blob: e776745b19784c6d8a58a746389d7c781f762611 [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<ofbiz-component name="catalina"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="https://ofbiz.apache.org/dtds/ofbiz-component.xsd">
<resource-loader name="main" type="component"/>
<classpath type="dir" location="config"/>
<entity-resource type="model" reader-name="main" loader="main" location="entitydef/entitymodel.xml"/>
<container name="catalina-container" loaders="main" class="org.apache.ofbiz.catalina.container.CatalinaContainer">
<!-- configuration for the Tomcat server -->
<property name="use-naming" value="false"/>
<property name="debug" value="0"/>
<property name="catalina-runtime-home" value="runtime/catalina"/>
<property name="apps-context-reloadable" value="false"/>
<property name="apps-cross-context" value="false"/>
<property name="apps-distributable" value="false"/><!-- you must also set all the webapps you want distributable, by adding <distributable/> in their web.xml file -->
<!-- configuration of the Tomcat service that hosts OFBiz applications: the service has one engine and one or more connectors -->
<property name="default-server" value="engine">
<property name="default-host" value="0.0.0.0"/>
<property name="jvm-route" value="jvm1"/>
<property name="access-log-pattern">
<property-value>%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"</property-value>
</property>
<property name="access-log-rotate" value="true"/>
<property name="access-log-prefix" value="access_log."/>
<property name="access-log-dir" value="runtime/logs"/>
<property name="access-log-maxDays" value="30"/>
<!-- uncomment for cluster support
<property name="default-server-cluster" value="cluster">
<property name="rep-valve-filter">
<property-value>.*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;.*\.png;.*\.css;.*\.ico;.*\.htc;</property-value>
</property>
<property name="manager-class" value="org.apache.catalina.ha.session.DeltaManager"/>
<property name="debug" value="5"/>
<property name="replication-mode" value="org.apache.catalina.tribes.transport.bio.PooledMultiSender"/>
<property name="tcp-listen-host" value="auto"/>
<property name="tcp-listen-port" value="4001"/>
<property name="tcp-sector-timeout" value="100"/>
<property name="tcp-thread-count" value="6"/>
<property name="mcast-bind-addr" value="192.168.2.1"/>
<property name="mcast-addr" value="228.0.0.4"/>
<property name="mcast-port" value="45564"/>
<property name="mcast-freq" value="500"/>
<property name="mcast-drop-time" value="3000"/>
</property>
-->
<!-- <property name="ssl-accelerator-port" value="8443"/> -->
<property name="enable-cross-subdomain-sessions" value="false"/>
</property>
<property name="ajp-connector" value="connector">
<!-- see https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html for reference -->
<!--<property name="address" value=""/>-->
<property name="port" value="8009"/>
<property name="protocol" value="AJP/1.3"/>
<property name="scheme" value="http"/>
<property name="secure" value="false"/>
<property name="URIEncoding" value="UTF-8"/>
<property name="xpoweredBy" value="false"/>
<!-- AJP/13 connector attributes -->
<!-- Despite OFBIZ-11407, allowedRequestAttributesPattern is commented out because of OFBIZ-12558
OOTB the Tomcat default values are used as recommended by
https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html#Introduction
This is in relation with
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31
and
https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Connectors
But OOTB secretRequired value must be false because secret value is empty
Else a notifying message appears in log saying that AJP is not available.
Long story short, with OOTB configuration only localhost works.
So if you want to use AJP you need to set the values depending on your configuration.
Using ".*" to allowedRequestAttributesPattern put you at risk.
-->
<property name="secretRequired" value="false"/>
<!-- <property name="allowedRequestAttributesPattern" value=".*"/> -->
<!-- commented out because the values match the Tomcat defaults:
<property name="tomcatAuthentication" value="true"/>
<property name="allowTrace" value="false"/>
<property name="enableLookups" value="false"/>
<property name="maxPostSize" value="2097152"/>
<property name="noCompressionUserAgents" value=""/>
<property name="connectionLinger" value="-1"/>
<property name="connectionTimeout" value="60000"/>
<property name="maxHttpHeaderSize" value="8192"/>
<property name="maxKeepAliveRequests" value="100"/>
<property name="maxThreads" value="200"/>
<property name="minSpareThreads" value="10"/>
<property name="acceptCount" value="100"/>
<property name="restrictedUserAgents" value=""/>
<property name="socketBuffer" value="9000"/>
<property name="tcpNoDelay" value="true"/>
<property name="threadPriority" value="5"/>
<property name="secret" value=""/>
-->
</property>
<property name="http-connector" value="connector">
<!-- see https://tomcat.apache.org/tomcat-9.0-doc/config/http.html for reference -->
<!--<property name="address" value=""/>-->
<property name="port" value="8080"/>
<property name="protocol" value="HTTP/1.1"/>
<property name="upgradeProtocol" value="true"/>
<property name="scheme" value="http"/>
<property name="secure" value="false"/>
<property name="URIEncoding" value="UTF-8"/>
<property name="xpoweredBy" value="false"/>
<property name="compression" value="on"/>
<property name="compressibleMimeType" value="text/html,text/xml,text/plain,text/css,application/javascript,application/json"/>
<!-- commented out because the values match the Tomcat defaults:
<property name="allowTrace" value="false"/>
<property name="enableLookups" value="false"/>
<property name="maxPostSize" value="2097152"/>
<property name="noCompressionUserAgents" value=""/>
<property name="connectionLinger" value="-1"/>
<property name="connectionTimeout" value="60000"/>
<property name="maxHttpHeaderSize" value="8192"/>
<property name="maxKeepAliveRequests" value="100"/>
<property name="maxThreads" value="200"/>
<property name="minSpareThreads" value="10"/>
<property name="acceptCount" value="100"/>
<property name="restrictedUserAgents" value=""/>
<property name="socketBuffer" value="9000"/>
<property name="tcpNoDelay" value="true"/>
<property name="threadPriority" value="5"/>
-->
</property>
<property name="https-connector" value="connector">
<!-- see https://tomcat.apache.org/tomcat-9.0-doc/config/http.html for reference -->
<!--<property name="address" value=""/>-->
<property name="port" value="8443"/>
<property name="protocol" value="HTTP/1.1"/>
<property name="upgradeProtocol" value="true"/>
<property name="scheme" value="https"/>
<property name="secure" value="true"/>
<property name="SSLEnabled" value="true"/>
<property name="URIEncoding" value="UTF-8"/>
<property name="xpoweredBy" value="false"/>
<property name="compression" value="on"/>
<property name="compressibleMimeType" value="text/html,text/xml,text/plain,text/css,application/javascript,application/json"/>
<!-- SSL connector attributes -->
<property name="sslImplementationName" value="org.apache.tomcat.util.net.jsse.JSSEImplementation"/>
<property name="default" value="sslHostConfig">
<property name="keyManagerAlgorithm" value="SunX509"/>
<!-- the certificateVerification to "want" in order to receive certs from the client;
note that this isn't set this way by default because with certain browsers
(like Safari) it breaks access via HTTPS, so until that problem is fixed
the default will be false
<property name="certificateVerification" value="false"/>
-->
<property name="default" value="certificate">
<property name="certificateType" value="RSA"/>
<property name="certificateKeystoreFile" value="framework/base/config/ofbizssl.jks"/>
<property name="certificateKeystoreType" value="JKS"/>
<property name="certificateKeyAlias" value="ofbiz"/>
<property name="certificateKeyPassword" value="changeit"/>
</property>
</property>
</property>
</container>
<container name="catalina-container-test" loaders="test" class="org.apache.ofbiz.catalina.container.CatalinaContainer">
<!-- static configuration for tomcat -->
<property name="use-naming" value="false"/>
<property name="debug" value="0"/>
<property name="catalina-runtime-home" value="runtime/catalina"/>
<property name="apps-context-reloadable" value="false"/>
<property name="apps-cross-context" value="false"/>
<property name="apps-distributable" value="false"/><!-- you must also set all the webapps you want distributable, by adding <distributable/> in their web.xml file -->
<!-- one or more tomcat engines (servers); map to this + host -->
<property name="default-server" value="engine">
<property name="default-host" value="0.0.0.0"/>
<property name="jvm-route" value="jvm1"/>
<property name="access-log-pattern">
<property-value>%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"</property-value>
</property>
<property name="access-log-rotate" value="true"/>
<property name="access-log-prefix" value="access_log."/>
<property name="access-log-dir" value="runtime/logs"/>
<property name="access-log-maxDays" value="30"/>
<property name="enable-request-dump" value="false"/>
</property>
<property name="ajp-connector" value="connector">
<!--<property name="address" value=""/>-->
<property name="port" value="8010"/>
<property name="protocol" value="AJP/1.3"/>
<property name="scheme" value="http"/>
<property name="secure" value="false"/>
<property name="URIEncoding" value="UTF-8"/>
<property name="xpoweredBy" value="false"/>
<property name="secretRequired" value="false"/>
</property>
<property name="http-connector" value="connector">
<!--<property name="address" value=""/>-->
<property name="port" value="8080"/>
<property name="protocol" value="HTTP/1.1"/>
<property name="upgradeProtocol" value="true"/>
<property name="scheme" value="http"/>
<property name="secure" value="false"/>
<property name="URIEncoding" value="UTF-8"/>
<property name="xpoweredBy" value="false"/>
<property name="compression" value="on"/>
<property name="compressibleMimeType" value="text/html,text/xml,text/plain,text/css,application/javascript,application/json"/>
</property>
<property name="https-connector" value="connector">
<!--<property name="address" value=""/>-->
<property name="port" value="8443"/>
<property name="protocol" value="HTTP/1.1"/>
<property name="upgradeProtocol" value="true"/>
<property name="scheme" value="https"/>
<property name="secure" value="true"/>
<property name="SSLEnabled" value="true"/>
<property name="URIEncoding" value="UTF-8"/>
<property name="xpoweredBy" value="false"/>
<property name="compression" value="on"/>
<property name="compressibleMimeType" value="text/html,text/xml,text/plain,text/css,application/javascript,application/json"/>
<property name="sslImplementationName" value="org.apache.tomcat.util.net.jsse.JSSEImplementation"/>
<property name="default" value="sslHostConfig">
<property name="keyManagerAlgorithm" value="SunX509"/>
<property name="default" value="certificate">
<property name="certificateType" value="RSA"/>
<property name="certificateKeystoreFile" value="framework/base/config/ofbizssl.jks"/>
<property name="certificateKeystorePassword" value="changeit"/>
<property name="certificateKeystoreType" value="JKS"/>
</property>
</property>
</property>
</container>
<!--
<webapp name="catalina-root"
title="ROOT"
server="default-server"
location="webapp/ROOT"
mount-point="/"
app-bar-display="false"/>
-->
</ofbiz-component>