| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| |
| <ofbiz-component name="catalina" |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:noNamespaceSchemaLocation="https://ofbiz.apache.org/dtds/ofbiz-component.xsd"> |
| <resource-loader name="main" type="component"/> |
| <classpath type="dir" location="config"/> |
| <entity-resource type="model" reader-name="main" loader="main" location="entitydef/entitymodel.xml"/> |
| |
| <container name="catalina-container" loaders="main" class="org.apache.ofbiz.catalina.container.CatalinaContainer"> |
| <!-- configuration for the Tomcat server --> |
| <property name="use-naming" value="false"/> |
| <property name="debug" value="0"/> |
| <property name="catalina-runtime-home" value="runtime/catalina"/> |
| <property name="apps-context-reloadable" value="false"/> |
| <property name="apps-cross-context" value="false"/> |
| <property name="apps-distributable" value="false"/><!-- you must also set all the webapps you want distributable, by adding <distributable/> in their web.xml file --> |
| <!-- configuration of the Tomcat service that hosts OFBiz applications: the service has one engine and one or more connectors --> |
| <property name="default-server" value="engine"> |
| <property name="default-host" value="0.0.0.0"/> |
| <property name="jvm-route" value="jvm1"/> |
| <property name="access-log-pattern"> |
| <property-value>%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"</property-value> |
| </property> |
| <property name="access-log-rotate" value="true"/> |
| <property name="access-log-prefix" value="access_log."/> |
| <property name="access-log-dir" value="runtime/logs"/> |
| <property name="access-log-maxDays" value="30"/> |
| <!-- uncomment for cluster support |
| <property name="default-server-cluster" value="cluster"> |
| <property name="rep-valve-filter"> |
| <property-value>.*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;.*\.png;.*\.css;.*\.ico;.*\.htc;</property-value> |
| </property> |
| <property name="manager-class" value="org.apache.catalina.ha.session.DeltaManager"/> |
| <property name="debug" value="5"/> |
| <property name="replication-mode" value="org.apache.catalina.tribes.transport.bio.PooledMultiSender"/> |
| <property name="tcp-listen-host" value="auto"/> |
| <property name="tcp-listen-port" value="4001"/> |
| <property name="tcp-sector-timeout" value="100"/> |
| <property name="tcp-thread-count" value="6"/> |
| <property name="mcast-bind-addr" value="192.168.2.1"/> |
| <property name="mcast-addr" value="228.0.0.4"/> |
| <property name="mcast-port" value="45564"/> |
| <property name="mcast-freq" value="500"/> |
| <property name="mcast-drop-time" value="3000"/> |
| </property> |
| --> |
| <!-- <property name="ssl-accelerator-port" value="8443"/> --> |
| <property name="enable-cross-subdomain-sessions" value="false"/> |
| </property> |
| <property name="ajp-connector" value="connector"> |
| <!-- see https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html for reference --> |
| <!--<property name="address" value=""/>--> |
| <property name="port" value="8009"/> |
| <property name="protocol" value="AJP/1.3"/> |
| <property name="scheme" value="http"/> |
| <property name="secure" value="false"/> |
| <property name="URIEncoding" value="UTF-8"/> |
| <property name="xpoweredBy" value="false"/> |
| <!-- AJP/13 connector attributes --> |
| <!-- Despite OFBIZ-11407, allowedRequestAttributesPattern is commented out because of OFBIZ-12558 |
| OOTB the Tomcat default values are used as recommended by |
| https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html#Introduction |
| This is in relation with |
| https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31 |
| and |
| https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Connectors |
| |
| But OOTB secretRequired value must be false because secret value is empty |
| Else a notifying message appears in log saying that AJP is not available. |
| |
| Long story short, with OOTB configuration only localhost works. |
| So if you want to use AJP you need to set the values depending on your configuration. |
| Using ".*" to allowedRequestAttributesPattern put you at risk. |
| --> |
| <property name="secretRequired" value="false"/> |
| <!-- <property name="allowedRequestAttributesPattern" value=".*"/> --> |
| <!-- commented out because the values match the Tomcat defaults: |
| <property name="tomcatAuthentication" value="true"/> |
| <property name="allowTrace" value="false"/> |
| <property name="enableLookups" value="false"/> |
| <property name="maxPostSize" value="2097152"/> |
| <property name="noCompressionUserAgents" value=""/> |
| <property name="connectionLinger" value="-1"/> |
| <property name="connectionTimeout" value="60000"/> |
| <property name="maxHttpHeaderSize" value="8192"/> |
| <property name="maxKeepAliveRequests" value="100"/> |
| <property name="maxThreads" value="200"/> |
| <property name="minSpareThreads" value="10"/> |
| <property name="acceptCount" value="100"/> |
| <property name="restrictedUserAgents" value=""/> |
| <property name="socketBuffer" value="9000"/> |
| <property name="tcpNoDelay" value="true"/> |
| <property name="threadPriority" value="5"/> |
| <property name="secret" value=""/> |
| --> |
| </property> |
| <property name="http-connector" value="connector"> |
| <!-- see https://tomcat.apache.org/tomcat-9.0-doc/config/http.html for reference --> |
| <!--<property name="address" value=""/>--> |
| <property name="port" value="8080"/> |
| <property name="protocol" value="HTTP/1.1"/> |
| <property name="upgradeProtocol" value="true"/> |
| <property name="scheme" value="http"/> |
| <property name="secure" value="false"/> |
| <property name="URIEncoding" value="UTF-8"/> |
| <property name="xpoweredBy" value="false"/> |
| <property name="compression" value="on"/> |
| <property name="compressibleMimeType" value="text/html,text/xml,text/plain,text/css,application/javascript,application/json"/> |
| <!-- commented out because the values match the Tomcat defaults: |
| <property name="allowTrace" value="false"/> |
| <property name="enableLookups" value="false"/> |
| <property name="maxPostSize" value="2097152"/> |
| <property name="noCompressionUserAgents" value=""/> |
| <property name="connectionLinger" value="-1"/> |
| <property name="connectionTimeout" value="60000"/> |
| <property name="maxHttpHeaderSize" value="8192"/> |
| <property name="maxKeepAliveRequests" value="100"/> |
| <property name="maxThreads" value="200"/> |
| <property name="minSpareThreads" value="10"/> |
| <property name="acceptCount" value="100"/> |
| <property name="restrictedUserAgents" value=""/> |
| <property name="socketBuffer" value="9000"/> |
| <property name="tcpNoDelay" value="true"/> |
| <property name="threadPriority" value="5"/> |
| --> |
| </property> |
| <property name="https-connector" value="connector"> |
| <!-- see https://tomcat.apache.org/tomcat-9.0-doc/config/http.html for reference --> |
| <!--<property name="address" value=""/>--> |
| <property name="port" value="8443"/> |
| <property name="protocol" value="HTTP/1.1"/> |
| <property name="upgradeProtocol" value="true"/> |
| <property name="scheme" value="https"/> |
| <property name="secure" value="true"/> |
| <property name="SSLEnabled" value="true"/> |
| <property name="URIEncoding" value="UTF-8"/> |
| <property name="xpoweredBy" value="false"/> |
| <property name="compression" value="on"/> |
| <property name="compressibleMimeType" value="text/html,text/xml,text/plain,text/css,application/javascript,application/json"/> |
| <!-- SSL connector attributes --> |
| <property name="sslImplementationName" value="org.apache.tomcat.util.net.jsse.JSSEImplementation"/> |
| <property name="default" value="sslHostConfig"> |
| <property name="keyManagerAlgorithm" value="SunX509"/> |
| <!-- the certificateVerification to "want" in order to receive certs from the client; |
| note that this isn't set this way by default because with certain browsers |
| (like Safari) it breaks access via HTTPS, so until that problem is fixed |
| the default will be false |
| <property name="certificateVerification" value="false"/> |
| --> |
| <property name="default" value="certificate"> |
| <property name="certificateType" value="RSA"/> |
| <property name="certificateKeystoreFile" value="framework/base/config/ofbizssl.jks"/> |
| <property name="certificateKeystoreType" value="JKS"/> |
| <property name="certificateKeyAlias" value="ofbiz"/> |
| <property name="certificateKeyPassword" value="changeit"/> |
| </property> |
| </property> |
| </property> |
| </container> |
| <container name="catalina-container-test" loaders="test" class="org.apache.ofbiz.catalina.container.CatalinaContainer"> |
| <!-- static configuration for tomcat --> |
| <property name="use-naming" value="false"/> |
| <property name="debug" value="0"/> |
| <property name="catalina-runtime-home" value="runtime/catalina"/> |
| <property name="apps-context-reloadable" value="false"/> |
| <property name="apps-cross-context" value="false"/> |
| <property name="apps-distributable" value="false"/><!-- you must also set all the webapps you want distributable, by adding <distributable/> in their web.xml file --> |
| <!-- one or more tomcat engines (servers); map to this + host --> |
| <property name="default-server" value="engine"> |
| <property name="default-host" value="0.0.0.0"/> |
| <property name="jvm-route" value="jvm1"/> |
| <property name="access-log-pattern"> |
| <property-value>%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"</property-value> |
| </property> |
| <property name="access-log-rotate" value="true"/> |
| <property name="access-log-prefix" value="access_log."/> |
| <property name="access-log-dir" value="runtime/logs"/> |
| <property name="access-log-maxDays" value="30"/> |
| <property name="enable-request-dump" value="false"/> |
| </property> |
| <property name="ajp-connector" value="connector"> |
| <!--<property name="address" value=""/>--> |
| <property name="port" value="8010"/> |
| <property name="protocol" value="AJP/1.3"/> |
| <property name="scheme" value="http"/> |
| <property name="secure" value="false"/> |
| <property name="URIEncoding" value="UTF-8"/> |
| <property name="xpoweredBy" value="false"/> |
| <property name="secretRequired" value="false"/> |
| </property> |
| <property name="http-connector" value="connector"> |
| <!--<property name="address" value=""/>--> |
| <property name="port" value="8080"/> |
| <property name="protocol" value="HTTP/1.1"/> |
| <property name="upgradeProtocol" value="true"/> |
| <property name="scheme" value="http"/> |
| <property name="secure" value="false"/> |
| <property name="URIEncoding" value="UTF-8"/> |
| <property name="xpoweredBy" value="false"/> |
| <property name="compression" value="on"/> |
| <property name="compressibleMimeType" value="text/html,text/xml,text/plain,text/css,application/javascript,application/json"/> |
| </property> |
| <property name="https-connector" value="connector"> |
| <!--<property name="address" value=""/>--> |
| <property name="port" value="8443"/> |
| <property name="protocol" value="HTTP/1.1"/> |
| <property name="upgradeProtocol" value="true"/> |
| <property name="scheme" value="https"/> |
| <property name="secure" value="true"/> |
| <property name="SSLEnabled" value="true"/> |
| <property name="URIEncoding" value="UTF-8"/> |
| <property name="xpoweredBy" value="false"/> |
| <property name="compression" value="on"/> |
| <property name="compressibleMimeType" value="text/html,text/xml,text/plain,text/css,application/javascript,application/json"/> |
| <property name="sslImplementationName" value="org.apache.tomcat.util.net.jsse.JSSEImplementation"/> |
| <property name="default" value="sslHostConfig"> |
| <property name="keyManagerAlgorithm" value="SunX509"/> |
| <property name="default" value="certificate"> |
| <property name="certificateType" value="RSA"/> |
| <property name="certificateKeystoreFile" value="framework/base/config/ofbizssl.jks"/> |
| <property name="certificateKeystorePassword" value="changeit"/> |
| <property name="certificateKeystoreType" value="JKS"/> |
| </property> |
| </property> |
| </property> |
| </container> |
| <!-- |
| <webapp name="catalina-root" |
| title="ROOT" |
| server="default-server" |
| location="webapp/ROOT" |
| mount-point="/" |
| app-bar-display="false"/> |
| --> |
| </ofbiz-component> |