port: port tag configuration
| <host> | <resin> |
The port tags configure <http> ports, addresses, cluster-ports and custom protocol TCP ports.
- See Also
- <accept-listen-backlog>
- <accept-thread-max>
- <accept-thread-min>
- <address>
- <ca-certificate-file> (OpenSSL)
- <ca-certificate-path> (OpenSSL)
- <ca-revocation-file> (OpenSSL)
- <ca-revocation-path> (OpenSSL)
- <certificate-file> (OpenSSL)
- <certificate-chain-file> (OpenSSL)
- <certificate-key-file> (OpenSSL)
- <cipher-suite> (OpenSSL)
- <cluster-port>
- <connection-max>
- <http>
- <jsse-ssl>
- <keepalive-max>
- <openssl>
- <password> (OpenSSL)
- <port>
- <protocol>
- <protocol> (OpenSSL)
- <session-cache> (OpenSSL)
- <session-cache-timeout> (OpenSSL)
- <socket-timeout>
- <tcp-no-delay>
- <unclean-shutdown> (OpenSSL)
- <verify-client> (OpenSSL)
- <verify-depth> (OpenSSL)
- See the index for a list of all the tags.
- See <cluster> tag configuration
- See <server> tag configuration
<accept-listen-backlog> configures operating system TCP listen queue size for the port.
child of http, connection-port, protocol<accept-thread-min> configures the maximum number of threads listening for new connections on this port.
child of http, connection-port, protocol<accept-thread-min> configures the minimum number of threads listening for new connections on this port.
child of serverThe <address> defines the IP interface for a port. A value of '*' binds to all ports. Because the <address> is specific to a server, it should only be defined in a <server> tag, not a <server-default>.
default *
<resin xmlns="http://caucho.com/ns/resin">
<cluster id="web-tier">
<server id="web-a" address="192.168.1.1" port="6800">
<http address="10.0.1.1" port="80"/>
</server>
<server id="web-b" address="192.168.1.2" port="6800">
<http address="10.0.1.2" port="80"/>
</server>
...
</cluster>
</resin>
<ca-certificate-file> configures the path to a CA certificate file for intermediate CA support.
child of http, protocol, cluster-port<ca-certificate-path> configures the path to a CA certificate directory for intermediate CA support.
child of http, protocol, cluster-port<ca-revocation-file> configures the path to a list of revoked CA certificates.
child of http, protocol, cluster-port<ca-revocation-path> configures the path to a list of revoked CA certificates.
child of http, protocol, cluster-port<certificate-file> configures the path to the server's SSL certificate.
child of http, protocol, cluster-port<certificate-chain-file> configures the path to the server's SSL certificate for OpenSSL.
child of http, protocol, cluster-port<certificate-key-file> configures the path to the server's SSL private key certificate for OpenSSL.
child of http, protocol, cluster-port<cipher-suite> configures the path to the server's SSL cryptographic ciphers.
child of server<cluster-port> configures the cluster and load balancing socket, for load balancing, distributed sessions, and distributed management.
When configuring Resin in a load-balanced cluster, each Resin instance will have its own <srun> configuration, which Resin uses for distributed session management and for the load balancing itself.
When configuring multiple JVMs, each <srun> will have a unique <server-id> which allows the -server command-line to select which ports the server should listen to.
| address | hostname of the interface to listen to | * |
| jsse-ssl | configures the port to use JSSE for SSL | none |
| openssl | configures the port to use OpenSSL | none |
| port | port to listen to | required |
| socket-timeout | timeout waiting to read/write to idle client | 65s |
| accept-listen-backlog | The socket factory's listen backlog for receiving sockets | 100 |
| tcp-no-delay | sets the NO_DELAY socket parameter | true |
The class that corresponds to <srun> is com.caucho.server.cluster.ClusterPort
child of server<connection-max> configures the maximum number of concurrent connections on this port.
child of server<http> configures a HTTP or HTTPS port listening for HTTP requests.
When configuring multiple JVMs, each <http> will have a unique <server-id> which allows the -server command-line to select which ports the server should listen to.
| address | IP address of the interface to listen to | * |
| port | port to listen to | required |
| tcp-no-delay | sets the NO_DELAY socket parameter | true |
| socket-timeout | timeout waiting to write to idle client | 65s |
| accept-listen-backlog | The socket factory's listen backlog for receiving sockets | 100 |
| virtual-host | forces all requests to this <http> to use the named virtual host | none |
| openssl | configures the port to use OpenSSL | none |
| jsse-ssl | configures the port to use JSSE for SSL | none |
The attribute overrides the browser's
Host directive, specifying the explicit host and port for
request.getServerName() and getServerPort().
It is not used in most virtual host configurations.
Only IP-based virtual hosts which wish to ignore the browser's Host
will use @virtual-host.
<jsse-ssl> configures the port to use JSSE for SSL support.
The SSL section of the Security documentation provides a comprehensive overview of SSL.
| alias | Configures the key alias name in the key store file. | optional |
| key-store-file | Path to the certificate key store file | required |
| password | Private key password | required |
| key-store-type | Type of the keystore | jks |
| key-manager-factory | Special factory for creating keys | required |
| ssl-context | Special configuration for the ssl context. | optional |
| verify-client | Settings for client validation | required |
<keepalive-max> configures the maximum number of keepalives on this port.
child of http, protocol, cluster-port<openssl> configures the port to use OpenSSL for SSL support (requires Resin Professional). OpenSSL is a fast C implementation of SSL security used by Apache. Resin's configuration is OpenSSL follows Apache's configuration, so any documentation on installing SSL certificates can use documentation for Apache.
The SSL section of the Security documentation provides a comprehensive overview of SSL.
| ca-certificate-file | Path to a CA certificate file for intermediate CA support | optional |
| ca-certificate-path | Path to a directory of CA certificates for intermediate CA support | optional |
| ca-revocation-file | Path to a list of revoked CA certificates | optional |
| ca-revocation-path | Path to a directory of revoked CA certificates | optional |
| certificate-file | Path to the server's SSL certificate | required |
| certificate-chain-file | Path to the certificate chains for client validation. | optional |
| certificate-key-file | Path to the server's SSL private key certificate | required |
| cipher-suite | Additions and restrictions to the allowed cryptography ciphers | see openssl-tags |
| password | Password protecting the public key | see openssl-tags |
| protocol | Optional restrictions on the SSL protocol | see openssl-tags |
| session-cache | Boolean enabling caching of SSL sessions for performance | false |
| session-cache-timeout | Timeout for session cache values | 30s |
| unclean-shutdown | Flag indicating that openssl sockets can be shutdown uncleanly | false |
| verify-client | Options for client validation | none |
| verify-depth | Depth of the client certificate chains to validate | unlimited |
<password> configures the SSL private key certificate password.
child of http, protocol, serverThe <port> defines the TCP port the HTTP or protocol should bind to.
<resin xmlns="http://caucho.com/ns/resin">
<cluster id="web-tier">
<server id="web-a" address="192.168.1.1" port="6800">
<http address="10.0.1.1" port="80"/>
<http address="192.168.1.1" port="8080"/>
</server>
...
</cluster>
</resin>
<protocol> configures custom socket protocols using Resin's thread and connection management.
The custom protocol will extend from com.caucho.server.port.Protocol.
<resin xmlns="http://caucho.com/ns/resin">
<cluster id="web-tier">
<server id="a">
<protocol address="localhost" port="8888">
<type>example.Magic8BallProtocol</type>
</port>
</server>
</cluster>
</resin>
<protocol> configures the SSL allowed protocols.
child of openssl<session-cache> configures the SSL session cache.
child of openssl<session-cache> configures the SSL session cache timeout.
child of http, cluster-port, protocol, server<socket-timeout> overrides the socket timeout from the <server>.
child of http, protocol, cluster-portSets the tcp-no-delay parameter.
child of openssl<unclean-shutdown> configures the OpenSSL unclean shutdown on connection close.
child of openssl<verify-client> sets the client certificate configuration. If the certificate is available, it will be put in the javax.servlet.request.X509Certificate request attribute.
| none | do not ask for a client certificate (default) |
| required | require a client certificate |
| optional | ask for a client certificate if availiable |
| optional-no-ca | ask for a client certificate, but do not validate the Certificate Authority |
X509Certificate []certs = (X509Certificate [])
request.getAttribute("javax.servlet.request.X509Certificate");
<verify-depth> configures the OpenSSL client verification depth.
| <host> | <resin> |
| Copyright © 1998-2009 Caucho Technology, Inc. All rights reserved. Resin ® is a registered trademark, and Quercustm, Ambertm, and Hessiantm are trademarks of Caucho Technology. |