Tomcat HTTP Connector Configuration
The Tomcat HTTP Connector is the network entry point that receives client requests. Properly tuning parameters like maxThreads, acceptCount, and connectionTimeout can dramatically improve throughput and responsiveness.
Basic Connector Structure
<!-- server.xml -->
<Connector port="8080"
protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"/>
The protocol attribute determines which connector implementation is used.
| Protocol Value | Implementation | Characteristics |
|---|---|---|
HTTP/1.1 | NIO (auto-selected) | Default, non-blocking I/O |
org.apache.coyote.http11.Http11NioProtocol | NIO | Explicit NIO |
org.apache.coyote.http11.Http11Nio2Protocol | NIO2 | Async I/O |
org.apache.coyote.http11.Http11AprProtocol | APR/Native | Requires native library |
Key Parameters
Thread Pool Configuration
<Connector port="8080" protocol="HTTP/1.1"
maxThreads="200"
minSpareThreads="10"
maxSpareThreads="75"
acceptCount="100"
connectionTimeout="20000"/>
| Parameter | Description | Default | Recommended |
|---|---|---|---|
maxThreads | Max concurrent processing threads | 200 | CPU cores × 50~100 |
minSpareThreads | Minimum idle threads to maintain | 10 | 10~25 |
maxSpareThreads | Maximum idle threads | 75 | maxThreads × 0.3 |
acceptCount | Queue size when all threads are busy | 100 | maxThreads × 0.5 |
Request flow:
Request arrives
↓
[Thread available?]
↓ Yes → Process immediately
↓ No → Queue in acceptCount
↓ Queue full → Connection Refused
Timeout Configuration
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
keepAliveTimeout="15000"
maxKeepAliveRequests="100"/>
| Parameter | Description | Default |
|---|---|---|
connectionTimeout | Wait time for first request line (ms) | 20000 (20s) |
keepAliveTimeout | Keep-Alive connection duration (ms) | Value of connectionTimeout |
maxKeepAliveRequests | Max requests per Keep-Alive connection | 100 |
Production tip: If Nginx/Apache is in front, set
keepAliveTimeoutlong enough to sync with the proxy's keepalive timeout.
Connection and Request Size Limits
<Connector port="8080" protocol="HTTP/1.1"
maxConnections="10000"
maxHttpHeaderSize="8192"
maxPostSize="2097152"
maxParameterCount="1000"/>
| Parameter | Description | Default |
|---|---|---|
maxConnections | NIO: max simultaneous connections | 10000 |
maxHttpHeaderSize | Max request/response header size (bytes) | 8192 (8KB) |
maxPostSize | Max POST body size (bytes) | 2097152 (2MB) |
maxParameterCount | Max number of parameters | 10000 (Tomcat 10.1) |
HTTPS Connector Configuration
Method 1: Java Keystore (JKS)
# Generate self-signed certificate (for testing)
keytool -genkey -alias tomcat \
-keyalg RSA -keysize 2048 \
-keystore /opt/tomcat/conf/keystore.jks \
-validity 365 \
-storepass changeit \
-keypass changeit \
-dname "CN=localhost, OU=Dev, O=MyCompany, L=Seoul, ST=Seoul, C=KR"
<!-- HTTPS Connector (JKS) -->
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150"
SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/keystore.jks"
certificateKeystorePassword="changeit"
type="RSA"/>
</SSLHostConfig>
</Connector>
Method 2: PEM Certificate (Let's Encrypt, etc.)
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150"
SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateFile="/etc/letsencrypt/live/example.com/cert.pem"
certificateKeyFile="/etc/letsencrypt/live/example.com/privkey.pem"
certificateChainFile="/etc/letsencrypt/live/example.com/chain.pem"
type="RSA"/>
</SSLHostConfig>
</Connector>
Production recommendation: Rather than handling SSL directly in Tomcat, use Nginx/Apache for SSL termination and pass plain HTTP to Tomcat. This is much easier for performance and certificate management.
Compression (Gzip) Configuration
<Connector port="8080" protocol="HTTP/1.1"
compression="on"
compressionMinSize="2048"
compressibleMimeType="text/html,text/xml,text/plain,text/css,
application/json,application/javascript"/>
| Parameter | Description | Default |
|---|---|---|
compression | on/off/force | off |
compressionMinSize | Min response size to compress (bytes) | 2048 |
compressibleMimeType | MIME types to compress | — |
Shared Thread Pool (Executor)
Use Executor when multiple connectors share a single thread pool.
<!-- Define shared thread pool -->
<Executor name="tomcatThreadPool"
namePrefix="catalina-exec-"
maxThreads="400"
minSpareThreads="20"
maxQueueSize="100"
prestartminSpareThreads="true"/>
<!-- Connectors reference the Executor -->
<Connector port="8080" protocol="HTTP/1.1"
executor="tomcatThreadPool"
connectionTimeout="20000"/>
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
executor="tomcatThreadPool"
SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateFile="conf/cert.pem"
certificateKeyFile="conf/key.pem"/>
</SSLHostConfig>
</Connector>
X-Forwarded-For Setup (Reverse Proxy)
When Tomcat is behind Nginx or Apache, pass the real client IP to Tomcat.
<!-- RemoteIpValve: treats X-Forwarded-For header as real IP -->
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
proxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"
internalProxies="127\.0\.0\.1|10\.\d+\.\d+\.\d+|192\.168\.\d+\.\d+"/>
With this Valve, request.getRemoteAddr() returns the actual client IP and request.isSecure() correctly indicates HTTPS.
Connector Performance Tuning — Production Checklist
Small Server (2 CPU, 4GB RAM)
<Connector port="8080" protocol="HTTP/1.1"
maxThreads="100"
minSpareThreads="10"
acceptCount="50"
connectionTimeout="10000"
keepAliveTimeout="10000"
maxKeepAliveRequests="50"/>
Medium Server (48 CPU, 816GB RAM)
<Connector port="8080" protocol="HTTP/1.1"
maxThreads="300"
minSpareThreads="25"
acceptCount="150"
connectionTimeout="20000"
keepAliveTimeout="15000"
maxKeepAliveRequests="100"
maxConnections="10000"/>
Large Server (16+ CPU, 32GB+ RAM)
<Executor name="tomcatThreadPool"
maxThreads="800"
minSpareThreads="50"
maxQueueSize="200"/>
<Connector port="8080" protocol="org.apache.coyote.http11.Http11Nio2Protocol"
executor="tomcatThreadPool"
connectionTimeout="30000"
maxConnections="20000"/>
Summary
| Setting | Parameter | Recommended Guideline |
|---|---|---|
| Max threads | maxThreads | CPU core count × 50 (IO-bound) |
| Accept queue | acceptCount | maxThreads × 0.5 |
| Connection timeout | connectionTimeout | 10000~20000ms |
| Thread sharing | Executor | Use when 2+ connectors exist |
| Real IP forwarding | RemoteIpValve | Required with reverse proxy |
| Compression | compression="on" | Recommended for JSON/HTML responses |