Tomcat current worker threads and current connections

This article is a continuation of the previous article : https://khalidoubelque.wordpress.com/monitoring-spring-boot-application-with-micrometer-prometheus-and-grafana-using-custom-metrics/

Also check the github project : https://github.com/khalidOubelque/jmeterTesting

Jmeter

In this article i will run a jmeter scenario to challenge tomcat server, see bellow the configuration :

Spring boot – Tomcat

In this section we are going to expose Tomcat metrics in Spring Boot and Prometheus :

in the application.yml file :

server:
  tomcat:
    mbeanregistry:
      enabled: true
  ssl:
    key-store: classpath:example.jks
    key-store-password: password
  port: 8443


management:
  endpoints:
    web:
      exposure:
        include: prometheus,health,info,metric,beans

In pom.xml file :

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>3.0.3</version>
		<relativePath/> <!-- lookup parent from repository -->
	</parent>
	<groupId>com.example</groupId>
	<artifactId>demo</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<name>jmeterTesting</name>
	<description>Demo project for Spring Boot</description>
	<properties>
		<java.version>17</java.version>
	</properties>
	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-actuator</artifactId>
			<version>3.0.2</version>
		</dependency>
		<dependency>
			<groupId>io.micrometer</groupId>
			<artifactId>micrometer-core</artifactId>
			<version>1.10.2</version>
		</dependency>
		<dependency>
			<groupId>io.micrometer</groupId>
			<artifactId>micrometer-registry-prometheus</artifactId>
			<scope>runtime</scope>
		</dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>

</project>

The micrometer-registry-prometheus dependency provides support for exporting metrics to Prometheus, while the spring-boot-starter-actuator dependency provides support for exposing metrics via an endpoint in your Spring Boot application.

Now start your Spring Boot application and navigate to the /actuator/prometheus endpoint in a web browser to see a list of available metrics.

Premetheus & Grafana

Run both docker containers, like shown in the previous articles, Then we are going to add a panel on grafana, to create two dashboards :

1- To display current active worker threads, using the metric tomcat_threads_current_threads

2- To display current active connections, using the metric tomcat_connections_current_connections

Note that maxConnections is 10000 (For NIO the default is 10000. For APR/native, the default is 8192.)

and maxWorkerThreads is 200 by defaut

JSSE

JSSE stands for Java Secure Socket Extension, which is a set of Java APIs used for implementing secure communication protocols such as TLS (Transport Layer Security) and SSL (Secure Sockets Layer).

In a Spring Boot application, you can configure TLS communication using JSSE with an embedded Tomcat server by adding the necessary configuration properties to the application.properties or application.yml file. For example, to configure the server to use TLS with a self-signed certificate, you can add the following properties:

server.port=8443
server.ssl.key-store=classpath:keystore.jks
server.ssl.key-store-password=password
server.ssl.key-password=password

When the Spring Boot application starts, it configures the embedded Tomcat server to use JSSE with the specified properties to handle secure communication over TLS. Clients can connect to the server using HTTPS protocol on the specified port, and the server will use JSSE to negotiate a secure connection using the specified certificate and private key.

Overall, JSSE is an important component of secure communication in Spring Boot applications, and its configuration is an essential aspect of deploying a secure and reliable server.

Java’s JSSE has already a default session cache of 20480 entries with an expiration of 24 hours.

Apache Tomcat Native

The Apache Tomcat Native Library is an optional component for use with Apache Tomcat that allows Tomcat to use OpenSSL as a replacement for JSSE to support TLS connections.

If you’ve ever perf tested JSSE’s SSL handling, you’d know that it’s SLOW!

By using OpenSSL instead of the JSSE, applications can benefit from the performance and security improvements provided by the OpenSSL library. The Apache Tomcat Native Library provides a Java Native Interface (JNI) wrapper around the OpenSSL library, allowing it to be used in Java applications.