| 1 |
<!-- Example Server Configuration File --> |
| 2 |
<!-- Note that component elements are nested corresponding to their |
| 3 |
parent-child relationships with each other --> |
| 4 |
|
| 5 |
<!-- A "Server" is a singleton element that represents the entire JVM, |
| 6 |
which may contain one or more "Service" instances. The Server |
| 7 |
listens for a shutdown command on the indicated port. |
| 8 |
|
| 9 |
Note: A "Server" is not itself a "Container", so you may not |
| 10 |
define subcomponents such as "Valves" or "Loggers" at this level. |
| 11 |
--> |
| 12 |
|
| 13 |
<Server port="8005" shutdown="SHUTDOWN"> |
| 14 |
|
| 15 |
<!-- Comment these entries out to disable JMX MBeans support used for the |
| 16 |
administration web application --> |
| 17 |
<Listener className="org.apache.catalina.core.AprLifecycleListener" /> |
| 18 |
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" /> |
| 19 |
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> |
| 20 |
<Listener className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/> |
| 21 |
|
| 22 |
<!-- Global JNDI resources --> |
| 23 |
<GlobalNamingResources> |
| 24 |
|
| 25 |
<!-- Test entry for demonstration purposes --> |
| 26 |
<Environment name="simpleValue" type="java.lang.Integer" value="30"/> |
| 27 |
|
| 28 |
<!-- Editable user database that can also be used by |
| 29 |
UserDatabaseRealm to authenticate users --> |
| 30 |
<Resource name="UserDatabase" auth="Container" |
| 31 |
type="org.apache.catalina.UserDatabase" |
| 32 |
description="User database that can be updated and saved" |
| 33 |
factory="org.apache.catalina.users.MemoryUserDatabaseFactory" |
| 34 |
pathname="conf/tomcat-users.xml" /> |
| 35 |
|
| 36 |
</GlobalNamingResources> |
| 37 |
|
| 38 |
<!-- A "Service" is a collection of one or more "Connectors" that share |
| 39 |
a single "Container" (and therefore the web applications visible |
| 40 |
within that Container). Normally, that Container is an "Engine", |
| 41 |
but this is not required. |
| 42 |
|
| 43 |
Note: A "Service" is not itself a "Container", so you may not |
| 44 |
define subcomponents such as "Valves" or "Loggers" at this level. |
| 45 |
--> |
| 46 |
|
| 47 |
<!-- Define the Tomcat Stand-Alone Service --> |
| 48 |
<Service name="Catalina"> |
| 49 |
|
| 50 |
<!-- A "Connector" represents an endpoint by which requests are received |
| 51 |
and responses are returned. Each Connector passes requests on to the |
| 52 |
associated "Container" (normally an Engine) for processing. |
| 53 |
|
| 54 |
By default, a non-SSL HTTP/1.1 Connector is established on port 8080. |
| 55 |
You can also enable an SSL HTTP/1.1 Connector on port 8443 by |
| 56 |
following the instructions below and uncommenting the second Connector |
| 57 |
entry. SSL support requires the following steps (see the SSL Config |
| 58 |
HOWTO in the Tomcat 5 documentation bundle for more detailed |
| 59 |
instructions): |
| 60 |
* If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or |
| 61 |
later, and put the JAR files into "$JAVA_HOME/jre/lib/ext". |
| 62 |
* Execute: |
| 63 |
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows) |
| 64 |
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix) |
| 65 |
with a password value of "changeit" for both the certificate and |
| 66 |
the keystore itself. |
| 67 |
|
| 68 |
By default, DNS lookups are enabled when a web application calls |
| 69 |
request.getRemoteHost(). This can have an adverse impact on |
| 70 |
performance, so you can disable it by setting the |
| 71 |
"enableLookups" attribute to "false". When DNS lookups are disabled, |
| 72 |
request.getRemoteHost() will return the String version of the |
| 73 |
IP address of the remote client. |
| 74 |
--> |
| 75 |
|
| 76 |
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --> |
| 77 |
<Connector port="8080" maxHttpHeaderSize="8192" |
| 78 |
emptySessionPath="true" |
| 79 |
maxThreads="150" minSpareThreads="25" maxSpareThreads="75" |
| 80 |
enableLookups="false" redirectPort="8443" acceptCount="100" |
| 81 |
connectionTimeout="20000" disableUploadTimeout="true" /> |
| 82 |
<!-- Note : To disable connection timeouts, set connectionTimeout value |
| 83 |
to 0 --> |
| 84 |
|
| 85 |
<!-- Note : To use gzip compression you could set the following properties : |
| 86 |
|
| 87 |
compression="on" |
| 88 |
compressionMinSize="2048" |
| 89 |
noCompressionUserAgents="gozilla, traviata" |
| 90 |
compressableMimeType="text/html,text/xml" |
| 91 |
--> |
| 92 |
|
| 93 |
<!-- Define a SSL HTTP/1.1 Connector on port 8443 --> |
| 94 |
<!-- |
| 95 |
<Connector port="8443" maxHttpHeaderSize="8192" |
| 96 |
maxThreads="150" minSpareThreads="25" maxSpareThreads="75" |
| 97 |
enableLookups="false" disableUploadTimeout="true" |
| 98 |
acceptCount="100" scheme="https" secure="true" |
| 99 |
clientAuth="false" sslProtocol="TLS" /> |
| 100 |
--> |
| 101 |
|
| 102 |
<!-- Define an AJP 1.3 Connector on port 8009 --> |
| 103 |
<Connector port="8009" |
| 104 |
enableLookups="false" redirectPort="8443" protocol="AJP/1.3" /> |
| 105 |
|
| 106 |
<!-- Define a Proxied HTTP/1.1 Connector on port 8082 --> |
| 107 |
<!-- See proxy documentation for more information about using this. --> |
| 108 |
<!-- |
| 109 |
<Connector port="8082" |
| 110 |
maxThreads="150" minSpareThreads="25" maxSpareThreads="75" |
| 111 |
enableLookups="false" acceptCount="100" connectionTimeout="20000" |
| 112 |
proxyPort="80" disableUploadTimeout="true" /> |
| 113 |
--> |
| 114 |
|
| 115 |
<!-- An Engine represents the entry point (within Catalina) that processes |
| 116 |
every request. The Engine implementation for Tomcat stand alone |
| 117 |
analyzes the HTTP headers included with the request, and passes them |
| 118 |
on to the appropriate Host (virtual host). --> |
| 119 |
|
| 120 |
<!-- You should set jvmRoute to support load-balancing via AJP ie : |
| 121 |
<Engine name="Standalone" defaultHost="localhost" jvmRoute="jvm1"> |
| 122 |
--> |
| 123 |
|
| 124 |
<!-- Define the top level container in our container hierarchy --> |
| 125 |
<Engine name="Catalina" defaultHost="localhost"> |
| 126 |
|
| 127 |
<!-- The request dumper valve dumps useful debugging information about |
| 128 |
the request headers and cookies that were received, and the response |
| 129 |
headers and cookies that were sent, for all requests received by |
| 130 |
this instance of Tomcat. If you care only about requests to a |
| 131 |
particular virtual host, or a particular application, nest this |
| 132 |
element inside the corresponding <Host> or <Context> entry instead. |
| 133 |
|
| 134 |
For a similar mechanism that is portable to all Servlet 2.4 |
| 135 |
containers, check out the "RequestDumperFilter" Filter in the |
| 136 |
example application (the source for this filter may be found in |
| 137 |
"$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters"). |
| 138 |
|
| 139 |
Request dumping is disabled by default. Uncomment the following |
| 140 |
element to enable it. --> |
| 141 |
<!-- |
| 142 |
<Valve className="org.apache.catalina.valves.RequestDumperValve"/> |
| 143 |
--> |
| 144 |
|
| 145 |
<!-- Because this Realm is here, an instance will be shared globally --> |
| 146 |
|
| 147 |
<!-- This Realm uses the UserDatabase configured in the global JNDI |
| 148 |
resources under the key "UserDatabase". Any edits |
| 149 |
that are performed against this UserDatabase are immediately |
| 150 |
available for use by the Realm. --> |
| 151 |
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" |
| 152 |
resourceName="UserDatabase"/> |
| 153 |
|
| 154 |
<!-- Comment out the old realm but leave here for now in case we |
| 155 |
need to go back quickly --> |
| 156 |
<!-- |
| 157 |
<Realm className="org.apache.catalina.realm.MemoryRealm" /> |
| 158 |
--> |
| 159 |
|
| 160 |
<!-- Replace the above Realm with one of the following to get a Realm |
| 161 |
stored in a database and accessed via JDBC --> |
| 162 |
|
| 163 |
<!-- |
| 164 |
<Realm className="org.apache.catalina.realm.JDBCRealm" |
| 165 |
driverName="org.gjt.mm.mysql.Driver" |
| 166 |
connectionURL="jdbc:mysql://localhost/authority" |
| 167 |
connectionName="test" connectionPassword="test" |
| 168 |
userTable="users" userNameCol="user_name" userCredCol="user_pass" |
| 169 |
userRoleTable="user_roles" roleNameCol="role_name" /> |
| 170 |
--> |
| 171 |
|
| 172 |
<!-- |
| 173 |
<Realm className="org.apache.catalina.realm.JDBCRealm" |
| 174 |
driverName="oracle.jdbc.driver.OracleDriver" |
| 175 |
connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL" |
| 176 |
connectionName="scott" connectionPassword="tiger" |
| 177 |
userTable="users" userNameCol="user_name" userCredCol="user_pass" |
| 178 |
userRoleTable="user_roles" roleNameCol="role_name" /> |
| 179 |
--> |
| 180 |
|
| 181 |
<!-- |
| 182 |
<Realm className="org.apache.catalina.realm.JDBCRealm" |
| 183 |
driverName="sun.jdbc.odbc.JdbcOdbcDriver" |
| 184 |
connectionURL="jdbc:odbc:CATALINA" |
| 185 |
userTable="users" userNameCol="user_name" userCredCol="user_pass" |
| 186 |
userRoleTable="user_roles" roleNameCol="role_name" /> |
| 187 |
--> |
| 188 |
|
| 189 |
<!-- Define the default virtual host |
| 190 |
Note: XML Schema validation will not work with Xerces 2.2. |
| 191 |
--> |
| 192 |
<Host name="localhost" appBase="webapps" |
| 193 |
unpackWARs="true" autoDeploy="true" |
| 194 |
xmlValidation="false" xmlNamespaceAware="false"> |
| 195 |
|
| 196 |
<!-- Defines a cluster for this node, |
| 197 |
By defining this element, means that every manager will be changed. |
| 198 |
So when running a cluster, only make sure that you have webapps in there |
| 199 |
that need to be clustered and remove the other ones. |
| 200 |
A cluster has the following parameters: |
| 201 |
|
| 202 |
className = the fully qualified name of the cluster class |
| 203 |
|
| 204 |
clusterName = a descriptive name for your cluster, can be anything |
| 205 |
|
| 206 |
mcastAddr = the multicast address, has to be the same for all the nodes |
| 207 |
|
| 208 |
mcastPort = the multicast port, has to be the same for all the nodes |
| 209 |
|
| 210 |
mcastBindAddress = bind the multicast socket to a specific address |
| 211 |
|
| 212 |
mcastTTL = the multicast TTL if you want to limit your broadcast |
| 213 |
|
| 214 |
mcastSoTimeout = the multicast readtimeout |
| 215 |
|
| 216 |
mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat |
| 217 |
|
| 218 |
mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received |
| 219 |
|
| 220 |
tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes |
| 221 |
|
| 222 |
tcpListenAddress = the listen address (bind address) for TCP cluster request on this host, |
| 223 |
in case of multiple ethernet cards. |
| 224 |
auto means that address becomes |
| 225 |
InetAddress.getLocalHost().getHostAddress() |
| 226 |
|
| 227 |
tcpListenPort = the tcp listen port |
| 228 |
|
| 229 |
tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS |
| 230 |
has a wakup bug in java.nio. Set to 0 for no timeout |
| 231 |
|
| 232 |
printToScreen = true means that managers will also print to std.out |
| 233 |
|
| 234 |
expireSessionsOnShutdown = true means that |
| 235 |
|
| 236 |
useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called. |
| 237 |
false means to replicate the session after each request. |
| 238 |
false means that replication would work for the following piece of code: (only for SimpleTcpReplicationManager) |
| 239 |
<% |
| 240 |
HashMap map = (HashMap)session.getAttribute("map"); |
| 241 |
map.put("key","value"); |
| 242 |
%> |
| 243 |
replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'. |
| 244 |
* Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication. |
| 245 |
* Synchronous means that the thread that executes the request, is also the |
| 246 |
thread the replicates the data to the other nodes, and will not return until all |
| 247 |
nodes have received the information. |
| 248 |
* Asynchronous means that there is a specific 'sender' thread for each cluster node, |
| 249 |
so the request thread will queue the replication request into a "smart" queue, |
| 250 |
and then return to the client. |
| 251 |
The "smart" queue is a queue where when a session is added to the queue, and the same session |
| 252 |
already exists in the queue from a previous request, that session will be replaced |
| 253 |
in the queue instead of replicating two requests. This almost never happens, unless there is a |
| 254 |
large network delay. |
| 255 |
--> |
| 256 |
<!-- |
| 257 |
When configuring for clustering, you also add in a valve to catch all the requests |
| 258 |
coming in, at the end of the request, the session may or may not be replicated. |
| 259 |
A session is replicated if and only if all the conditions are met: |
| 260 |
1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND |
| 261 |
2. a session exists (has been created) |
| 262 |
3. the request is not trapped by the "filter" attribute |
| 263 |
|
| 264 |
The filter attribute is to filter out requests that could not modify the session, |
| 265 |
hence we don't replicate the session after the end of this request. |
| 266 |
The filter is negative, ie, anything you put in the filter, you mean to filter out, |
| 267 |
ie, no replication will be done on requests that match one of the filters. |
| 268 |
The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to. |
| 269 |
|
| 270 |
filter=".*\.gif;.*\.js;" means that we will not replicate the session after requests with the URI |
| 271 |
ending with .gif and .js are intercepted. |
| 272 |
|
| 273 |
The deployer element can be used to deploy apps cluster wide. |
| 274 |
Currently the deployment only deploys/undeploys to working members in the cluster |
| 275 |
so no WARs are copied upons startup of a broken node. |
| 276 |
The deployer watches a directory (watchDir) for WAR files when watchEnabled="true" |
| 277 |
When a new war file is added the war gets deployed to the local instance, |
| 278 |
and then deployed to the other instances in the cluster. |
| 279 |
When a war file is deleted from the watchDir the war is undeployed locally |
| 280 |
and cluster wide |
| 281 |
--> |
| 282 |
|
| 283 |
<!-- |
| 284 |
<Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster" |
| 285 |
managerClassName="org.apache.catalina.cluster.session.DeltaManager" |
| 286 |
expireSessionsOnShutdown="false" |
| 287 |
useDirtyFlag="true" |
| 288 |
notifyListenersOnReplication="true"> |
| 289 |
|
| 290 |
<Membership |
| 291 |
className="org.apache.catalina.cluster.mcast.McastService" |
| 292 |
mcastAddr="228.0.0.4" |
| 293 |
mcastPort="45564" |
| 294 |
mcastFrequency="500" |
| 295 |
mcastDropTime="3000"/> |
| 296 |
|
| 297 |
<Receiver |
| 298 |
className="org.apache.catalina.cluster.tcp.ReplicationListener" |
| 299 |
tcpListenAddress="auto" |
| 300 |
tcpListenPort="4001" |
| 301 |
tcpSelectorTimeout="100" |
| 302 |
tcpThreadCount="6"/> |
| 303 |
|
| 304 |
<Sender |
| 305 |
className="org.apache.catalina.cluster.tcp.ReplicationTransmitter" |
| 306 |
replicationMode="pooled" |
| 307 |
ackTimeout="15000" |
| 308 |
waitForAck="true"/> |
| 309 |
|
| 310 |
<Valve className="org.apache.catalina.cluster.tcp.ReplicationValve" |
| 311 |
filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;"/> |
| 312 |
|
| 313 |
<Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer" |
| 314 |
tempDir="/tmp/war-temp/" |
| 315 |
deployDir="/tmp/war-deploy/" |
| 316 |
watchDir="/tmp/war-listen/" |
| 317 |
watchEnabled="false"/> |
| 318 |
|
| 319 |
<ClusterListener className="org.apache.catalina.cluster.session.ClusterSessionListener"/> |
| 320 |
</Cluster> |
| 321 |
--> |
| 322 |
|
| 323 |
|
| 324 |
|
| 325 |
<!-- Normally, users must authenticate themselves to each web app |
| 326 |
individually. Uncomment the following entry if you would like |
| 327 |
a user to be authenticated the first time they encounter a |
| 328 |
resource protected by a security constraint, and then have that |
| 329 |
user identity maintained across *all* web applications contained |
| 330 |
in this virtual host. --> |
| 331 |
<!-- |
| 332 |
<Valve className="org.apache.catalina.authenticator.SingleSignOn" /> |
| 333 |
--> |
| 334 |
|
| 335 |
<!-- Access log processes all requests for this virtual host. By |
| 336 |
default, log files are created in the "logs" directory relative to |
| 337 |
$CATALINA_HOME. If you wish, you can specify a different |
| 338 |
directory with the "directory" attribute. Specify either a relative |
| 339 |
(to $CATALINA_HOME) or absolute path to the desired directory. |
| 340 |
--> |
| 341 |
<!-- |
| 342 |
<Valve className="org.apache.catalina.valves.AccessLogValve" |
| 343 |
directory="logs" prefix="localhost_access_log." suffix=".txt" |
| 344 |
pattern="common" resolveHosts="false"/> |
| 345 |
--> |
| 346 |
|
| 347 |
<!-- Access log processes all requests for this virtual host. By |
| 348 |
default, log files are created in the "logs" directory relative to |
| 349 |
$CATALINA_HOME. If you wish, you can specify a different |
| 350 |
directory with the "directory" attribute. Specify either a relative |
| 351 |
(to $CATALINA_HOME) or absolute path to the desired directory. |
| 352 |
This access log implementation is optimized for maximum performance, |
| 353 |
but is hardcoded to support only the "common" and "combined" patterns. |
| 354 |
--> |
| 355 |
<!-- |
| 356 |
<Valve className="org.apache.catalina.valves.FastCommonAccessLogValve" |
| 357 |
directory="logs" prefix="localhost_access_log." suffix=".txt" |
| 358 |
pattern="common" resolveHosts="false"/> |
| 359 |
--> |
| 360 |
|
| 361 |
</Host> |
| 362 |
|
| 363 |
</Engine> |
| 364 |
|
| 365 |
</Service> |
| 366 |
|
| 367 |
</Server> |