server.xml ファイルのサンプル

カスタム コネクタ サーバを保護するためのベースとして使用できる、PAM サーバを保護するためのエントリを含む server.xml ファイルを示します。
以下のコードは、カスタム コネクタ サーバを保護するためのベースとして使用できる、PAM サーバを保護するためのエントリを含む server.xml ファイルの例を示しています。
<?xml version="1.0" encoding="UTF-8"?> <!--&#xa; Licensed to the Apache Software Foundation (ASF) under one or more&#xa; contributor license agreements. See the NOTICE file distributed with&#xa; this work for additional information regarding copyright ownership.&#xa; The ASF licenses this file to You under the Apache License, Version 2.0&#xa; (the "License"); you may not use this file except in compliance with&#xa; the License. You may obtain a copy of the License at&#xa;&#xa; http://www.apache.org/licenses/LICENSE-2.0&#xa;&#xa; Unless required by applicable law or agreed to in writing, software&#xa; distributed under the License is distributed on an "AS IS" BASIS,&#xa; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.&#xa; See the License for the specific language governing permissions and&#xa; limitations under the License.&#xa;--> <!-- Note: A "Server" is not itself a "Container", so you may not&#xa; define subcomponents such as "Valves" at this level.&#xa; Documentation at /docs/config/server.html&#xa; --> <Server port="-1" shutdown="nondeterministic"> <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> <!-- Security listener. Documentation at /docs/config/listeners.html&#xa; <Listener className="org.apache.catalina.security.SecurityListener" />&#xa; --> <!--APR library loader. Documentation at /docs/apr.html --> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> <!-- Prevent memory leaks due to use of particular java/javax APIs--> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> <!-- Global JNDI resources&#xa; Documentation at /docs/jndi-resources-howto.html&#xa; --> <GlobalNamingResources> <!-- Editable user database that can also be used by&#xa; UserDatabaseRealm to authenticate users&#xa; --> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <!-- A "Service" is a collection of one or more "Connectors" that share&#xa; a single "Container" Note: A "Service" is not itself a "Container",&#xa; so you may not define subcomponents such as "Valves" at this level.&#xa; Documentation at /docs/config/service.html&#xa; --> <Service name="Catalina"> <!--The connectors can use a shared executor, you can define one or more named thread pools--> <!--&#xa; <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"&#xa; maxThreads="150" minSpareThreads="4"/>&#xa; --> <!-- A "Connector" represents an endpoint by which requests are received&#xa; and responses are returned. Documentation at :&#xa; Java HTTP Connector: /docs/config/http.html&#xa; Java AJP Connector: /docs/config/ajp.html&#xa; APR (HTTP/AJP) Connector: /docs/apr.html&#xa; Define a non-SSL/TLS HTTP/1.1 Connector on port 8080&#xa; --> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" xpoweredBy="false"/> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="C:/pam/test/pam.pfx" keystorePass="firewall" clientAuth="false" sslProtocol="TLS" xpoweredBy="false"/> <!-- A "Connector" using the shared thread pool--> <!--&#xa; <Connector executor="tomcatThreadPool"&#xa; port="8080" protocol="HTTP/1.1"&#xa; connectionTimeout="20000"&#xa; redirectPort="8443" />&#xa; --> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443&#xa; This connector uses the NIO implementation. The default&#xa; SSLImplementation will depend on the presence of the APR/native&#xa; library and the useOpenSSL attribute of the&#xa; AprLifecycleListener.&#xa; Either JSSE or OpenSSL style configuration may be used regardless of&#xa; the SSLImplementation selected. JSSE style configuration is used below.&#xa; --> <!--&#xa; <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"&#xa; maxThreads="150" SSLEnabled="true">&#xa; <SSLHostConfig>&#xa; <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"&#xa; type="RSA" />&#xa; </SSLHostConfig>&#xa; </Connector>&#xa; --> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2&#xa; This connector uses the APR/native implementation which always uses&#xa; OpenSSL for TLS.&#xa; Either JSSE or OpenSSL style configuration may be used. OpenSSL style&#xa; configuration is used below.&#xa; --> <!--&#xa; <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"&#xa; maxThreads="150" SSLEnabled="true" >&#xa; <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />&#xa; <SSLHostConfig>&#xa; <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"&#xa; certificateFile="conf/localhost-rsa-cert.pem"&#xa; certificateChainFile="conf/localhost-rsa-chain.pem"&#xa; type="RSA" />&#xa; </SSLHostConfig>&#xa; </Connector>&#xa; --> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> <!-- An Engine represents the entry point (within Catalina) that processes&#xa; every request. The Engine implementation for Tomcat stand alone&#xa; analyzes the HTTP headers included with the request, and passes them&#xa; on to the appropriate Host (virtual host).&#xa; Documentation at /docs/config/engine.html --> <!-- You should set jvmRoute to support load-balancing via AJP ie :&#xa; <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">&#xa; --> <Engine name="Catalina" defaultHost="localhost"> <!--For clustering, please take a look at documentation at:&#xa; /docs/cluster-howto.html (simple how to)&#xa; /docs/config/cluster.html (reference documentation) --> <!--&#xa; <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>&#xa; --> <!-- Use the LockOutRealm to prevent attempts to guess user passwords&#xa; via a brute-force attack --> <Realm className="org.apache.catalina.realm.LockOutRealm"> <!-- This Realm uses the UserDatabase configured in the global JNDI&#xa; resources under the key "UserDatabase". Any edits&#xa; that are performed against this UserDatabase are immediately&#xa; available for use by the Realm. --> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="false"> <!-- SingleSignOn valve, share authentication between web applications&#xa; Documentation at: /docs/config/valve.html --> <!--&#xa; <Valve className="org.apache.catalina.authenticator.SingleSignOn" />&#xa; --> <!-- Access log processes all example.&#xa; Documentation at: /docs/config/valve.html&#xa; Note: The pattern used is equivalent to using pattern="common" --> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> <!--Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false"&#xa; showServerInfo="false" /--> </Host> </Engine> </Service> <Service name="CatalinaTC"> <!--The connectors can use a shared executor, you can define one or more named thread pools--> <!--&#xa; <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"&#xa; maxThreads="150" minSpareThreads="4"/>&#xa; --> <!-- A "Connector" represents an endpoint by which requests are received&#xa; and responses are returned. Documentation at :&#xa; Java HTTP Connector: /docs/config/http.html&#xa; Java AJP Connector: /docs/config/ajp.html&#xa; APR (HTTP/AJP) Connector: /docs/apr.html&#xa; Define a non-SSL/TLS HTTP/1.1 Connector on port 8080&#xa; --> <Connector port="18080" protocol="HTTP/1.1" address="127.0.0.1" connectionTimeout="20000" redirectPort="8443" xpoweredBy="false"/> <Connector port="18080" protocol="HTTP/1.1" address="0:0:0:0:0:0:0:1" connectionTimeout="20000" redirectPort="8443" xpoweredBy="false"/> <!-- A "Connector" using the shared thread pool--> <!--&#xa; <Connector executor="tomcatThreadPool"&#xa; port="8080" protocol="HTTP/1.1"&#xa; connectionTimeout="20000"&#xa; redirectPort="8443" />&#xa; --> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443&#xa; This connector uses the NIO implementation. The default&#xa; SSLImplementation will depend on the presence of the APR/native&#xa; library and the useOpenSSL attribute of the&#xa; AprLifecycleListener.&#xa; Either JSSE or OpenSSL style configuration may be used regardless of&#xa; the SSLImplementation selected. JSSE style configuration is used below.&#xa; --> <!--&#xa; <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"&#xa; maxThreads="150" SSLEnabled="true">&#xa; <SSLHostConfig>&#xa; <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"&#xa; type="RSA" />&#xa; </SSLHostConfig>&#xa; </Connector>&#xa; --> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2&#xa; This connector uses the APR/native implementation which always uses&#xa; OpenSSL for TLS.&#xa; Either JSSE or OpenSSL style configuration may be used. OpenSSL style&#xa; configuration is used below.&#xa; --> <!--&#xa; <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"&#xa; maxThreads="150" SSLEnabled="true" >&#xa; <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />&#xa; <SSLHostConfig>&#xa; <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"&#xa; certificateFile="conf/localhost-rsa-cert.pem"&#xa; certificateChainFile="conf/localhost-rsa-chain.pem"&#xa; type="RSA" />&#xa; </SSLHostConfig>&#xa; </Connector>&#xa; --> <!-- An Engine represents the entry point (within Catalina) that processes&#xa; every request. The Engine implementation for Tomcat stand alone&#xa; analyzes the HTTP headers included with the request, and passes them&#xa; on to the appropriate Host (virtual host).&#xa; Documentation at /docs/config/engine.html --> <!-- You should set jvmRoute to support load-balancing via AJP ie :&#xa; <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">&#xa; --> <Engine name="CatalinaTC" defaultHost="tclocalhost"> <!--For clustering, please take a look at documentation at:&#xa; /docs/cluster-howto.html (simple how to)&#xa; /docs/config/cluster.html (reference documentation) --> <!--&#xa; <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>&#xa; --> <!-- Use the LockOutRealm to prevent attempts to guess user passwords&#xa; via a brute-force attack --> <Realm className="org.apache.catalina.realm.LockOutRealm"> <!-- This Realm uses the UserDatabase configured in the global JNDI&#xa; resources under the key "UserDatabase". Any edits&#xa; that are performed against this UserDatabase are immediately&#xa; available for use by the Realm. --> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="tclocalhost" appBase="webapps_targetconnectors" unpackWARs="true" autoDeploy="false"> <!-- SingleSignOn valve, share authentication between web applications&#xa; Documentation at: /docs/config/valve.html --> <!--&#xa; <Valve className="org.apache.catalina.authenticator.SingleSignOn" />&#xa; --> <!-- Access log processes all example.&#xa; Documentation at: /docs/config/valve.html&#xa; Note: The pattern used is equivalent to using pattern="common" --> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> <!--Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false"&#xa; showServerInfo="false" /--> </Host> </Engine> </Service> </Server>