-----Message d'origine-----
De: Pete Ehli [mailto:[EMAIL PROTECTED]]
Date: mardi 16 janvier 2001 08:34
À: [EMAIL PROTECTED]
Objet: Apache mod_SSL and Tomcat using mod_jk
>Hello I am new to Apache and am using mod_ssl Apache server
>connected with Tomcat via the mod_jk module -
I've just done that ... (absolute beginer)
>I get the following
> warning when starting Apache after I start tomcat
>"Loaded DSO modules/mod_jk.dll uses plain Apache 1.3 API,
>this module might crash under EAPI! (Please recompile it with -DEAPI)
same for me... it seems to works anyway...
note that I had to install JSSE 102 from sun java site...
I've put it into the JRE 1.3 as documented (jar in lib/ext)
and changed the security provider list in some properties file
as documented...
For tomcat servlet/jsp to be able to call-back HTTPS as a client
I had to add a -D... that sets the implementor of URL...
documented in JSSE also...
I also had to set the keystore of jsse
extract from tomcat.bat:
:runServer
rem Running Tomcat in this window
if "%2" == "-security" goto runSecure
%_RUNJAVA% %TOMCAT_OPTS% -Dtomcat.home="%TOMCAT_HOME%"
-Djavax.net.ssl.trustStore="%TOMCAT_HOME%/conf/ssl/cacerts"
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
org.apache.tomcat.startup.Tomcat %2 %3 %4 %5 %6 %7 %8 %9
goto cleanup
> I am trying to get Apache and Tomcat to use SSL .
>I don't have a certificate configured and get the following error
>"localhost:443 should be SSL-aware but has no certificate configured
>[Hint: SSLCertificateFile]" Can someone point me to the exact directions
>on how to configure a certificate and also will this module
I had to use the snakeoil certificates an keys as documented...
all is configured in a virtual host on port 443...
the last problem is tha the snakeoil certificate
have a /CN= different from my host DNS name
(sure, it is a dummy certificate),
and thus the HTTPS URL connector refuse to trust
an HTTPS server whose certificat CN is different from
it's DNS name...
I've found example of config files on the web...
note the the ifdefined SSL does not works with the apache/mod_ssl
found on mod_ssl.org... I have used the IfModule mod_ssl.c
I've put parts of the config files at the end...
>
>mod_jk work with the version of Apache I am using -
>Apache_1.3.14-mod_ssl_2.7.2-openssl_0.96-win32.zip
>and Tomcat 3.2.1 I have configured this via the documentation
>in Tomcat. Any ideas or suggestion on where to go form here
> would be much appreciated
if some one can explai me how to generate
a good server certificat with openssl or
keytool... 8)
------------------------------
here is the SSL config included at the end of the
httpd.conf in apache
##
## SSL Support
##
## When we also provide SSL we have to listen to the
## standard HTTP port (see above) and to the HTTPS port
##
LoadModule ssl_module modules/ApacheModuleSSL.dll
<IfModule mod_ssl.c>
Listen 8000
Listen 8443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First either `none'
# or `dbm:/path/to/file' for the mechanism to use and
# second the expiring timeout (in seconds).
#SSLSessionCache none
#SSLSessionCache shm:logs/ssl_scache(512000)
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual explusion semaphore the
# SSL engine uses internally for inter-process synchronization.
#SSLMutex file:logs/ssl_mutex
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
# Logging:
# The home of the dedicated SSL protocol logfile. Errors are
# additionally duplicated in the general error log file. Put
# this somewhere where it cannot be used for symlink attacks on
# a real server (i.e. somewhere where only root can write).
# Log levels are (ascending order: higher ones include lower ones):
# none, error, warn, info, trace, debug.
SSLLog logs/ssl_engine.log
SSLLogLevel info
##
## SSL Virtual Host Context
##
<VirtualHost _default_:8443>
# General setup for the virtual host
DocumentRoot "d:/apache/htdocs"
ServerName maui.idt.cdc.fr
ServerAdmin [EMAIL PROTECTED]
ErrorLog logs/ssl_error.log
TransferLog logs/ssl_access.log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A test
# certificate can be generated with `make certificate' under
# built time. Keep in mind that if you've both a RSA and a DSA
# certificate you can configure both in parallel (to also allow
# the use of DSA ciphers, etc.)
SSLCertificateFile d:/apache/conf/ssl.crt/snakeoil-rsa.crt
#SSLCertificateFile @@ServerRoot@@/conf/ssl.crt/server-dsa.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile d:/apache/conf/ssl.key/snakeoil-rsa.key
#SSLCertificateKeyFile d:/apache/conf/ssl.key/server-dsa.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile d:/apache/conf/ssl.crt/ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath d:/apache/conf/ssl.crt
#SSLCACertificateFile d:/apache/conf/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath d:/apache/conf/ssl.crl
#SSLCARevocationFile d:/apache/conf/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means
that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the
user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment
variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o CompatEnvVars:
# This exports obsolete environment variables for backward compatibility
# to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use
this
# to provide compatibility to existing CGI scripts.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "d:/Apache/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait
for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach
where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers.
Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
JkMount /tomcat/*/servlet/* ajp13
JkMount /tomcat/*.jsp ajp13
JkMount /tomcat/cocoon/*.xml ajp13
JkMount /*.jsp ajp13
JkMount /servlet/* ajp13
</VirtualHost>
</IfModule>
--------------------------------------
part added to the the httpd.conf,
relative to tomcat
###################################################################
# Auto generated configuration. Dated: Mon Jan 08 12:06:07 CET 2001
###################################################################
#
# The following line instructs Apache to load the jk module
#
LoadModule jk_module modules/mod_jk.dll
JkWorkersFile "D:/jakarta-tomcat-3.2.1/conf/workers.properties"
JkLogFile "D:/jakarta-tomcat-3.2.1/logs/mod_jk.log"
#
# Log level to be used by mod_jk
#
JkLogLevel error
###################################################################
# SSL configuration #
#
# By default mod_jk is configured to collect SSL information from
# the apache environment and send it to the Tomcat workers. The
# problem is that there are many SSL solutions for Apache and as
# a result the environment variable names may change.
#
# The following (commented out) JK related SSL configureation
# can be used to customize mod_jk's SSL behaviour.
#
# Should mod_jk send SSL information to Tomact (default is On)
# JkExtractSSL Off
#
# What is the indicator for SSL (default is HTTPS)
# JkHTTPSIndicator HTTPS
#
# What is the indicator for SSL session (default is SSL_SESSION_ID)
# JkSESSIONIndicator SSL_SESSION_ID
#
# What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
# JkCIPHERIndicator SSL_CIPHER
#
# What is the indicator for the client SSL certificated (default is
SSL_CLIENT_CERT)
# JkCERTSIndicator SSL_CLIENT_CERT
#
# #
###################################################################
#
# Root context mounts for Tomcat
#
JkMount /*.jsp ajp13
JkMount /servlet/* ajp13
#########################################################
# Auto configuration for the /examples context starts.
#########################################################
#
# The following line makes apache aware of the location of the /examples
context
#
Alias /tomcat/examples "D:/jakarta-tomcat-3.2.1/webapps/examples"
<Directory "D:/jakarta-tomcat-3.2.1/webapps/examples">
Options Indexes FollowSymLinks
</Directory>
#
# The following line mounts all JSP files and the /servlet/ uri to tomcat
#
JkMount /tomcat/examples/servlet/* ajp13
JkMount /tomcat/examples/*.jsp ajp13
#
# The following line prohibits users from directly accessing WEB-INF
#
<Location "/tomcat/examples/WEB-INF/">
AllowOverride None
deny from all
</Location>
#
# Use Directory too. On Windows, Location doesn't work unless case matches
#
<Directory "D:/jakarta-tomcat-3.2.1/webapps/examples/WEB-INF/">
AllowOverride None
deny from all
</Directory>
#
# The following line prohibits users from directly accessing META-INF
#
<Location "/tomcat/examples/META-INF/">
AllowOverride None
deny from all
</Location>
#
# Use Directory too. On Windows, Location doesn't work unless case matches
#
<Directory "D:/jakarta-tomcat-3.2.1/webapps/examples/META-INF/">
AllowOverride None
deny from all
</Directory>
#######################################################
# Auto configuration for the /examples context ends.
#######################################################
----- server.xml for tomcat
<?xml version="1.0" encoding="ISO-8859-1"?>
<Server>
<!-- Debug low-level events in XmlMapper startup -->
<xmlmapper:debug level="0" />
<!--
Logging:
Logging in Tomcat is quite flexible; we can either have a log
file per module (example: ContextManager) or we can have one
for Servlets and one for Jasper, or we can just have one
tomcat.log for both Servlet and Jasper. Right now there are
three standard log streams, "tc_log", "servlet_log", and
"JASPER_LOG".
Path:
The file to which to output this log, relative to
TOMCAT_HOME. If you omit a "path" value, then stderr or
stdout will be used.
Verbosity:
Threshold for which types of messages are displayed in the
log. Levels are inclusive; that is, "WARNING" level displays
any log message marked as warning, error, or fatal. Default
level is WARNING.
verbosityLevel values can be:
FATAL
ERROR
WARNING
INFORMATION
DEBUG
Timestamps:
By default, logs print a timestamp in the form "yyyy-MM-dd
hh:mm:ss" in front of each message. To disable timestamps
completely, set 'timestamp="no"'. To use the raw
msec-since-epoch, which is more efficient, set
'timestampFormat="msec"'. If you want a custom format, you
can use 'timestampFormat="hh:mm:ss"' following the syntax of
java.text.SimpleDateFormat (see Javadoc API). For a
production environment, we recommend turning timestamps off,
or setting the format to "msec".
Custom Output:
"Custom" means "normal looking". "Non-custom" means
"surrounded with funny xml tags". In preparation for
possibly disposing of "custom" altogether, now the default is
'custom="yes"' (i.e. no tags)
Per-component Debugging:
Some components accept a "debug" attribute. This further
enhances log output. If you set the "debug" level for a
component, it may output extra debugging information.
-->
<!-- if you don't want messages on screen, add the attribute
path="logs/tomcat.log"
to the Logger element below
-->
<Logger name="tc_log"
verbosityLevel = "INFORMATION"
/>
<Logger name="servlet_log"
path="logs/servlet.log"
/>
<Logger name="JASPER_LOG"
path="logs/jasper.log"
verbosityLevel = "INFORMATION" />
<!-- You can add a "home" attribute to represent the "base" for
all relative paths. If none is set, the TOMCAT_HOME property
will be used, and if not set "." will be used.
webapps/, work/ and logs/ will be relative to this ( unless
set explicitely to absolute paths ).
You can also specify a "randomClass" attribute, which determines
a subclass of java.util.Random will be used for generating session
IDs.
By default this is "java.security.SecureRandom".
Specifying "java.util.Random" will speed up Tomcat startup,
but it will cause sessions to be less secure.
You can specify the "showDebugInfo" attribute to control whether
debugging information is displayed in Tomcat's default responses.
This debugging information includes:
1. Stack traces for exceptions
2. Request URI's that cause status codes >= 400
The default is "true", so you must specify "false" to prevent
the debug information from appearing. Since the debugging
information reveals internal details about what Tomcat is serving,
set showDebugInfo="false" if you wish increased security.
-->
<ContextManager debug="0" workDir="work" showDebugInfo="true" >
<!-- ==================== Interceptors ==================== -->
<!--
ContextInterceptor className="org.apache.tomcat.context.LogEvents"
-->
<ContextInterceptor className="org.apache.tomcat.context.AutoSetup"
/>
<ContextInterceptor
className="org.apache.tomcat.context.WebXmlReader" />
<!-- Uncomment out if you have JDK1.2 and want to use policy
<ContextInterceptor
className="org.apache.tomcat.context.PolicyInterceptor" />
-->
<ContextInterceptor
className="org.apache.tomcat.context.LoaderInterceptor" />
<ContextInterceptor
className="org.apache.tomcat.context.DefaultCMSetter" />
<ContextInterceptor
className="org.apache.tomcat.context.WorkDirInterceptor" />
<!-- Request processing -->
<!-- Session interceptor will extract the session id from cookies
and
deal with URL rewriting ( by fixing the URL ). If you wish to
suppress the use of cookies for session identifiers, change the
"noCookies" attribute to "true"
-->
<RequestInterceptor
className="org.apache.tomcat.request.SessionInterceptor"
noCookies="false" />
<!-- Find the container ( context and prefix/extension map )
for a request.
-->
<RequestInterceptor
className="org.apache.tomcat.request.SimpleMapper1"
debug="0" />
<!-- Non-standard invoker, for backward compat. ( /servlet/* )
You can modify the prefix that is matched by adjusting the
"prefix" parameter below. Be sure your modified pattern
starts and ends with a slash.
NOTE: This prefix applies to *all* web applications that
are running in this instance of Tomcat.
-->
<RequestInterceptor
className="org.apache.tomcat.request.InvokerInterceptor"
debug="0" prefix="/servlet/" />
<!-- "default" handler - static files and dirs. Set the
"suppress" property to "true" to suppress directory listings
when no welcome file is present.
NOTE: This setting applies to *all* web applications that
are running in this instance of Tomcat.
-->
<RequestInterceptor
className="org.apache.tomcat.request.StaticInterceptor"
debug="0" suppress="false" />
<!-- Plug a session manager. You can plug in more advanced session
modules.
-->
<RequestInterceptor
className="org.apache.tomcat.session.StandardSessionInterceptor"
/>
<!-- Check if the request requires an authenticated role.
-->
<RequestInterceptor
className="org.apache.tomcat.request.AccessInterceptor"
debug="0" />
<!-- Check permissions using the simple xml file. You can
plug more advanced authentication modules.
-->
<RequestInterceptor
className="org.apache.tomcat.request.SimpleRealm"
debug="0" />
<!-- UnComment the following and comment out the
above to get a JDBC realm.
Other options for driverName:
driverName="oracle.jdbc.driver.OracleDriver"
connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
connectionName="scott"
connectionPassword="tiger"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost/authority"
connectionName="test"
connectionPassword="test"
"connectionName" and "connectionPassword" are optional.
-->
<!--
<RequestInterceptor
className="org.apache.tomcat.request.JDBCRealm"
debug="99"
driverName="sun.jdbc.odbc.JdbcOdbcDriver"
connectionURL="jdbc:odbc:TOMCAT"
userTable="users"
userNameCol="user_name"
userCredCol="user_pass"
userRoleTable="user_roles"
roleNameCol="role_name" />
-->
<!-- Loaded last since JSP's that load-on-startup use request
handling -->
<ContextInterceptor
className="org.apache.tomcat.context.LoadOnStartupInterceptor"
/>
<!-- ==================== Connectors ==================== -->
<!-- Normal HTTP -->
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="port"
value="8001"/>
</Connector>
<!--
Uncomment this for SSL support.
You _need_ to set up a server certificate if you want this
to work, and you need JSSE.
1. Add JSSE jars to CLASSPATH
2. Edit java.home/jre/lib/security/java.security
Add:
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
3. Do: keytool -genkey -alias tomcat -keyalg RSA
RSA is essential to work with Netscape and IIS.
Use "changeit" as password. ( or add keypass attribute )
You don't need to sign the certificate.
You can set parameter keystore and keypass if you want
to change the default ( user.home/.keystore with changeit )
-->
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="socketFactory"
value="org.apache.tomcat.net.SSLSocketFactory" />
<Parameter name="port"
value="8543"/>
<Parameter name="keystore"
value="d:\jakarta-tomcat-3.2.1\conf\ssl\cacerts" />
<Parameter name="keypass" value="changeit" />
</Connector>
<!-- Apache AJP12 support. This is also used to shut down tomcat.
-->
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
value="org.apache.tomcat.service.connector.Ajp12ConnectionHandler"/>
<Parameter name="port" value="8007"/>
</Connector>
<!-- Apache AJP13 support.
-->
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
value="org.apache.tomcat.service.connector.Ajp13ConnectionHandler"/>
<Parameter name="port" value="8009"/>
</Connector>
<!-- ==================== Special webapps ==================== -->
<!-- You don't need this if you place your app in webapps/
and use defaults.
For security you'll also need to edit tomcat.policy
Defaults are: debug=0, reloadable=true, trusted=false
(trusted allows you to access tomcat internal objects
with FacadeManager ), crossContext=true (allows you to
access other contexts via ServletContext.getContext())
If security manager is enabled, you'll have read perms.
in the webapps dir and read/write in the workdir.
-->
<Context path="/tomcat/examples"
docBase="webapps/examples"
crossContext="false"
debug="1"
reloadable="true" >
</Context>
<!-- Admin context will use tomcat.core to add/remove/get info about
the webapplications and tomcat internals.
By default it is not trusted - i.e. it is not allowed access to
tomcat internals, only informations that are available to all
servlets are visible.
If you change this to true, make sure you set a password.
-->
<Context path="/tomcat/admin"
docBase="webapps/admin"
crossContext="true"
debug="0"
reloadable="true"
trusted="false" >
</Context>
<!-- Virtual host example -
In "127.0.0.1" virtual host we'll reverse "/" and
"/examples"
(XXX need a better example )
(use "http://127.0.0.1/examples" )
<Host name="127.0.0.1" >
<Context path=""
docBase="webapps/examples" />
<Context path="/tomcat/examples"
docsBase="webapps/ROOT" />
</Host>
-->
<Context path="/tomcat/cocoon"
docBase="webapps/cocoon"
debug="1"
reloadable="true" >
</Context>
<Context path="/tomcat/test"
docBase="webapps/test"
crossContext="false"
debug="0"
reloadable="true" >
</Context>
<Context path="/tomcat/xsl-examples"
docBase="webapps/xsl-examples"
crossContext="false"
debug="1"
reloadable="true" >
</Context>
<Context path="/tomcat/xsl-doc"
docBase="webapps/xsl-doc"
crossContext="false"
debug="1"
reloadable="true" >
</Context>
<Context path="/tomcat/taglibs"
docBase="webapps/taglibs"
crossContext="false"
debug="1"
reloadable="true" >
</Context>
<Context path="/tomcat"
docBase="webapps/ROOT"
crossContext="false"
debug="1"
reloadable="true" >
</Context>
</ContextManager>
</Server>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
