From beace786a1ee473de8cd8bea1b8dc333a26608f8 Mon Sep 17 00:00:00 2001 From: Andrei Darashenka Date: Fri, 18 Aug 2017 12:05:49 +0200 Subject: [PATCH] fix start/stop service for systemd (missed java_opts and catalina_opts). Add Real-IP valve --- README.md | 5 +++++ templates/server.xml.j2 | 15 ++++++++++----- templates/service_systemd.j2 | 29 ++++------------------------- 3 files changed, 19 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index 83d89e1..6c56cab 100644 --- a/README.md +++ b/README.md @@ -105,6 +105,11 @@ instance. The following variables are legit to configure per instance. * ``service_name``: Init system service name per instance, e.g. tomcat@foo.service for Systemd (string, default: ``{{ tomcat_default_service_name }}`` (see ``vars/service/*.yml``)) * ``umask``: Allow to configure umask for Tomcat instance (oct, default: ``|default('')``) * ``systemd_default_instance``: Allow to configure default instance for Systemd templated service (string, default: ``None`` +* ``proxy_header``: header from proxy to determine real-ip (string, default ``x-forwared-for``) +* ``proxy_ip_internal_regex``: java-regexp which proxies are internal to evaluate real-ip (string. default ``10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}`` ) +* ``proxy_protocol_header``: header from proxy to determine HTTP/HTTPS connction (string, default ``x-forwarded-proto``) +* ``proxy_protocol_https_value``: value for the header if conection is secure (string, default: ``https``) +* ``server_xml_add1``: additional text to put in server.xml, e.g. Valves configs (string, default empty) * ``auth_roles``: which roles should be created in tomcat-users.xml (list of strings, default: []) * ``auth_users``: which users should be created in tomcat-users.xml (list of auth_users, see below. default: []) diff --git a/templates/server.xml.j2 b/templates/server.xml.j2 index 8ee968e..61cc107 100644 --- a/templates/server.xml.j2 +++ b/templates/server.xml.j2 @@ -61,12 +61,17 @@ + requestAttributesEnabled="true" + prefix="access_log." suffix=".log" + pattern="%h %l %u %t "%r" %s %B %T %D %F %X %I" /> + + {{ item.server_xml_add1|default('') }} - - - diff --git a/templates/service_systemd.j2 b/templates/service_systemd.j2 index 72ab6bb..7f2a167 100644 --- a/templates/service_systemd.j2 +++ b/templates/service_systemd.j2 @@ -1,9 +1,10 @@ [Unit] -Description=Tomcat servlet container +Description=Tomcat servlet container {{ item.name|default('') }} After=network.target [Service] User={{ item.user|default(tomcat_default_user_name) }} +Group={{ item.group|default(tomcat_default_user_group) }} {% if item.umask is defined %} UMask={{ item.umask }} {% endif %} @@ -20,30 +21,19 @@ EnvironmentFile=-{{ item.path|default(tomcat_default_instance_path) }}/.systemd. {% endif %} ExecStart={{ ansible_local.java.general.java_home }}/bin/java \ -{% if item.service_name|default(tomcat_default_service_name)|search('@') %} - -Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i/conf/logging.properties \ -{% else %} -Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/conf/logging.properties \ -{% endif %} -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ {% if item.prefer_urandom|default(tomcat_default_prefer_urandom) %} -Djava.security.egd=file:/dev/./urandom \ {% endif %} -Djava.endorsed.dirs={{ tomcat_env_catalina_home }}/endorsed \ -Dcatalina.home={{ tomcat_env_catalina_home }} \ -{% if item.service_name|default(tomcat_default_service_name)|search('@') %} - -Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }} \ -{% else %} -Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }} \ -{% endif %} -{% if item.service_name|default(tomcat_default_service_name)|search('@') %} - -Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/temp \ -{% else %} -Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/temp \ -{% endif %} {% if item.prefer_ipv4|default(tomcat_default_prefer_ipv4) %} -Djava.net.preferIPv4Stack=true \ {% endif %} + $JAVA_OPTS $CATALINA_OPTS \ {% if tomcat_version|version_compare('8.5', '>=') %} -Djava.protocol.handler.pkgs=org.apache.catalina.webresources \ {% endif %} @@ -51,30 +41,19 @@ ExecStart={{ ansible_local.java.general.java_home }}/bin/java \ org.apache.catalina.startup.Bootstrap start ExecStop={{ ansible_local.java.general.java_home }}/bin/java \ -{% if item.service_name|default(tomcat_default_service_name)|search('@') %} -Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/conf/logging.properties \ -{% else %} - -Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/conf/logging.properties \ -{% endif %} -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ {% if item.prefer_urandom|default(tomcat_default_prefer_urandom) %} -Djava.security.egd=file:/dev/./urandom \ {% endif %} -Djava.endorsed.dirs={{ tomcat_env_catalina_home }}/endorsed \ -Dcatalina.home={{ tomcat_env_catalina_home }} \ -{% if item.service_name|default(tomcat_default_service_name)|search('@') %} - -Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }} \ -{% else %} -Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }} \ -{% endif %} -{% if item.service_name|default(tomcat_default_service_name)|search('@') %} -Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/temp \ -{% else %} - -Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/temp \ -{% endif %} {% if item.prefer_ipv4|default(tomcat_default_prefer_ipv4) %} -Djava.net.preferIPv4Stack=true \ {% endif %} + $JAVA_OPTS \ {% if tomcat_version|version_compare('8.5', '>=') %} -Djava.protocol.handler.pkgs=org.apache.catalina.webresources \ {% endif %}