-file> (OpenSSL)

child of <http>,<protocol>,<cluster-port>

<ca-certificate-file> configures the path to a CA certificate file for intermediate CA support.

<ca-certificate-path> (OpenSSL)

child of <http>,<protocol>,<cluster-port>

<ca-certificate-path> configures the path to a CA certificate directory for intermediate CA support.

<ca-revocation-file> (OpenSSL)

child of <http>,<protocol>,<cluster-port>

<ca-revocation-file> configures the path to a list of revoked CA certificates.

<ca-revocation-path> (OpenSSL)

child of <http>,<protocol>,<cluster-port>

<ca-revocation-path> configures the path to a list of revoked CA certificates.

<certificate-file> (OpenSSL)

child of <http>,<protocol>,<cluster-port>

<certificate-file> configures the path to the server's SSL certificate.

<certificate-chain-file> (OpenSSL)

child of <http>,<protocol>,<cluster-port>

<certificate-chain-file> configures the path to the server's SSL certificate for OpenSSL.

<certificate-key-file> (OpenSSL)

child of <http>,<protocol>,<cluster-port>

<certificate-key-file> configures the path to the server's SSL private key certificate for OpenSSL.

<cipher-suite> (OpenSSL)

child of <http>,<protocol>,<cluster-port>

<cipher-suite> configures the path to the server's SSL cryptographic ciphers.

<cipher-suite-forbidden> (JSSE)

child of <http>,<protocol>,<cluster-port>

<cipher-suite-forbidden> restricts forbidden ciphers

<cluster-port>

child of <server>

<cluster-port> configures the cluster and load balancing socket, for load balancing, distributed sessions, and distributed management.

When configuring Resin in a load-balanced cluster, each Resin instance will have its own <server> configuration, which Resin uses for distributed session management and for the load balancing itself.

When configuring multiple JVMs, each <server> will have a unique <server-id> which allows the -server command-line to select which ports the server should listen to.

<cluster-port> Attributes
ATTRIBUTEDESCRIPTIONDEFAULT
addresshostname of the interface to listen to*
jsse-sslconfigures the port to use JSSE for SSLnone
opensslconfigures the port to use OpenSSLnone
portport to listen torequired
socket-timeouttimeout waiting to read/write to idle client65s
accept-listen-backlogThe socket factory's listen backlog for receiving sockets100
tcp-no-delaysets the NO_DELAY socket parametertrue

<connection-max>

child of <server>

<connection-max> configures the maximum number of concurrent connections on this port.

<http>

child of <server>

<http> configures a HTTP or HTTPS port listening for HTTP requests.

When configuring multiple JVMs, each <http> will have a unique <server-id> which allows the -server command-line to select which ports the server should listen to.

<http> Attributes
ATTRIBUTEDESCRIPTIONDEFAULT
addressIP address of the interface to listen to*
portport to listen torequired
tcp-no-delaysets the NO_DELAY socket parametertrue
socket-timeouttimeout waiting to write to idle client65s
accept-listen-backlogThe socket factory's listen backlog for receiving sockets100
virtual-hostforces all requests to this <http> to use the named virtual hostnone
opensslconfigures the port to use OpenSSLnone
jsse-sslconfigures the port to use JSSE for SSLnone

The virtual-host attribute overrides the browser's Host directive, specifying the explicit host and port for request.getServerName() and getServerPort(). It is not used in most virtual host configurations. Only IP-based virtual hosts which wish to ignore the browser's Host will use @virtual-host.

<jsse-ssl>

child of <http>,<protocol>,<cluster-port>

<jsse-ssl> configures the port to use JSSE for SSL support.

The SSL section of the Security documentation provides a comprehensive overview of SSL.

<jsse-ssl> Attributes
ATTRIBUTEDESCRIPTIONDEFAULT
aliasConfigures the key alias name in the key store file.optional
cipher-suites-forbiddenAdditions and restrictions to the allowed cryptography cipherssee openssl-tags
key-store-filePath to the certificate key store filerequired
passwordPrivate key passwordrequired
key-store-typeType of the keystorejks
key-manager-factorySpecial factory for creating keysrequired
ssl-contextSpecial configuration for the ssl context.optional
verify-clientSettings for client validationrequired

<keepalive-max>

child of <http>,<connection-port>,<protocol>

<keepalive-max> configures the maximum number of keepalives on this port.

<openssl>

child of <http>,<protocol>,<cluster-port>

<openssl> configures the port to use OpenSSL for SSL support (requires Resin Professional). OpenSSL is a fast C implementation of SSL security used by Apache. Resin's configuration is OpenSSL follows Apache's configuration, so any documentation on installing SSL certificates can use documentation for Apache.

The SSL section of the Security documentation provides a comprehensive overview of SSL.

<openssl> Attributes
ATTRIBUTEDESCRIPTIONDEFAULT
ca-certificate-filePath to a CA certificate file for intermediate CA supportoptional
ca-certificate-pathPath to a directory of CA certificates for intermediate CA supportoptional
ca-revocation-filePath to a list of revoked CA certificatesoptional
ca-revocation-pathPath to a directory of revoked CA certificatesoptional
certificate-filePath to the server's SSL certificaterequired
certificate-chain-filePath to the certificate chains for client validation.optional
certificate-key-filePath to the server's SSL private key certificaterequired
cipher-suiteAdditions and restrictions to the allowed cryptography cipherssee openssl-tags
cipher-suites-forbiddenAdditions and restrictions to the allowed cryptography cipherssee openssl-tags
passwordPassword protecting the public keysee openssl-tags
protocolOptional restrictions on the SSL protocolsee openssl-tags
session-cacheBoolean enabling caching of SSL sessions for performancefalse
session-cache-timeoutTimeout for session cache values30s
unclean-shutdownFlag indicating that openssl sockets can be shutdown uncleanlyfalse
verify-clientOptions for client validationnone
verify-depthDepth of the client certificate chains to validateunlimited

<password> (OpenSSL)

child of <openssl>

<password> configures the SSL private key certificate password.

<port>

child of <http>,<protocol>,<server>

The <port> defines the TCP port the HTTP or protocol should bind to.

http port
<resin xmlns="http://caucho.com/ns/resin">
  <cluster id="web-tier">
    <server id="web-a" address="192.168.1.1" port="6800">
      <http address="10.0.1.1" port="80"/>
      <http address="192.168.1.1" port="8080"/>
    </server>

    ...
  </cluster>
</resin>

<protocol>

child of <server>

<protocol> configures custom socket protocols using Resin's thread and connection management.

The custom protocol will extend from com.caucho.server.port.Protocol.

<resin xmlns="http://caucho.com/ns/resin">
<cluster id="web-tier">

  <server id="a">
    <protocol address="localhost" port="8888">
      <type>example.Magic8BallProtocol</type>
    </port>
  </server>

</cluster>
</resin>

<protocol> (OpenSSL)

child of <openssl>

<protocol> configures the SSL allowed protocols.

<session-cache> (OpenSSL)

child of <openssl>

<session-cache> configures the SSL session cache.

<session-cache-timeout> (OpenSSL)

child of <openssl>

<session-cache> configures the SSL session cache timeout.

<socket-timeout>

child of <http>,<cluster-port>,<protocol>,<server>

<socket-timeout> overrides the socket timeout from the <server>.

<tcp-no-delay>

child of <http>,<protocol>,<cluster-port>

Sets the tcp-no-delay parameter.

<unclean-shutdown> (OpenSSL)

child of <openssl>

<unclean-shutdown> configures the OpenSSL unclean shutdown on connection close.

<verify-client> (OpenSSL)

child of <openssl>

<verify-client> sets the client certificate configuration. If the certificate is available, it will be put in the javax.servlet.request.X509Certificate request attribute.

<verify-client> (OpenSSL) Attributes
ATTRIBUTEDESCRIPTION
nonedo not ask for a client certificate (default)
requiredrequire a client certificate
optionalask for a client certificate if availiable
optional-no-caask for a client certificate, but do not validate the Certificate Authority
Obtaining the client certificate
  X509Certificate []certs = (X509Certificate [])
       request.getAttribute("javax.servlet.request.X509Certificate");

<verify-depth> (OpenSSL)

child of <openssl>

<verify-depth> configures the OpenSSL client verification depth.

Copyright © 1998-2015 Caucho Technology, Inc. All rights reserved. Resin ® is a registered trademark. Quercustm, and Hessiantm are trademarks of Caucho Technology.

Cloud-optimized Resin Server is a Java EE certified Java Application Server, and Web Server, and Distributed Cache Server (Memcached).
Leading companies worldwide with demand for reliability and high performance web applications including SalesForce.com, CNET, DZone and many more are powered by Resin.

home company docs 
app server