鲲鹏平台KAE加速Tomcat应用
发表于 2025/06/24
0
作者:聂炜强
1、安装配置
环境
CPU:鲲鹏920 7260处理器OS:openEuler 22.03 LTS SP2
bisheng-jdk:8u422
maven:3.8.8
spring-boot:2.7.6
httpress:httpress 1.1.0
安装依赖
安装毕昇JDK
下载毕昇JDK压缩包,并解压cd /home
wget https://mirrors.huaweicloud.com/kunpeng/archive/compiler/bisheng_jdk/bisheng-jdk-8u422-linux-aarch64.tar.gz --no-check-certificate
tar -zxvf bisheng-jdk-8u422-linux-aarch64.tar.gz
设置JAVA环境变量
export JAVA_HOME=/home/bisheng-jdk1.8.0_422
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export JRE_HOME=$JAVA_HOME/jre
java -version
若返回版本信息,说明毕昇JDK安装成功。
安装maven
安装Spring Boot内置的Tomcat之前,需要首先安装并配置Maven,以满足Spring Boot项目构建与运行环境要求下载Maven压缩包,并解压
cd /home
wget https://dlcdn.apache.org/maven/maven-3/3.8.8/binaries/apache-maven-3.8.8-bin.tar.gz --no-check-certificate
tar -zxvf apache-maven-3.8.8-bin.tar.gz
配置Maven环境变量
export MAVEN_HOME=/home/apache-maven-3.8.8
export PATH=$PATH:$MAVEN_HOME/bin
mvn --version
若返回版本信息,说明Maven安装成功。
安装httpress
参见《[httpress 测试指导](https://www.hikunpeng.com/document/detail/zh/kunpengwebs/testguide/tstg/kunpenghttpress_06_0001.html)》使用源码编译方式安装并验证httpress。2、创建spring-web项目
创建项目基础目录
在“/home”目录下创建一个名为tomcat-test-01的项目文件夹,并为文件夹设置必要的子目录结构。cd /home
mkdir -p /home/tomcat-test-01/src/main/java/com/example/tomcattest01
mkdir -p /home/tomcat-test-01/src/main/java/com/example/tomcattest01/demos/web
mkdir -p /home/tomcat-test-01/src/main/resources
mkdir -p /home/tomcat-test-01/src/main/resources/static
编写启动类
在com.example.tomcattest01包下创建一个名为TomcatTest01Application的Java类,并编写Spring Boot应用的启动代码。创建文件
vi /home/tomcat-test-01/src/main/java/com/example/tomcattest01/TomcatTest01Application.java
在文件中添加以下内容
package com.example.tomcattest01;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class TomcatTest01Application {
public static void main(String[] args) {
SpringApplication.run(TomcatTest01Application.class, args);
}
}
编写controller类
在com.example.tomcattest01.demos.web包下创建一个名为BasicController的Java类,用于处理Web请求并返回响应打开文件
vi /home/tomcat-test-01/src/main/java/com/example/tomcattest01/demos/web/BasicController.java
在文件中添加以下内容
package com.example.tomcattest01.demos.web;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class BasicController {
// http://127.0.0.1:8080/hello?name=Mary
@RequestMapping("/hello")
@ResponseBody
public String hello(@RequestParam(name = "name", defaultValue = "unknown user") String name) {
return "Hello " + name;
}
}
编写配置文件
Tomcat默认使用HTTP协议,若需配置HTTPS协议,请在文件中添加相应的SSL证书配置打开文件
vi /home/tomcat-test-01/src/main/resources/application.properties
在文件中添加以下内容
# 指定端口为8443
server.port=8443
# 使用HTTPS协议
server.ssl.enabled=true
# 证书路径
server.ssl.key-store=classpath:server.p12
# 证书类型
server.ssl.key-store-type=PKCS12
# 配置证书密码
server.ssl.key-store-password=123456aa
# 指定允许使用的加密套件
server.ssl.ciphers=ECDHE-RSA-AES256-GCM-SHA384
# 设置使用的 SSL 协议
server.ssl.protocol=TLS
# 设置TLS 协议版本为 TLS 1.2
server.ssl.enabled-protocols=TLSv1.2
创建自签名证书
创建服务器证书密钥文件server.key,密码可自定义,本文设置成123456aa,下文涉及密码的地方都填写这个。cd /home/tomcat-test-01/src/main/resources
openssl genrsa -des3 -out server.key 2048
生成自签名的根证书server.crt
需要输入密码,输入上一步骤设置的123456aa。还需要填写一些证书请求信息,包括国家代号(如CN代表中国)、省/州全名、城市/地区全名、组织的英文名、组织单位的英文名(可选)、常用名(可选)和电子邮件地址(可选),这里只填入国家代码CN,其他选项直接回车即可。
openssl req -x509 -new -key server.key -out server.crt
生成无密码的私钥private.pem
openssl genpkey -algorithm RSA -out private.pem
创建证书请求文件server.csr
openssl req -new -key private.pem -out server.csr
签署证书
openssl x509 -req -in server.csr -CA server.crt -CAkey server.key -CAcreateserial -out server.crt
生成p12文件server.p12
openssl pkcs12 -export -in server.crt -inkey private.pem -out server.p12
创建静态页面
在“src/main/resources/static”目录下创建一个名为index.html的静态页面文件
打开文件
vi /home/tomcat-test-01/src/main/resources/static/index.html
在文件中添加以下内容
<html>
<body>
<h1>hello word!!!</h1>
<p>this is a html page</p>
</body>
</html>
创建pom.xml文件,用于定义项目的依赖和构建配置
打开文件
vi /home/tomcat-test-01/pom.xml
在文件中添加以下内容
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0%22 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance%22
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd%22%3E
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>tomcat-test-01</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>tomcat-test-01</name>
<packaging>jar</packaging>
<description>tomcat-test-01</description>
<properties>
<java.version>1.8</java.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<spring-boot.version>2.7.6</spring-boot.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<version>${spring-boot.version}</version>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>${spring-boot.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>${spring-boot.version}</version>
<configuration>
<fork>true</fork>
<mainClass>com.example.tomcattest01.TomcatTest01Application</mainClass>
</configuration>
<executions>
<execution>
<id>repackage</id>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
构建可执行JAR文件
cd /home/tomcat-test-01
mvn clean package -Dmaven.resolver.transport=wagon -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ign
3、不使用KAE
运行
取消HTTP/HTTPS代理配置unset http_proxy
unset https_proxy
绑定0-7核,运行JAR文件
cd /home/tomcat-test-01/target
taskset -c 0-7 java -jar tomcat-test-01-0.0.1-SNAPSHOT.jar
切换至另一个终端窗口,运行httpress命令压测8443端口
taskset -c 8-47 httpress -n 50000 -c 100 -t 100 https://127.0.0.1:8443/
观察httpress的输出
不使用KAE的RPS为2538,即每秒能够处理2538个请求SSL INFO: ECDHE_RSA_AES_256_GCM_SHA384
- Protocol: TLS1.2
- Key Exchange: ECDHE-RSA
- Ephemeral ECDH using curve SECP256R1
- Cipher: AES-256-GCM
- MAC: AEAD
- Compression: NULL
- Certificate Type: X.509
- Certificate Info: subject `O=Internet Widgits Pty Ltd,ST=Some-State,C=CN', issuer `O=Internet Widgits Pty Ltd,ST=Some-State,C=CN', serial 0x2b17a486544332bbfcb623cd9961849190a26dd8, RSA key 2048 bits, signed using RSA-SHA256, activated `2025-06-06 08:35:34 UTC', expires `2025-07-06 08:35:34 UTC', pin-sha256="Z3/xik6yb1q8m0VnTfJYYY4IDZWIDaIu2aAKJoxD56w="
TOTALS: 50000 connect, 50000 requests, 50000 success, 0 fail, 120 (120) real concurrency
TRAFFIC: 80 avg bytes, 314 avg overhead, 4000000 bytes, 15700000 overhead
TIMING: 19.697 seconds, 2538 rps, 976 kbps, 47.3 ms avg req time
4、使用KAE
Ctrl +C 停止上文启动的spring-web程序配置并运行
修改Java安全配置文件打开文件
vi $JAVA_HOME/jre/lib/security/java.security
注释以下内容
security.provider.1=org.openeuler.security.openssl.KAEProvider
security.provider.2=sun.security.provider.Sun
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=sun.security.ec.SunEC
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC
security.provider.11=sun.security.mscapi.SunMSCAPI
添加以下内容,新增KAE Provider,并设置为最高优先级
security.provider.1=org.openeuler.security.openssl.KAEProvider
security.provider.2=sun.security.provider.Sun
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=sun.security.ec.SunEC
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC
security.provider.11=sun.security.mscapi.SunMSCAPI
配置KAE Provider
打开文件
vi $JAVA_HOME/jre/lib/kaeprovider.conf
添加以下内容
kae.rsa=true
kae.log=true
kae.rsa.useKaeEngine=true
kae.libcrypto.useGlobalMode=true
配置KAE环境变量
export OPENSSL_ENGINES=/usr/local/lib/engines-1.1
启动spring web服务
cd /home/tomcat-test-01/target
taskset -c 0-7 java -jar tomcat-test-01-0.0.1-SNAPSHOT.jar
切换至另一个终端窗口,运行httpress命令压测8443端口
taskset -c 8-47 httpress -n 50000 -c 100 -t 100 https://127.0.0.1:8443/
观察httpress的输出
不使用KAE的RPS为5204,即每秒能够处理5204个请求SSL INFO: ECDHE_RSA_AES_256_GCM_SHA384
- Protocol: TLS1.2
- Key Exchange: ECDHE-RSA
- Ephemeral ECDH using curve SECP256R1
- Cipher: AES-256-GCM
- MAC: AEAD
- Compression: NULL
- Certificate Type: X.509
- Certificate Info: subject `O=Internet Widgits Pty Ltd,ST=Some-State,C=CN', issuer `O=Internet Widgits Pty Ltd,ST=Some-State,C=CN', serial 0x2b17a486544332bbfcb623cd9961849190a26dd8, RSA key 2048 bits, signed using RSA-SHA256, activated `2025-06-06 08:35:34 UTC', expires `2025-07-06 08:35:34 UTC', pin-sha256="Z3/xik6yb1q8m0VnTfJYYY4IDZWIDaIu2aAKJoxD56w="
TOTALS: 50000 connect, 50000 requests, 50000 success, 0 fail, 120 (120) real concurrency
TRAFFIC: 80 avg bytes, 314 avg overhead, 4000000 bytes, 15700000 overhead
TIMING: 9.607 seconds, 5204 rps, 2002 kbps, 23.1 ms avg req time