Resin Documentation

resin.properties: standard configuration

Most common Resin properties are configured by resin.properties. The resin.properties variables are used by the main resin.xml configuration file.

The resin.properties file is a condensed configuration for the most common Resin configurations. Since it is a set of variables used by the main resin.xml confguration file, the variables are defined by convention. The sections following show some of the most common configurations, followed by a description of the variables.

The resin.properties is in the same directory as resin.xml. In unix systems as /etc/resin.properties. In systems deployed in a single directory, it will be ${resin.home}/conf/resin.properties.

...
app_servers : 127.0.0.1:6800

app.http : 8080

setuid_user : resin
setuid_group : resin

jvm_args : -Xmx2G -XX:MaxPermSize=256m
...

http       : 8080    # default value if unspecified
app-0.http : 8081    # server 'app-0' uses 8082
app-1.http : 8082    # server 'app-0' uses 8082
app.http   : 8089    # servers in 'app' cluster use 8089
web.http   : 8090    # servers in 'web' cluster use 8090

<resin xmlns="http://caucho.com/ns/resin"
    xmlns:resin="urn:java:com.caucho.resin">

  <resin:properties path="${__DIR__}/resin.properties" optional="true"/>

  <dependency-check-interval>${my_var?:'2s'}</dependency-check-interval>

  ...

</resin>

A basic application server configuration needs a few key properties to configure the HTTP port, the servers in the cluster, the operating system user and the JVM arguments for memory and GC.

Each server in the cluster can have the same resin.xml and resin.properties. On start, Resin will detect which server is the local one, select it and start it.

...
app_servers : 127.0.0.1:6800

app.http : 8080

setuid_user : resin
setuid_group : resin

jvm_args : -Xmx2G -XX:MaxPermSize=256m
...

The server names configured by app_servers are generated automatically by position: app-0, app-1, ..., app-n.

app.http configures the HTTP port for the 'app' cluster. The http defines the variable used in the resin.xml, and the app restricts it to servers in defined by app_servers. This system allows for different http ports when starting multiple servers on the same machine, like a web-tier load balancer, an app-tier server, and an memcached server.

This web tier configuration has one web server that handles the HTTP, load balancing, and proxy caching, and one application server that runs the servlet applications. The web server load balances and proxies HTTP requests to the backend application cluster. To scale up, add more servers to app_servers.

...
web_servers : 127.0.0.1:6810
web.http    : 80

proxy_cache_enable : true
proxy_cache_size   : 256m

app_servers : 127.0.0.1:6800
app.http    : 8080

setuid_user : resin
setuid_group : resin

jvm_args : -Xmx2G -XX:MaxPermSize=256m
...

The server names configured by web_servers are generated automatically by position: web-0, web-1, ..., web-n.

# resinctl start-all

The start-all command-line will start both servers in the example because both servers are listening to a local port.

To configure Resin as a memcached server, add IP:port addresses to the memcached_servers configuration.

...
memcached_servers   : 127.0.0.1:6820
memcached_port      : 11211

memcached.http      : 8080

The memcached.http is used for the /resin-admin managment and REST administration.

accept_thread_max limits the maximum threads waiting for a new connection on the port. Higher values are more resiliant to connection spikes because the idle threads are ready and waiting.

In general, the default value is reasonable and does not usually need changing.

...
accept_thread_max : 32
accept_thread_min : 4
...

accept_thread_min triggers a new thread to listen for connections when the number of waiting threads drops below the limit. It works with accept_thread_max to manage the threads waiting in the accept state. Higher values can improve connection spike resposiveness.

In general, the default value is reasonable and does not usually need changing.

...
accept_thread_max : 32
accept_thread_min : 4
...

admin_password is the password used with admin_user for /resin-admin administration, REST, and remote resinctl CLI administration.

admin_password is generated with either the CLI resinctl generate-password or the /resin-admin login screen.

...
admin_user     : my-admin
admin_password : {SSHA}G3UOLv0dkJHTZxAwmhrIC2CRBZ4VJgTB

web_admin_enable   : true
web_admin_ssl      : true
web_admin_external : false
remote_cli_enable  : false
rest_admin_enable  : true
rest_admin_ssl     : true
...

unix> resinctl generate-password my-admin my-password
admin_user : my-admin
admin_password : {SSHA}G3UOLv0dkJHTZxAwmhrIC2CRBZ4VJgTB

admin_user creates a login user name for /resin-admin administration, REST, and remote resinctl CLI administration. It is used with admin_password and web_admin_enable.

admin_password is generated with either the CLI resinctl generate-password or the /resin-admin login screen.

...
admin_user     : my-admin
admin_password : {SSHA}G3UOLv0dkJHTZxAwmhrIC2CRBZ4VJgTB

web_admin_enable   : true
web_admin_ssl      : true
web_admin_external : false
remote_cli_enable  : false
rest_admin_enable  : true
rest_admin_ssl     : true
...

unix> resinctl generate-password my-admin my-password
admin_user : my-admin
admin_password : {SSHA}G3UOLv0dkJHTZxAwmhrIC2CRBZ4VJgTB

The HTTP port for the 'app' cluster. The "app." is a prefix to the http property, restricting it to the named cluster, "app".

...
app.http : 8080
...

The HTTPS port for the 'app' cluster. The "app." is a prefix to the https property, restricting it to the named cluster, "app".

app.https is generally used with openssl_file, openssl_key and openssl_password.

...
app.https : 8443
...

cluster_system_key configures a shared secret across Resin servers in a cluster. The shared secret is checked when servers in the cluster connect. The key can be any string.

cluster_system_key : ms8cntp8743z

dependency_check_interval sets how often Resin will check for updated files. In development this will be a small value. In deployment it can be a larger value.

dependency_check_interval : 2m

elastic_cloud_enable lets dynamic servers join a cluster. If the "start" command either has an "--elastic-server" flag or if the elastic_server property is set, Resin will connect to the cluster as a new dynamic server.

The cluster is either specified by "--cluster foo" or the home_cluster property. The cluster triad hub servers are specified by the app_servers property.

app_servers : 182.168.1.10:6800

elastic_server       : true
elastic_cloud_enable : true
home_cluster         : app

To start a dynamic server, use resinctl with start and specify --elastic-server to force a dynamic server. The --cluster is optional if a home-cluster has been defined.

# resinctl start --elastic-server --cluster app

elastic_dns is used in cloud environments that assign IP addresses or DNS names after the server starts, for example in an EC2 environment. When elastic_dns is enabled, Resin will start the server, wait and retry until the local IP addresses or DNS resolve to a matching server.

For example, a Resin cluster might have a fixed pre-allocated DNS name of "app0.mydomain" and app_servers might include that address. At server boot time, the cloud assigns the dynamic IP 192.168.2.114. Later the cloud or the user will attach the IP to the DNS name "app0.mydomain". Resin will then recognize it and start with the correct value.

1. Reserve DNS address "app0.mydomain" with cloud provider.
2. Configure resin.properties with that fixed address and elastic_dns.
3. Start Resin instance in the cloud (with address 192.168.2.114)
4. [Resin is in wait mode until the following step because it doesn't lookup "app0.mydomain" to 192.168.2.114 in the configuration files.]
5. Assign the DNS name "app0.mydomain" to 192.168.1.10 with the cloud provider.
6. Resin will detect the new assignment and start as that server.

app_servers : app0.mydomain:6800

elastic_dns           : true

You can specify the elastic_dns in the resin.properties or equivalently specify it on the command line as --elastic-dns.

# resinctl start-all --elastic-dns

elastic_server starts the server as a dynamic server and joins a cluster. The dynamic server must have a hub server configured in the cluster to register itself. The cluster must also have the elastic_cloud_enable set to enable dynamic servers.

When the "start" command either has an "--elastic-server" flag or if the elastic_server property is set, Resin will connect to the cluster as a new dynamic server.

The cluster is either specified by "--cluster foo" or the home_cluster property. The cluster triad hub servers are specified by the app_servers property.

• Either elastic_server in the resin.properties or --elastic-server on the command line to start an elastic server.
• Either home_server in the resin.properties or --cluster on the command line to specify the cluster.
• elastic_cloud_enable in the resin.properties to enable dynamic servers.
• At least one static server defined in app_servers in the resin.properties as the hub. Three servers is preferred.

app_servers : 182.168.1.10:6800

elastic_server       : true
elastic_cloud_enable : true
home_cluster         : app

To start a dynamic server, use resinctl with start and specify --elastic-server or elastic_server in the resin.properties to force a dynamic server. The --cluster is optional if a home-cluster has been defined.

# resinctl start --elastic-server --cluster app

email is an admin email address used to send automatic reports like weekly PDF reports.

email : myuser@admin.example.org

The HTTP port for all servers, usually restricted to the cluster or server as app.http or web.http. If the plain http property is used, it is the default http for all servers.

...
http     : 8080
app.http : 8081   # overrides for a server in cluster 'app'
...

http_address selects a specific IP address and port for HTTP. It can be useful when each server needs to bind to a different address.

The http_address can be qualified by the cluster or the individual server like other properties. For example, app-0.http_address configures the address for server app-0 in the app cluster.

...
app-0.http_address     : 192.168.1.10
app-1.http_address     : 192.168.1.11

app.http               : 8080
...

http_ping_urls is a list of URLs to check for server reliability. Resin's health system will periodically check the URLs on the current server. If the server does not respond, the health system will force an automatic restart of Resin.

http_ping_urls : http://www.myfoo.com/my-test http://www.mybar.com/my-test2

jvm_args defines the JDK memory and GC parameters to start the Resin process.

jvm_args : -Xmx2G -XX:MaxPermSize=256m

openssl_file configures the OpenSSL *.crt certificate file when using SSL. The file location is relative to the resin.xml file.

app.https         : 8443

openssl_file      : keys/foo.crt
openssl_key       : keys/foo.key
openssl_password  : my-password

openssl_key configures the OpenSSL *.key key file when using SSL. The file location is relative to the resin.xml file.

app.https         : 8443

openssl_file      : keys/foo.crt
openssl_key       : keys/foo.key
openssl_password  : my-password

openssl_password configures the password for OpenSSL key file when using SSL.

app.https         : 8443

openssl_file      : keys/foo.crt
openssl_key       : keys/foo.key
openssl_password  : my-password

port_thread_max restricts the active threads available for a single port. Connections beyond the limit will use the async/select manager, and queue for an available thread.

port_thread_max can be used to limit the maximum load on an overloaded system. If more connection arrive than port_thread_max and beyond the select manager, they will be delayed instead of overloading the system.

...
port_thread_max   : 256
accept_thread_max : 32
accept_thread_min : 4

properties_import_url adds a new properties file to be processed after the resin.properties. Cloud servers using EC2-style /user-data can use the url to customize properties for each server.

...
properties_import_url : http://169.254.169.254/latest/user-data

proxy_cache_enable enables Resin's HTTP proxy cache. The proxy cache improves performance by saving the server's generated pages. It can be used for formatted web pages or REST-style GET pages that change infrequently.

proxy_cache_enable : true
proxy_cache_size  : 256m

proxy_cache_size is the size of the in-memory proxy cache size. The actual maximum size is much larger, because the memory is used as a block cache for a disk based store. The memory block cache is also used for distributed caching.

proxy_cache_enable : true
proxy_cache_size  : 256m

remote_cli_enable enables the CLI resinctl to be used for remote servers. By default the CLI is restricted to the local network.

remote_cli_enable : true

rest_admin_enable enables REST-based administration of a Resin server. REST can be used to integrate Resin with remote administration consoles or status scripts.

rest_admin_enable requires an admin_user and admin_password for security. It can optionally be restricted to SSL ports with resin_admin_ssl.

...
rest_admin_enable  : true
rest_admin_ssl     : true

admin_user     : my-admin
admin_password : {SSHA}G3UOLv0dkJHTZxAwmhrIC2CRBZ4VJgTB
...

rest_admin_ssl requires an SSL connection for REST-based administration of a Resin server. REST can be used to integrate Resin with remote administration consoles or status scripts.

...
rest_admin_enable  : true
rest_admin_ssl     : true

admin_user     : my-admin
admin_password : {SSHA}G3UOLv0dkJHTZxAwmhrIC2CRBZ4VJgTB
...

sendfile enables operating system sendfile() call, which will send an entire file without requiring Resin to read the file itself. sendfile is particularly useful when much of the traffic is large static files.

...
sendfile   : true
tcp_cork   : true

session_store enables clustered persistent sessions for failover.

...
session_store : true
...

On unix, setuid_user runs the Resin instance as the specified user for security.

...
setuid_user : resin
setuid_group : resin
...

On unix, setuid_group runs the Resin instance as the specified group for security.

...
setuid_user : resin
setuid_group : resin
...

tcp_cork enables advanced TCP flow control on Linux systems for improved performance of large files. When it is enabled, sent data will be buffered in the operating system until the buffers fill, instead of being sent out with partial buffers. An application flush() will still force the data to be sent out.

...
tcp_cork   : true

web_admin_enable enables /resin-admin for a Resin server. /resin-admin can show the server status, report statistics graphs, deploy applications, and generate PDF reports.

web_admin_enable requires an admin_user and admin_password for security. It can optionally be restricted to SSL ports with web_admin_ssl.

...
web_admin_enable  : true
web_admin_ssl     : true

admin_user     : my-admin
admin_password : {SSHA}G3UOLv0dkJHTZxAwmhrIC2CRBZ4VJgTB
...

web_admin_external enables /resin-admin access for servers outside the local network. If enabled, it should be always used with web_admin_ssl.

...
web_admin_enable   : true
web_admin_external : true
web_admin_ssl      : true

admin_user     : my-admin
admin_password : {SSHA}G3UOLv0dkJHTZxAwmhrIC2CRBZ4VJgTB
...

web_admin_ssl requires an SSL connection for /resin-admin administration of a Resin server. /resin-admin can show the server status, report statistics graphs, deploy applications, and generate PDF reports.

...
web_admin_enable  : true
web_admin_ssl     : true

admin_user     : my-admin
admin_password : {SSHA}G3UOLv0dkJHTZxAwmhrIC2CRBZ4VJgTB
...

webapp_multiversion_routing is a deployment versioning system where Resin selects the most recent deployed application. Web-apps named with numeric suffixes, e.g. foo-10.0.war and can be browsed as /foo. When a new version of the web-app is deployed, Resin continues to route active session requests to the previous web-app version while new sessions go to the new version, so users will not be aware of the application upgrade.

...
webapp_multiversion_routing : true
...