|
|
@@ -1,261 +0,0 @@
|
|
|
-<?xml version="1.0" encoding="UTF-8"?>
|
|
|
-<!--
|
|
|
- Licensed to the Apache Software Foundation (ASF) under one or more
|
|
|
- contributor license agreements. See the NOTICE file distributed with
|
|
|
- this work for additional information regarding copyright ownership.
|
|
|
- The ASF licenses this file to You under the Apache License, Version 2.0
|
|
|
- (the "License"); you may not use this file except in compliance with
|
|
|
- the License. You may obtain a copy of the License at
|
|
|
-
|
|
|
- http://www.apache.org/licenses/LICENSE-2.0
|
|
|
-
|
|
|
- Unless required by applicable law or agreed to in writing, software
|
|
|
- distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
- See the License for the specific language governing permissions and
|
|
|
- limitations under the License.
|
|
|
--->
|
|
|
-<!-- Note: A "Server" is not itself a "Container", so you may not
|
|
|
- define subcomponents such as "Valves" at this level.
|
|
|
- Documentation at /docs/config/server.html
|
|
|
- -->
|
|
|
-<Server port="8005" shutdown="SHUTDOWN">
|
|
|
- <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
|
|
|
- <!-- Security listener. Documentation at /docs/config/listeners.html
|
|
|
- <Listener className="org.apache.catalina.security.SecurityListener" />
|
|
|
- -->
|
|
|
- <!--APR library loader. Documentation at /docs/apr.html -->
|
|
|
- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
|
|
|
- <!-- Prevent memory leaks due to use of particular java/javax APIs-->
|
|
|
- <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
|
|
|
- <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
|
|
|
- <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
|
|
|
-
|
|
|
- <!-- Global JNDI resources
|
|
|
- Documentation at /docs/jndi-resources-howto.html
|
|
|
- -->
|
|
|
- <GlobalNamingResources>
|
|
|
- <!-- Editable user database that can also be used by
|
|
|
- UserDatabaseRealm to authenticate users
|
|
|
- -->
|
|
|
- <Resource name="UserDatabase" auth="Container"
|
|
|
- type="org.apache.catalina.UserDatabase"
|
|
|
- description="User database that can be updated and saved"
|
|
|
- factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
|
|
|
- pathname="conf/tomcat-users.xml" />
|
|
|
- </GlobalNamingResources>
|
|
|
-
|
|
|
- <!-- A "Service" is a collection of one or more "Connectors" that share
|
|
|
- a single "Container" Note: A "Service" is not itself a "Container",
|
|
|
- so you may not define subcomponents such as "Valves" at this level.
|
|
|
- Documentation at /docs/config/service.html
|
|
|
- -->
|
|
|
- <Service name="Catalina">
|
|
|
-
|
|
|
- <!--The connectors can use a shared executor, you can define one or more named thread pools-->
|
|
|
- <!--
|
|
|
- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
|
|
|
- maxThreads="150" minSpareThreads="4"/>
|
|
|
- -->
|
|
|
-
|
|
|
-
|
|
|
- <!-- A "Connector" represents an endpoint by which requests are received
|
|
|
- and responses are returned. Documentation at :
|
|
|
- Java HTTP Connector: /docs/config/http.html
|
|
|
- Java AJP Connector: /docs/config/ajp.html
|
|
|
- APR (HTTP/AJP) Connector: /docs/apr.html
|
|
|
- Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
|
|
|
- -->
|
|
|
- <!--protocol="HTTP/1.1"-->
|
|
|
-<!-- Trying to run without 8080 -->
|
|
|
- <Connector port="8080"
|
|
|
- scheme="http"
|
|
|
- protocol="org.apache.coyote.http11.Http11Protocol"
|
|
|
- executor="tomcatSharedTreadPool"
|
|
|
- acceptCount="100"
|
|
|
- connectionTimeout="20000"
|
|
|
- disableUploadTimeout="true"
|
|
|
- enableLookups="false"
|
|
|
- maxHttpHeaderSize="8192"
|
|
|
- minSpareThreads="25"
|
|
|
- useBodyEncodingForURI="true"
|
|
|
- URIEncoding="UTF-8"
|
|
|
- compression="on"
|
|
|
- compressionMinSize="2048"
|
|
|
- noComptressionUserAgents="gozilla, traviata"
|
|
|
- compressableMimeType="text/html,text/xml,text/css,application/json"
|
|
|
- />
|
|
|
-<!-- redirectPort="8443" -->
|
|
|
-
|
|
|
-<!-- A "Connector" using the shared thread pool-->
|
|
|
- <!--
|
|
|
- <Connector executor="tomcatThreadPool"
|
|
|
- port="8080" protocol="HTTP/1.1"
|
|
|
- connectionTimeout="20000"
|
|
|
- redirectPort="8443" />
|
|
|
- -->
|
|
|
- <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
|
|
|
- This connector uses the NIO implementation. The default
|
|
|
- SSLImplementation will depend on the presence of the APR/native
|
|
|
- library and the useOpenSSL attribute of the
|
|
|
- AprLifecycleListener.
|
|
|
- Either JSSE or OpenSSL style configuration may be used regardless of
|
|
|
- the SSLImplementation selected. JSSE style configuration is used below.
|
|
|
- -->
|
|
|
- <!--
|
|
|
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
|
|
|
- maxThreads="150" SSLEnabled="true">
|
|
|
- <SSLHostConfig>
|
|
|
- <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
|
|
|
- type="RSA" />
|
|
|
- </SSLHostConfig>
|
|
|
- </Connector>
|
|
|
- -->
|
|
|
- <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
|
|
|
- This connector uses the APR/native implementation which always uses
|
|
|
- OpenSSL for TLS.
|
|
|
- Either JSSE or OpenSSL style configuration may be used. OpenSSL style
|
|
|
- configuration is used below.
|
|
|
- -->
|
|
|
- <!---->
|
|
|
- <!-- protocol="org.apache.coyote.http11.Http11AprProtocol" -->
|
|
|
-
|
|
|
- <!--
|
|
|
- <Connector
|
|
|
- port="8443"
|
|
|
- scheme="https"
|
|
|
- secure="true"
|
|
|
- SSLEnabled="true"
|
|
|
- sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
|
|
|
- sslProtocol="TLSv1"
|
|
|
- ciphers="TLS_DHE_RS_WITH_AES_256_GCM_SHA384,
|
|
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
|
|
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
|
|
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
|
|
|
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
|
|
|
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
|
|
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
|
|
- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
|
|
|
- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
|
|
|
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
|
|
|
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
|
|
|
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
|
|
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
|
|
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
|
|
|
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
|
|
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
|
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
|
|
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
|
|
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
|
|
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
|
|
- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
|
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
|
|
|
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
|
|
|
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
|
|
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
|
|
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
|
- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
|
|
- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
|
- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
|
|
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
|
- TLS_RSA_WITH_AES_256_GCM_SHA384,
|
|
|
- TLS_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
- TLS_RSA_WITH_AES_256_CBC_SHA256,
|
|
|
- TLS_RSA_WITH_AES_256_CBC_SHA,
|
|
|
- TLS_RSA_WITH_AES_128_CBC_SHA256,
|
|
|
- TLS_RSA_WITH_AES_128_CBC_SHA,
|
|
|
- TLS_RSA_WITH_3DES_EDE_CBC_SHA"
|
|
|
- protocol="org.apache.coyote.http11.Http11AprProtocol"
|
|
|
- executor="tomcatSharedThreadPool"
|
|
|
- acceptCount="100"
|
|
|
- maxConnections="10"
|
|
|
- connectionTimeout="20000"
|
|
|
- clientAuth="false"
|
|
|
- disableUploadTimeout="true"
|
|
|
- enableLookups="false"
|
|
|
- axHttpHeaderSize="8192"
|
|
|
- minSpareThreads="25"
|
|
|
- useBodyEncodingForURI="true"
|
|
|
- URIEncoding="UTF-8"
|
|
|
- compression="on"
|
|
|
- compressionMinSize="2048"
|
|
|
- noCompressionUserAgents="gozilla, traviata"
|
|
|
- compressableMimeType="text/html,text/xml,text/css,application/json"
|
|
|
- SSLCertificateFile="/usr/share/tomcat8/server/server.crt"
|
|
|
- SSLCertificateKeyFile="/usr/share/tomcat8/server/server.key"
|
|
|
- SSLCACertificateFile="/etc/ssl/certs/nix.crt"
|
|
|
- SSLVerifyClient="required"
|
|
|
- SSLVerifyDepth="2"
|
|
|
- SSLProtocol="all"
|
|
|
- SSLCARevocationFile="/var/www/html/labkeyAtMed0CA/labkeyAtMed0CA-crl.pem"
|
|
|
- />
|
|
|
-
|
|
|
--->
|
|
|
- <!--<<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />-->
|
|
|
-<!-- <SSLHostConfig>
|
|
|
- <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
|
|
|
- certificateFile="conf/localhost-rsa-cert.pem"
|
|
|
- certificateChainFile="conf/localhost-rsa-chain.pem"
|
|
|
- type="RSA" />
|
|
|
- </SSLHostConfig>
|
|
|
--->
|
|
|
-<!-- </Connector> -->
|
|
|
-
|
|
|
-
|
|
|
- <!-- Define an AJP 1.3 Connector on port 8009 -->
|
|
|
- <!--
|
|
|
- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
|
|
|
- -->
|
|
|
-
|
|
|
-
|
|
|
- <!-- An Engine represents the entry point (within Catalina) that processes
|
|
|
- every request. The Engine implementation for Tomcat stand alone
|
|
|
- analyzes the HTTP headers included with the request, and passes them
|
|
|
- on to the appropriate Host (virtual host).
|
|
|
- Documentation at /docs/config/engine.html -->
|
|
|
-
|
|
|
- <!-- You should set jvmRoute to support load-balancing via AJP ie :
|
|
|
- <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
|
|
|
- -->
|
|
|
- <Engine name="Catalina" defaultHost="localhost">
|
|
|
-
|
|
|
- <!--For clustering, please take a look at documentation at:
|
|
|
- /docs/cluster-howto.html (simple how to)
|
|
|
- /docs/config/cluster.html (reference documentation) -->
|
|
|
- <!--
|
|
|
- <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
|
|
|
- -->
|
|
|
-
|
|
|
- <!-- Use the LockOutRealm to prevent attempts to guess user passwords
|
|
|
- via a brute-force attack -->
|
|
|
- <Realm className="org.apache.catalina.realm.LockOutRealm">
|
|
|
- <!-- This Realm uses the UserDatabase configured in the global JNDI
|
|
|
- resources under the key "UserDatabase". Any edits
|
|
|
- that are performed against this UserDatabase are immediately
|
|
|
- available for use by the Realm. -->
|
|
|
- <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
|
|
|
- resourceName="UserDatabase"/>
|
|
|
- </Realm>
|
|
|
-
|
|
|
- <Host name="localhost" appBase="webapps"
|
|
|
- unpackWARs="true" autoDeploy="true">
|
|
|
-
|
|
|
- <!-- SingleSignOn valve, share authentication between web applications
|
|
|
- Documentation at: /docs/config/valve.html -->
|
|
|
- <!--
|
|
|
- <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
|
|
|
- -->
|
|
|
-
|
|
|
- <!-- Access log processes all example.
|
|
|
- Documentation at: /docs/config/valve.html
|
|
|
- Note: The pattern used is equivalent to using pattern="common" -->
|
|
|
- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
|
|
|
- prefix="localhost_access_log" suffix=".txt"
|
|
|
- pattern="%h %l %u %t "%r" %{Content-type}i %s %b" />
|
|
|
-
|
|
|
- </Host>
|
|
|
- </Engine>
|
|
|
- </Service>
|
|
|
-</Server>
|
Labkey