도메인 연결을 한다거나 할 때 server.xml 을 어떻게 설정해야하는지 헷갈리더라.


일단 샘플로 하나 올려본다.




sslEnabledProtocols, ciphers 속성은 TLS 접속에 문제가 있는 경우에 추가한다.

(보안상의 이유로 제약을 먼저 해도 된다.)





<?xml version="1.0" encoding="UTF-8"?>
<Server port="8005" shutdown="SHUTDOWN">
    <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
    <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
    <Listener className="org.apache.catalina.core.JasperListener" />
    <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
    <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
    <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
    <GlobalNamingResources>
        <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" 
            description="User database that can be updated and saved" 
            factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" />
    </GlobalNamingResources>
    <Service name="Catalina">

        <Connector port="80" protocol="HTTP/1.1" maxThreads="500" connectionTimeout="20000" 
            redirectPort="8443" maxPostSize="67589953" URIEncoding="UTF-8" />

        <Connector SSLEnabled="true" acceptCount="100" clientAuth="false" disableUploadTimeout="true"
            enableLookups="false" maxThreads="25" keystoreType="PKCS12" port="443" 
            keystoreFile="E:\apache-tomcat-7.0.61\cert\motolies.pfx" keystorePass="drpms" 
            protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" 
            sslProtocol="TLS" URIEncoding="UTF-8" 
            sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" 
            ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
            TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
            TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
            TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
            TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,
            TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,
            SSL_RSA_WITH_3DES_EDE_CBC_SHA" />

        <Engine name="Catalina" defaultHost="localhost">
            <Realm className="org.apache.catalina.realm.LockOutRealm">
                <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" />
            </Realm>
            <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
                <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" 
                    pattern="%h %l %u %t &quot;%r&quot; %s %b" />
            </Host>
            <Host name="motolies.com" appBase="E:/www/motolies.com" unpackWARs="true" autoDeploy="true">

                <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="motolies_access_log." suffix=".txt" 
                    pattern="%h %l %u %t &quot;%r&quot; %s %b" />

                <Alias>www.motolies.com</Alias>
                <Alias>motolies-other-domain.co.kr</Alias>
                <Alias>www.motolies-other-domain.co.kr</Alias>
            </Host>
            <Host name="another.co.kr" appBase="E:/www/another/another.co.kr" unpackWARs="true" autoDeploy="true" 
                xmlValidation="false" xmlNamespaceAware="false">

                <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="another_access_log." 
                    suffix=".txt" pattern="%h %l %u %t &quot;%r&quot; %s %b" />
                <Alias>www.another.co.kr</Alias>

            </Host>
        </Engine>

    </Service>
</Server>




















Posted by motolies

댓글을 달아 주세요