This shows you the differences between two versions of the page.
tomcat [2020/06/11 21:08] k2patel |
tomcat [2020/08/10 02:35] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Tomcat ====== | ||
- | ==== Tomcat SSL ==== | ||
- | ==== Setting up tomcat with HTTP Native library. === | ||
- | <code xml | server.xml> | ||
- | <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" scheme="https" maxThreads="200" secure="true" SSLEnabled="true" SSLCertificateFile="/etc/pki/tls/certs/k2patel.in.crt" SSLCertificateKeyFile="/etc/pki/tls/private/k2patel.in.key" SSLCACertificateFile="/etc/pki/tls/certs/k2patel.in.int.ca" sslEnabledProtocols="TLSv1.1,TLSv1.2" SSLHonorCipherOrder="true" SSLCipherSuite="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"></Connector> | ||
- | </code> | ||
- | ==== Setting up HSTS with HTTP Native Library. ==== | ||
- | |||
- | <code xml | web.xml> | ||
- | <filter> | ||
- | <filter-name>httpHeaderSecurity</filter-name> | ||
- | <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> | ||
- | <init-param> | ||
- | <param-name>hstsMaxAgeSeconds</param-name> | ||
- | <param-value>31536000</param-value> | ||
- | </init-param> | ||
- | <init-param> | ||
- | <param-name>antiClickJackingEnabled</param-name> | ||
- | <param-value>false</param-value> | ||
- | </init-param> | ||
- | <init-param> | ||
- | <param-name>hstsIncludeSubDomains</param-name> | ||
- | <param-value>true</param-value> | ||
- | </init-param> | ||
- | <async-supported>true</async-supported> | ||
- | </filter> | ||
- | |||
- | <filter-mapping> | ||
- | <filter-name>httpHeaderSecurity</filter-name> | ||
- | <url-pattern>/*</url-pattern> | ||
- | </filter-mapping> | ||
- | </code> | ||
- | |||
- | ==== Setting up redirect ==== | ||
- | <code xml | web.xml> | ||
- | <security-constraint> | ||
- | <web-resource-collection> | ||
- | <web-resource-name>Entire Application</web-resource-name> | ||
- | <url-pattern>/*</url-pattern> | ||
- | </web-resource-collection> | ||
- | <user-data-constraint> | ||
- | <transport-guarantee>CONFIDENTIAL</transport-guarantee> | ||
- | </user-data-constraint> | ||
- | </security-constraint> | ||
- | </code> |