Home Explore Help
Sign In
studen
/
labkeyDocker
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Adding serverHTTP.xml from onko-nix

LabKey 11 months ago
parent
63352368ac
commit
2b7f82f6e5
1 changed files with 261 additions and 170 deletions
Split View Show Diff Stats
  1. 261 170
      tomcat8/conf/serverHTTP.xml

+ 261 - 170
tomcat8/conf/serverHTTP.xml
View File 

@@ -1,170 +1,261 @@
 
-<?xml version="1.0" encoding="UTF-8"?>

-<!--

-  Licensed to the Apache Software Foundation (ASF) under one or more

-  contributor license agreements.  See the NOTICE file distributed with

-  this work for additional information regarding copyright ownership.

-  The ASF licenses this file to You under the Apache License, Version 2.0

-  (the "License"); you may not use this file except in compliance with

-  the License.  You may obtain a copy of the License at

-

-      http://www.apache.org/licenses/LICENSE-2.0

-

-  Unless required by applicable law or agreed to in writing, software

-  distributed under the License is distributed on an "AS IS" BASIS,

-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-  See the License for the specific language governing permissions and

-  limitations under the License.

--->

-<!-- Note:  A "Server" is not itself a "Container", so you may not

-     define subcomponents such as "Valves" at this level.

-     Documentation at /docs/config/server.html

- -->

-<Server port="8005" shutdown="SHUTDOWN">

-  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />

-  <!-- Security listener. Documentation at /docs/config/listeners.html

-  <Listener className="org.apache.catalina.security.SecurityListener" />

-  -->

-  <!-- APR library loader. Documentation at /docs/apr.html -->

-  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

-  <!-- Prevent memory leaks due to use of particular java/javax APIs-->

-  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />

-  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

-  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

-

-  <!-- Global JNDI resources

-       Documentation at /docs/jndi-resources-howto.html

-  -->

-  <GlobalNamingResources>

-    <!-- Editable user database that can also be used by

-         UserDatabaseRealm to authenticate users

-    -->

-    <Resource name="UserDatabase" auth="Container"

-              type="org.apache.catalina.UserDatabase"

-              description="User database that can be updated and saved"

-              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"

-              pathname="conf/tomcat-users.xml" />

-  </GlobalNamingResources>

-

-  <!-- A "Service" is a collection of one or more "Connectors" that share

-       a single "Container" Note:  A "Service" is not itself a "Container",

-       so you may not define subcomponents such as "Valves" at this level.

-       Documentation at /docs/config/service.html

-   -->

-  <Service name="Catalina">

-

-    <!--The connectors can use a shared executor, you can define one or more named thread pools-->

-    <!--

-    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"

-        maxThreads="150" minSpareThreads="4"/>

-    -->

-

-

-    <!-- A "Connector" represents an endpoint by which requests are received

-         and responses are returned. Documentation at :

-         Java HTTP Connector: /docs/config/http.html

-         Java AJP  Connector: /docs/config/ajp.html

-         APR (HTTP/AJP) Connector: /docs/apr.html

-         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080

-    -->

-    <Connector port="8080" protocol="HTTP/1.1"

-               connectionTimeout="20000"

-               redirectPort="8443" />

-    <!-- A "Connector" using the shared thread pool-->

-    <!--

-    <Connector executor="tomcatThreadPool"

-               port="8080" protocol="HTTP/1.1"

-               connectionTimeout="20000"

-               redirectPort="8443" />

-    -->

-    <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443

-         This connector uses the NIO implementation. The default

-         SSLImplementation will depend on the presence of the APR/native

-         library and the useOpenSSL attribute of the AprLifecycleListener.

-         Either JSSE or OpenSSL style configuration may be used regardless of

-         the SSLImplementation selected. JSSE style configuration is used below.

-    -->

-    <!--

-    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

-               maxThreads="150" SSLEnabled="true">

-        <SSLHostConfig>

-            <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"

-                         type="RSA" />

-        </SSLHostConfig>

-    </Connector>

-    -->

-    <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2

-         This connector uses the APR/native implementation which always uses

-         OpenSSL for TLS.

-         Either JSSE or OpenSSL style configuration may be used. OpenSSL style

-         configuration is used below.

-    -->

-    

-    <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"

-               maxThreads="150" SSLEnabled="true" >

-        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />

-        <SSLHostConfig>

-            <Certificate certificateKeyFile="conf/key.pem"

-                         certificateFile="conf/cert.pem"

-                         certificateChainFile="conf/ca-chain.pem"

-                         type="RSA" />

-        </SSLHostConfig>

-    </Connector>

-   

-

-    <!-- Define an AJP 1.3 Connector on port 8009 -->

-    <!--

-    <Connector protocol="AJP/1.3"

-               address="::1"

-               port="8009"

-               redirectPort="8443" />

-    -->

-

-    <!-- An Engine represents the entry point (within Catalina) that processes

-         every request.  The Engine implementation for Tomcat stand alone

-         analyzes the HTTP headers included with the request, and passes them

-         on to the appropriate Host (virtual host).

-         Documentation at /docs/config/engine.html -->

-

-    <!-- You should set jvmRoute to support load-balancing via AJP ie :

-    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">

-    -->

-    <Engine name="Catalina" defaultHost="localhost">

-

-      <!--For clustering, please take a look at documentation at:

-          /docs/cluster-howto.html  (simple how to)

-          /docs/config/cluster.html (reference documentation) -->

-      <!--

-      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>

-      -->

-

-      <!-- Use the LockOutRealm to prevent attempts to guess user passwords

-           via a brute-force attack -->

-      <Realm className="org.apache.catalina.realm.LockOutRealm">

-        <!-- This Realm uses the UserDatabase configured in the global JNDI

-             resources under the key "UserDatabase".  Any edits

-             that are performed against this UserDatabase are immediately

-             available for use by the Realm.  -->

-        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"

-               resourceName="UserDatabase"/>

-      </Realm>

-

-      <Host name="localhost"  appBase="webapps"

-            unpackWARs="true" autoDeploy="true">

-

-        <!-- SingleSignOn valve, share authentication between web applications

-             Documentation at: /docs/config/valve.html -->

-        <!--

-        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />

-        -->

-

-        <!-- Access log processes all example.

-             Documentation at: /docs/config/valve.html

-             Note: The pattern used is equivalent to using pattern="common" -->

-        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"

-               prefix="localhost_access_log" suffix=".txt"

-               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

-

-      </Host>

-    </Engine>

-  </Service>

-</Server>

+<?xml version="1.0" encoding="UTF-8"?>
 
+<!--
 
+  Licensed to the Apache Software Foundation (ASF) under one or more
 
+  contributor license agreements.  See the NOTICE file distributed with
 
+  this work for additional information regarding copyright ownership.
 
+  The ASF licenses this file to You under the Apache License, Version 2.0
 
+  (the "License"); you may not use this file except in compliance with
 
+  the License.  You may obtain a copy of the License at
 
+
 
+      http://www.apache.org/licenses/LICENSE-2.0
 
+
 
+  Unless required by applicable law or agreed to in writing, software
 
+  distributed under the License is distributed on an "AS IS" BASIS,
 
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 
+  See the License for the specific language governing permissions and
 
+  limitations under the License.
 
+-->
 
+<!-- Note:  A "Server" is not itself a "Container", so you may not
 
+     define subcomponents such as "Valves" at this level.
 
+     Documentation at /docs/config/server.html
 
+ -->
 
+<Server port="8005" shutdown="SHUTDOWN">
 
+  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
 
+  <!-- Security listener. Documentation at /docs/config/listeners.html
 
+  <Listener className="org.apache.catalina.security.SecurityListener" />
 
+  -->
 
+  <!--APR library loader. Documentation at /docs/apr.html -->
 
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
 
+  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
 
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
 
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
 
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
 
+
 
+  <!-- Global JNDI resources
 
+       Documentation at /docs/jndi-resources-howto.html
 
+  -->
 
+  <GlobalNamingResources>
 
+    <!-- Editable user database that can also be used by
 
+         UserDatabaseRealm to authenticate users
 
+    -->
 
+    <Resource name="UserDatabase" auth="Container"
 
+              type="org.apache.catalina.UserDatabase"
 
+              description="User database that can be updated and saved"
 
+              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
 
+              pathname="conf/tomcat-users.xml" />
 
+  </GlobalNamingResources>
 
+
 
+  <!-- A "Service" is a collection of one or more "Connectors" that share
 
+       a single "Container" Note:  A "Service" is not itself a "Container",
 
+       so you may not define subcomponents such as "Valves" at this level.
 
+       Documentation at /docs/config/service.html
 
+   -->
 
+  <Service name="Catalina">
 
+
 
+    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
 
+    <!--
 
+    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
 
+        maxThreads="150" minSpareThreads="4"/>
 
+    -->
 
+
 
+
 
+    <!-- A "Connector" represents an endpoint by which requests are received
 
+         and responses are returned. Documentation at :
 
+         Java HTTP Connector: /docs/config/http.html
 
+         Java AJP  Connector: /docs/config/ajp.html
 
+         APR (HTTP/AJP) Connector: /docs/apr.html
 
+         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
 
+    -->
 
+	    <!--protocol="HTTP/1.1"-->
 
+<!-- Trying to run without 8080 -->
 
+ <Connector port="8080" 
+    scheme="http"
 
+    protocol="org.apache.coyote.http11.Http11Protocol"
 
+    executor="tomcatSharedTreadPool"
 
+    acceptCount="100"
 
+    connectionTimeout="20000"
 
+    disableUploadTimeout="true"
 
+    enableLookups="false"
 
+    maxHttpHeaderSize="8192"
 
+    minSpareThreads="25"
 
+    useBodyEncodingForURI="true"
 
+    URIEncoding="UTF-8"
 
+    compression="on"
 
+    compressionMinSize="2048"
 
+    noComptressionUserAgents="gozilla, traviata"
 
+    compressableMimeType="text/html,text/xml,text/css,application/json"
 
+    />
 
+<!--    redirectPort="8443" -->
 
+    
+<!-- A "Connector" using the shared thread pool-->
 
+    <!--
 
+    <Connector executor="tomcatThreadPool"
 
+               port="8080" protocol="HTTP/1.1"
 
+               connectionTimeout="20000"
 
+               redirectPort="8443" />
 
+    -->
 
+    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
 
+         This connector uses the NIO implementation. The default
 
+         SSLImplementation will depend on the presence of the APR/native
 
+         library and the useOpenSSL attribute of the
 
+         AprLifecycleListener.
 
+         Either JSSE or OpenSSL style configuration may be used regardless of
 
+         the SSLImplementation selected. JSSE style configuration is used below.
 
+    -->
 
+    <!--
 
+    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
 
+               maxThreads="150" SSLEnabled="true">
 
+        <SSLHostConfig>
 
+            <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
 
+                         type="RSA" />
 
+        </SSLHostConfig>
 
+    </Connector>
 
+    -->
 
+    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
 
+         This connector uses the APR/native implementation which always uses
 
+         OpenSSL for TLS.
 
+         Either JSSE or OpenSSL style configuration may be used. OpenSSL style
 
+         configuration is used below.
 
+    -->
 
+    <!---->
 
+    <!--	protocol="org.apache.coyote.http11.Http11AprProtocol" -->
 
+
 
+    <!--
 
+  <Connector 
+	port="8443" 
+	scheme="https" 
+	secure="true"
 
+	SSLEnabled="true" 
+	sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
 
+	sslProtocol="TLSv1"
 
+	ciphers="TLS_DHE_RS_WITH_AES_256_GCM_SHA384,
 
+		TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 
+		TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 
+		TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 
+		TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 
+		TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 
+		TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 
+		TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, 
+		TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 
+		TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 
+		TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 
+		TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 
+		TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 
+		TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 
+		TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 
+		TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 
+		TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 
+		TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 
+		TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 
+		TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
+		TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 
+		TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, 
+		TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 
+		TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 
+		TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, 
+		TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 
+		TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 
+		TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 
+		TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 
+		TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 
+		TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 
+		TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 
+		TLS_RSA_WITH_AES_256_GCM_SHA384, 
+		TLS_RSA_WITH_AES_128_GCM_SHA256, 
+		TLS_RSA_WITH_AES_256_CBC_SHA256, 
+		TLS_RSA_WITH_AES_256_CBC_SHA, 
+		TLS_RSA_WITH_AES_128_CBC_SHA256, 
+		TLS_RSA_WITH_AES_128_CBC_SHA, 
+		TLS_RSA_WITH_3DES_EDE_CBC_SHA"
 
+	protocol="org.apache.coyote.http11.Http11AprProtocol"
 
+	executor="tomcatSharedThreadPool"
 
+	acceptCount="100"
 
+	maxConnections="10"
 
+	connectionTimeout="20000"
 
+	clientAuth="false"
 
+	disableUploadTimeout="true"
 
+	enableLookups="false"
 
+	axHttpHeaderSize="8192" 
+	minSpareThreads="25"
 
+	useBodyEncodingForURI="true" 
+	URIEncoding="UTF-8"
 
+	compression="on" 
+	compressionMinSize="2048"
 
+	noCompressionUserAgents="gozilla, traviata"
 
+	compressableMimeType="text/html,text/xml,text/css,application/json"
 
+	SSLCertificateFile="/usr/share/tomcat8/server/server.crt"
 
+        SSLCertificateKeyFile="/usr/share/tomcat8/server/server.key"
 
+        SSLCACertificateFile="/etc/ssl/certs/nix.crt"
 
+	SSLVerifyClient="required"
 
+        SSLVerifyDepth="2"
 
+        SSLProtocol="all"
 
+	SSLCARevocationFile="/var/www/html/labkeyAtMed0CA/labkeyAtMed0CA-crl.pem"
 
+	/>
 
+
 
+-->
 
+        <!--<<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />-->
 
+<!--        <SSLHostConfig>
 
+            <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
 
+                         certificateFile="conf/localhost-rsa-cert.pem"
 
+                         certificateChainFile="conf/localhost-rsa-chain.pem"
 
+                         type="RSA" />
 
+        </SSLHostConfig>
 
+-->
 
+<!--    </Connector> -->
 
+    
+
 
+    <!-- Define an AJP 1.3 Connector on port 8009 -->
 
+    <!--
 
+    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
 
+    -->
 
+
 
+
 
+    <!-- An Engine represents the entry point (within Catalina) that processes
 
+         every request.  The Engine implementation for Tomcat stand alone
 
+         analyzes the HTTP headers included with the request, and passes them
 
+         on to the appropriate Host (virtual host).
 
+         Documentation at /docs/config/engine.html -->
 
+
 
+    <!-- You should set jvmRoute to support load-balancing via AJP ie :
 
+    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
 
+    -->
 
+    <Engine name="Catalina" defaultHost="localhost">
 
+
 
+      <!--For clustering, please take a look at documentation at:
 
+          /docs/cluster-howto.html  (simple how to)
 
+          /docs/config/cluster.html (reference documentation) -->
 
+      <!--
 
+      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
 
+      -->
 
+
 
+      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
 
+           via a brute-force attack -->
 
+      <Realm className="org.apache.catalina.realm.LockOutRealm">
 
+        <!-- This Realm uses the UserDatabase configured in the global JNDI
 
+             resources under the key "UserDatabase".  Any edits
 
+             that are performed against this UserDatabase are immediately
 
+             available for use by the Realm.  -->
 
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
 
+               resourceName="UserDatabase"/>
 
+      </Realm>
 
+
 
+      <Host name="localhost"  appBase="webapps"
 
+            unpackWARs="true" autoDeploy="true">
 
+
 
+        <!-- SingleSignOn valve, share authentication between web applications
 
+             Documentation at: /docs/config/valve.html -->
 
+        <!--
 
+        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
 
+        -->
 
+
 
+        <!-- Access log processes all example.
 
+             Documentation at: /docs/config/valve.html
 
+             Note: The pattern used is equivalent to using pattern="common" -->
 
+        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
 
+               prefix="localhost_access_log" suffix=".txt"
 
+	       pattern="%h %l %u %t &quot;%r&quot; %{Content-type}i %s %b" />
 
+
 
+      </Host>
 
+    </Engine>
 
+  </Service>
 
+</Server>