Skip to content

Instantly share code, notes, and snippets.

@hasalex
Last active November 4, 2022 15:59
Show Gist options
  • Save hasalex/7db64e64c77d1ce996c4b9ba89732f7f to your computer and use it in GitHub Desktop.
Save hasalex/7db64e64c77d1ce996c4b9ba89732f7f to your computer and use it in GitHub Desktop.
Tomcat 9 configuration, with HTTP/2
# Commun pour le connecteur APR et les connecteurs classiques
openssl req -newkey 2048 -nodes -keyout conf/tomcat.key -x509 -days 365 -out conf/tomcat.crt -config conf/openssl.cnf
# Inutile pour le connecteur APR
openssl pkcs12 -inkey conf/tomcat.key -in conf/tomcat.crt -export -out conf/tomcat.pfx
[req]
prompt = no
distinguished_name = req_distinguished_name
[req_distinguished_name]
C = FR
L = Nullpar
O = JTips
CN = localhost
<?xml version="1.0" encoding="UTF-8"?>
<Server port="-1">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8542" SSLEnabled="true"
protocol="org.apache.coyote.http11.Http11AprProtocol">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateFile="conf/tomcat.crt" certificateKeyFile="conf/tomcat.key"/>
</SSLHostConfig>
</Connector>
<Connector port="8543" SSLEnabled="true"
protocol="org.apache.coyote.http11.Http11NioProtocol"
sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/tomcat.pfx" certificateKeystorePassword="tomcat"/>
</SSLHostConfig>
</Connector>
<Connector port="8544" SSLEnabled="true"
protocol="org.apache.coyote.http11.Http11NioProtocol"
sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/tomcat.pfx" certificateKeystorePassword="tomcat"/>
</SSLHostConfig>
</Connector>
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t &quot;%r&quot; %s %b" />
</Host>
</Engine>
</Service>
</Server>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment