Changeset 32346 for main/trunk/greenstone3

Timestamp:

2018-08-17T22:09:16+12:00 (6 years ago)

Author:

ak19

Message:

Configuring tomcat works automatically. Still need to automate getting the certificate (and then later automate renewing the certificate, after first testing I can manually renew it.)

Location:

main/trunk/greenstone3

Files:

• build.properties.svn (modified) (1 diff)
• build.xml (modified) (4 diffs)
• resources/tomcat/server_tomcat7.xml.svn (modified) (3 diffs)

main/trunk/greenstone3/build.properties.svn

@@ -4 +4 @@
 ## Tomcat installation
 
-# The protocol (http, https)
-server.protocol=http
-
 # Set this to the internet/intranet name of the machine that Tomcat is/will be 
 # run on. localhost is fine for accessing the server from the local machine, 
 # but not remotely
 tomcat.server=localhost
+
+# The default protocol: http, or https for security
+# If you wish to use both, set the default protocol here (https recommended), then
+# uncomment both tomcat.port.http and tomcat.port.https and set them to valid port numbers.
+server.protocol=http
+
+# At minimum, the tomcat.port matching the default server.protocol specified above
+# must be enabled (uncommented) below and be set to a valid port number.
+# You're allowed to enable both tomcat.port values here.
 tomcat.port.http=8383
 tomcat.port.https=8443
+# You must set a password if using https (if tomcat.port.https is uncommented above)
+keystore.pass=
+
 # Tomcat's shutdown port - this may need to be changed if you are running two or more Tomcats
 tomcat.shutdown.port=8305
+
 # If tomcat is already running, enter the path to the base directory here
 tomcat.installed.path=

main/trunk/greenstone3/build.xml

@@ -85 +85 @@
     <bool><not><available file="build.properties"/></not></bool>
     <copy file="build.properties.svn" tofile="build.properties"/>
+    <property name="first.run" />
   </if>
 
@@ -143 +144 @@
     Try setting tomcat.port.https=8443
       </fail>
+    </if>
+
+    <!-- 
+     Bail if https is enabled but the keystore password (keystore.pass property) is not set.
+     However, keystore.pass has no default value and is therefore not set as a rule. So don't bail when 'ant' is run for the first time to create buil.dprops from build.props.svn. But do bail if running ant.prepare and https enabled and password not set.
+     (Maybe put this entire section before the first target: so we only bail after all non-targets are executed so that any other first ever initialisation is completed?)
+    -->
+    <if>
+      <bool>
+    <and>
+      <isset property="tomcat.port.https"/>
+      <or>
+        <not><isset property="keystore.pass"/></not>
+        <matches string="${keystore.pass}" pattern="^\s*$"/>
+      </or>
+    </and>
+      </bool>
+      <if>
+    <bool><isset property="first.run"/></bool>
+    <echo>IMPORTANT: When tomcat.port.https is set in file build.properties, as now,
+    the keystore.pass property must be set to a non-empty value.
+    Either comment out tomcat.port.https if you don't want support for https,
+    or set keystore.pass.</echo>
+    <else>
+      <fail>...
+      ********* ERROR: tomcat.port.https in file build.properties is set, but its required keystore.pass property is not set or is set to the empty string. Choose a password for keystore.pass and set it in build.properties before proceeding.
+      </fail>
+    </else>
+      </if>
     </if>
 
@@ -191 +221 @@
   </propertyfile>
 
+  <!-- For setting filter tokens.
+       Used to set up server.xml when configuring tomcat -->
+  <property name="comment.start" value="&lt;!--" />
+  <property name="comment.end" value="--&gt;" />
+  <!-- originally, https redirectPort when using regular http port 8383
+  was always fixed at 8443. Now we use redirectPort=tomcat.port.https unless
+  it's not set, in which case we fall back to the original value of 8443. -->
+  <condition property="https.redirect.port" value="${tomcat.port.https}" else="8443"> 
+    <isset property="tomcat.port.https"/>
+  </condition>
+
+  <!-- if http is not enabled, comment out its Connecter element in server.xml -->
+  <condition property="http.comment.out.start" value="" else="${comment.start}">
+    <isset property="tomcat.port.http"/>
+  </condition>
+  <condition property="http.comment.out.end" value="" else="${comment.end}">
+    <isset property="tomcat.port.http"/>
+  </condition>
+  <!-- if https is not enabled, comment out its Connecter element in server.xml -->
+  <condition property="https.comment.out.start" value="" else="${comment.start}">
+    <isset property="tomcat.port.https"/>
+  </condition>
+  <condition property="https.comment.out.end" value="" else="${comment.end}">
+    <isset property="tomcat.port.https"/>
+  </condition>
 
   <!-- now we've read in properties, apply defaults -->
@@ -1605 +1660 @@
         tofile="${packages.home}/tomcat/conf/server.xml" overwrite="true">
       <filterset>
-        <filter token="port" value="${internal.tomcat.port}"/>
         <filter token="shutdown-port" value="${tomcat.shutdown.port}"/>
+    <filter token="https.redirect.port" value="${https.redirect.port}"/>
+    <filter token="tomcat.port.http" value="${tomcat.port.http}"/>
+    <filter token="tomcat.port.https" value="${tomcat.port.https}"/>
+    <filter token="keystore.file" value="${web.writablehome}/https_cert/${tomcat.server}.jks" />
+    <filter token="keystore.pass" value="${keystore.pass}"/>
+    <filter token="http.comment.out.start" value="${http.comment.out.start}"/>
+    <filter token="http.comment.out.end" value="${http.comment.out.end}"/>
+    <filter token="https.comment.out.start" value="${https.comment.out.start}"/>
+    <filter token="https.comment.out.end" value="${https.comment.out.end}"/>
       </filterset>
     </copy>

main/trunk/greenstone3/resources/tomcat/server_tomcat7.xml.svn

@@ -68 +68 @@
          Define a non-SSL HTTP/1.1 Connector on port @port@
     -->
-    <Connector port="@port@" protocol="HTTP/1.1"
+    @http.comment.out.start@
+    <Connector executor="tomcatThreadPool"
+           port="@tomcat.port.http@" protocol="HTTP/1.1"
                connectionTimeout="20000"
-               redirectPort="8443"
+               redirectPort="@https.redirect.port@"
            compression="on"
            compressionMinSize="524288"
@@ -77 +79 @@
                URIEncoding="UTF-8"
            />
+    @http.comment.out.end@
     <!-- A "Connector" using the shared thread pool-->
     <!--
     <Connector executor="tomcatThreadPool"
-               port="8080" protocol="HTTP/1.1"
+               port="@tomcat.port.http@" protocol="HTTP/1.1"
                connectionTimeout="20000"
-               redirectPort="8443" />
+               redirectPort="@https.redirect.port@" />
     -->
     <!-- Define a SSL HTTP/1.1 Connector on port 8443
@@ -93 +96 @@
                clientAuth="false" sslProtocol="TLS" />
     -->
+    @https.comment.out.start@
+    <Connector port="@tomcat.port.https@" protocol="org.apache.coyote.http11.Http11Protocol"
+            maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
+            keystoreFile="@keystore.file@"
+            keystorePass="@keystore.pass@"
+            clientAuth="false" sslProtocol="TLS" />
+    @https.comment.out.end@
 
     <!-- Define an AJP 1.3 Connector on port 8009 -->
-    <Connector port="8009" protocol="AJP/1.3" URIEncoding="UTF-8" redirectPort="8443" />
-
+    <Connector port="8009" protocol="AJP/1.3" URIEncoding="UTF-8" redirectPort="@https.redirect.port@" />
 
     <!-- An Engine represents the entry point (within Catalina) that processes