Skip to content
This repository has been archived by the owner on Oct 9, 2024. It is now read-only.

Commit

Permalink
fix start/stop service for systemd (missed java_opts and catalina_opts).
Browse files Browse the repository at this point in the history
Add Real-IP valve
  • Loading branch information
Andrei Darashenka committed Aug 18, 2017
1 parent 393c44e commit 9ca88da
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 30 deletions.
5 changes: 5 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,11 @@ instance. The following variables are legit to configure per instance.
* ``service_name``: Init system service name per instance, e.g. [email protected] for Systemd (string, default: ``{{ tomcat_default_service_name }}`` (see ``vars/service/*.yml``))
* ``umask``: Allow to configure umask for Tomcat instance (oct, default: ``|default('')``)
* ``systemd_default_instance``: Allow to configure default instance for Systemd templated service (string, default: ``None``
* ``proxy_header``: header from proxy to determine real-ip (string, default ``x-forwared-for``)
* ``proxy_ip_internal_regex``: java-regexp which proxies are internal to evaluate real-ip (string. default ``10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}`` )
* ``proxy_protocol_header``: header from proxy to determine HTTP/HTTPS connction (string, default ``x-forwarded-proto``)
* ``proxy_protocol_https_value``: value for the header if conection is secure (string, default: ``https``)
* ``server_xml.add1``: additional text to put in server.xml, e.g. Valves configs (string, default empty)
* ``auth_roles``: which roles should be created in tomcat-users.xml (list of strings, default: [])
* ``auth_users``: which users should be created in tomcat-users.xml (list of auth_users, see below. default: [])

Expand Down
15 changes: 10 additions & 5 deletions templates/server.xml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -61,12 +61,17 @@
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t &quot;%r&quot; %s %b" />
requestAttributesEnabled=true
prefix="access_log." suffix=".log"
pattern="%h %l %u %t &quot;%r&quot; %s %B %T %D %F %X %I" />
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="{{ item.proxy_header|default('x-forwarded-for') }}"
internalProxies="{{ item.proxy_ip_internal_regex|default('10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}') }}"
protocolHeader="{{ item.proxy_protocol_header|default('x-forwarded-proto') }}"
protocolHeaderHttpsValue="{{ item.proxy_protocol_https_value|default('https') }}"
/>
{{ item.server_xml.add1|default('') }}
</Host>

</Engine>

</Service>

</Server>
29 changes: 4 additions & 25 deletions templates/service_systemd.j2
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
[Unit]
Description=Tomcat servlet container
Description=Tomcat servlet container {{ item.name|default('') }}
After=network.target

[Service]
User={{ item.user|default(tomcat_default_user_name) }}
Group={{ item.group|default(tomcat_default_user_group) }}
{% if item.umask is defined %}
UMask={{ item.umask }}
{% endif %}
Expand All @@ -20,61 +21,39 @@ EnvironmentFile=-{{ item.path|default(tomcat_default_instance_path) }}/.systemd.
{% endif %}

ExecStart={{ ansible_local.java.general.java_home }}/bin/java \
{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
-Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i/conf/logging.properties \
{% else %}
-Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/conf/logging.properties \
{% endif %}
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
{% if item.prefer_urandom|default(tomcat_default_prefer_urandom) %}
-Djava.security.egd=file:/dev/./urandom \
{% endif %}
-Djava.endorsed.dirs={{ tomcat_env_catalina_home }}/endorsed \
-Dcatalina.home={{ tomcat_env_catalina_home }} \
{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
-Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }} \
{% else %}
-Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }} \
{% endif %}
{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
-Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/temp \
{% else %}
-Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/temp \
{% endif %}
{% if item.prefer_ipv4|default(tomcat_default_prefer_ipv4) %}
-Djava.net.preferIPv4Stack=true \
{% endif %}
$JAVA_OPTS $CATALINA_OPTS \
{% if tomcat_version|version_compare('8.5', '>=') %}
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources \
{% endif %}
-classpath "{{ tomcat_env_catalina_home }}/bin/bootstrap.jar:{{ tomcat_env_catalina_home }}/bin/tomcat-juli.jar" \
org.apache.catalina.startup.Bootstrap start

ExecStop={{ ansible_local.java.general.java_home }}/bin/java \
{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
-Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/conf/logging.properties \
{% else %}
-Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/conf/logging.properties \
{% endif %}
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
{% if item.prefer_urandom|default(tomcat_default_prefer_urandom) %}
-Djava.security.egd=file:/dev/./urandom \
{% endif %}
-Djava.endorsed.dirs={{ tomcat_env_catalina_home }}/endorsed \
-Dcatalina.home={{ tomcat_env_catalina_home }} \
{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
-Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }} \
{% else %}
-Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }} \
{% endif %}
{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
-Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/temp \
{% else %}
-Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/temp \
{% endif %}
{% if item.prefer_ipv4|default(tomcat_default_prefer_ipv4) %}
-Djava.net.preferIPv4Stack=true \
{% endif %}
$JAVA_OPTS \
{% if tomcat_version|version_compare('8.5', '>=') %}
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources \
{% endif %}
Expand Down

0 comments on commit 9ca88da

Please sign in to comment.