diff options
| author |   Michael Mokry <mm117s@att.com> | 2018-08-22 11:07:09 -0500 |
|---|---|---|
| committer | Michael Mokry <mm117s@att.com> | 2018-08-22 11:07:09 -0500 |
| commit | e1f88b91981a22cc63019d1d6b73089566425383 (patch) | |
| tree | cccbd84ca14392fe6eba31ebaa450a0dc2937af1 /packages/base/src/files/install/servers/configs/conf/server.xml | |
| parent | c25e4d412eb573de020ba4e5da48f48451217f52 (diff) | |
policy/engine changes to support PE https
Enabled https connector in server.xml and modified the docker-install.sh
to fix the default variable name for policy truststore
Change-Id: I6db6a6d2353130c91c1f344ea7927d187150adca
Issue-ID: POLICY-781
Signed-off-by: Michael Mokry <mm117s@att.com>
Diffstat (limited to 'packages/base/src/files/install/servers/configs/conf/server.xml')
| -rw-r--r-- | packages/base/src/files/install/servers/configs/conf/server.xml | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/packages/base/src/files/install/servers/configs/conf/server.xml b/packages/base/src/files/install/servers/configs/conf/server.xml index 3bccc6ffb..9c45721b9 100644 --- a/packages/base/src/files/install/servers/configs/conf/server.xml +++ b/packages/base/src/files/install/servers/configs/conf/server.xml @@ -87,10 +87,11 @@ Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 --> - <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="HTTP/1.1" + <!-- Use http instead of https --> +<!-- <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="${{SSL_HTTP_CONNECTOR_REDIRECT_PORT}}" /> - + --> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatThreadPool" @@ -104,24 +105,25 @@ OpenSSL style configuration is required as described in the APR/native documentation --> - <!-- + <!--Use https instead of http Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties - passed in to the tomcat JVM: + passed in to the tomcat JVM: --> <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" - clientAuth="false" sslProtocol="TLS" + clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}" truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/> - --> - + <!-- Use http instead of https + <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol" + maxThreads="150" /> --> + <!-- Define an AJP 1.3 Connector on port 8009 --> <!-- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> --> - <!-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them |