Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-23318

Improve Tomcat configurability

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 9.3
    • Release Notes Description:
      Hide

      More configuration is allowed on the embedded Tomcat http pool: number of http threads and queue size. This allows to avoid DOS. We also give in server.xml an exemple of configuration with two http pools, one for Drive one for other web requests.

      Show
      More configuration is allowed on the embedded Tomcat http pool: number of http threads and queue size. This allows to avoid DOS. We also give in server.xml an exemple of configuration with two http pools, one for Drive one for other web requests.

      Description

      Http pools

      The server.xml can be used to configure how many threads should be allocated byTomcat.

      Setting correctly this configuration is critical:

      • to avoid letter enter more threads than available connections
      • to avoid DOS

      We should allow to configure at least 2 critical parameters:

      • the number of http threads (maxThreads)
      • the queue size (acceptCount)

      see: https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Standard_Implementation

      Security concerns

      The default server.xml should be as secured as possible

      XXX Remi => here you go (secure cookie flag ?, timeout, remove AJP connector, remove default webapps

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: