| Piotr Darosz | e2d292d | 2018-08-29 10:33:54 +0200 | [diff] [blame] | 1 | <?xml version='1.0' encoding='utf-8'?> |
| 2 | <!-- |
| 3 | Licensed to the Apache Software Foundation (ASF) under one or more |
| 4 | contributor license agreements. See the NOTICE file distributed with |
| 5 | this work for additional information regarding copyright ownership. |
| 6 | The ASF licenses this file to You under the Apache License, Version 2.0 |
| 7 | (the "License"); you may not use this file except in compliance with |
| 8 | the License. You may obtain a copy of the License at |
| 9 | |
| 10 | http://www.apache.org/licenses/LICENSE-2.0 |
| 11 | |
| 12 | Unless required by applicable law or agreed to in writing, software |
| 13 | distributed under the License is distributed on an "AS IS" BASIS, |
| 14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 15 | See the License for the specific language governing permissions and |
| 16 | limitations under the License. |
| 17 | --> |
| 18 | <!-- Note: A "Server" is not itself a "Container", so you may not |
| 19 | define subcomponents such as "Valves" at this level. |
| 20 | Documentation at /docs/config/server.html |
| 21 | --> |
| 22 | <Server port="8005" shutdown="SHUTDOWN"> |
| 23 | <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> |
| 24 | <!-- Security listener. Documentation at /docs/config/listeners.html |
| 25 | <Listener className="org.apache.catalina.security.SecurityListener" /> |
| 26 | --> |
| 27 | <!--APR library loader. Documentation at /docs/apr.html --> |
| 28 | <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> |
| 29 | <!-- Prevent memory leaks due to use of particular java/javax APIs--> |
| 30 | <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> |
| 31 | <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> |
| 32 | <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> |
| 33 | |
| 34 | <!-- Global JNDI resources |
| 35 | Documentation at /docs/jndi-resources-howto.html |
| 36 | --> |
| 37 | <GlobalNamingResources> |
| 38 | <!-- Editable user database that can also be used by |
| 39 | UserDatabaseRealm to authenticate users |
| 40 | --> |
| 41 | <Resource name="UserDatabase" auth="Container" |
| 42 | type="org.apache.catalina.UserDatabase" |
| 43 | description="User database that can be updated and saved" |
| 44 | factory="org.apache.catalina.users.MemoryUserDatabaseFactory" |
| 45 | pathname="conf/tomcat-users.xml" /> |
| 46 | </GlobalNamingResources> |
| 47 | |
| 48 | <!-- A "Service" is a collection of one or more "Connectors" that share |
| 49 | a single "Container" Note: A "Service" is not itself a "Container", |
| 50 | so you may not define subcomponents such as "Valves" at this level. |
| 51 | Documentation at /docs/config/service.html |
| 52 | --> |
| 53 | <Service name="Catalina"> |
| 54 | |
| 55 | <!--The connectors can use a shared executor, you can define one or more named thread pools--> |
| 56 | <!-- |
| 57 | <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" |
| 58 | maxThreads="150" minSpareThreads="4"/> |
| 59 | --> |
| 60 | |
| 61 | |
| 62 | <!-- A "Connector" represents an endpoint by which requests are received |
| 63 | and responses are returned. Documentation at : |
| 64 | Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) |
| 65 | Java AJP Connector: /docs/config/ajp.html |
| 66 | APR (HTTP/AJP) Connector: /docs/apr.html |
| 67 | Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 |
| 68 | --> |
| 69 | <Connector port="8080" protocol="HTTP/1.1" |
| 70 | connectionTimeout="20000" |
| 71 | redirectPort="8443" /> |
| 72 | <!-- A "Connector" using the shared thread pool--> |
| 73 | <!-- |
| 74 | <Connector executor="tomcatThreadPool" |
| 75 | port="8080" protocol="HTTP/1.1" |
| 76 | connectionTimeout="20000" |
| 77 | redirectPort="8443" /> |
| 78 | --> |
| 79 | <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 |
| 80 | This connector uses the NIO implementation that requires the JSSE |
| 81 | style configuration. When using the APR/native implementation, the |
| 82 | OpenSSL style configuration is required as described in the APR/native |
| 83 | documentation --> |
| 84 | |
| 85 | <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" |
| 86 | maxThreads="150" SSLEnabled="true" scheme="https" secure="true" |
| Bartosz Gardziejewski | ddd4972 | 2019-03-15 10:19:43 +0100 | [diff] [blame] | 87 | clientAuth="false" sslProtocol="TLSv1.2" keyAlias="${vid.keyalias}" |
| Piotr Darosz | e2d292d | 2018-08-29 10:33:54 +0200 | [diff] [blame] | 88 | keystoreFile="${vid.keystore.filename}" keystorePass="${vid.keystore.password}" |
| 89 | useServerCipherSuitesOrder="true" |
| Bartosz Gardziejewski | ddd4972 | 2019-03-15 10:19:43 +0100 | [diff] [blame] | 90 | ciphers=" TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, |
| 91 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, |
| Piotr Darosz | e2d292d | 2018-08-29 10:33:54 +0200 | [diff] [blame] | 92 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, |
| Piotr Darosz | e2d292d | 2018-08-29 10:33:54 +0200 | [diff] [blame] | 93 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
| Bartosz Gardziejewski | ddd4972 | 2019-03-15 10:19:43 +0100 | [diff] [blame] | 94 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, |
| 95 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, |
| 96 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, |
| 97 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" |
| Piotr Darosz | e2d292d | 2018-08-29 10:33:54 +0200 | [diff] [blame] | 98 | /> |
| 99 | |
| 100 | |
| 101 | <!-- Define an AJP 1.3 Connector on port 8009 --> |
| 102 | <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> |
| 103 | |
| 104 | |
| 105 | <!-- An Engine represents the entry point (within Catalina) that processes |
| 106 | every request. The Engine implementation for Tomcat stand alone |
| 107 | analyzes the HTTP headers included with the request, and passes them |
| 108 | on to the appropriate Host (virtual host). |
| 109 | Documentation at /docs/config/engine.html --> |
| 110 | |
| 111 | <!-- You should set jvmRoute to support load-balancing via AJP ie : |
| 112 | <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> |
| 113 | --> |
| 114 | <Engine name="Catalina" defaultHost="localhost"> |
| 115 | |
| 116 | <!--For clustering, please take a look at documentation at: |
| 117 | /docs/cluster-howto.html (simple how to) |
| 118 | /docs/config/cluster.html (reference documentation) --> |
| 119 | <!-- |
| 120 | <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> |
| 121 | --> |
| 122 | |
| 123 | <!-- Use the LockOutRealm to prevent attempts to guess user passwords |
| 124 | via a brute-force attack --> |
| 125 | <Realm className="org.apache.catalina.realm.LockOutRealm"> |
| 126 | <!-- This Realm uses the UserDatabase configured in the global JNDI |
| 127 | resources under the key "UserDatabase". Any edits |
| 128 | that are performed against this UserDatabase are immediately |
| 129 | available for use by the Realm. --> |
| 130 | <Realm className="org.apache.catalina.realm.UserDatabaseRealm" |
| 131 | resourceName="UserDatabase"/> |
| 132 | </Realm> |
| 133 | |
| 134 | <Host name="localhost" appBase="webapps" |
| 135 | unpackWARs="true" autoDeploy="true"> |
| 136 | |
| 137 | <!-- SingleSignOn valve, share authentication between web applications |
| 138 | Documentation at: /docs/config/valve.html --> |
| 139 | <!-- |
| 140 | <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> |
| 141 | --> |
| 142 | |
| 143 | <!-- Access log processes all example. |
| 144 | Documentation at: /docs/config/valve.html |
| 145 | Note: The pattern used is equivalent to using pattern="common" --> |
| 146 | <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" |
| 147 | prefix="localhost_access_log" suffix=".txt" |
| 148 | pattern="%h %l %u %t "%r" %s %b" /> |
| 149 | |
| 150 | </Host> |
| 151 | </Engine> |
| 152 | </Service> |
| 153 | </Server> |
| 154 | |