1c/docker_fresh
1
0
Fork 0
mirror of https://github.com/1C-Company/docker_fresh.git synced 2025-03-17 20:47:56 +02:00
Code Issues Releases Activity

change clrf to lf

Browse Source
This commit is contained in:
WizaXxX 2020-04-07 17:03:09 +03:00
parent e09f63a6b4
commit 28308b42fc
23 changed files with 875 additions and 876 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
images/core/Dockerfile
View File

@ -1,36 +1,36 @@
FROM fresh/centos
ADD ./distr/license-tools /tmp/license-tools
ADD ./distr/*.rpm /tmp/core/
RUN yum -y localinstall /tmp/core/*.rpm; \
rm -rf /tmp/core; \
sed -i '/User apache/ s//User usr1cv8/g' /etc/httpd/conf/httpd.conf; \
sed -i '/Group apache/ s//Group grp1cv8/g' /etc/httpd/conf/httpd.conf; \
sed -i '/#ServerName www.example.com:80/ s//ServerName localhost/g' /etc/httpd/conf/httpd.conf; \
yum -y install x11vnc metacity net-tools gdb perl tar git jq; \
yum -y install https://centos7.iuscommunity.org/ius-release.rpm; \
yum -y --setopt=tsflags=nodocs install python36u python36u-devel python36u-pip; \
yum -y install java-1.8.0-openjdk; \
cert-sync /etc/pki/tls/certs/ca-bundle.crt; \
oscript /usr/share/oscript/lib/opm/src/cmd/opm.os install deployka; \
chmod +x /usr/bin/deployka; \
chmod +x /tmp/license-tools/1ce-installer-cli; /tmp/license-tools/1ce-installer-cli install
ADD ./conf/conf.cfg /opt/1C/v8.3/x86_64/conf/
ADD ./conf/logcfg.xml /opt/1C/v8.3/x86_64/conf/
ENV COREDATA /var/lib/1c/data
ENV CORELOGS /var/log/1c
ENV AGENTBASEDIR /var/lib/1c/agent_data
ENV INFOBASECONNECTIONSTRING ""
VOLUME ["${COREDATA}", "${CORELOGS}", "${AGENTBASEDIR}"]
ADD ./entrypoint.sh /
RUN chmod +x /entrypoint.sh
ADD ./dumper.py /usr/bin/dumper
RUN chmod +x /usr/bin/dumper
FROM fresh/centos
ADD ./distr/license-tools /tmp/license-tools
ADD ./distr/*.rpm /tmp/core/
RUN yum -y localinstall /tmp/core/*.rpm; \
rm -rf /tmp/core; \
sed -i '/User apache/ s//User usr1cv8/g' /etc/httpd/conf/httpd.conf; \
sed -i '/Group apache/ s//Group grp1cv8/g' /etc/httpd/conf/httpd.conf; \
sed -i '/#ServerName www.example.com:80/ s//ServerName localhost/g' /etc/httpd/conf/httpd.conf; \
yum -y install x11vnc metacity net-tools gdb perl tar git jq; \
yum -y install https://centos7.iuscommunity.org/ius-release.rpm; \
yum -y --setopt=tsflags=nodocs install python36u python36u-devel python36u-pip; \
yum -y install java-1.8.0-openjdk; \
cert-sync /etc/pki/tls/certs/ca-bundle.crt; \
oscript /usr/share/oscript/lib/opm/src/cmd/opm.os install deployka; \
chmod +x /usr/bin/deployka; \
chmod +x /tmp/license-tools/1ce-installer-cli; /tmp/license-tools/1ce-installer-cli install
ADD ./conf/conf.cfg /opt/1C/v8.3/x86_64/conf/
ADD ./conf/logcfg.xml /opt/1C/v8.3/x86_64/conf/
ENV COREDATA /var/lib/1c/data
ENV CORELOGS /var/log/1c
ENV AGENTBASEDIR /var/lib/1c/agent_data
ENV INFOBASECONNECTIONSTRING ""
VOLUME ["${COREDATA}", "${CORELOGS}", "${AGENTBASEDIR}"]
ADD ./entrypoint.sh /
RUN chmod +x /entrypoint.sh
ADD ./dumper.py /usr/bin/dumper
RUN chmod +x /usr/bin/dumper
ENTRYPOINT ["/entrypoint.sh"]

2
images/core/conf/conf.cfg
View File

@ -1,2 +1,2 @@
SystemLanguage=System
SystemLanguage=System
DisableUnsafeActionProtection=.*

34
images/core/conf/logcfg.xml
View File

@ -1,17 +1,17 @@
<config xmlns="http://v8.1c.ru/v8/tech-log">
<dump location="/var/log/1c/dumps" create="1" type="3"/>
<log location="/var/log/1c/excp" history="1">
<event>
<eq property="name" value="EXCP"/>
</event>
<property name="all">
</property>
</log>
<system level="Trace" class="OID2Log" />
<log location="/var/log/1c/openid" history="1">
<event>
<eq property="class" value="OID2Log" />
</event>
<property name="all" />
</log>
</config>
<config xmlns="http://v8.1c.ru/v8/tech-log">
<dump location="/var/log/1c/dumps" create="1" type="3"/>
<log location="/var/log/1c/excp" history="1">
<event>
<eq property="name" value="EXCP"/>
</event>
<property name="all">
</property>
</log>
<system level="Trace" class="OID2Log" />
<log location="/var/log/1c/openid" history="1">
<event>
<eq property="class" value="OID2Log" />
</event>
<property name="all" />
</log>
</config>

346
images/core/dumper.py
View File

@ -1,174 +1,174 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
import glob
import re
import os
import sys
import subprocess
import urllib
import json
import time
import uuid
# define regexps
regex_process_pid = re.compile(r'/([^/.]+?)\.(\d+?)\.(\d+?)\.core')
regex_offset = re.compile(r'#0\s+?([\dxa-f]+?)\s')
regex_extension_replacement = re.compile(r'\.zip$')
regex_extension_replacement2 = re.compile(r'\.core$')
# BEGIN helper functions------------------------------------------------------------------------------------------------
def write_to_log(msg):
msg = time.ctime() + ' ' + msg
print(msg)
def run_shell(cmd):
pipe = subprocess.PIPE
p = subprocess.Popen(cmd, shell=True, stdin=pipe, stdout=pipe, stderr=pipe, close_fds=True, cwd='/')
return p.stdout.read(), p.stderr.read()
def run_shell_get_result(cmd):
result = subprocess.call(cmd, shell=True)
return result
def check_size_static(core_file):
size_1 = os.path.getsize(core_file)
time.sleep(5)
size_2 = os.path.getsize(core_file)
return size_1 == size_2
# END helper functions--------------------------------------------------------------------------------------------------
# BEGIN prepare date----------------------------------------------------------------------------------------------------
def get_pid_process_ctime(core_file):
rez = regex_process_pid.search(core_file)
process = rez.groups()[0]
ctime = rez.groups()[1]
pid = rez.groups()[2]
return process, ctime, pid
def get_platform_offset(core_file, process):
# run gdb for getting offset of core
cmd = 'echo -e "bt\nexit" | gdb /opt/1C/v8.3/x86_64/' + process + ' ' + core_file
(gdb_result, gdb_error) = run_shell(cmd)
if not gdb_result:
offset = '000000000000'
platform = '8.3.0.0000'
write_to_log('cant work with gdb: ' + gdb_error)
else:
rez = regex_offset.search(gdb_result)
if rez is None:
offset = '000000000000'
else:
offset = rez.groups()[0]
offset = offset[6:-1]
# getting platform version
cmd = 'strings /opt/1C/v8.3/x86_64/' + process + """ | grep -oP '[8-9]\.[3-90]\.\d\d?\.\d{2,4}' """
(ver_result, ver_error) = run_shell(cmd)
if ver_result:
platform = ver_result.strip()
else:
platform = '8.3.0.0000'
return platform, offset
def get_creation_date_string(ctime):
ctime_sturct = time.localtime(int(ctime))
ctime_string = '_%.4d%.2d%.2d%.2d%.2d%.2d_' % (ctime_sturct[0], ctime_sturct[1], ctime_sturct[2], ctime_sturct[3],
ctime_sturct[4], ctime_sturct[5])
creation_date = '%.4d-%.2d-%.2dT%.2d:%.2d:%.2d' % (ctime_sturct[0], ctime_sturct[1], ctime_sturct[2],
ctime_sturct[3], ctime_sturct[4], ctime_sturct[5])
return ctime_string, creation_date
def get_file_name(process, platform, offset, ctime_string, pid):
return process + '_' + platform + '_' + offset + ctime_string + pid + '.core'
def get_file_size_hostname(core_file):
file_size = os.path.getsize(core_file)
hostname = os.uname()[1]
return file_size, hostname
def make_libs_tar(core_file, process):
if os.path.exists(libs_file):
os.remove(libs_file)
cmd = """echo -e "info shared\nq" | """
cmd += """ gdb /opt/1C/v8.3/x86_64/""" + process + " " + core_file + """ 2>/dev/null | """
cmd += """ grep 0x0000 | grep -v /opt/1C/v8.3 | grep -v ?? | perl -alne 'print $F[-1]' | """
cmd += """ while read file; do tar --dereference --append -f """ + libs_file + """ $file 2> /dev/null ; done"""
stdout, stderr = run_shell(cmd)
# Если стек не раскрылся, то создадим пустой файл
if not os.path.exists(libs_file):
cmd = 'touch ' + libs_file
run_shell_get_result(cmd)
if stderr:
write_to_log('cant work with gdb and make libs tar, result: ' + str(stderr))
if os.path.getsize(libs_file) == 0:
write_to_log('libs_file size = 0.')
def change_extension(core_gz_file):
core_gz_file = regex_extension_replacement.sub('.tar.gz', core_gz_file)
return regex_extension_replacement2.sub('.tar.gz', core_gz_file)
# END prepare date------------------------------------------------------------------------------------------------------
def gz_core_file(core_file, file_name):
# Костыль, меняем расшинерие на gz
core_gz_file = os.path.basename(file_name)
core_gz_file = change_extension(core_gz_file)
# Зипуем
cmd = 'cd {} && mv {} {} && '.format(cores_dir, core_file, file_name)
cmd += 'tar -czf {} {} {} 2>/dev/null && '.format(core_gz_file, file_name, libs_short_file)
cmd += 'rm -f {} && rm -f {}'.format(file_name, libs_short_file)
rez = run_shell_get_result(cmd)
# Если не получилось загзиповать, то выходим из процедуры
if rez:
write_to_log('cant work with tar')
return
# BEGIN main program ---------------------------------------------------------------------------------------------------
def work_with_dump(core_file):
while not check_size_static(core_file):
print('{} file size: {}'.format(core_file, os.path.getsize(core_file)))
process, ctime, pid = get_pid_process_ctime(core_file)
platform, offset = get_platform_offset(core_file, process)
ctime_string, creation_date = get_creation_date_string(ctime)
make_libs_tar(core_file, process)
file_name = get_file_name(process, platform, offset, ctime_string, pid)
gz_core_file(core_file, file_name)
cores_dir = '/tmp/cores/' # директория в которой должны лежать дампы
libs_short_file = 'libs.tar'
libs_file = os.path.join(cores_dir, 'libs.tar')
if __name__ == "__main__":
# finding core files
cores_path = cores_dir + '*.core*'
for file in glob.glob(cores_path):
#!/usr/bin/python3
# -*- coding: utf-8 -*-
import glob
import re
import os
import sys
import subprocess
import urllib
import json
import time
import uuid
# define regexps
regex_process_pid = re.compile(r'/([^/.]+?)\.(\d+?)\.(\d+?)\.core')
regex_offset = re.compile(r'#0\s+?([\dxa-f]+?)\s')
regex_extension_replacement = re.compile(r'\.zip$')
regex_extension_replacement2 = re.compile(r'\.core$')
# BEGIN helper functions------------------------------------------------------------------------------------------------
def write_to_log(msg):
msg = time.ctime() + ' ' + msg
print(msg)
def run_shell(cmd):
pipe = subprocess.PIPE
p = subprocess.Popen(cmd, shell=True, stdin=pipe, stdout=pipe, stderr=pipe, close_fds=True, cwd='/')
return p.stdout.read(), p.stderr.read()
def run_shell_get_result(cmd):
result = subprocess.call(cmd, shell=True)
return result
def check_size_static(core_file):
size_1 = os.path.getsize(core_file)
time.sleep(5)
size_2 = os.path.getsize(core_file)
return size_1 == size_2
# END helper functions--------------------------------------------------------------------------------------------------
# BEGIN prepare date----------------------------------------------------------------------------------------------------
def get_pid_process_ctime(core_file):
rez = regex_process_pid.search(core_file)
process = rez.groups()[0]
ctime = rez.groups()[1]
pid = rez.groups()[2]
return process, ctime, pid
def get_platform_offset(core_file, process):
# run gdb for getting offset of core
cmd = 'echo -e "bt\nexit" | gdb /opt/1C/v8.3/x86_64/' + process + ' ' + core_file
(gdb_result, gdb_error) = run_shell(cmd)
if not gdb_result:
offset = '000000000000'
platform = '8.3.0.0000'
write_to_log('cant work with gdb: ' + gdb_error)
else:
rez = regex_offset.search(gdb_result)
if rez is None:
offset = '000000000000'
else:
offset = rez.groups()[0]
offset = offset[6:-1]
# getting platform version
cmd = 'strings /opt/1C/v8.3/x86_64/' + process + """ | grep -oP '[8-9]\.[3-90]\.\d\d?\.\d{2,4}' """
(ver_result, ver_error) = run_shell(cmd)
if ver_result:
platform = ver_result.strip()
else:
platform = '8.3.0.0000'
return platform, offset
def get_creation_date_string(ctime):
ctime_sturct = time.localtime(int(ctime))
ctime_string = '_%.4d%.2d%.2d%.2d%.2d%.2d_' % (ctime_sturct[0], ctime_sturct[1], ctime_sturct[2], ctime_sturct[3],
ctime_sturct[4], ctime_sturct[5])
creation_date = '%.4d-%.2d-%.2dT%.2d:%.2d:%.2d' % (ctime_sturct[0], ctime_sturct[1], ctime_sturct[2],
ctime_sturct[3], ctime_sturct[4], ctime_sturct[5])
return ctime_string, creation_date
def get_file_name(process, platform, offset, ctime_string, pid):
return process + '_' + platform + '_' + offset + ctime_string + pid + '.core'
def get_file_size_hostname(core_file):
file_size = os.path.getsize(core_file)
hostname = os.uname()[1]
return file_size, hostname
def make_libs_tar(core_file, process):
if os.path.exists(libs_file):
os.remove(libs_file)
cmd = """echo -e "info shared\nq" | """
cmd += """ gdb /opt/1C/v8.3/x86_64/""" + process + " " + core_file + """ 2>/dev/null | """
cmd += """ grep 0x0000 | grep -v /opt/1C/v8.3 | grep -v ?? | perl -alne 'print $F[-1]' | """
cmd += """ while read file; do tar --dereference --append -f """ + libs_file + """ $file 2> /dev/null ; done"""
stdout, stderr = run_shell(cmd)
# Если стек не раскрылся, то создадим пустой файл
if not os.path.exists(libs_file):
cmd = 'touch ' + libs_file
run_shell_get_result(cmd)
if stderr:
write_to_log('cant work with gdb and make libs tar, result: ' + str(stderr))
if os.path.getsize(libs_file) == 0:
write_to_log('libs_file size = 0.')
def change_extension(core_gz_file):
core_gz_file = regex_extension_replacement.sub('.tar.gz', core_gz_file)
return regex_extension_replacement2.sub('.tar.gz', core_gz_file)
# END prepare date------------------------------------------------------------------------------------------------------
def gz_core_file(core_file, file_name):
# Костыль, меняем расшинерие на gz
core_gz_file = os.path.basename(file_name)
core_gz_file = change_extension(core_gz_file)
# Зипуем
cmd = 'cd {} && mv {} {} && '.format(cores_dir, core_file, file_name)
cmd += 'tar -czf {} {} {} 2>/dev/null && '.format(core_gz_file, file_name, libs_short_file)
cmd += 'rm -f {} && rm -f {}'.format(file_name, libs_short_file)
rez = run_shell_get_result(cmd)
# Если не получилось загзиповать, то выходим из процедуры
if rez:
write_to_log('cant work with tar')
return
# BEGIN main program ---------------------------------------------------------------------------------------------------
def work_with_dump(core_file):
while not check_size_static(core_file):
print('{} file size: {}'.format(core_file, os.path.getsize(core_file)))
process, ctime, pid = get_pid_process_ctime(core_file)
platform, offset = get_platform_offset(core_file, process)
ctime_string, creation_date = get_creation_date_string(ctime)
make_libs_tar(core_file, process)
file_name = get_file_name(process, platform, offset, ctime_string, pid)
gz_core_file(core_file, file_name)
cores_dir = '/tmp/cores/' # директория в которой должны лежать дампы
libs_short_file = 'libs.tar'
libs_file = os.path.join(cores_dir, 'libs.tar')
if __name__ == "__main__":
# finding core files
cores_path = cores_dir + '*.core*'
for file in glob.glob(cores_path):
work_with_dump(file)

1
images/core/get_platform.sh
View File

@ -13,4 +13,3 @@ tar -xvf client_$DISTR_FILE_VERSION.rpm64.tar.gz $client_file_name -C /main_dir/
tar -xvf rpm64_$DISTR_FILE_VERSION.tar.gz $common_file_name $server_file_name $ws_file_name -C /main_dir/distr
tar -xvf rpm64_$DISTR_FILE_VERSION.tar.gz "license-tools" -C /main_dir/distr/

22
images/forum/Dockerfile
View File

@ -1,12 +1,12 @@
FROM tomcat:7.0-jre8-alpine
ENV JAVA_OPTS "${JAVA_OPTS} -Xms512m -Xmx1024m -XX:+UseParallelGC -server"
RUN rm -rf /usr/local/tomcat/webapps/* && \
mkdir -p /var/www/forum/{mess_files,logo}
COPY ./distr/forum/ROOT.war /usr/local/tomcat/webapps/
EXPOSE 8080
FROM tomcat:7.0-jre8-alpine
ENV JAVA_OPTS "${JAVA_OPTS} -Xms512m -Xmx1024m -XX:+UseParallelGC -server"
RUN rm -rf /usr/local/tomcat/webapps/* && \
mkdir -p /var/www/forum/{mess_files,logo}
COPY ./distr/forum/ROOT.war /usr/local/tomcat/webapps/
EXPOSE 8080
CMD ["bin/catalina.sh", "run"]

98
images/forum/conf/context.xml
View File

@ -1,50 +1,50 @@
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- The contents of this file will be loaded for each web application -->
<Context>
<Resource
name="jdbc/freshForumDS"
auth="Container"
type="javax.sql.DataSource"
driverClassName="org.postgresql.Driver"
url="jdbc:postgresql://db:5432/forum"
username="forum"
password="12345Qwerty"
removeAbandoned="true"
removeAbandonedTimeout="90"
logAbandoned="true"
maxActive="30"
maxIdle="20"
maxWait="-1"/>
<!-- Default set of monitored resources -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<!-- Uncomment this to disable session persistence across Tomcat restarts -->
<!--
<Manager pathname="" />
-->
<!-- Uncomment this to enable Comet connection tacking (provides events
on session expiration as well as webapp lifecycle) -->
<!--
<Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
-->
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- The contents of this file will be loaded for each web application -->
<Context>
<Resource
name="jdbc/freshForumDS"
auth="Container"
type="javax.sql.DataSource"
driverClassName="org.postgresql.Driver"
url="jdbc:postgresql://db:5432/forum"
username="forum"
password="12345Qwerty"
removeAbandoned="true"
removeAbandonedTimeout="90"
logAbandoned="true"
maxActive="30"
maxIdle="20"
maxWait="-1"/>
<!-- Default set of monitored resources -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<!-- Uncomment this to disable session persistence across Tomcat restarts -->
<!--
<Manager pathname="" />
-->
<!-- Uncomment this to enable Comet connection tacking (provides events
on session expiration as well as webapp lifecycle) -->
<!--
<Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
-->
</Context>

292
images/forum/conf/server.xml
View File

@ -1,147 +1,147 @@
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
proxyPort="443"
scheme="https"
secure="true"/>
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the BIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in the APR/native
documentation -->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t &quot;%r&quot; %s %b" />
</Host>
</Engine>
</Service>
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
proxyPort="443"
scheme="https"
secure="true"/>
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the BIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in the APR/native
documentation -->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t &quot;%r&quot; %s %b" />
</Host>
</Engine>
</Service>
</Server>

20
images/gate/Dockerfile
View File

@ -1,11 +1,11 @@
FROM java:8-jre
COPY ./distr/appgate.deb /
RUN dpkg -i /appgate.deb; \
rm /appgate.deb; \
/opt/1C/1cfresh/appgate/setAuth.sh appgate 12345Qwer
EXPOSE 8080 9090
FROM java:8-jre
COPY ./distr/appgate.deb /
RUN dpkg -i /appgate.deb; \
rm /appgate.deb; \
/opt/1C/1cfresh/appgate/setAuth.sh appgate 12345Qwer
EXPOSE 8080 9090
CMD ["/opt/1C/1cfresh/appgate/appgate_wrapper.sh"]

32
images/nginx/Dockerfile
View File

@ -1,16 +1,16 @@
FROM nginx:stable-alpine
ENV HOSTNAME host.1cfresh.dev
ENV SITE_HOST host.1cfresh.dev
ENV BACKEND_HOST host.1cfresh.dev
ENV GATE_HOST host.1cfresh.dev
ENV WORKER_PROCESSES 2
COPY ./entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
EXPOSE 80 443
ENTRYPOINT ["/bin/sh", "-c", "/entrypoint.sh"]
FROM nginx:stable-alpine
ENV HOSTNAME host.1cfresh.dev
ENV SITE_HOST host.1cfresh.dev
ENV BACKEND_HOST host.1cfresh.dev
ENV GATE_HOST host.1cfresh.dev
ENV WORKER_PROCESSES 2
COPY ./entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
EXPOSE 80 443
ENTRYPOINT ["/bin/sh", "-c", "/entrypoint.sh"]

4
images/nginx/conf/1c_app.conf
View File

@ -1,2 +1,2 @@
include 1c_common.conf;
proxy_set_header X-Forwarded-Port 443;
include 1c_common.conf;
proxy_set_header X-Forwarded-Port 443;

12
images/nginx/conf/1c_common.conf
View File

@ -1,7 +1,7 @@
proxy_connect_timeout 5s;
proxy_read_timeout 75;
proxy_next_upstream error;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 5s;
proxy_read_timeout 75;
proxy_next_upstream error;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;

12
images/nginx/conf/1c_error.conf
View File

@ -1,6 +1,6 @@
if ($http_user_agent = 1CV8C) {
set $mode txt;
}
error_page 407 410 411 413 414 415 416 500 501 502 503 504 505 /availability?url=$upstream_http_x_destination_id$request_uri&mode=$mode;
error_page 420 =404 /availability?url=$upstream_http_x_destination_id$request_uri&mode=$mode&code=420;
if ($http_user_agent = 1CV8C) {
set $mode txt;
}
error_page 407 410 411 413 414 415 416 500 501 502 503 504 505 /availability?url=$upstream_http_x_destination_id$request_uri&mode=$mode;
error_page 420 =404 /availability?url=$upstream_http_x_destination_id$request_uri&mode=$mode&code=420;

10
images/nginx/conf/1c_error_openid.conf
View File

@ -1,5 +1,5 @@
if ($http_user_agent = 1CV8C) {
set $mode txt;
}
error_page 500 501 502 503 504 505 /availability?url=$scheme://$host$request_uri&mode=$mode;
if ($http_user_agent = 1CV8C) {
set $mode txt;
}
error_page 500 501 502 503 504 505 /availability?url=$scheme://$host$request_uri&mode=$mode;

4
images/nginx/conf/1c_error_site.conf
View File

@ -1,2 +1,2 @@
error_page 404 /availability?url=$scheme://$host$request_uri&code=404;
error_page 400 401 402 403 405 406 407 408 409 410 411 412 413 414 415 416 417 500 501 502 503 504 505 /availability?url=$scheme://$host$request_uri;
error_page 404 /availability?url=$scheme://$host$request_uri&code=404;
error_page 400 401 402 403 405 406 407 408 409 410 411 412 413 414 415 416 417 500 501 502 503 504 505 /availability?url=$scheme://$host$request_uri;

4
images/nginx/conf/1c_keepalive.conf
View File

@ -1,2 +1,2 @@
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Connection "";

30
images/nginx/conf/1c_upstream.conf
View File

@ -1,15 +1,15 @@
upstream backend83 {
ip_hash;
keepalive 16;
server webwebweb:80;
}
upstream gate {
ip_hash;
server gategategate:8080;
}
upstream upstream_availability {
server sitesitesite:8080;
}
upstream backend83 {
ip_hash;
keepalive 16;
server webwebweb:80;
}
upstream gate {
ip_hash;
server gategategate:8080;
}
upstream upstream_availability {
server sitesitesite:8080;
}

246
images/nginx/conf/conf.d/local-ssl.conf
View File

@ -1,123 +1,123 @@
server {
listen 443;
server_name hosthosthost;
proxy_intercept_errors on;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/pki-custom/fullchain.crt;
ssl_certificate_key /etc/pki-custom/privkey.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location @start {
rewrite ^(/a/[a-zA-Z0-9_]+/([0-9]+/)?).*$ $1 last;
}
location /availability/ {
include 1c_common.conf;
recursive_error_pages on;
error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 500 501 502 503 504 505 /i/index.html;
proxy_pass http://upstream_availability;
}
location /i {
alias /var/www/failover;
}
location ^~ /a/openid {
include 1c_common.conf;
include 1c_keepalive.conf;
include 1c_error_openid.conf;
proxy_pass http://backend83;
}
location ^~ /a/adm/e1cib/start {
include 1c_app.conf;
include 1c_error.conf;
include 1c_keepalive.conf;
error_page 400 403 412 @start;
proxy_pass http://backend83;
}
location ^~ /a/adm {
include 1c_app.conf;
include 1c_error.conf;
include 1c_keepalive.conf;
proxy_pass http://backend83;
}
location ^~ /a/extreg {
include 1c_app.conf;
include 1c_error.conf;
include 1c_keepalive.conf;
proxy_pass http://backend83;
}
location ^~ /a/wcib/hs {
include 1c_app.conf;
include 1c_error.conf;
keepalive_timeout 0;
proxy_pass http://backend83;
}
location ^~ /a/httpextreg/hs {
include 1c_app.conf;
include 1c_error.conf;
keepalive_timeout 0;
proxy_pass http://backend83;
}
location ^~ /a/wcibprivate/hs {
include 1c_app.conf;
include 1c_error.conf;
keepalive_timeout 0;
proxy_pass http://backend83;
}
location ~* /a/\w+/\d+/e1cib/start {
include 1c_app.conf;
include 1c_error.conf;
error_page 400 403 412 @start;
proxy_pass http://gate;
}
location ~* /a/\w+/\d+/\w+/e1cib/oid2rp {
include 1c_app.conf;
include 1c_error.conf;
error_page 400 403 404 412 @start;
proxy_pass http://gate;
}
location ~* /a/\w+/\d+/ws {
include 1c_app.conf;
proxy_intercept_errors off;
proxy_pass http://gate;
}
location ~* /a/\w+/\d+ {
include 1c_app.conf;
include 1c_error.conf;
proxy_pass http://gate;
}
location / {
include 1c_common.conf;
include 1c_keepalive.conf;
include 1c_error_site.conf;
proxy_pass http://sitesitesite:8080;
}
location /resources/images/content {
alias /var/www/content/media;
}
location /extreg {
alias /var/www/extreg;
}
}
server {
listen 443;
server_name hosthosthost;
proxy_intercept_errors on;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/pki-custom/fullchain.crt;
ssl_certificate_key /etc/pki-custom/privkey.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location @start {
rewrite ^(/a/[a-zA-Z0-9_]+/([0-9]+/)?).*$ $1 last;
}
location /availability/ {
include 1c_common.conf;
recursive_error_pages on;
error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 500 501 502 503 504 505 /i/index.html;
proxy_pass http://upstream_availability;
}
location /i {
alias /var/www/failover;
}
location ^~ /a/openid {
include 1c_common.conf;
include 1c_keepalive.conf;
include 1c_error_openid.conf;
proxy_pass http://backend83;
}
location ^~ /a/adm/e1cib/start {
include 1c_app.conf;
include 1c_error.conf;
include 1c_keepalive.conf;
error_page 400 403 412 @start;
proxy_pass http://backend83;
}
location ^~ /a/adm {
include 1c_app.conf;
include 1c_error.conf;
include 1c_keepalive.conf;
proxy_pass http://backend83;
}
location ^~ /a/extreg {
include 1c_app.conf;
include 1c_error.conf;
include 1c_keepalive.conf;
proxy_pass http://backend83;
}
location ^~ /a/wcib/hs {
include 1c_app.conf;
include 1c_error.conf;
keepalive_timeout 0;
proxy_pass http://backend83;
}
location ^~ /a/httpextreg/hs {
include 1c_app.conf;
include 1c_error.conf;
keepalive_timeout 0;
proxy_pass http://backend83;
}
location ^~ /a/wcibprivate/hs {
include 1c_app.conf;
include 1c_error.conf;
keepalive_timeout 0;
proxy_pass http://backend83;
}
location ~* /a/\w+/\d+/e1cib/start {
include 1c_app.conf;
include 1c_error.conf;
error_page 400 403 412 @start;
proxy_pass http://gate;
}
location ~* /a/\w+/\d+/\w+/e1cib/oid2rp {
include 1c_app.conf;
include 1c_error.conf;
error_page 400 403 404 412 @start;
proxy_pass http://gate;
}
location ~* /a/\w+/\d+/ws {
include 1c_app.conf;
proxy_intercept_errors off;
proxy_pass http://gate;
}
location ~* /a/\w+/\d+ {
include 1c_app.conf;
include 1c_error.conf;
proxy_pass http://gate;
}
location / {
include 1c_common.conf;
include 1c_keepalive.conf;
include 1c_error_site.conf;
proxy_pass http://sitesitesite:8080;
}
location /resources/images/content {
alias /var/www/content/media;
}
location /extreg {
alias /var/www/extreg;
}
}

14
images/nginx/conf/conf.d/local.conf
View File

@ -1,8 +1,8 @@
server {
listen 80;
server_name hosthosthost;
location / {
return 301 https://$server_name$request_uri;
}
server {
listen 80;
server_name hosthosthost;
location / {
return 301 https://$server_name$request_uri;
}
}

82
images/nginx/conf/nginx.conf
View File

@ -1,41 +1,41 @@
user nginx;
worker_processes worker_processes_ENV;
worker_rlimit_nofile 10240;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
gzip on;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 20 512k;
proxy_connect_timeout 5;
proxy_max_temp_file_size 0;
keepalive_timeout 300 300;
server_names_hash_max_size 4096;
server_names_hash_bucket_size 128;
client_max_body_size 4096m;
client_body_buffer_size 256k;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent ${request_time}ms "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" set_cookie: "$sent_http_set_cookie"';
access_log /var/log/nginx/access.log main;
include /etc/nginx/1c_upstream.conf;
include /etc/nginx/conf.d/*.conf;
}
user nginx;
worker_processes worker_processes_ENV;
worker_rlimit_nofile 10240;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
gzip on;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 20 512k;
proxy_connect_timeout 5;
proxy_max_temp_file_size 0;
keepalive_timeout 300 300;
server_names_hash_max_size 4096;
server_names_hash_bucket_size 128;
client_max_body_size 4096m;
client_body_buffer_size 256k;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent ${request_time}ms "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" set_cookie: "$sent_http_set_cookie"';
access_log /var/log/nginx/access.log main;
include /etc/nginx/1c_upstream.conf;
include /etc/nginx/conf.d/*.conf;
}

24
images/site/Dockerfile
View File

@ -1,13 +1,13 @@
FROM tomcat:7.0-jre8-alpine
ENV JAVA_OPTS "${JAVA_OPTS} -Xms512m -Xmx1024m -XX:+UseParallelGC -server "
RUN rm -rf /usr/local/tomcat/webapps/* && \
mkdir -p /var/www/content/searchIndex \
mkdir -p /var/www/content/site_files
COPY ./distr/site/ROOT.war /usr/local/tomcat/webapps/
EXPOSE 8080
FROM tomcat:7.0-jre8-alpine
ENV JAVA_OPTS "${JAVA_OPTS} -Xms512m -Xmx1024m -XX:+UseParallelGC -server "
RUN rm -rf /usr/local/tomcat/webapps/* && \
mkdir -p /var/www/content/searchIndex \
mkdir -p /var/www/content/site_files
COPY ./distr/site/ROOT.war /usr/local/tomcat/webapps/
EXPOSE 8080
CMD ["catalina.sh", "run"]

98
images/site/conf/context.xml
View File

@ -1,50 +1,50 @@
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- The contents of this file will be loaded for each web application -->
<Context>
<Resource
name="jdbc/freshSiteDS"
auth="Container"
type="javax.sql.DataSource"
driverClassName="org.postgresql.Driver"
url="jdbc:postgresql://db:5432/site"
username="site"
password="12345Qwerty"
removeAbandoned="true"
removeAbandonedTimeout="90"
logAbandoned="true"
maxActive="30"
maxIdle="20"
maxWait="-1" />
<!-- Default set of monitored resources -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<!-- Uncomment this to disable session persistence across Tomcat restarts -->
<!--
<Manager pathname="" />
-->
<!-- Uncomment this to enable Comet connection tacking (provides events
on session expiration as well as webapp lifecycle) -->
<!--
<Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
-->
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- The contents of this file will be loaded for each web application -->
<Context>
<Resource
name="jdbc/freshSiteDS"
auth="Container"
type="javax.sql.DataSource"
driverClassName="org.postgresql.Driver"
url="jdbc:postgresql://db:5432/site"
username="site"
password="12345Qwerty"
removeAbandoned="true"
removeAbandonedTimeout="90"
logAbandoned="true"
maxActive="30"
maxIdle="20"
maxWait="-1" />
<!-- Default set of monitored resources -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<!-- Uncomment this to disable session persistence across Tomcat restarts -->
<!--
<Manager pathname="" />
-->
<!-- Uncomment this to enable Comet connection tacking (provides events
on session expiration as well as webapp lifecycle) -->
<!--
<Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
-->
</Context>

294
images/site/conf/server.xml
View File

@ -1,148 +1,148 @@
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
proxyPort="443"
scheme="https"
secure="true"
URIEncoding="UTF-8"/>
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the BIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in the APR/native
documentation -->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t &quot;%r&quot; %s %b" />
</Host>
</Engine>
</Service>
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
proxyPort="443"
scheme="https"
secure="true"
URIEncoding="UTF-8"/>
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the BIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in the APR/native
documentation -->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t &quot;%r&quot; %s %b" />
</Host>
</Engine>
</Service>
</Server>