To protect your data, the CISO officer has suggested users to enable GitLab 2FA as soon as possible.

Commit 3119616c authored by Rui Chen's avatar Rui Chen Committed by John Zhang
Browse files

rewrite the configuration files for tomcat

parent d2445466
......@@ -21,13 +21,17 @@
<Server port="7005" shutdown="SHUTDOWN">
<!--Listener className="org.apache.catalina.startup.VersionLoggerListener" />-->
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="" />
<!--APR library loader. Documentation at /docs/apr.html -->
<!-- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> -->
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
<!-- <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" /> -->
<!-- <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> -->
<!--Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /-->
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<!--Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /-->
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<!--Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /-->
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
......@@ -64,7 +68,7 @@
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
<Connector port="7080" protocol="org.apache.coyote.http11.Http11NioProtocol"
<Connector port="7080" protocol="HTTP/1.1"
redirectPort="7443" />
<!-- A "Connector" using the shared thread pool-->
......@@ -113,19 +117,23 @@
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
<!-- Define the default virtual host
Note: XML Schema validation will not work with Xerces 2.2.
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="false"
xmlValidation="false" xmlNamespaceAware="false">
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<?xml version='1.0' encoding='utf-8'?>
<role rolename="manager"/>
<user username="tomcat" password="s3cret" roles="manager"/>
<?xml version="1.0" encoding="UTF-8"?>
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.
<tomcat-users xmlns=""
xsi:schemaLocation=" tomcat-users.xsd"
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary. It is
strongly recommended that you do NOT use one of the users in the commented out
section below since they are intended for use with the examples web
NOTE: The sample user and role entries below are intended for use with the
examples web application. They are wrapped in a comment and thus are ignored
when reading this file. If you wish to configure these users for use with the
examples web application, do not forget to remove the <!.. ..> that surrounds
them. You will also need to set the passwords to something appropriate.
<role rolename="manager-gui"/>
<role rolename="manager-status"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<user username="tomcat" password="s3cret" roles="manager-gui,manager-status,manager-script,manager-jmx"/>
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="<must-be-changed>" roles="tomcat"/>
<user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
<user username="role1" password="<must-be-changed>" roles="role1"/>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment