core-jgi/org.adempiere.server-feature/jettyhome/etc/jetty-ssl-template.xml

75 lines
4.0 KiB
XML

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<!-- ============================================================= -->
<!-- Base SSL configuration -->
<!-- This configuration needs to be used together with 1 or more -->
<!-- of jetty-https.xml, jetty-spdy.xml and/or jetty-http2.xml -->
<!-- ============================================================= -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<!-- =========================================================== -->
<!-- Add a SSL Connector with no protocol factories -->
<!-- =========================================================== -->
<Call name="addConnector">
<Arg>
<New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="acceptors" type="int"><Property name="ssl.acceptors" default="-1"/></Arg>
<Arg name="selectors" type="int"><Property name="ssl.selectors" default="-1"/></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
</Array>
</Arg>
<Set name="host"><Property name="jetty.host" default="@ADEMPIERE_APPS_SERVER@" /></Set>
<Set name="port"><Property name="ssl.port" default="@ADEMPIERE_SSL_PORT@" /></Set>
<Set name="idleTimeout"><Property name="ssl.timeout" default="30000"/></Set>
<Set name="soLingerTime"><Property name="ssl.soLingerTime" default="-1"/></Set>
<Set name="acceptorPriorityDelta"><Property name="ssl.acceptorPriorityDelta" default="0"/></Set>
<Set name="selectorPriorityDelta"><Property name="ssl.selectorPriorityDelta" default="0"/></Set>
</New>
</Arg>
</Call>
<!-- ============================================================= -->
<!-- Create a TLS (SSL) Context Factory for later reuse -->
<!-- ============================================================= -->
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="CertAlias">@ADEMPIERE_KEYSTORECODEALIAS@</Set>
<Set name="KeyStorePath">@ADEMPIERE_KEYSTORE@</Set>
<Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="myPassword"/></Set>
<Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="@ADEMPIERE_KEYSTOREPASS@"/></Set>
<Set name="TrustStorePath">@ADEMPIERE_KEYSTORE@</Set>
<Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="@ADEMPIERE_KEYSTOREPASS@"/></Set>
<Set name="EndpointIdentificationAlgorithm"></Set>
<Set name="NeedClientAuth"><Property name="jetty.ssl.needClientAuth" default="false"/></Set>
<Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set>
<Set name="ExcludeCipherSuites">
<Array type="String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
</Array>
</Set>
</New>
<!-- =========================================================== -->
<!-- Create a TLS specific HttpConfiguration based on the -->
<!-- common HttpConfiguration defined in jetty.xml -->
<!-- Add a SecureRequestCustomizer to extract certificate and -->
<!-- session information -->
<!-- =========================================================== -->
<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg><Ref refid="httpConfig"/></Arg>
<Call name="addCustomizer">
<Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
</Call>
</New>
</Configure>