http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/77dff880/software/webapp/src/main/resources/org/apache/brooklyn/entity/dns/geoscaling/template.php ---------------------------------------------------------------------- diff --git a/software/webapp/src/main/resources/org/apache/brooklyn/entity/dns/geoscaling/template.php b/software/webapp/src/main/resources/org/apache/brooklyn/entity/dns/geoscaling/template.php new file mode 100755 index 0000000..7c879f1 --- /dev/null +++ b/software/webapp/src/main/resources/org/apache/brooklyn/entity/dns/geoscaling/template.php @@ -0,0 +1,68 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. +*/ + +/************************************************************************************** + ** DO NOT modify this script, as your changes will likely be overwritten. + ** Auto-generated by Brooklyn on DATESTAMP + **************************************************************************************/ + + +/* Returns the approximate distance (in km) between 2 points on the Earth's surface, + * specified as latitude and longitude in decimal degrees. Derived from the spherical + * law of cosines. + */ +function distanceBetween($lat1_deg, $long1_deg, $lat2_deg, $long2_deg) { + define("RADIUS_KM", 6372.8); // approx + $lat1_rad = deg2rad($lat1_deg); + $lat2_rad = deg2rad($lat2_deg); + $long_delta_rad = deg2rad($long1_deg - $long2_deg); + $distance_km = RADIUS_KM * acos( (sin($lat1_rad) * sin($lat2_rad)) + + (cos($lat1_rad) * cos($lat2_rad) * cos($long_delta_rad)) ); + return $distance_km; +} + +function findClosestHost($lat_deg, $long_deg, $available_hosts) { + $minimum_distance = PHP_INT_MAX; + for ($i = 0 ; $i < sizeof($available_hosts); $i++) { + $host = $available_hosts[$i]; + $distance_km = distanceBetween($lat_deg, $long_deg, $host['latitude'], $host['longitude']); + if ($distance_km < $minimum_distance) { + $minimum_distance = $distance_km; + $closest_host = $host; + } + } + return $closest_host; +} + + +/* HOST DECLARATIONS TO BE SUBSTITUTED HERE */ + +$closest_host = findClosestHost($city_info['latitude'], $city_info['longitude'], $hosts); + +if (isset($closest_host)) { + $output[] = array("TXT", "Request from [".$city_info['latitude'].",".$city_info['longitude']."]-".$city_info['city']."(".strtoupper($city_info['country']).") directed to ".$closest_host['name']); + $output[] = array("TXT", "GeoScaling config auto-updated by Brooklyn DATESTAMP"); + if (filter_var($closest_host['ip'], FILTER_VALIDATE_IP)) { + $output[] = array("A", $closest_host['ip']); + } else { + $output[] = array("CNAME", $closest_host['ip']); + } +} else { + $output[] = array("fail"); +}
http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/77dff880/software/webapp/src/main/resources/org/apache/brooklyn/entity/proxy/nginx/server.conf ---------------------------------------------------------------------- diff --git a/software/webapp/src/main/resources/org/apache/brooklyn/entity/proxy/nginx/server.conf b/software/webapp/src/main/resources/org/apache/brooklyn/entity/proxy/nginx/server.conf new file mode 100644 index 0000000..3de046f --- /dev/null +++ b/software/webapp/src/main/resources/org/apache/brooklyn/entity/proxy/nginx/server.conf @@ -0,0 +1,84 @@ +[#ftl] +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# example nginx configuration file + +pid ${driver.pidFile}; + +events { + worker_connections 8196; +} + +http { + [#if entity.serverPoolAddresses?has_content] + upstream ${entity.id} { + [#list entity.serverPoolAddresses as address] + server ${address}; + [/#list] + [#if entity.sticky] + sticky; + [/#if] + } + [/#if] + + include mime.types; + default_type application/octet-stream; + + server { + [#if entity.domain?has_content] + server_name ${entity.domain}; + [/#if] + + [#if entity.ssl] + # HTTPS setup + listen ${entity.port?c} default ssl; + ssl_certificate ${driver.runDir}/conf/global.crt; + ssl_certificate_key ${driver.runDir}/conf/global.key; + + # https://wiki.mozilla.org/Security/Server_Side_TLS + # https://mozilla.github.io/server-side-tls/ssl-config-generator/ + # generated 05.05.2015, Intermediate config from first link + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:50m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; + ssl_prefer_server_ciphers on; + [#else] + # HTTP setup + listen ${entity.port?c}; + [/#if] + + + # Logging + access_log ${driver.accessLogLocation}; + error_log ${driver.errorLogLocation}; + + [#if entity.serverPoolAddresses?has_content] + location / { + server_tokens off; + proxy_pass http[#if entity.portNumberSensor.name == "https.port"]s[/#if]://${entity.id}; + proxy_set_header X-Real-IP [#noparse]$remote_addr[/#noparse]; + proxy_set_header X-Forwarded-For [#noparse]$proxy_add_x_forwarded_for[/#noparse]; + proxy_set_header Host [#noparse]$http_host[/#noparse]; + proxy_read_timeout 900; + proxy_connect_timeout 75; + } + [/#if] + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/77dff880/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/jboss/jboss7-standalone.xml ---------------------------------------------------------------------- diff --git a/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/jboss/jboss7-standalone.xml b/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/jboss/jboss7-standalone.xml new file mode 100644 index 0000000..1e0f6c1 --- /dev/null +++ b/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/jboss/jboss7-standalone.xml @@ -0,0 +1,311 @@ +[#ftl] +<?xml version="1.0" encoding="UTF-8"?> +<server xmlns="urn:jboss:domain:1.2"> + <extensions> + <extension module="org.jboss.as.clustering.infinispan"/> + <extension module="org.jboss.as.configadmin"/> + <extension module="org.jboss.as.connector"/> + <extension module="org.jboss.as.deployment-scanner"/> + <extension module="org.jboss.as.ee"/> + <extension module="org.jboss.as.ejb3"/> + <extension module="org.jboss.as.jaxrs"/> + <extension module="org.jboss.as.jdr"/> + <extension module="org.jboss.as.jmx"/> + <extension module="org.jboss.as.jpa"/> + <extension module="org.jboss.as.logging"/> + <extension module="org.jboss.as.mail"/> + <extension module="org.jboss.as.naming"/> + <extension module="org.jboss.as.osgi"/> + <extension module="org.jboss.as.pojo"/> + <extension module="org.jboss.as.remoting"/> + <extension module="org.jboss.as.sar"/> + <extension module="org.jboss.as.security"/> + <extension module="org.jboss.as.threads"/> + <extension module="org.jboss.as.transactions"/> + <extension module="org.jboss.as.web"/> + <extension module="org.jboss.as.webservices"/> + <extension module="org.jboss.as.weld"/> + </extensions> + <management> + <security-realms> + <security-realm name="ManagementRealm"> + <authentication> + <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> + </authentication> + </security-realm> + <security-realm name="ApplicationRealm"> + <authentication> + <properties path="application-users.properties" relative-to="jboss.server.config.dir"/> + </authentication> + </security-realm> + </security-realms> + <management-interfaces> + <native-interface security-realm="ManagementRealm"> + <socket-binding native="management-native"/> + </native-interface> + <http-interface security-realm="ManagementRealm"> + <socket-binding http="management-http"/> + </http-interface> + </management-interfaces> + </management> + <profile> + <subsystem xmlns="urn:jboss:domain:logging:1.1"> + <console-handler name="CONSOLE"> + <level name="INFO"/> + <formatter> + <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/> + </formatter> + </console-handler> + <periodic-rotating-file-handler name="FILE"> + <formatter> + <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/> + </formatter> + <file relative-to="jboss.server.log.dir" path="server.log"/> + <suffix value=".yyyy-MM-dd"/> + <append value="true"/> + </periodic-rotating-file-handler> + <logger category="com.arjuna"> + <level name="WARN"/> + </logger> + <logger category="org.apache.tomcat.util.modeler"> + <level name="WARN"/> + </logger> + <logger category="sun.rmi"> + <level name="WARN"/> + </logger> + <logger category="jacorb"> + <level name="WARN"/> + </logger> + <logger category="jacorb.config"> + <level name="ERROR"/> + </logger> + <root-logger> + <level name="INFO"/> + <handlers> + <handler name="CONSOLE"/> + <handler name="FILE"/> + </handlers> + </root-logger> + </subsystem> + <subsystem xmlns="urn:jboss:domain:configadmin:1.0"/> + <subsystem xmlns="urn:jboss:domain:datasources:1.0"> + <datasources> + <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true"> + <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1</connection-url> + <driver>h2</driver> + <security> + <user-name>sa</user-name> + <password>sa</password> + </security> + </datasource> + <drivers> + <driver name="h2" module="com.h2database.h2"> + <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class> + </driver> + </drivers> + </datasources> + </subsystem> + <subsystem xmlns="urn:jboss:domain:deployment-scanner:1.1"> + <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000"/> + </subsystem> + <subsystem xmlns="urn:jboss:domain:ee:1.0"/> + <subsystem xmlns="urn:jboss:domain:ejb3:1.2"> + <session-bean> + <stateless> + <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/> + </stateless> + <stateful default-access-timeout="5000" cache-ref="simple"/> + <singleton default-access-timeout="5000"/> + </session-bean> + <pools> + <bean-instance-pools> + <strict-max-pool name="slsb-strict-max-pool" max-pool-size="20" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/> + <strict-max-pool name="mdb-strict-max-pool" max-pool-size="20" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/> + </bean-instance-pools> + </pools> + <caches> + <cache name="simple" aliases="NoPassivationCache"/> + <cache name="passivating" passivation-store-ref="file" aliases="SimpleStatefulCache"/> + </caches> + <passivation-stores> + <file-passivation-store name="file"/> + </passivation-stores> + <async thread-pool-name="default"/> + <timer-service thread-pool-name="default"> + <data-store path="timer-service-data" relative-to="jboss.server.data.dir"/> + </timer-service> + <remote connector-ref="remoting-connector" thread-pool-name="default"/> + <thread-pools> + <thread-pool name="default"> + <max-threads count="10"/> + <keepalive-time time="100" unit="milliseconds"/> + </thread-pool> + </thread-pools> + </subsystem> + <subsystem xmlns="urn:jboss:domain:infinispan:1.2" default-cache-container="hibernate"> + <cache-container name="hibernate" default-cache="local-query"> + <local-cache name="entity"> + <transaction mode="NON_XA"/> + <eviction strategy="LRU" max-entries="10000"/> + <expiration max-idle="100000"/> + </local-cache> + <local-cache name="local-query"> + <transaction mode="NONE"/> + <eviction strategy="LRU" max-entries="10000"/> + <expiration max-idle="100000"/> + </local-cache> + <local-cache name="timestamps"> + <transaction mode="NONE"/> + <eviction strategy="NONE"/> + </local-cache> + </cache-container> + </subsystem> + <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/> + <subsystem xmlns="urn:jboss:domain:jca:1.1"> + <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/> + <bean-validation enabled="true"/> + <default-workmanager> + <short-running-threads> + <core-threads count="50"/> + <queue-length count="50"/> + <max-threads count="50"/> + <keepalive-time time="10" unit="seconds"/> + </short-running-threads> + <long-running-threads> + <core-threads count="50"/> + <queue-length count="50"/> + <max-threads count="50"/> + <keepalive-time time="10" unit="seconds"/> + </long-running-threads> + </default-workmanager> + <cached-connection-manager/> + </subsystem> + <subsystem xmlns="urn:jboss:domain:jdr:1.0"/> + <subsystem xmlns="urn:jboss:domain:jmx:1.1"> + <show-model value="true"/> + <remoting-connector/> + </subsystem> + <subsystem xmlns="urn:jboss:domain:jpa:1.0"> + <jpa default-datasource=""/> + </subsystem> + <subsystem xmlns="urn:jboss:domain:mail:1.0"> + <mail-session jndi-name="java:jboss/mail/Default"> + <smtp-server outbound-socket-binding-ref="mail-smtp"/> + </mail-session> + </subsystem> + <subsystem xmlns="urn:jboss:domain:naming:1.1"/> + <subsystem xmlns="urn:jboss:domain:osgi:1.2" activation="lazy"> + <properties> + <!-- Specifies the beginning start level of the framework --> + <property name="org.osgi.framework.startlevel.beginning">1</property> + </properties> + <capabilities> + <!-- modules registered with the OSGi layer on startup --> + <capability name="javax.servlet.api:v25"/> + <capability name="javax.transaction.api"/> + <!-- bundles started in startlevel 1 --> + <capability name="org.apache.felix.log" startlevel="1"/> + <capability name="org.jboss.osgi.logging" startlevel="1"/> + <capability name="org.apache.felix.configadmin" startlevel="1"/> + <capability name="org.jboss.as.osgi.configadmin" startlevel="1"/> + </capabilities> + </subsystem> + <subsystem xmlns="urn:jboss:domain:pojo:1.0"/> + <subsystem xmlns="urn:jboss:domain:remoting:1.1"> + <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/> + </subsystem> + <subsystem xmlns="urn:jboss:domain:resource-adapters:1.0"/> + <subsystem xmlns="urn:jboss:domain:sar:1.0"/> + <subsystem xmlns="urn:jboss:domain:security:1.1"> + <security-domains> + <security-domain name="other" cache-type="default"> + <authentication> + <login-module code="Remoting" flag="optional"> + <module-option name="password-stacking" value="useFirstPass"/> + </login-module> + <login-module code="RealmUsersRoles" flag="required"> + <module-option name="usersProperties" value="[#noparse]${jboss.server.config.dir}[/#noparse]/application-users.properties"/> + <module-option name="rolesProperties" value="[#noparse]${jboss.server.config.dir}[/#noparse]/application-roles.properties"/> + <module-option name="realm" value="ApplicationRealm"/> + <module-option name="password-stacking" value="useFirstPass"/> + </login-module> + </authentication> + </security-domain> + <security-domain name="jboss-web-policy" cache-type="default"> + <authorization> + <policy-module code="Delegating" flag="required"/> + </authorization> + </security-domain> + <security-domain name="jboss-ejb-policy" cache-type="default"> + <authorization> + <policy-module code="Delegating" flag="required"/> + </authorization> + </security-domain> + </security-domains> + </subsystem> + <subsystem xmlns="urn:jboss:domain:threads:1.1"/> + <subsystem xmlns="urn:jboss:domain:transactions:1.1"> + <core-environment> + <process-id> + <uuid/> + </process-id> + </core-environment> + <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/> + <coordinator-environment default-timeout="300"/> + </subsystem> + <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false"> + <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" enabled="${entity.httpEnabled?string}"/> + [#if entity.httpsEnabled] + <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" enabled="${entity.httpsEnabled?string}"> + <ssl key-alias="${entity.httpsSslKeyAlias}" password="${entity.httpsSslKeystorePassword}" certificate-key-file="${entity.httpsSslKeystoreFile}" protocol="TLSv1,TLSv1.1,TLSv1.2"/> + </connector> + [/#if] + <virtual-server name="default-host" enable-welcome-root="${entity.welcomeRootEnabled?string}"> + <alias name="localhost"/> + <alias name="example.com"/> + </virtual-server> + </subsystem> + <subsystem xmlns="urn:jboss:domain:webservices:1.1"> + <modify-wsdl-address>true</modify-wsdl-address> + <wsdl-host>${entity.bindAddress}</wsdl-host> + <endpoint-config name="Standard-Endpoint-Config"/> + <endpoint-config name="Recording-Endpoint-Config"> + <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM"> + <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/> + </pre-handler-chain> + </endpoint-config> + </subsystem> + <subsystem xmlns="urn:jboss:domain:weld:1.0"/> + </profile> + <interfaces> + <interface name="management"> + <inet-address value="${entity.managementBindAddress}"/> + </interface> + <interface name="public"> + <inet-address value="${entity.bindAddress}"/> + </interface> + <!-- TODO - only show this if the jacorb subsystem is added --> + <interface name="unsecure"> + <!-- + ~ Used for IIOP sockets in the standard configuration. + ~ To secure JacORB you need to setup SSL + --> + <inet-address value="${entity.unsecureBindAddress}"/> + </interface> + </interfaces> + <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${entity.portOffset?c}"> + <socket-binding name="management-native" interface="management" port="${entity.managementNativePort?c}"/> + <socket-binding name="management-http" interface="management" port="${entity.managementHttpPort?c}"/> + <socket-binding name="management-https" interface="management" port="${entity.managementHttpsPort?c}"/> + <socket-binding name="ajp" port="8009"/> + <socket-binding name="http" port="[#if entity.httpEnabled]${entity.httpPort?c}[#else]8080[/#if]"/> + <socket-binding name="https" port="[#if entity.httpsEnabled]${entity.httpsPort?c}[#else]8443[/#if]"/> + <socket-binding name="osgi-http" interface="management" port="8090"/> + <socket-binding name="remoting" port="4447"/> + <socket-binding name="txn-recovery-environment" port="4712"/> + <socket-binding name="txn-status-manager" port="4713"/> + <outbound-socket-binding name="mail-smtp"> + <remote-destination host="localhost" port="25"/> + </outbound-socket-binding> + </socket-binding-group> +</server> http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/77dff880/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/jetty/jetty-brooklyn.xml ---------------------------------------------------------------------- diff --git a/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/jetty/jetty-brooklyn.xml b/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/jetty/jetty-brooklyn.xml new file mode 100644 index 0000000..746395f --- /dev/null +++ b/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/jetty/jetty-brooklyn.xml @@ -0,0 +1,41 @@ +[#ftl] +<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://jetty.mortbay.org/configure.dtd";> +<!-- Configure the Jetty JMX Server --> +<Configure id="Server" class="org.mortbay.jetty.Server"> +[#if entity.jmxPort > 0] + <!-- Create an MBeanServer --> + <!-- + <Call id="MBeanServer" class="javax.management.MBeanServerFactory" name="createMBeanServer"/> + --> + + <!-- Use the JDK PlatformMBeanServer --> + <Call id="MBeanServer" class="java.lang.management.ManagementFactory" name="getPlatformMBeanServer"/> + + <!-- initialize the Jetty MBean container --> + <Get id="Container" name="container"> + <Call name="addEventListener"> + <Arg> + <New class="org.mortbay.management.MBeanContainer"> + <Arg><Ref id="MBeanServer"/></Arg> + <Set name="managementPort">${entity.jmxPort?c}</Set> + <Call name="start" /> + </New> + </Arg> + </Call> + </Get> + + <!-- Add a remote JMX connector --> + <!-- + <Call id="jmxConnector" class="javax.management.remote.JMXConnectorServerFactory" name="newJMXConnectorServer"> + <Arg> + <New class="javax.management.remote.JMXServiceURL"> + <Arg>service:jmx:rmi:///jndi/rmi:///jettymbeanserver</Arg> + </New> + </Arg> + <Arg/> + <Arg><Ref id="MBeanServer"/></Arg> + <Call name="start"/> + </Call> + --> +[/#if] +</Configure> http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/77dff880/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/sample-java-keystore.jks ---------------------------------------------------------------------- diff --git a/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/sample-java-keystore.jks b/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/sample-java-keystore.jks new file mode 100644 index 0000000..ee18b1d Binary files /dev/null and b/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/sample-java-keystore.jks differ http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/77dff880/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/sample-java-keystore.txt ---------------------------------------------------------------------- diff --git a/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/sample-java-keystore.txt b/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/sample-java-keystore.txt new file mode 100644 index 0000000..53096b5 --- /dev/null +++ b/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/sample-java-keystore.txt @@ -0,0 +1,22 @@ + +Keystore for use in tests and sample YAML, containing key with alias "myname" and password "mypass"; +created for this project using AbstractWebAppFixtureIntegrationTest.createTemporaryKeyStore . + + +---- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations + http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/77dff880/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/tomcat/server.xml ---------------------------------------------------------------------- diff --git a/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/tomcat/server.xml b/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/tomcat/server.xml new file mode 100644 index 0000000..83e8db0 --- /dev/null +++ b/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/tomcat/server.xml @@ -0,0 +1,206 @@ +[#ftl] +<?xml version='1.0' encoding='utf-8'?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!-- Brooklyn note: This file is a modified copy of server.xml from Tomcat v7.0.56. +--> +<!-- Note: A "Server" is not itself a "Container", so you may not + define subcomponents such as "Valves" at this level. + Documentation at /docs/config/server.html + --> +<Server port="${driver.shutdownPort?c}" shutdown="SHUTDOWN"> + <!-- Security listener. Documentation at /docs/config/listeners.html + <Listener className="org.apache.catalina.security.SecurityListener" /> + --> + <!--APR library loader. Documentation at /docs/apr.html --> + <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> + <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html --> + <Listener className="org.apache.catalina.core.JasperListener" /> + <!-- Prevent memory leaks due to use of particular java/javax APIs--> + <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> + <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> + <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> + + <!-- Global JNDI resources + Documentation at /docs/jndi-resources-howto.html + --> + <GlobalNamingResources> + <!-- Editable user database that can also be used by + UserDatabaseRealm to authenticate users + --> + <Resource name="UserDatabase" auth="Container" + type="org.apache.catalina.UserDatabase" + description="User database that can be updated and saved" + factory="org.apache.catalina.users.MemoryUserDatabaseFactory" + pathname="conf/tomcat-users.xml" /> + </GlobalNamingResources> + + <!-- A "Service" is a collection of one or more "Connectors" that share + a single "Container" Note: A "Service" is not itself a "Container", + so you may not define subcomponents such as "Valves" at this level. + Documentation at /docs/config/service.html + --> + <Service name="Catalina"> + + <!--The connectors can use a shared executor, you can define one or more named thread pools--> + <!-- + <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" + maxThreads="150" minSpareThreads="4"/> + --> + + + <!-- A "Connector" represents an endpoint by which requests are received + and responses are returned. Documentation at : + Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) + Java AJP Connector: /docs/config/ajp.html + APR (HTTP/AJP) Connector: /docs/apr.html + Define a non-SSL HTTP/1.1 Connector on port ${driver.httpPort?c} + --> + [#if entity.httpEnabled] + <Connector port="${driver.httpPort?c}" protocol="HTTP/1.1" + connectionTimeout="20000" + redirectPort="${driver.httpsPort?c}" /> + [/#if] + + <!-- A "Connector" using the shared thread pool--> + <!-- + <Connector executor="tomcatThreadPool" + port="${driver.httpPort?c}" protocol="HTTP/1.1" + connectionTimeout="20000" + redirectPort="${driver.httpsPort?c}" /> + --> + + <!-- Define a SSL HTTP/1.1 Connector on port ${driver.httpPort?c} + This connector uses the BIO implementation that requires the JSSE + style configuration. When using the APR/native implementation, the + OpenSSL style configuration is required as described in the APR/native + documentation --> + [#if entity.httpsEnabled] + + <!-- + SSL config: + https://wiki.mozilla.org/Security/Server_Side_TLS (v3.4) + http://stackoverflow.com/questions/19846020/how-to-map-a-openssls-cipher-list-to-java-jsse + List created on 05.05.2015, Intermediate config from first link. + + List repeated twice, once with TLS_ prefix, once with SSL_ prefix for IBM java compatibility. + https://www-01.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.security.component.70.doc/security-component/jsse2Docs/ciphersuites.html + --> + + <Connector port="${driver.httpsPort?c}" protocol="org.apache.coyote.http11.Http11Protocol" + maxThreads="150" SSLEnabled="true" scheme="https" secure="true" + keystoreFile="${driver.httpsSslKeystoreFile}" keystorePass="${entity.httpsSslKeystorePassword}" + clientAuth="false" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" + ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, + TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384, + TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256, + TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + TLS_SRP_SHA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, + TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + TLS_SRP_SHA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS_RSA_WITH_3DES_EDE_CBC_SHA, + SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384,SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + SSL_DHE_RSA_WITH_AES_128_GCM_SHA256,SSL_DHE_DSS_WITH_AES_128_GCM_SHA256, + SSL_DHE_DSS_WITH_AES_256_GCM_SHA384,SSL_DHE_RSA_WITH_AES_256_GCM_SHA384, + SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384,SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA,SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + SSL_DHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_128_CBC_SHA, + SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_256_CBC_SHA256, + SSL_DHE_DSS_WITH_AES_256_CBC_SHA,SSL_DHE_RSA_WITH_AES_256_CBC_SHA, + SSL_RSA_WITH_AES_128_GCM_SHA256,SSL_RSA_WITH_AES_256_GCM_SHA384, + SSL_RSA_WITH_AES_128_CBC_SHA256,SSL_RSA_WITH_AES_256_CBC_SHA256, + SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA, + SSL_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,SSL_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + SSL_SRP_SHA_WITH_AES_256_CBC_SHA,SSL_DHE_DSS_WITH_AES_256_CBC_SHA256, + SSL_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,SSL_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + SSL_SRP_SHA_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_AES_128_CBC_SHA, + SSL_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,SSL_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + SSL_RSA_WITH_CAMELLIA_256_CBC_SHA,SSL_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,SSL_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_RSA_WITH_3DES_EDE_CBC_SHA" /> + [/#if] + + <!-- Define an AJP 1.3 Connector on port 8009 --> + <!-- <Connector port="8009" protocol="AJP/1.3" redirectPort="${driver.httpPort?c}" /> --> + + + <!-- An Engine represents the entry point (within Catalina) that processes + every request. The Engine implementation for Tomcat stand alone + analyzes the HTTP headers included with the request, and passes them + on to the appropriate Host (virtual host). + Documentation at /docs/config/engine.html --> + + <!-- You should set jvmRoute to support load-balancing via AJP ie : + <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> + --> + <Engine name="Catalina" defaultHost="localhost"> + + <!--For clustering, please take a look at documentation at: + /docs/cluster-howto.html (simple how to) + /docs/config/cluster.html (reference documentation) --> + <!-- + <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> + --> + + <!-- Use the LockOutRealm to prevent attempts to guess user passwords + via a brute-force attack --> + <Realm className="org.apache.catalina.realm.LockOutRealm"> + <!-- This Realm uses the UserDatabase configured in the global JNDI + resources under the key "UserDatabase". Any edits + that are performed against this UserDatabase are immediately + available for use by the Realm. --> + <Realm className="org.apache.catalina.realm.UserDatabaseRealm" + resourceName="UserDatabase"/> + </Realm> + + <Host name="localhost" appBase="webapps" + unpackWARs="true" autoDeploy="true"> + + <!-- SingleSignOn valve, share authentication between web applications + Documentation at: /docs/config/valve.html --> + <!-- + <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> + --> + + <!-- Access log processes all example. + Documentation at: /docs/config/valve.html + Note: The pattern used is equivalent to using pattern="common" --> + <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" + prefix="localhost_access_log." suffix=".txt" + pattern="%h %l %u %t "%r" %s %b" /> + + </Host> + </Engine> + </Service> +</Server> http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/77dff880/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/tomcat/tomcat8-server.xml ---------------------------------------------------------------------- diff --git a/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/tomcat/tomcat8-server.xml b/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/tomcat/tomcat8-server.xml new file mode 100644 index 0000000..98f014a --- /dev/null +++ b/software/webapp/src/main/resources/org/apache/brooklyn/entity/webapp/tomcat/tomcat8-server.xml @@ -0,0 +1,149 @@ +[#ftl] +<?xml version='1.0' encoding='utf-8'?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!-- Brooklyn note: This file is a modified copy of server.xml from Tomcat v8.0.22. +--> +<!-- Note: A "Server" is not itself a "Container", so you may not + define subcomponents such as "Valves" at this level. + Documentation at /docs/config/server.html + --> +<Server port="${driver.shutdownPort?c}" shutdown="SHUTDOWN"> + <!-- Security listener. Documentation at /docs/config/listeners.html + <Listener className="org.apache.catalina.security.SecurityListener" /> + --> + <!--APR library loader. Documentation at /docs/apr.html --> + <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> + <!-- Prevent memory leaks due to use of particular java/javax APIs--> + <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> + <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> + <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> + + <!-- Global JNDI resources + Documentation at /docs/jndi-resources-howto.html + --> + <GlobalNamingResources> + <!-- Editable user database that can also be used by + UserDatabaseRealm to authenticate users + --> + <Resource name="UserDatabase" auth="Container" + type="org.apache.catalina.UserDatabase" + description="User database that can be updated and saved" + factory="org.apache.catalina.users.MemoryUserDatabaseFactory" + pathname="conf/tomcat-users.xml" /> + </GlobalNamingResources> + + <!-- A "Service" is a collection of one or more "Connectors" that share + a single "Container" Note: A "Service" is not itself a "Container", + so you may not define subcomponents such as "Valves" at this level. + Documentation at /docs/config/service.html + --> + <Service name="Catalina"> + + <!--The connectors can use a shared executor, you can define one or more named thread pools--> + <!-- + <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" + maxThreads="150" minSpareThreads="4"/> + --> + + + <!-- A "Connector" represents an endpoint by which requests are received + and responses are returned. Documentation at : + Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) + Java AJP Connector: /docs/config/ajp.html + APR (HTTP/AJP) Connector: /docs/apr.html + Define a non-SSL HTTP/1.1 Connector on port ${driver.httpPort?c} + --> + [#if entity.httpEnabled] + <Connector port="${driver.httpPort?c}" protocol="HTTP/1.1" + connectionTimeout="20000" + redirectPort="${driver.httpsPort?c}" /> + [/#if] + + <!-- A "Connector" using the shared thread pool--> + <!-- + <Connector executor="tomcatThreadPool" + port="${driver.httpPort?c}" protocol="HTTP/1.1" + connectionTimeout="20000" + redirectPort="${driver.httpsPort?c}" /> + --> + + <!-- Define a SSL HTTP/1.1 Connector on port ${driver.httpPort?c} + This connector uses the BIO implementation that requires the JSSE + style configuration. When using the APR/native implementation, the + OpenSSL style configuration is required as described in the APR/native + documentation --> + [#if entity.httpsEnabled] + <Connector port="${driver.httpsPort?c}" protocol="org.apache.coyote.http11.Http11Protocol" + maxThreads="150" SSLEnabled="true" scheme="https" secure="true" + keystoreFile="${driver.httpsSslKeystoreFile}" keystorePass="${entity.httpsSslKeystorePassword}" + clientAuth="false" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" /> + [/#if] + + <!-- Define an AJP 1.3 Connector on port 8009 --> + <!-- <Connector port="8009" protocol="AJP/1.3" redirectPort="${driver.httpPort?c}" /> --> + + + <!-- An Engine represents the entry point (within Catalina) that processes + every request. The Engine implementation for Tomcat stand alone + analyzes the HTTP headers included with the request, and passes them + on to the appropriate Host (virtual host). + Documentation at /docs/config/engine.html --> + + <!-- You should set jvmRoute to support load-balancing via AJP ie : + <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> + --> + <Engine name="Catalina" defaultHost="localhost"> + + <!--For clustering, please take a look at documentation at: + /docs/cluster-howto.html (simple how to) + /docs/config/cluster.html (reference documentation) --> + <!-- + <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> + --> + + <!-- Use the LockOutRealm to prevent attempts to guess user passwords + via a brute-force attack --> + <Realm className="org.apache.catalina.realm.LockOutRealm"> + <!-- This Realm uses the UserDatabase configured in the global JNDI + resources under the key "UserDatabase". Any edits + that are performed against this UserDatabase are immediately + available for use by the Realm. --> + <Realm className="org.apache.catalina.realm.UserDatabaseRealm" + resourceName="UserDatabase"/> + </Realm> + + <Host name="localhost" appBase="webapps" + unpackWARs="true" autoDeploy="true"> + + <!-- SingleSignOn valve, share authentication between web applications + Documentation at: /docs/config/valve.html --> + <!-- + <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> + --> + + <!-- Access log processes all example. + Documentation at: /docs/config/valve.html + Note: The pattern used is equivalent to using pattern="common" --> + <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" + prefix="localhost_access_log" suffix=".txt" + pattern="%h %l %u %t "%r" %s %b" /> + + </Host> + </Engine> + </Service> +</Server>
