On Thu, Jul 23, 2015 at 10:50 AM, Mark Thomas <ma...@apache.org> wrote:
> On 23 July 2015 15:07:01 CEST, Jim Sellers <jim.sell...@gmail.com> wrote: > >Hi all. > > > >Sorry if this has already been answered, but I couldn't find it. > > > >I'm looking at using tomcat in a docker container and I was wondering > >why > >there isn't a binary distribution that has most / all of the steps > >already > >done from the security how to? > >https://tomcat.apache.org/tomcat-7.0-doc/security-howto.html > > > >I understand that there wouldn't be a true one size fits all, but I > >rather > >than get everyone to try to follow the same basic steps I thought that > >they > >would be done upstream in the project. > > > >If there's a reason why, I'm curious to learn what it is. > > > >I've also opened a ticket with the official docker tomcat image project > >for > >a tomcat that has this done. > >https://github.com/docker-library/tomcat/issues/14 > > > >Thanks for your time. > >Jim > > Which default settings do you expect to be changed? > > Mark I was thinking the parts from that document that say "should be" or "not intended for production". e.g. deleting the default apps, disabling the version number, etc. I'm somewhat new to TC and was looking for distribution that was closer to the recommended TC production setup than the default one. I was assuming that both would be available for download. Jim
