<?xml version="1.0" encoding="UTF-8"?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <ofbiz-component name="catalina" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://ofbiz.apache.org/dtds/ofbiz-component.xsd"> <resource-loader name="main" type="component"/> <classpath type="dir" location="config"/> <entity-resource type="model" reader-name="main" loader="main" location="entitydef/entitymodel.xml"/> <container name="catalina-container" loaders="main" class="org.apache.ofbiz.catalina.container.CatalinaContainer"> <!-- configuration for the Tomcat server --> <property name="use-naming" value="false"/> <property name="debug" value="0"/> <property name="catalina-runtime-home" value="runtime/catalina"/> <property name="apps-context-reloadable" value="false"/> <property name="apps-cross-context" value="false"/> <property name="apps-distributable" value="false"/><!-- you must also set all the webapps you want distributable, by adding <distributable/> in their web.xml file --> <!-- configuration of the Tomcat service that hosts OFBiz applications: the service has one engine and one or more connectors --> <property name="default-server" value="engine"> <property name="default-host" value="0.0.0.0"/> <property name="jvm-route" value="jvm1"/> <property name="access-log-pattern"> <property-value>%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"</property-value> </property> <property name="access-log-rotate" value="true"/> <property name="access-log-prefix" value="access_log."/> <property name="access-log-dir" value="runtime/logs"/> <!-- uncomment for cluster support <property name="default-server-cluster" value="cluster"> <property name="rep-valve-filter"> <property-value>.*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;.*\.png;.*\.css;.*\.ico;.*\.htc;</property-value> </property> <property name="manager-class" value="org.apache.catalina.ha.session.DeltaManager"/> <property name="debug" value="5"/> <property name="replication-mode" value="org.apache.catalina.tribes.transport.bio.PooledMultiSender"/> <property name="tcp-listen-host" value="auto"/> <property name="tcp-listen-port" value="4001"/> <property name="tcp-sector-timeout" value="100"/> <property name="tcp-thread-count" value="6"/> <property name="mcast-bind-addr" value="192.168.2.1"/> <property name="mcast-addr" value="228.0.0.4"/> <property name="mcast-port" value="45564"/> <property name="mcast-freq" value="500"/> <property name="mcast-drop-time" value="3000"/> </property> --> <!-- <property name="ssl-accelerator-port" value="8443"/> --> <property name="enable-cross-subdomain-sessions" value="false"/> </property> <property name="ajp-connector" value="connector"> <!-- see https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html for reference --> <!--<property name="address" value=""/>--> <property name="port" value="8009"/> <property name="protocol" value="AJP/1.3"/> <property name="scheme" value="http"/> <property name="secure" value="false"/> <property name="URIEncoding" value="UTF-8"/> <property name="xpoweredBy" value="false"/> <!-- AJP/13 connector attributes --> <!-- Despite OFBIZ-11407, allowedRequestAttributesPattern is commented out because of OFBIZ-12558 OOTB the Tomcat default values are used as recommended by https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html#Introduction This is in relation with https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31 and https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Connectors But OOTB secretRequired value must be false because secret value is empty Else a notifying message appears in log saying that AJP is not available. Long story short, with OOTB configuration only localhost works. So if you want to use AJP you need to set the values depending on your configuration. Using ".*" to allowedRequestAttributesPattern put you at risk. --> <property name="secretRequired" value="false"/> <!-- <property name="allowedRequestAttributesPattern" value=".*"/> --> <!-- commented out because the values match the Tomcat defaults: <property name="tomcatAuthentication" value="true"/> <property name="allowTrace" value="false"/> <property name="enableLookups" value="false"/> <property name="maxPostSize" value="2097152"/> <property name="noCompressionUserAgents" value=""/> <property name="connectionLinger" value="-1"/> <property name="connectionTimeout" value="60000"/> <property name="maxHttpHeaderSize" value="8192"/> <property name="maxKeepAliveRequests" value="100"/> <property name="maxThreads" value="200"/> <property name="minSpareThreads" value="10"/> <property name="acceptCount" value="100"/> <property name="restrictedUserAgents" value=""/> <property name="socketBuffer" value="9000"/> <property name="tcpNoDelay" value="true"/> <property name="threadPriority" value="5"/> <property name="secret" value=""/> --> </property> <property name="http-connector" value="connector"> <!-- see https://tomcat.apache.org/tomcat-9.0-doc/config/http.html for reference --> <!--<property name="address" value=""/>--> <property name="port" value="8080"/> <property name="protocol" value="HTTP/1.1"/> <property name="upgradeProtocol" value="true"/> <property name="scheme" value="http"/> <property name="secure" value="false"/> <property name="URIEncoding" value="UTF-8"/> <property name="xpoweredBy" value="false"/> <property name="compression" value="on"/> <property name="compressibleMimeType" value="text/html,text/xml,text/plain,text/css,application/javascript,application/json"/> <!-- commented out because the values match the Tomcat defaults: <property name="allowTrace" value="false"/> <property name="enableLookups" value="false"/> <property name="maxPostSize" value="2097152"/> <property name="noCompressionUserAgents" value=""/> <property name="connectionLinger" value="-1"/> <property name="connectionTimeout" value="60000"/> <property name="maxHttpHeaderSize" value="8192"/> <property name="maxKeepAliveRequests" value="100"/> <property name="maxThreads" value="200"/> <property name="minSpareThreads" value="10"/> <property name="acceptCount" value="100"/> <property name="restrictedUserAgents" value=""/> <property name="socketBuffer" value="9000"/> <property name="tcpNoDelay" value="true"/> <property name="threadPriority" value="5"/> --> </property> <property name="https-connector" value="connector"> <!-- see https://tomcat.apache.org/tomcat-9.0-doc/config/http.html for reference --> <!--<property name="address" value=""/>--> <property name="port" value="8443"/> <property name="protocol" value="HTTP/1.1"/> <property name="upgradeProtocol" value="true"/> <property name="scheme" value="https"/> <property name="secure" value="true"/> <property name="SSLEnabled" value="true"/> <property name="URIEncoding" value="UTF-8"/> <property name="xpoweredBy" value="false"/> <property name="compression" value="on"/> <property name="compressibleMimeType" value="text/html,text/xml,text/plain,text/css,application/javascript,application/json"/> <!-- SSL connector attributes --> <property name="sslImplementationName" value="org.apache.tomcat.util.net.jsse.JSSEImplementation"/> <property name="default" value="sslHostConfig"> <property name="keyManagerAlgorithm" value="SunX509"/> <!-- the certificateVerification to "want" in order to receive certs from the client; note that this isn't set this way by default because with certain browsers (like Safari) it breaks access via HTTPS, so until that problem is fixed the default will be false <property name="certificateVerification" value="false"/> --> <property name="default" value="certificate"> <property name="certificateType" value="RSA"/> <property name="certificateKeystoreFile" value="framework/base/config/ofbizssl.jks"/> <property name="certificateKeystoreType" value="JKS"/> <property name="certificateKeyAlias" value="ofbiz"/> <property name="certificateKeyPassword" value="changeit"/> </property> </property> </property> </container> <container name="catalina-container-test" loaders="test" class="org.apache.ofbiz.catalina.container.CatalinaContainer"> <!-- static configuration for tomcat --> <property name="use-naming" value="false"/> <property name="debug" value="0"/> <property name="catalina-runtime-home" value="runtime/catalina"/> <property name="apps-context-reloadable" value="false"/> <property name="apps-cross-context" value="false"/> <property name="apps-distributable" value="false"/><!-- you must also set all the webapps you want distributable, by adding <distributable/> in their web.xml file --> <!-- one or more tomcat engines (servers); map to this + host --> <property name="default-server" value="engine"> <property name="default-host" value="0.0.0.0"/> <property name="jvm-route" value="jvm1"/> <property name="access-log-pattern"> <property-value>%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"</property-value> </property> <property name="access-log-rotate" value="true"/> <property name="access-log-prefix" value="access_log."/> <property name="access-log-dir" value="runtime/logs"/> <property name="enable-request-dump" value="false"/> </property> <property name="ajp-connector" value="connector"> <!--<property name="address" value=""/>--> <property name="port" value="8010"/> <property name="protocol" value="AJP/1.3"/> <property name="scheme" value="http"/> <property name="secure" value="false"/> <property name="URIEncoding" value="UTF-8"/> <property name="xpoweredBy" value="false"/> <property name="secretRequired" value="false"/> </property> <property name="http-connector" value="connector"> <!--<property name="address" value=""/>--> <property name="port" value="8080"/> <property name="protocol" value="HTTP/1.1"/> <property name="upgradeProtocol" value="true"/> <property name="scheme" value="http"/> <property name="secure" value="false"/> <property name="URIEncoding" value="UTF-8"/> <property name="xpoweredBy" value="false"/> <property name="compression" value="on"/> <property name="compressibleMimeType" value="text/html,text/xml,text/plain,text/css,application/javascript,application/json"/> </property> <property name="https-connector" value="connector"> <!--<property name="address" value=""/>--> <property name="port" value="8443"/> <property name="protocol" value="HTTP/1.1"/> <property name="upgradeProtocol" value="true"/> <property name="scheme" value="https"/> <property name="secure" value="true"/> <property name="SSLEnabled" value="true"/> <property name="URIEncoding" value="UTF-8"/> <property name="xpoweredBy" value="false"/> <property name="compression" value="on"/> <property name="compressibleMimeType" value="text/html,text/xml,text/plain,text/css,application/javascript,application/json"/> <property name="sslImplementationName" value="org.apache.tomcat.util.net.jsse.JSSEImplementation"/> <property name="default" value="sslHostConfig"> <property name="keyManagerAlgorithm" value="SunX509"/> <property name="default" value="certificate"> <property name="certificateType" value="RSA"/> <property name="certificateKeystoreFile" value="framework/base/config/ofbizssl.jks"/> <property name="certificateKeystorePassword" value="changeit"/> <property name="certificateKeystoreType" value="JKS"/> </property> </property> </property> </container> <!-- <webapp name="catalina-root" title="ROOT" server="default-server" location="webapp/ROOT" mount-point="/" app-bar-display="false"/> --> </ofbiz-component>