diff options
Diffstat (limited to 'base/common/shared/conf/server.xml')
-rw-r--r-- | base/common/shared/conf/server.xml | 95 |
1 files changed, 70 insertions, 25 deletions
diff --git a/base/common/shared/conf/server.xml b/base/common/shared/conf/server.xml index d5788552c..46ee15b0b 100644 --- a/base/common/shared/conf/server.xml +++ b/base/common/shared/conf/server.xml @@ -68,7 +68,10 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <Server port="[TOMCAT_SERVER_PORT]" shutdown="SHUTDOWN"> <!--APR library loader. Documentation at /docs/apr.html --> - <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> + <!-- The following Listener class has been commented out because this --> + <!-- implementation depends upon the 'tomcatjss' JSSE module, 'JSS', --> + <!-- and 'NSS' rather than the 'tomcat-native' module! --> + <!-- Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" --> <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html --> <Listener className="org.apache.catalina.core.JasperListener" /> <!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html --> @@ -116,7 +119,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) [PKI_UNSECURE_PORT_SERVER_COMMENT] <Connector name="[PKI_UNSECURE_PORT_CONNECTOR_NAME]" port="[PKI_UNSECURE_PORT]" protocol="HTTP/1.1" redirectPort="8443" maxHttpHeaderSize="8192" - acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" + acceptCount="100" maxThreads="150" minSpareThreads="25" enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true" /> @@ -124,9 +127,31 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) [PKI_SECURE_PORT_SERVER_COMMENT] <!-- DO NOT REMOVE - Begin define PKI secure port 1 + NOTE: The following 'keys' (and their assigned values) are exclusive to + the 'tomcatjss' JSSE module: + + 'enableOCSP' + 'ocspResponderURL' + 'ocspResponderCertNickname' + 'ocspCacheSize' + 'ocspMinCacheEntryDuration' + 'ocspMaxCacheEntryDuration' + 'ocspTimeout' + 'strictCiphers' + 'clientauth' (ALL lowercase) + 'sslOptions' + 'ssl2Ciphers' + 'ssl3Ciphers' + 'tlsCiphers' + 'serverCertNickFile' + 'passwordFile' + 'passwordClass' + 'certdbDir' + + and are referenced via the value of the 'sslImplementationName' key. NOTE: The OCSP settings take effect globally, so it should only be set once. - In setup where SSL clientAuth="true", OCSP can be turned on by + In setup where SSL clientauth="true", OCSP can be turned on by setting enableOCSP to true like the following: enableOCSP="true" along with changes to related settings, especially: @@ -150,9 +175,9 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" protocol="HTTP/1.1" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" - acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" + acceptCount="100" maxThreads="150" minSpareThreads="25" enableLookups="false" disableUploadTimeout="true" - SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" + sslImplementationName="org.apache.tomcat.util.net.jss.JSSImplementation" enableOCSP="false" ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp" ocspResponderCertNickname="ocspSigningCert cert-pki-ca" @@ -162,6 +187,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) ocspTimeout="10" strictCiphers="false" clientAuth="[PKI_AGENT_CLIENTAUTH]" + clientauth="[PKI_AGENT_CLIENTAUTH]" sslOptions="[TOMCAT_SSL_OPTIONS]" ssl2Ciphers="[TOMCAT_SSL2_CIPHERS]" ssl3Ciphers="[TOMCAT_SSL3_CIPHERS]" @@ -173,23 +199,6 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) /> <!-- DO NOT REMOVE - End define PKI secure port --> - <!-- A "Connector" using the shared thread pool--> - <!-- - <Connector executor="tomcatThreadPool" - port="8080" protocol="HTTP/1.1" - connectionTimeout="20000" - redirectPort="8443" /> - --> - <!-- Define a SSL HTTP/1.1 Connector on port 8443 - This connector uses the JSSE configuration, when using APR, the - connector should be using the OpenSSL style configuration - described in the APR documentation --> - <!-- - <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" - maxThreads="150" scheme="https" secure="true" - clientAuth="false" sslProtocol="TLS" /> - --> - <!-- Define an AJP 1.3 Connector on port [PKI_AJP_PORT] --> [PKI_OPEN_AJP_PORT_COMMENT] <Connector port="[PKI_AJP_PORT]" protocol="AJP/1.3" redirectPort="[PKI_AJP_REDIRECT_PORT]" /> @@ -281,10 +290,45 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <!-- Define the default virtual host Note: XML Schema validation will not work with Xerces 2.2. --> - <Host name="localhost" appBase="webapps" + <Host name="localhost" + appBase="[PKI_INSTANCE_PATH]/webapps" unpackWARs="true" autoDeploy="false" xmlValidation="false" xmlNamespaceAware="false"> + <!-- + <Context path="/ca" + docBase="ca" + allowLinking="true"> + <Loader className="org.apache.catalina.loader.VirtualWebappLoader" + virtualClasspath="[PKI_INSTANCE_PATH]/ca/webapps/ca/WEB-INF/classes;[PKI_INSTANCE_PATH]/ca/webapps/ca/WEB-INF/lib" />" /> + <JarScanner scanAllDirectories="true" /> + </Context> + + <Context path="/kra" + docBase="kra" + allowLinking="true"> + <Loader className="org.apache.catalina.loader.VirtualWebappLoader" + virtualClasspath="[PKI_INSTANCE_PATH]/kra/webapps/kra/WEB-INF/classes;[PKI_INSTANCE_PATH]/kra/webapps/kra/WEB-INF/lib" /> + <JarScanner scanAllDirectories="true" /> + </Context> + + <Context path="/ocsp" + docBase="ocsp" + allowLinking="true"> + <Loader className="org.apache.catalina.loader.VirtualWebappLoader" + virtualClasspath="[PKI_INSTANCE_PATH]/ocsp/webapps/ocsp/WEB-INF/classes;[PKI_INSTANCE_PATH]/ocsp/webapps/ocsp/WEB-INF/lib" /> + <JarScanner scanAllDirectories="true" /> + </Context> + + <Context path="/tks" + docBase="tks" + allowLinking="true"> + <Loader className="org.apache.catalina.loader.VirtualWebappLoader" + virtualClasspath="[PKI_INSTANCE_PATH]/tks/webapps/tks/WEB-INF/classes;[PKI_INSTANCE_PATH]/tks/webapps/tks/WEB-INF/lib" /> + <JarScanner scanAllDirectories="true" /> + </Context> + --> + <!-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html --> <!-- @@ -294,8 +338,9 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <!-- Access log processes all example. Documentation at: /docs/config/valve.html --> <!-- - <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" - prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/> + <Valve className="org.apache.catalina.valves.AccessLogValve" + directory="logs" prefix="localhost_access_log." suffix=".txt" + pattern="common" resolveHosts="false"/> --> </Host> |