Update server.xml

docker · Nov 21, 2023 · faf6334 · faf6334
1 parent 2bc6de6
commit faf6334
Showing 1 changed file with 20 additions and 10 deletions.
diff --git a/conf/server.xml b/conf/server.xml
@@ -4,16 +4,26 @@
   <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
 
   <Service name="Catalina">
-<Connector
-          protocol="org.apache.coyote.http11.Http11NioProtocol"
-          port="443" maxThreads="200"
-          scheme="https" secure="true" SSLEnabled="true"
-          keystoreFile="/opt/certs/keystore.jks" keystorePass="password"
-          clientAuth="false" sslProtocol="TLS"/>
-<Connector
-     port="8080" maxThreads="150"
-     enableLookups="false" connectionTimeout="20000" />
-
+
+    <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
+               port="443" 
+               maxThreads="200"
+               scheme="https"
+               secure="true" 
+               SSLEnabled="true"
+               defaultSSLHostConfigName="IdP">
+      <SSLHostConfig hostName="IdP"
+          ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
+          disableSessionTickets="true"
+          honorCipherOrder="false"
+          protocols="TLSv1.2,TLSv1.3">
+        <Certificate
+            certificateFile="/opt/certs/idp-https.crt" 
+	    certificateKeyFile="/opt/certs/idp-https.key" />
+      </SSLHostConfig>
+      <!--<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />-->
+    </Connector>
+
     <Engine name="Catalina" defaultHost="localhost">
 
       <Host name="localhost"  appBase="webapps"