1 | <?xml version="1.0" encoding="UTF-8"?>
|
---|
2 | <!--
|
---|
3 | Licensed to the Apache Software Foundation (ASF) under one or more
|
---|
4 | contributor license agreements. See the NOTICE file distributed with
|
---|
5 | this work for additional information regarding copyright ownership.
|
---|
6 | The ASF licenses this file to You under the Apache License, Version 2.0
|
---|
7 | (the "License"); you may not use this file except in compliance with
|
---|
8 | the License. You may obtain a copy of the License at
|
---|
9 |
|
---|
10 | http://www.apache.org/licenses/LICENSE-2.0
|
---|
11 |
|
---|
12 | Unless required by applicable law or agreed to in writing, software
|
---|
13 | distributed under the License is distributed on an "AS IS" BASIS,
|
---|
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
---|
15 | See the License for the specific language governing permissions and
|
---|
16 | limitations under the License.
|
---|
17 | -->
|
---|
18 | <!-- Note: A "Server" is not itself a "Container", so you may not
|
---|
19 | define subcomponents such as "Valves" at this level.
|
---|
20 | Documentation at /docs/config/server.html
|
---|
21 | -->
|
---|
22 | <Server port="@shutdown-port@" shutdown="SHUTDOWN">
|
---|
23 | <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
|
---|
24 | <!-- Security listener. Documentation at /docs/config/listeners.html
|
---|
25 | <Listener className="org.apache.catalina.security.SecurityListener" />
|
---|
26 | -->
|
---|
27 | <!--APR library loader. Documentation at /docs/apr.html -->
|
---|
28 | <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
|
---|
29 | <!-- Prevent memory leaks due to use of particular java/javax APIs-->
|
---|
30 | <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
|
---|
31 | <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
|
---|
32 | <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
|
---|
33 |
|
---|
34 | <!-- Global JNDI resources
|
---|
35 | Documentation at /docs/jndi-resources-howto.html
|
---|
36 | -->
|
---|
37 | <GlobalNamingResources>
|
---|
38 | <!-- Editable user database that can also be used by
|
---|
39 | UserDatabaseRealm to authenticate users
|
---|
40 | -->
|
---|
41 | <Resource name="UserDatabase" auth="Container"
|
---|
42 | type="org.apache.catalina.UserDatabase"
|
---|
43 | description="User database that can be updated and saved"
|
---|
44 | factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
|
---|
45 | pathname="conf/tomcat-users.xml" />
|
---|
46 | </GlobalNamingResources>
|
---|
47 |
|
---|
48 | <!-- A "Service" is a collection of one or more "Connectors" that share
|
---|
49 | a single "Container" Note: A "Service" is not itself a "Container",
|
---|
50 | so you may not define subcomponents such as "Valves" at this level.
|
---|
51 | Documentation at /docs/config/service.html
|
---|
52 | -->
|
---|
53 | <Service name="Catalina">
|
---|
54 |
|
---|
55 | <!--The connectors can use a shared executor, you can define one or more named thread pools-->
|
---|
56 | <!--
|
---|
57 | <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
|
---|
58 | maxThreads="150" minSpareThreads="4"/>
|
---|
59 | -->
|
---|
60 |
|
---|
61 | <!-- A "Connector" represents an endpoint by which requests are received
|
---|
62 | and responses are returned. Documentation at :
|
---|
63 | Java HTTP Connector: /docs/config/http.html
|
---|
64 | Java AJP Connector: /docs/config/ajp.html
|
---|
65 | APR (HTTP/AJP) Connector: /docs/apr.html
|
---|
66 | Define a non-SSL/TLS HTTP/1.1 Connector on port @localhost.port.http@
|
---|
67 | -->
|
---|
68 | <!--
|
---|
69 | <Connector @http.address.restriction@
|
---|
70 | port="@localhost.port.http@" protocol="HTTP/1.1"
|
---|
71 | connectionTimeout="20000"
|
---|
72 | redirectPort="@https.redirect.port@"
|
---|
73 | URIEncoding="UTF-8" />
|
---|
74 | -->
|
---|
75 | <!-- A "Connector" using the shared thread pool-->
|
---|
76 | <!-- In Greenstone we comment out the above default connector for Tomcat
|
---|
77 | in preference of the shared thread pool -->
|
---|
78 | <Connector executor="tomcatThreadPool" @http.address.restriction@
|
---|
79 | port="@localhost.port.http@" protocol="HTTP/1.1"
|
---|
80 | connectionTimeout="20000"
|
---|
81 | redirectPort="@https.redirect.port@"
|
---|
82 | compression="on"
|
---|
83 | compressionMinSize="524288"
|
---|
84 | compressableMimeType="text/html,text/xml,text/css,text/xsl,text/javascript"
|
---|
85 | noCompressionUserAgents="gozilla, traviata"
|
---|
86 | URIEncoding="UTF-8"
|
---|
87 | />
|
---|
88 |
|
---|
89 | <!-- Define a SSL/TLS HTTP/1.1 Connector on port @https.redirect.port@
|
---|
90 | This connector uses the NIO implementation. The default
|
---|
91 | SSLImplementation will depend on the presence of the APR/native
|
---|
92 | library and the useOpenSSL attribute of the
|
---|
93 | AprLifecycleListener.
|
---|
94 | Either JSSE or OpenSSL style configuration may be used regardless of
|
---|
95 | the SSLImplementation selected. JSSE style configuration is used below.
|
---|
96 | -->
|
---|
97 | <!--
|
---|
98 | <Connector port="@https.redirect.port@" protocol="org.apache.coyote.http11.Http11NioProtocol"
|
---|
99 | maxThreads="150" SSLEnabled="true" URIEncoding="UTF-8">
|
---|
100 | <SSLHostConfig>
|
---|
101 | <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
|
---|
102 | type="RSA" />
|
---|
103 | </SSLHostConfig>
|
---|
104 | </Connector>
|
---|
105 | -->
|
---|
106 | <!-- Define a SSL/TLS HTTP/1.1 Connector on port @https.redirect.port@ with HTTP/2
|
---|
107 | This connector uses the APR/native implementation which always uses
|
---|
108 | OpenSSL for TLS.
|
---|
109 | Either JSSE or OpenSSL style configuration may be used. OpenSSL style
|
---|
110 | configuration is used below.
|
---|
111 | -->
|
---|
112 | <!--
|
---|
113 | <Connector port="@https.redirect.port@" protocol="org.apache.coyote.http11.Http11AprProtocol"
|
---|
114 | maxThreads="150" SSLEnabled="true" URIEncoding="UTF-8" >
|
---|
115 | <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
|
---|
116 | <SSLHostConfig>
|
---|
117 | <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
|
---|
118 | certificateFile="conf/localhost-rsa-cert.pem"
|
---|
119 | certificateChainFile="conf/localhost-rsa-chain.pem"
|
---|
120 | type="RSA" />
|
---|
121 | </SSLHostConfig>
|
---|
122 | </Connector>
|
---|
123 | -->
|
---|
124 | @https.comment.out.start@
|
---|
125 | <Connector port="@tomcat.port.https@" protocol="org.apache.coyote.http11.Http11Protocol"
|
---|
126 | maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
|
---|
127 | keystoreFile="@keystore.file@"
|
---|
128 | keystorePass="@keystore.pass@"
|
---|
129 | clientAuth="false" sslProtocol="TLS"
|
---|
130 | keystoreType="@keystore.type@"
|
---|
131 | URIEncoding="UTF-8" />
|
---|
132 | @https.comment.out.end@
|
---|
133 |
|
---|
134 | <!-- Define an AJP 1.3 Connector on port @tomcat.ajp.port@ -->
|
---|
135 | <Connector port="@tomcat.ajp.port@" protocol="AJP/1.3" URIEncoding="UTF-8" redirectPort="@https.redirect.port@" />
|
---|
136 |
|
---|
137 |
|
---|
138 | <!-- An Engine represents the entry point (within Catalina) that processes
|
---|
139 | every request. The Engine implementation for Tomcat stand alone
|
---|
140 | analyzes the HTTP headers included with the request, and passes them
|
---|
141 | on to the appropriate Host (virtual host).
|
---|
142 | Documentation at /docs/config/engine.html -->
|
---|
143 |
|
---|
144 | <!-- You should set jvmRoute to support load-balancing via AJP ie :
|
---|
145 | <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
|
---|
146 | -->
|
---|
147 | <Engine name="Catalina" defaultHost="localhost">
|
---|
148 |
|
---|
149 | <!--For clustering, please take a look at documentation at:
|
---|
150 | /docs/cluster-howto.html (simple how to)
|
---|
151 | /docs/config/cluster.html (reference documentation) -->
|
---|
152 | <!--
|
---|
153 | <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
|
---|
154 | -->
|
---|
155 |
|
---|
156 | <!-- Use the LockOutRealm to prevent attempts to guess user passwords
|
---|
157 | via a brute-force attack -->
|
---|
158 | <Realm className="org.apache.catalina.realm.LockOutRealm">
|
---|
159 | <!-- This Realm uses the UserDatabase configured in the global JNDI
|
---|
160 | resources under the key "UserDatabase". Any edits
|
---|
161 | that are performed against this UserDatabase are immediately
|
---|
162 | available for use by the Realm. -->
|
---|
163 | <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
|
---|
164 | resourceName="UserDatabase"/>
|
---|
165 | </Realm>
|
---|
166 |
|
---|
167 | <Host name="localhost" appBase="webapps"
|
---|
168 | unpackWARs="true" autoDeploy="true">
|
---|
169 |
|
---|
170 | <!-- SingleSignOn valve, share authentication between web applications
|
---|
171 | Documentation at: /docs/config/valve.html -->
|
---|
172 | <!--
|
---|
173 | <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
|
---|
174 | -->
|
---|
175 |
|
---|
176 | <!-- Access log processes all example.
|
---|
177 | Documentation at: /docs/config/valve.html
|
---|
178 | Note: The pattern used is equivalent to using pattern="common" -->
|
---|
179 | <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
|
---|
180 | prefix="localhost_access_log" suffix=".txt"
|
---|
181 | pattern="%h %l %u %t "%r" %s %b" />
|
---|
182 |
|
---|
183 | </Host>
|
---|
184 | </Engine>
|
---|
185 | </Service>
|
---|
186 | </Server>
|
---|