From 2980fa109a36a0a683854b8ed4212186d10b499f Mon Sep 17 00:00:00 2001 From: Sean Arms <67096+lesserwhirls@users.noreply.github.com> Date: Fri, 17 Jan 2025 12:02:42 -0700 Subject: [PATCH 1/2] Documentation updates * Use liquid variables for tomcat, java, and servlet spec version references * Update links * Remove AdoptOpenJDK references --- docs/adminguide/src/site/_config.yml | 6 ++- .../DownloadAndInstallation.md | 2 +- .../installation_upgrade/ReleaseNotes.md | 4 +- .../SystemRequirements.md | 6 +-- .../installation_upgrade/TdsBehindProxy.md | 12 +++--- .../installation_upgrade/TomcatPermissions.md | 4 +- .../site/pages/performance/PerformanceTips.md | 4 +- .../site/pages/reference/TomcatManagerApp.md | 4 +- .../site/pages/securing/DigestedPasswords.md | 2 +- .../pages/securing/EnableTLSEncryption.md | 6 +-- .../pages/securing/RemoveUnusedWebapps.md | 2 +- .../pages/securing/RestrictAccessToTds.md | 2 +- .../site/pages/securing/SecureManagerApp.md | 4 +- .../ModifyingTomcatAccessLogs.md | 2 +- .../support_troubleshooting/TDSAdminTools.md | 2 +- .../src/site/pages/thredds/NcssRef.md | 2 +- docs/devguide/src/site/_config.yml | 6 ++- .../getting_started/DeployingTheTds.md | 4 +- .../getting_started/InstallJavaTomcat.md | 39 ++++++++++--------- .../TomcatConfigurationFiles.md | 26 ++++++------- .../getting_started/TomcatManagerApp.md | 4 +- .../ModifyingTomcatAccessLogs.md | 2 +- .../src/site/pages/thredds/NcssRef.md | 2 +- docs/quickstart/src/site/_config.yml | 6 ++- .../src/site/pages/TLSEncryption.md | 17 ++++---- .../getting_started/DeployingTheTds.md | 2 +- .../getting_started/InstallJavaTomcat.md | 39 ++++++++++--------- .../TomcatConfigurationFiles.md | 26 ++++++------- .../getting_started/TomcatManagerApp.md | 4 +- .../ModifyingTomcatAccessLogs.md | 2 +- .../production/DigestedPasswords.md | 2 +- .../production/EnableTLSEncryption.md | 8 ++-- .../production/PerformanceTips.md | 4 +- .../production/RemoveUnusedWebapps.md | 2 +- .../production/RestrictAccessToTds.md | 2 +- .../production/SecureManagerApp.md | 4 +- .../tds_tutorial/production/TdsBehindProxy.md | 12 +++--- .../pages/tds_tutorial/production/Upgrade.md | 4 +- .../src/site/pages/thredds/NcssRef.md | 2 +- docs/shared/src/site/_data/topnav.yml.golden | 13 +------ docs/userguide/src/site/_config.yml | 4 +- .../getting_started/DeployingTheTds.md | 2 +- .../getting_started/InstallJavaTomcat.md | 21 +++++----- .../TomcatConfigurationFiles.md | 26 ++++++------- .../getting_started/TomcatManagerApp.md | 4 +- .../ModifyingTomcatAccessLogs.md | 2 +- .../production/DigestedPasswords.md | 2 +- .../production/EnableTLSEncryption.md | 8 ++-- .../production/PerformanceTips.md | 2 +- .../production/RemoveUnusedWebapps.md | 2 +- .../production/RestrictAccessToTds.md | 2 +- .../production/SecureManagerApp.md | 4 +- .../tds_tutorial/production/TdsBehindProxy.md | 12 +++--- .../production/TomcatPermissions.md | 4 +- 54 files changed, 198 insertions(+), 193 deletions(-) diff --git a/docs/adminguide/src/site/_config.yml b/docs/adminguide/src/site/_config.yml index 11c9991496..48e8e4341c 100644 --- a/docs/adminguide/src/site/_config.yml +++ b/docs/adminguide/src/site/_config.yml @@ -77,5 +77,7 @@ docset_name: adminguide # this will appear in the sidebar and various doc pages netcdf-java_docset_version: 5.7 -# this will appear in various doc pages -tomcat_version: 10.0 +# these will appear in various doc pages +tomcat_version: 10.1 +java_version: 17 +servlet_spec: 3.1 diff --git a/docs/adminguide/src/site/pages/installation_upgrade/DownloadAndInstallation.md b/docs/adminguide/src/site/pages/installation_upgrade/DownloadAndInstallation.md index f18725ef64..744753d3ea 100644 --- a/docs/adminguide/src/site/pages/installation_upgrade/DownloadAndInstallation.md +++ b/docs/adminguide/src/site/pages/installation_upgrade/DownloadAndInstallation.md @@ -34,7 +34,7 @@ Please visit the [Support](support.html) page for information on which version o |------------|------------------| | File Type | Link For Download | |-------------|-----------------| -| OpenJDK Java | [https://adoptopenjdk.net/](https://adoptopenjdk.net/){:target="_blank"} | +| OpenJDK Java | [https://adoptium.net/](https://adoptium.net/){:target="_blank"} | | Apache Tomcat Servlet Container` | [http://tomcat.apache.org/](http://tomcat.apache.org/){:target="_blank"} | | Tomcat Docker Image | [https://hub.docker.com/r/unidata/tomcat-docker](https://hub.docker.com/r/unidata/tomcat-docker){:target="_blank"} | diff --git a/docs/adminguide/src/site/pages/installation_upgrade/ReleaseNotes.md b/docs/adminguide/src/site/pages/installation_upgrade/ReleaseNotes.md index f6b2d00e33..0aff16c745 100644 --- a/docs/adminguide/src/site/pages/installation_upgrade/ReleaseNotes.md +++ b/docs/adminguide/src/site/pages/installation_upgrade/ReleaseNotes.md @@ -24,8 +24,8 @@ Deprecated classes and methods have been removed, and the module structure and t As of TDS 5, the following are considered to be minimum system requirements: -* Java 11 or above -* Apache Tomcat 8.5 or above (or a servlet contain that supports servlet specification 3.1) +* Java {{ site.java_version }} or above +* Apache Tomcat {{ site.tomcat_version }} or above (or a servlet container that supports servlet specification {{ site.servlet_spec }}) ## JVM Setting Requirement Changes diff --git a/docs/adminguide/src/site/pages/installation_upgrade/SystemRequirements.md b/docs/adminguide/src/site/pages/installation_upgrade/SystemRequirements.md index 4113e9c82e..0b9692a2aa 100644 --- a/docs/adminguide/src/site/pages/installation_upgrade/SystemRequirements.md +++ b/docs/adminguide/src/site/pages/installation_upgrade/SystemRequirements.md @@ -8,8 +8,8 @@ permalink: system_requirements.html ## Minimum Requirements -* OpenJDK Java 11 or above -* Apache Tomcat 8.5 or above (or a servlet contain that supports servlet specification 3.1) +* OpenJDK Java {{ site.java_version }} or above +* Apache Tomcat {{ site.tomcat_version }} or above (or a servlet container that supports servlet specification {{ site.servlet_spec }}) * 64-bit operating system * High-performance file system @@ -18,7 +18,7 @@ permalink: system_requirements.html Unidata develops, tests, and runs/deploys the THREDDS Data Server using: -* OpenJDK Java +* Eclipse Temurin * Apache Tomcat servlet container * Linux OS * [ZFS](https://zfsonlinux.org/){:target="_blank"} for Linux systems diff --git a/docs/adminguide/src/site/pages/installation_upgrade/TdsBehindProxy.md b/docs/adminguide/src/site/pages/installation_upgrade/TdsBehindProxy.md index 3b4c31719c..23494fb215 100644 --- a/docs/adminguide/src/site/pages/installation_upgrade/TdsBehindProxy.md +++ b/docs/adminguide/src/site/pages/installation_upgrade/TdsBehindProxy.md @@ -25,17 +25,17 @@ There are two methods to accomplish this: ### Tomcat-Apache Proxy Documentation -* [Tomcat Connectors](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/connectors.html){:target="_blank"} +* [Tomcat Connectors](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/connectors.html){:target="_blank"} Documentation describing the difference between the Tomcat HTTP and AJP connectors. * `mod_proxy` - * [Tomcat HTTP Connector](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/config/http.html){:target="_blank"} + * [Tomcat HTTP Connector](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/http.html){:target="_blank"} Configuration for the Tomcat HTTP connector (for use with Apache's mod_proxy). - * [Tomcat Proxy Support - How To](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/proxy-howto.html){:target="_blank"} + * [Tomcat Proxy Support - How To](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/proxy-howto.html){:target="_blank"} Tomcat documentation showing how to use the build-in Apache module mod_proxy for Apache versions 1.3X and 2.X. * `mod_jk` - * [Tomcat AJP Connector](https://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html){:target="_blank"} + * [Tomcat AJP Connector](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/ajp.html){:target="_blank"} Configuration for the Tomcat AJP connector (for use with Apache's mod_jk). - * [Tomcat Reverse Proxy - How To](https://tomcat.apache.org/tomcat-8.5-doc/proxy-howto.html){:target="_blank"} + * [Tomcat Reverse Proxy - How To](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/proxy-howto.html){:target="_blank"} Configurations and fine-tuning of a reverse proxy set up using the mod_jk Apache module. {%include note.html content=" @@ -189,7 +189,7 @@ The following example shows how to implement a proxy using the Apache HTTPD serv ~~~ {% include info.html content=" - Consult the Tomcat documentation for more information about the [AJP Connector](https://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html){:target='_blank'} configuration options. + Consult the Tomcat documentation for more information about the [AJP Connector](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/ajp.html){:target='_blank'} configuration options. " %} 2. Disable any active `Java HTTP/1.1 Connector` and the `SSL HTTP/1.1 Connector` Tomcat connectors. diff --git a/docs/adminguide/src/site/pages/installation_upgrade/TomcatPermissions.md b/docs/adminguide/src/site/pages/installation_upgrade/TomcatPermissions.md index 1674d331c9..4b09c30365 100644 --- a/docs/adminguide/src/site/pages/installation_upgrade/TomcatPermissions.md +++ b/docs/adminguide/src/site/pages/installation_upgrade/TomcatPermissions.md @@ -15,7 +15,7 @@ We also recommend restricting the permissions of the Tomcat `user/group` within ~~~bash # cd /usr/local - # chown -R tomcat:tomcat apache-tomcat-8.5.34 + # chown -R tomcat:tomcat apache-tomcat-{{ site.tomcat_version }}.x # ls -l tomcat total 148 drwxr-x--- 2 tomcat tomcat 4096 Oct 24 14:22 bin @@ -82,7 +82,7 @@ We also recommend restricting the permissions of the Tomcat `user/group` within 4. Change the user/group permissions of the files and subdirectories in `${tomcat_home}/conf` directory. - (Depending on the web applications you are running and/or your virtual host configurations, Tomcat may create a `${tomcat_home}/conf/Catalina` directory with corresponding subdirectories and files for [context](https://tomcat.apache.org/tomcat-8.5-doc/virtual-hosting-howto.html#Configuring_Your_Contexts){:target="_blank"} information.) + (Depending on the web applications you are running and/or your virtual host configurations, Tomcat may create a `${tomcat_home}/conf/Catalina` directory with corresponding subdirectories and files for [context](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/virtual-hosting-howto.html#Configuring_Your_Contexts){:target="_blank"} information.) ~~~bash # cd /usr/local/tomcat/conf diff --git a/docs/adminguide/src/site/pages/performance/PerformanceTips.md b/docs/adminguide/src/site/pages/performance/PerformanceTips.md index aef6d7f996..5513130453 100644 --- a/docs/adminguide/src/site/pages/performance/PerformanceTips.md +++ b/docs/adminguide/src/site/pages/performance/PerformanceTips.md @@ -57,7 +57,7 @@ This affects the number of files to keep in the [File Handle Caches](#file-handl ### Version -We recommend the latest stable version of Tomcat 8 and JDK 1.8. +We recommend the latest stable version of Tomcat {{ site.tomcat_version }} and JDK 1.8. ### Compression @@ -75,7 +75,7 @@ Have a look at the `compression` and `compressibleMimeType` attributes of the To ~~~ This says to compress (`gzip` or `deflate`) when the number of bytes is `>= 1000`, for the named `mime-types`. -See the Tomcat HTTP Connector [reference page](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/config/http.html){:target="_blank"} for more details. +See the Tomcat HTTP Connector [reference page](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/http.html){:target="_blank"} for more details. ### Automatic Startup diff --git a/docs/adminguide/src/site/pages/reference/TomcatManagerApp.md b/docs/adminguide/src/site/pages/reference/TomcatManagerApp.md index 8e6897eda9..986bd24a26 100644 --- a/docs/adminguide/src/site/pages/reference/TomcatManagerApp.md +++ b/docs/adminguide/src/site/pages/reference/TomcatManagerApp.md @@ -20,7 +20,7 @@ This section assumes you have successfully installed the JDK and Tomcat Servlet * Provides server status statistics for the JVM and each connector you have configured in `${tomcat_home}/conf/server.xml`. -For more information about the Tomcat manager application, see the [Tomcat Manager App HOW-TO](https://tomcat.apache.org/tomcat-8.5-doc/manager-howto.html){:target='_blank'} documentation. +For more information about the Tomcat manager application, see the [Tomcat Manager App HOW-TO](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html){:target='_blank'} documentation. ## Accessing The Manager Application @@ -58,7 +58,7 @@ This will be done in the following 2 steps: ~~~ {%include note.html content=" - For more information about web application context configuration files and their security options, please review the [Tomcat Manager App How-To](http://tomcat.apache.org/tomcat-8.5-doc/manager-howto.html#Introduction){:target='_blank'} documentation. + For more information about web application context configuration files and their security options, please review the [Tomcat Manager App How-To](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html#Introduction){:target='_blank'} documentation. " %} diff --git a/docs/adminguide/src/site/pages/securing/DigestedPasswords.md b/docs/adminguide/src/site/pages/securing/DigestedPasswords.md index 8ac1f56930..48e6997f09 100644 --- a/docs/adminguide/src/site/pages/securing/DigestedPasswords.md +++ b/docs/adminguide/src/site/pages/securing/DigestedPasswords.md @@ -98,7 +98,7 @@ A Tomcat Realm represents a "database" of usernames, passwords, and roles assign ~~~ {% include note.html content=" - To use a different algorithm, a salt, or to limit the length of the resulting password hash, consult the [syntax options](https://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html#Digested_Passwords){:target='_blank'} for the `tomcat_home/bin/digest.[bat|sh]` script. + To use a different algorithm, a salt, or to limit the length of the resulting password hash, consult the [syntax options](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#Digested_Passwords){:target='_blank'} for the `tomcat_home/bin/digest.[bat|sh]` script. " %} 3. Update `${tomcat_home}/conf/tomcat-users.xml` to replace your clear-text password with the encrypted version: diff --git a/docs/adminguide/src/site/pages/securing/EnableTLSEncryption.md b/docs/adminguide/src/site/pages/securing/EnableTLSEncryption.md index bb1b78429a..53c3eadf05 100644 --- a/docs/adminguide/src/site/pages/securing/EnableTLSEncryption.md +++ b/docs/adminguide/src/site/pages/securing/EnableTLSEncryption.md @@ -17,7 +17,7 @@ The following must be performed to create a secure connection for a web applicat The following example demonstrates enabling Transport Layer Security in the Tomcat Servlet Container on a linux system as the `root` user. -1. [Import](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target="_blank"} your CA-signed certificate into the keystore file as per the [Tomcat documentation](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target="_blank"}. +1. [Import](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target="_blank"} your CA-signed certificate into the keystore file as per the [Tomcat documentation](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target="_blank"}. {% include important.html content=" @@ -61,11 +61,11 @@ The following example demonstrates enabling Transport Layer Security in the Tomc {% capture connector %} Tomcat also offers a `SSL/TLS HTTP/1.1 Connector` which utilizes `APR/native implementation`. - Consult the [Documentation](http://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/config/http.html){:target='_blank'} to see if you should use this connector in lieu of the `NIO implementation SSL HTTP/1.1` connector. + Consult the [Documentation](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/http.html){:target='_blank'} to see if you should use this connector in lieu of the `NIO implementation SSL HTTP/1.1` connector. {% endcapture %} {% include info.html content=connector %} - Specify the keystore file in the `certificateKeystoreFile` attribute of the `Certificate` element to tell Tomcat where to find your keystore (the path will be relative to `${tomcat_home}` directory). + Specify the keystore file in the `certificateKeystoreFile` attribute of the `Certificate` element to tell Tomcat where to find your keystore (the path will be relative to `${tomcat_home}` directory). In this example, the keystore file is `${tomcat_home}/conf/tds-keystore`: diff --git a/docs/adminguide/src/site/pages/securing/RemoveUnusedWebapps.md b/docs/adminguide/src/site/pages/securing/RemoveUnusedWebapps.md index ad1f1e5e19..50956240e3 100644 --- a/docs/adminguide/src/site/pages/securing/RemoveUnusedWebapps.md +++ b/docs/adminguide/src/site/pages/securing/RemoveUnusedWebapps.md @@ -22,6 +22,6 @@ Tomcat "ships" with several default web applications you may want to consider re To use this application, you must add a user with role of `admin-gui` in `tomcat-users.xml`. If you are not planning to do a lot of virtual hosting in Tomcat this application should be removed. * The `examples` application should probably be removed from a production server to minimize security exposure. -* The docs are a copy of the [Online tomcat documentation](https://tomcat.apache.org/tomcat-8.5-doc/){:target="_blank"}. +* The docs are a copy of the [Online tomcat documentation](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/){:target="_blank"}. Unless you have need for a local copy, removing docs would help to tidy-up `${tomcat_home}/webapps`. diff --git a/docs/adminguide/src/site/pages/securing/RestrictAccessToTds.md b/docs/adminguide/src/site/pages/securing/RestrictAccessToTds.md index 3fe6127927..9784b5676d 100644 --- a/docs/adminguide/src/site/pages/securing/RestrictAccessToTds.md +++ b/docs/adminguide/src/site/pages/securing/RestrictAccessToTds.md @@ -65,7 +65,7 @@ The `RemoteHostValve` compares the client hostname against one or more regular e ~~~ {% capture remote_host_valve %} - Consult the Tomcat [Remote Host Valve](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/config/valve.html#Remote_Host_Valve){:target='_blank'} documentation for more information about valve syntax and options. + Consult the Tomcat [Remote Host Valve](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html#Remote_Host_Valve){:target='_blank'} documentation for more information about valve syntax and options. {% endcapture %} {% include info.html content=remote_host_valve%} diff --git a/docs/adminguide/src/site/pages/securing/SecureManagerApp.md b/docs/adminguide/src/site/pages/securing/SecureManagerApp.md index 069bb9772f..8964181af0 100644 --- a/docs/adminguide/src/site/pages/securing/SecureManagerApp.md +++ b/docs/adminguide/src/site/pages/securing/SecureManagerApp.md @@ -93,7 +93,7 @@ The following example demonstrates enabling TLS/SSL for the Tomcat Manager Appli ~~~ - The Tomcat 8.x version of the Manager application deployment descriptor contains a `` section for each of the four possible `ContactPaths` (as per [Manager Application](https://tomcat.apache.org/migration.html){:target="_blank"} section of the Tomcat Migration Guide). + The Tomcat {{ site.tomcat_version }} version of the Manager application deployment descriptor contains a `` section for each of the four possible `ContactPaths` (as per [Manager Application](https://tomcat.apache.org/migration.html){:target="_blank"} section of the Tomcat Migration Guide). Add a `` with a `` of `CONFIDENTIAL` for the desired `ContactPaths` to to enable port-forwarding to port `8443`: @@ -173,7 +173,7 @@ The following example demonstrates enabling TLS/SSL for the Tomcat Manager Appli * Did you restart Tomcat after you made your changes to `web.xml`? ### Resources -* [Manager App HOW-TO](https://tomcat.apache.org/tomcat-8.5-doc/manager-howto.html){:target="_blank"} +* [Manager App HOW-TO](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html){:target="_blank"} The Apache Tomcat document referencing how to use and configure the Manager application. * [Tomcat Migration Guide](https://tomcat.apache.org/migration.html){:target="_blank"} A document detailing the various changes between Tomcat versions contains a section dedicated to the Manager application. diff --git a/docs/adminguide/src/site/pages/support_troubleshooting/ModifyingTomcatAccessLogs.md b/docs/adminguide/src/site/pages/support_troubleshooting/ModifyingTomcatAccessLogs.md index 70e5d74b77..5db4a6c1cb 100644 --- a/docs/adminguide/src/site/pages/support_troubleshooting/ModifyingTomcatAccessLogs.md +++ b/docs/adminguide/src/site/pages/support_troubleshooting/ModifyingTomcatAccessLogs.md @@ -111,7 +111,7 @@ pattern="%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-A {%include note.html content=" -For more information on access log format configuration, see the Tomcat [Valve Component](http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html){:target='_blank'} documentation. +For more information on access log format configuration, see the Tomcat [Valve Component](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html){:target='_blank'} documentation. " %} diff --git a/docs/adminguide/src/site/pages/support_troubleshooting/TDSAdminTools.md b/docs/adminguide/src/site/pages/support_troubleshooting/TDSAdminTools.md index 060c004f63..d7052597bf 100644 --- a/docs/adminguide/src/site/pages/support_troubleshooting/TDSAdminTools.md +++ b/docs/adminguide/src/site/pages/support_troubleshooting/TDSAdminTools.md @@ -59,7 +59,7 @@ Other than the compelling security reasons, you will want to enable TLS to take * [Qualys SSL Server Test](https://www.ssllabs.com/ssltest/){:target="_blank"} is a free online service that analyzes the configuration of any public TLS web server. Note: be sure to check the Do not show the results on the boards box if you do not want your results to be public. -* [TLS/SSL Configuration HOW-TO](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/ssl-howto.html){:target="_blank"} +* [TLS/SSL Configuration HOW-TO](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/ssl-howto.html){:target="_blank"} The Apache Tomcat document detailing how to enable TLS. * [Tomcat Migration Guide](https://tomcat.apache.org/migration.html){:target="_blank"} A document detailing the various changes between Tomcat versions. diff --git a/docs/adminguide/src/site/pages/thredds/NcssRef.md b/docs/adminguide/src/site/pages/thredds/NcssRef.md index 447f3b4383..47fc929a8b 100644 --- a/docs/adminguide/src/site/pages/thredds/NcssRef.md +++ b/docs/adminguide/src/site/pages/thredds/NcssRef.md @@ -8,7 +8,7 @@ permalink: netcdf_subset_service_ref.html ## Overview -The NetCDF Subset Service (NCSS) is a web service for subsetting [CDM scientific datasets](https://docs.unidata.ucar.edu/netcdf-java/5.4/userguide/reading_cdm.html){:target="_blank"}. +The NetCDF Subset Service (NCSS) is a web service for subsetting [CDM scientific datasets](https://docs.unidata.ucar.edu/netcdf-java/{{site.netcdf-java_docset_version}}/userguide/reading_cdm.html){:target="_blank"}. The subsetting is specified using earth coordinates, such as lat/lon or projection coordinates bounding boxes and date ranges, rather than index ranges that refer to the underlying data arrays. The data arrays are subsetted but not re-sampled or reprojected, and preserve the resolution and accuracy of the original dataset. diff --git a/docs/devguide/src/site/_config.yml b/docs/devguide/src/site/_config.yml index 0007cdb692..c57727eff8 100644 --- a/docs/devguide/src/site/_config.yml +++ b/docs/devguide/src/site/_config.yml @@ -77,5 +77,7 @@ docset_name: devguide # this will appear in the sidebar and various doc pages netcdf-java_docset_version: 5.7 -# this will appear in various doc pages -tomcat_version: 10.0 +# these will appear in various doc pages +tomcat_version: 10.1 +java_version: 17 +servlet_spec: 3.1 diff --git a/docs/devguide/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md b/docs/devguide/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md index 391e170213..5fdb89bd0e 100644 --- a/docs/devguide/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md +++ b/docs/devguide/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md @@ -39,7 +39,7 @@ This section assumes you have successfully installed the JDK and Tomcat Servlet ~~~ {%include note.html content=" - Consult the Tomcat documentation about [web application context](http://tomcat.apache.org/tomcat-8.5-doc/config/context.html){:target='_blank'} for more information about the `META-INF/context.xml` file. + Consult the Tomcat documentation about [web application context](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/context.html){:target='_blank'} for more information about the `META-INF/context.xml` file. " %} The down-side of renaming the WAR file to merely `thredds.war` is that a quick glance at the WAR file will not tell you (the server administrator) which version of the TDS is deployed. @@ -47,7 +47,7 @@ This section assumes you have successfully installed the JDK and Tomcat Servlet To solve this, we can make use of a feature in the Tomcat Servlet Container that ignores anything after **double** hashtag symbols in the name of the WAR file. - If we rename the WAR file to `thredds##{{site.docset_version}}.war`, Tomcat will see this matching the context information in the `META-INF/context.xml` file and make the TDS accessible via this URL structure: `http://localhost:8080/thredds` + If we rename the WAR file to `thredds##{{ site.docset_version }}.war`, Tomcat will see this matching the context information in the `META-INF/context.xml` file and make the TDS accessible via this URL structure: `http://localhost:8080/thredds` (And we have the added benefit of seeing which version of the TDS is deployed when viewing the raw WAR file). ~~~bash diff --git a/docs/devguide/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md b/docs/devguide/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md index 2154e23baf..0917657b5d 100644 --- a/docs/devguide/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md +++ b/docs/devguide/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md @@ -14,10 +14,10 @@ Users of OS-provided packages via package management systems for Java and/or Tom ## System Requirements -* OpenJDK Java 11 -* Apache Tomcat 8.x +* OpenJDK Java {{ site.java_version }} +* Apache Tomcat {{ site.tomcat_version }} (or a servlet container that supports servlet specification {{ site.servlet_spec }}) -While there are different distributors of Java and servlet containers, Unidata develops, uses and tests the THREDDS Data Server using _OpenJDK Java_ and the _Apache Tomcat_ servlet container. +While there are different distributors of Java and servlet containers, Unidata develops, uses and tests the THREDDS Data Server using _Eclipse Temurin_ and the _Apache Tomcat_ servlet container. ## Installing OpenJDK Java JDK @@ -26,10 +26,10 @@ The following example shows the JDK installation on a linux system. The installation is being performed as the `root` user. {% include note.html content=" -For installation of the JDK on Windows or Mac OS, see the [JDK Installation Guide](https://adoptopenjdk.net/installation.html){:target='_blank'}. +For installation of the JDK on Windows or Mac OS, see the [JDK Installation Guide](https://https://adoptium.net/installation/){:target='_blank'}. " %} -1. [Download](https://adoptopenjdk.net/){:target="_blank"} current OpenJDK 8 (LTS) JDK version from the AdoptOpenJDK site. +1. [Download](https://adoptium.net/){:target="_blank"} current OpenJDK {{ site.java_version }} (LTS) JDK version from the Adoptium site. 2. Install the JDK. @@ -83,12 +83,15 @@ The following example shows Tomcat installation on a linux system. The installation is performed as the `root` user. {% include note.html content=" -For installation of Tomcat on Windows, see the [Tomcat Setup Guide](http://tomcat.apache.org/tomcat-8.5-doc/setup.html#Windows){:target='_blank'}. +For installation of Tomcat on Windows, see the [Tomcat Setup Guide](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/setup.html#Windows){:target='_blank'}. " %} -1. [Download](http://tomcat.apache.org/download-80.cgi){:target="_blank"} current version of the Tomcat 8.5 servlet container. +{%- assign tomcat_version_split = site.tomcat_version | split: '.' -%} +{%- assign tomcat_version_split = tomcat_version_split[0] -%} -2. Install Tomcat as per the Apache Tomcat [installation instructions](http://tomcat.apache.org/tomcat-8.5-doc/setup.html){:target="_blank"}. +1. [Download](https://tomcat.apache.org/download-{{ tomcat_version_split }}.cgi){:target="_blank"} current version of the Tomcat servlet container. + +2. Install Tomcat as per the Apache Tomcat [installation instructions](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/setup.html){:target="_blank"}. Copy the binary tar.gz file into the installation directory (`/usr/local` in this example): @@ -96,18 +99,18 @@ For installation of Tomcat on Windows, see the [Tomcat Setup Guide](http://tomca # pwd /usr/local - # cp /tmp/apache-tomcat-8.5.34.tar.gz . + # cp /tmp/apache-tomcat-{{ site.tomcat_version }}.x.tar.gz . # ls -l total 196676 - -rw-r--r-- 1 root root 9625824 Oct 24 13:27 apache-tomcat-8.5.34.tar.gz + -rw-r--r-- 1 root root 9625824 Oct 24 13:27 apache-tomcat-{{ site.tomcat_version }}.x.tar.gz drwxr-xr-x 7 root root 4096 Oct 6 07:58 jdk1.8.0_192 ~~~ Unpack the archive file: ~~~bash - # tar xvfz apache-tomcat-8.5.34.tar.gz + # tar xvfz apache-tomcat-{{ site.tomcat_version }}.x.tar.gz ~~~ This will create a Tomcat directory: @@ -115,18 +118,18 @@ For installation of Tomcat on Windows, see the [Tomcat Setup Guide](http://tomca ~~~bash # ls -l total 196680 - drwxr-xr-x 9 root root 4096 Oct 24 13:29 apache-tomcat-8.5.34 - -rw-r--r-- 1 root root 9625824 Oct 24 13:27 apache-tomcat-8.5.34.tar.gz + drwxr-xr-x 9 root root 4096 Oct 24 13:29 apache-tomcat-{{ site.tomcat_version }}.x + -rw-r--r-- 1 root root 9625824 Oct 24 13:27 apache-tomcat-{{ site.tomcat_version }}.x.tar.gz drwxr-xr-x 7 root root 4096 Oct 6 07:58 jdk1.8.0_192 ~~~ Remove the remaining binary `tar.gz` file when the installation is complete. ~~~bash - # rm apache-tomcat-8.5.34.tar.gz + # rm apache-tomcat-{{ site.tomcat_version }}.x.tar.gz # ls -l total 187282 - drwxr-xr-x 9 root root 4096 Oct 24 13:29 apache-tomcat-8.5.34 + drwxr-xr-x 9 root root 4096 Oct 24 13:29 apache-tomcat-{{ site.tomcat_version }}.x drwxr-xr-x 7 root root 4096 Oct 6 07:58 jdk1.8.0_192 ~~~ @@ -148,12 +151,12 @@ Windows users can consult the [Microsoft Documentation](https://docs.microsoft.c # pwd /usr/local - # ln -s apache-tomcat-8.5.34 tomcat + # ln -s apache-tomcat-{{ site.tomcat_version }}.x tomcat # ln -s jdk1.8.0_192 jdk # ls -l total 196684 - drwxr-xr-x 9 root root 4096 Oct 24 13:29 tomcat -> apache-tomcat-8.5.34 - drwxr-xr-x 9 root root 4096 Oct 24 13:29 apache-tomcat-8.5.34 + drwxr-xr-x 9 root root 4096 Oct 24 13:29 tomcat -> apache-tomcat-{{ site.tomcat_version }}.x + drwxr-xr-x 9 root root 4096 Oct 24 13:29 apache-tomcat-{{ site.tomcat_version }}.x lrwxrwxrwx 1 root root 12 Oct 24 13:59 jdk -> jdk1.8.0_192 drwxr-xr-x 7 root root 4096 Oct 6 07:58 jdk1.8.0_192 ~~~ diff --git a/docs/devguide/src/site/pages/tds_tutorial/getting_started/TomcatConfigurationFiles.md b/docs/devguide/src/site/pages/tds_tutorial/getting_started/TomcatConfigurationFiles.md index b61fd39aa4..7a5bd270cd 100644 --- a/docs/devguide/src/site/pages/tds_tutorial/getting_started/TomcatConfigurationFiles.md +++ b/docs/devguide/src/site/pages/tds_tutorial/getting_started/TomcatConfigurationFiles.md @@ -33,16 +33,16 @@ Move into the `${tomcat_home}/conf` directory and examine the `server.xml` file |-----------------|-----------|-------------------------------| | Tag Name | Instances | How it relates to the TDS | |:----------------|:---------:|:------------------------------| -| [``](http://tomcat.apache.org/tomcat-8.5-doc/config/server.html "The Server element represents the entire Catalina servlet container as a whole. It is the single outermost element in server.xml"){:target="_blank"} | 1...1 | Not modified unless you want to change the port number Tomcat listens for a `SHUTDOWN` command. (Enabled by default.) | -|    [``](http://tomcat.apache.org/tomcat-8.5-doc/config/globalresources.html "The GlobalNamingResources element defines the global Java Naming and Directory Interface (JNDI) resources for the Server."){:target="_blank"} | 0...\* | Needed to contain the `UserDatabase` that corresponds to the `UserDatabaseRealm` used to authenticate users. (Enabled by default.) | -|         [``](http://tomcat.apache.org/tomcat-8.5-doc/config/resources.html "The Resource element represents a static resource from which classes will be loaded and static files will be served."){:target="_blank"} | 0...\* | Editable user database (`tomcat-users.xml`) used by `UserDatabaseRealm` to authenticate users. (`UserDatabaseRealm` Resource enabled by default.) | -|     [``](http://tomcat.apache.org/tomcat-8.5-doc/config/service.html "The Service element represents the combination of one or more Connector components that share a single Engine component for processing incoming requests. The top Tomcat service is named Catalina (hence the log file name of catalina.out)."){:target="_blank"} | 1...\* | Not modified unless `you` wish to establish more than one service. (Catalina Service enabled by default.) | -|         [``](http://tomcat.apache.org/tomcat-8.5-doc/connectors.html "The Connector element forward requests to the Engine using a specific protocol and returns the results to the requesting client."){:target="_blank"} | 1...\* | Used to establish HTTP and SSL connections. Also will communicate with an web server for proxying requests. (HTTP connector enabled by default on port 8080.) | -|         [``](http://tomcat.apache.org/tomcat-8.5-doc/config/engine.html "The Engine element represents the entire request processing machinery associated with a particular Catlina Service."){:target="_blank"} | 1...1 | Not modified unless you specify a Host other than `localhost`. (Enabled by default.) | -|         [``](http://tomcat.apache.org/tomcat-8.5-doc/config/realm.html "The Realm element represents a database of usernames, passwords, and roles (groups) assigned to those users."){:target="_blank"} | 0...\* | The `UserDatabaseRealm` uses the `UserDatabase` configured in the global JNDI Resource. (`UserDatabaseRealm` enabled by default.) | -|         [``](http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html "The Valve element represents a component that will be inserted into the request processing pipeline for the associated containing element."){:target="_blank"} | 0...\* | The `RemoteAddrValve` is used to filter access to the TDS based on IP address. (NOT enabled by default. You will need to add this if you want to use IP Filtering.) | -|         [``](http://tomcat.apache.org/tomcat-8.5-doc/config/host.html "The Host element represents a virtual host."){:target="_blank"} | 1...\* | Not modified unless you specify a `Host` other than `localhost`. (`localhost` enabled by default.) | -|            [``](http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html "The Valve element represents a component that will be inserted into the request processing pipeline for the associated containing element."){:target="_blank"} | 0...\* | We modify the `AccessLogValve` to customize the access logs generated by Tomcat. (NOT enabled by default. You will need to add this if you want to enable access logging. ) | +| [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/server.html "The Server element represents the entire Catalina servlet container as a whole. It is the single outermost element in server.xml"){:target="_blank"} | 1...1 | Not modified unless you want to change the port number Tomcat listens for a `SHUTDOWN` command. (Enabled by default.) | +|    [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/globalresources.html "The GlobalNamingResources element defines the global Java Naming and Directory Interface (JNDI) resources for the Server."){:target="_blank"} | 0...\* | Needed to contain the `UserDatabase` that corresponds to the `UserDatabaseRealm` used to authenticate users. (Enabled by default.) | +|         [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/resources.html "The Resource element represents a static resource from which classes will be loaded and static files will be served."){:target="_blank"} | 0...\* | Editable user database (`tomcat-users.xml`) used by `UserDatabaseRealm` to authenticate users. (`UserDatabaseRealm` Resource enabled by default.) | +|     [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/service.html "The Service element represents the combination of one or more Connector components that share a single Engine component for processing incoming requests. The top Tomcat service is named Catalina (hence the log file name of catalina.out)."){:target="_blank"} | 1...\* | Not modified unless `you` wish to establish more than one service. (Catalina Service enabled by default.) | +|         [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/connectors.html "The Connector element forward requests to the Engine using a specific protocol and returns the results to the requesting client."){:target="_blank"} | 1...\* | Used to establish HTTP and SSL connections. Also will communicate with an web server for proxying requests. (HTTP connector enabled by default on port 8080.) | +|         [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/engine.html "The Engine element represents the entire request processing machinery associated with a particular Catlina Service."){:target="_blank"} | 1...1 | Not modified unless you specify a Host other than `localhost`. (Enabled by default.) | +|         [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/realm.html "The Realm element represents a database of usernames, passwords, and roles (groups) assigned to those users."){:target="_blank"} | 0...\* | The `UserDatabaseRealm` uses the `UserDatabase` configured in the global JNDI Resource. (`UserDatabaseRealm` enabled by default.) | +|         [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html "The Valve element represents a component that will be inserted into the request processing pipeline for the associated containing element."){:target="_blank"} | 0...\* | The `RemoteAddrValve` is used to filter access to the TDS based on IP address. (NOT enabled by default. You will need to add this if you want to use IP Filtering.) | +|         [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/host.html "The Host element represents a virtual host."){:target="_blank"} | 1...\* | Not modified unless you specify a `Host` other than `localhost`. (`localhost` enabled by default.) | +|            [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html "The Valve element represents a component that will be inserted into the request processing pipeline for the associated containing element."){:target="_blank"} | 0...\* | We modify the `AccessLogValve` to customize the access logs generated by Tomcat. (NOT enabled by default. You will need to add this if you want to enable access logging. ) | ## `${tomcat_home}/conf/tomcat-users.xml` @@ -68,9 +68,9 @@ Reference the table below to see how the tomcat-users.xml elements relate to con |----------|-----------|---------------------------| | Tag Name | Instances | How it relates to the TDS | |:---------|:---------:|:--------------------------| -| [``](http://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html#UserDatabaseRealm "The tomcat-users element represents the single outermost element in tomcat-users.xml"){:target="_blank"} | 1...1 | Not modified. (The only tag you get by default.) | -|     [``](http://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html#UserDatabaseRealm "The role element defines one role or group a user can belong to."){:target="_blank"} | 1...\* | You will have at least two of these: one for the Tomcat manager application and one for the TDS. (You will need to add if you want to enable role-based authentication.) | -|     [``](http://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html#UserDatabaseRealm "The user element represents one valid user."){:target="_blank"} | 1...\* | You will need to create an entry for each user who needs access to the Tomcat manager application and/or the restricted areas of the TDS. (You will need to add if you want to enable user authentication.) | +| [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#UserDatabaseRealm "The tomcat-users element represents the single outermost element in tomcat-users.xml"){:target="_blank"} | 1...1 | Not modified. (The only tag you get by default.) | +|     [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#UserDatabaseRealm "The role element defines one role or group a user can belong to."){:target="_blank"} | 1...\* | You will have at least two of these: one for the Tomcat manager application and one for the TDS. (You will need to add if you want to enable role-based authentication.) | +|     [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#UserDatabaseRealm "The user element represents one valid user."){:target="_blank"} | 1...\* | You will need to create an entry for each user who needs access to the Tomcat manager application and/or the restricted areas of the TDS. (You will need to add if you want to enable user authentication.) | ## Next Step diff --git a/docs/devguide/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md b/docs/devguide/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md index b154d8fa8c..fd13dd5988 100644 --- a/docs/devguide/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md +++ b/docs/devguide/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md @@ -20,7 +20,7 @@ This section assumes you have successfully installed the JDK and Tomcat Servlet * Provides server status statistics for the JVM and each connector you have configured in `${tomcat_home}/conf/server.xml`. {%include note.html content= -"For more information about the Tomcat manager application, see the [Tomcat Manager App HOW-TO](https://tomcat.apache.org/tomcat-8.5-doc/manager-howto.html){:target='_blank'} documentation. +"For more information about the Tomcat manager application, see the [Tomcat Manager App HOW-TO](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html){:target='_blank'} documentation. " %} ## Accessing The Manager Application @@ -58,7 +58,7 @@ This will be done in the following 2 steps: ~~~ {%include note.html content=" - For more information about web application context configuration files and their security options, please review the [Tomcat Manager App How-To](http://tomcat.apache.org/tomcat-8.5-doc/manager-howto.html#Introduction){:target='_blank'} documentation. + For more information about web application context configuration files and their security options, please review the [Tomcat Manager App How-To](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html#Introduction){:target='_blank'} documentation. " %} diff --git a/docs/devguide/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md b/docs/devguide/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md index 4ce69b438a..d156674c61 100644 --- a/docs/devguide/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md +++ b/docs/devguide/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md @@ -106,7 +106,7 @@ pattern="%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-A {%include note.html content=" -For more information on access log format configuration, see the Tomcat [Valve Component](http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html){:target='_blank'} documentation. +For more information on access log format configuration, see the Tomcat [Valve Component](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html){:target='_blank'} documentation. " %} diff --git a/docs/devguide/src/site/pages/thredds/NcssRef.md b/docs/devguide/src/site/pages/thredds/NcssRef.md index 0345f076a7..f58cfd572b 100644 --- a/docs/devguide/src/site/pages/thredds/NcssRef.md +++ b/docs/devguide/src/site/pages/thredds/NcssRef.md @@ -8,7 +8,7 @@ permalink: netcdf_subset_service_ref.html ## Overview -The NetCDF Subset Service (NCSS) is a web service for subsetting [CDM scientific datasets](https://docs.unidata.ucar.edu/netcdf-java/5.4/userguide/reading_cdm.html){:target="_blank"}. +The NetCDF Subset Service (NCSS) is a web service for subsetting [CDM scientific datasets](https://docs.unidata.ucar.edu/netcdf-java/{{site.netcdf-java_docset_version}}/userguide/reading_cdm.html){:target="_blank"}. The subsetting is specified using earth coordinates, such as lat/lon or projection coordinates bounding boxes and date ranges, rather than index ranges that refer to the underlying data arrays. The data arrays are subsetted but not re-sampled or reprojected, and preserve the resolution and accuracy of the original dataset. diff --git a/docs/quickstart/src/site/_config.yml b/docs/quickstart/src/site/_config.yml index 42dc7cc9bf..d129162893 100644 --- a/docs/quickstart/src/site/_config.yml +++ b/docs/quickstart/src/site/_config.yml @@ -77,5 +77,7 @@ docset_name: quickstart # this will appear in the sidebar and various doc pages netcdf-java_docset_version: 5.7 -# this will appear in various doc pages -tomcat_version: 10.0 +# these will appear in various doc pages +tomcat_version: 10.1 +java_version: 17 +servlet_spec: 3.1 diff --git a/docs/quickstart/src/site/pages/TLSEncryption.md b/docs/quickstart/src/site/pages/TLSEncryption.md index f39fa6aa10..3b3d2790ff 100644 --- a/docs/quickstart/src/site/pages/TLSEncryption.md +++ b/docs/quickstart/src/site/pages/TLSEncryption.md @@ -49,7 +49,7 @@ Unidata _highly_ recommends the use of a certificate signed by a Certificate Aut ### Certificate `keystore` File A keystore file stores the details of the Transport Layer Security certificate necessary to make the protocol secured. -The Tomcat documentation includes a section on [importing your certificate](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target="_blank"} into a keystore file. +The Tomcat documentation includes a section on [importing your certificate](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target="_blank"} into a keystore file. Tomcat uses the keystore file for TLS transactions. ## Enabling Transport Layer Security @@ -64,7 +64,7 @@ The following steps are needed to create a secure connection for a web applicati The following example demonstrates enabling Transport Layer Security in the Tomcat Servlet Container on a linux system as the `root` user. -1. [Imported](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target="_blank"} your CA-signed certificate into the keystore file as per the [Tomcat documentation](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target="_blank"}. +1. [Imported](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target="_blank"} your CA-signed certificate into the keystore file as per the [Tomcat documentation](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target="_blank"}. 1. Modify the Tomcat configuration to enable TLS: @@ -96,14 +96,11 @@ The following example demonstrates enabling Transport Layer Security in the Tomc ~~~ + + Note: Tomcat also offers a `SSL/TLS HTTP/1.1 Connector` which utilizes `APR/native implementation`. + Consult the [Documentation](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/http.html){:target='_blank'} to see if you should use this connector in lieu of the `NIO implementation SSL HTTP/1.1` connector. - {% capture connector %} - Tomcat also offers a `SSL/TLS HTTP/1.1 Connector` which utilizes `APR/native implementation`. - Consult the [Documentation](http://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/config/http.html){:target='_blank'} to see if you should use this connector in lieu of the `NIO implementation SSL HTTP/1.1` connector. - {% endcapture %} - {% include info.html content=connector %} - - Specify the keystore file in the `certificateKeystoreFile` attribute of the `Certificate` element to tell Tomcat where to find your keystore (the path will be relative to `${tomcat_home}` directory). + Specify the keystore file in the `certificateKeystoreFile` attribute of the `Certificate` element to tell Tomcat where to find your keystore (the path will be relative to `${tomcat_home}` directory). In this example, the keystore file is `${tomcat_home}/conf/tds-keystore`: @@ -305,7 +302,7 @@ Other than the compelling security reasons, you will want to enable TLS to take * [Qualys SSL Server Test](https://www.ssllabs.com/ssltest/){:target="_blank"} is a free online service that analyzes the configuration of any public TLS web server. Note: be sure to check the Do not show the results on the boards box if you do not want your results to be public. -* [TLS/SSL Configuration HOW-TO](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/ssl-howto.html){:target="_blank"} +* [TLS/SSL Configuration HOW-TO](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/ssl-howto.html){:target="_blank"} The Apache Tomcat document detailing how to enable TLS. * [Tomcat Migration Guide](https://tomcat.apache.org/migration.html){:target="_blank"} A document detailing the various changes between Tomcat versions. diff --git a/docs/quickstart/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md b/docs/quickstart/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md index 90c662b2b4..b9e8c2f6c1 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md @@ -39,7 +39,7 @@ This section assumes you have successfully installed the JDK and Tomcat Servlet ~~~ {%include note.html content=" - Consult the Tomcat documentation about [web application context](http://tomcat.apache.org/tomcat-8.5-doc/config/context.html){:target='_blank'} for more information about the `META-INF/context.xml` file. + Consult the Tomcat documentation about [web application context](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/context.html){:target='_blank'} for more information about the `META-INF/context.xml` file. " %} The down-side of renaming the WAR file to merely `thredds.war` is that a quick glance at the WAR file will not tell you (the server administrator) which version of the TDS is deployed. diff --git a/docs/quickstart/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md b/docs/quickstart/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md index 1828fc56e8..3356d6efbe 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md @@ -14,10 +14,10 @@ Users of OS-provided packages via package management systems for Java and/or Tom ## System Requirements -* OpenJDK Java 11 -* Apache Tomcat 8.x +* OpenJDK Java {{ site.java_version }} +* Apache Tomcat {{ site.tomcat_version }} (or a servlet container that supports servlet specification {{ site.servlet_spec }}) -While there are different distributors of Java and servlet containers, Unidata develops, uses and tests the THREDDS Data Server using _OpenJDK Java_ and the _Apache Tomcat_ servlet container. +While there are different distributors of Java and servlet containers, Unidata develops, uses and tests the THREDDS Data Server using _Eclipse Temurin_ and the _Apache Tomcat_ servlet container. ## Installing OpenJDK Java JDK @@ -26,10 +26,10 @@ The following example shows the JDK installation on a linux system. The installation is being performed as the `root` user. {% include note.html content=" -For installation of the JDK on Windows or Mac OS, see the [JDK Installation Guide](https://adoptopenjdk.net/installation.html){:target='_blank'}. +For installation of the JDK on Windows or Mac OS, see the [JDK Installation Guide](https://https://adoptium.net/installation/){:target='_blank'}. " %} -1. [Download](https://adoptopenjdk.net/){:target="_blank"} current OpenJDK 8 (LTS) JDK version from the AdoptOpenJDK site. +1. [Download](https://adoptium.net/){:target="_blank"} current OpenJDK {{ site.java_version }} (LTS) JDK version from the Adoptium site. 2. Install the JDK. @@ -83,12 +83,15 @@ The following example shows Tomcat installation on a linux system. The installation is performed as the `root` user. {% include note.html content=" -For installation of Tomcat on Windows, see the [Tomcat Setup Guide](http://tomcat.apache.org/tomcat-8.5-doc/setup.html#Windows){:target='_blank'}. +For installation of Tomcat on Windows, see the [Tomcat Setup Guide](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/setup.html#Windows){:target='_blank'}. " %} -1. [Download](http://tomcat.apache.org/download-80.cgi){:target="_blank"} current version of the Tomcat 8.5 servlet container. +{%- assign tomcat_version_split = site.tomcat_version | split: '.' -%} +{%- assign tomcat_version_split = tomcat_version_split[0] -%} -2. Install Tomcat as per the Apache Tomcat [installation instructions](http://tomcat.apache.org/tomcat-8.5-doc/setup.html){:target="_blank"}. +1. [Download](https://tomcat.apache.org/download-{{ tomcat_version_split }}.cgi){:target="_blank"} current version of the Tomcat servlet container. + +2. Install Tomcat as per the Apache Tomcat [installation instructions](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/setup.html){:target="_blank"}. Copy the binary tar.gz file into the installation directory (`/usr/local` in this example): @@ -96,18 +99,18 @@ For installation of Tomcat on Windows, see the [Tomcat Setup Guide](http://tomca # pwd /usr/local - # cp /tmp/apache-tomcat-8.5.34.tar.gz . + # cp /tmp/apache-tomcat-{{ site.tomcat_version }}.x.tar.gz . # ls -l total 196676 - -rw-r--r-- 1 root root 9625824 Oct 24 13:27 apache-tomcat-8.5.34.tar.gz + -rw-r--r-- 1 root root 9625824 Oct 24 13:27 apache-tomcat-{{ site.tomcat_version }}.x.tar.gz drwxr-xr-x 7 root root 4096 Oct 6 07:58 jdk1.8.0_192 ~~~ Unpack the archive file: ~~~bash - # tar xvfz apache-tomcat-8.5.34.tar.gz + # tar xvfz apache-tomcat-{{ site.tomcat_version }}.x.tar.gz ~~~ This will create a Tomcat directory: @@ -115,18 +118,18 @@ For installation of Tomcat on Windows, see the [Tomcat Setup Guide](http://tomca ~~~bash # ls -l total 196680 - drwxr-xr-x 9 root root 4096 Oct 24 13:29 apache-tomcat-8.5.34 - -rw-r--r-- 1 root root 9625824 Oct 24 13:27 apache-tomcat-8.5.34.tar.gz + drwxr-xr-x 9 root root 4096 Oct 24 13:29 apache-tomcat-{{ site.tomcat_version }}.x + -rw-r--r-- 1 root root 9625824 Oct 24 13:27 apache-tomcat-{{ site.tomcat_version }}.x.tar.gz drwxr-xr-x 7 root root 4096 Oct 6 07:58 jdk1.8.0_192 ~~~ Remove the remaining binary `tar.gz` file when the installation is complete. ~~~bash - # rm apache-tomcat-8.5.34.tar.gz + # rm apache-tomcat-{{ site.tomcat_version }}.x.tar.gz # ls -l total 187282 - drwxr-xr-x 9 root root 4096 Oct 24 13:29 apache-tomcat-8.5.34 + drwxr-xr-x 9 root root 4096 Oct 24 13:29 apache-tomcat-{{ site.tomcat_version }}.x drwxr-xr-x 7 root root 4096 Oct 6 07:58 jdk1.8.0_192 ~~~ @@ -148,12 +151,12 @@ Windows users can consult the [Microsoft Documentation](https://docs.microsoft.c # pwd /usr/local - # ln -s apache-tomcat-8.5.34 tomcat + # ln -s apache-tomcat-{{ site.tomcat_version }}.x tomcat # ln -s jdk1.8.0_192 jdk # ls -l total 196684 - drwxr-xr-x 9 root root 4096 Oct 24 13:29 tomcat -> apache-tomcat-8.5.34 - drwxr-xr-x 9 root root 4096 Oct 24 13:29 apache-tomcat-8.5.34 + drwxr-xr-x 9 root root 4096 Oct 24 13:29 tomcat -> apache-tomcat-{{ site.tomcat_version }}.x + drwxr-xr-x 9 root root 4096 Oct 24 13:29 apache-tomcat-{{ site.tomcat_version }}.x lrwxrwxrwx 1 root root 12 Oct 24 13:59 jdk -> jdk1.8.0_192 drwxr-xr-x 7 root root 4096 Oct 6 07:58 jdk1.8.0_192 ~~~ diff --git a/docs/quickstart/src/site/pages/tds_tutorial/getting_started/TomcatConfigurationFiles.md b/docs/quickstart/src/site/pages/tds_tutorial/getting_started/TomcatConfigurationFiles.md index 91d1e29482..c3f65129ca 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/getting_started/TomcatConfigurationFiles.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/getting_started/TomcatConfigurationFiles.md @@ -33,16 +33,16 @@ Move into the `${tomcat_home}/conf` directory and examine the `server.xml` file |-----------------|-----------|-------------------------------| | Tag Name | Instances | How it relates to the TDS | |:----------------|:---------:|:------------------------------| -| [``](http://tomcat.apache.org/tomcat-8.5-doc/config/server.html "The Server element represents the entire Catalina servlet container as a whole. It is the single outermost element in server.xml"){:target="_blank"} | 1...1 | Not modified unless you want to change the port number Tomcat listens for a `SHUTDOWN` command. (Enabled by default.) | -|    [``](http://tomcat.apache.org/tomcat-8.5-doc/config/globalresources.html "The GlobalNamingResources element defines the global Java Naming and Directory Interface (JNDI) resources for the Server."){:target="_blank"} | 0...\* | Needed to contain the `UserDatabase` that corresponds to the `UserDatabaseRealm` used to authenticate users. (Enabled by default.) | -|         [``](http://tomcat.apache.org/tomcat-8.5-doc/config/resources.html "The Resource element represents a static resource from which classes will be loaded and static files will be served."){:target="_blank"} | 0...\* | Editable user database (`tomcat-users.xml`) used by `UserDatabaseRealm` to authenticate users. (`UserDatabaseRealm` Resource enabled by default.) | -|     [``](http://tomcat.apache.org/tomcat-8.5-doc/config/service.html "The Service element represents the combination of one or more Connector components that share a single Engine component for processing incoming requests. The top Tomcat service is named Catalina (hence the log file name of catalina.out)."){:target="_blank"} | 1...\* | Not modified unless `you` wish to establish more than one service. (Catalina Service enabled by default.) | -|         [``](http://tomcat.apache.org/tomcat-8.5-doc/connectors.html "The Connector element forward requests to the Engine using a specific protocol and returns the results to the requesting client."){:target="_blank"} | 1...\* | Used to establish HTTP and SSL connections. Also will communicate with an web server for proxying requests. (HTTP connector enabled by default on port 8080.) | -|         [``](http://tomcat.apache.org/tomcat-8.5-doc/config/engine.html "The Engine element represents the entire request processing machinery associated with a particular Catlina Service."){:target="_blank"} | 1...1 | Not modified unless you specify a Host other than `localhost`. (Enabled by default.) | -|         [``](http://tomcat.apache.org/tomcat-8.5-doc/config/realm.html "The Realm element represents a database of usernames, passwords, and roles (groups) assigned to those users."){:target="_blank"} | 0...\* | The `UserDatabaseRealm` uses the `UserDatabase` configured in the global JNDI Resource. (`UserDatabaseRealm` enabled by default.) | -|         [``](http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html "The Valve element represents a component that will be inserted into the request processing pipeline for the associated containing element."){:target="_blank"} | 0...\* | The `RemoteAddrValve` is used to filter access to the TDS based on IP address. (NOT enabled by default. You will need to add this if you want to use IP Filtering.) | -|         [``](http://tomcat.apache.org/tomcat-8.5-doc/config/host.html "The Host element represents a virtual host."){:target="_blank"} | 1...\* | Not modified unless you specify a `Host` other than `localhost`. (`localhost` enabled by default.) | -|            [``](http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html "The Valve element represents a component that will be inserted into the request processing pipeline for the associated containing element."){:target="_blank"} | 0...\* | We modify the `AccessLogValve` to customize the access logs generated by Tomcat. (NOT enabled by default. You will need to add this if you want to enable access logging. ) | +| [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/server.html "The Server element represents the entire Catalina servlet container as a whole. It is the single outermost element in server.xml"){:target="_blank"} | 1...1 | Not modified unless you want to change the port number Tomcat listens for a `SHUTDOWN` command. (Enabled by default.) | +|    [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/globalresources.html "The GlobalNamingResources element defines the global Java Naming and Directory Interface (JNDI) resources for the Server."){:target="_blank"} | 0...\* | Needed to contain the `UserDatabase` that corresponds to the `UserDatabaseRealm` used to authenticate users. (Enabled by default.) | +|         [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/resources.html "The Resource element represents a static resource from which classes will be loaded and static files will be served."){:target="_blank"} | 0...\* | Editable user database (`tomcat-users.xml`) used by `UserDatabaseRealm` to authenticate users. (`UserDatabaseRealm` Resource enabled by default.) | +|     [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/service.html "The Service element represents the combination of one or more Connector components that share a single Engine component for processing incoming requests. The top Tomcat service is named Catalina (hence the log file name of catalina.out)."){:target="_blank"} | 1...\* | Not modified unless `you` wish to establish more than one service. (Catalina Service enabled by default.) | +|         [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/connectors.html "The Connector element forward requests to the Engine using a specific protocol and returns the results to the requesting client."){:target="_blank"} | 1...\* | Used to establish HTTP and SSL connections. Also will communicate with an web server for proxying requests. (HTTP connector enabled by default on port 8080.) | +|         [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/engine.html "The Engine element represents the entire request processing machinery associated with a particular Catlina Service."){:target="_blank"} | 1...1 | Not modified unless you specify a Host other than `localhost`. (Enabled by default.) | +|         [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/realm.html "The Realm element represents a database of usernames, passwords, and roles (groups) assigned to those users."){:target="_blank"} | 0...\* | The `UserDatabaseRealm` uses the `UserDatabase` configured in the global JNDI Resource. (`UserDatabaseRealm` enabled by default.) | +|         [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html "The Valve element represents a component that will be inserted into the request processing pipeline for the associated containing element."){:target="_blank"} | 0...\* | The `RemoteAddrValve` is used to filter access to the TDS based on IP address. (NOT enabled by default. You will need to add this if you want to use IP Filtering.) | +|         [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/host.html "The Host element represents a virtual host."){:target="_blank"} | 1...\* | Not modified unless you specify a `Host` other than `localhost`. (`localhost` enabled by default.) | +|            [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html "The Valve element represents a component that will be inserted into the request processing pipeline for the associated containing element."){:target="_blank"} | 0...\* | We modify the `AccessLogValve` to customize the access logs generated by Tomcat. (NOT enabled by default. You will need to add this if you want to enable access logging. ) | ## `${tomcat_home}/conf/tomcat-users.xml` @@ -68,9 +68,9 @@ Reference the table below to see how the tomcat-users.xml elements relate to con |----------|-----------|---------------------------| | Tag Name | Instances | How it relates to the TDS | |:---------|:---------:|:--------------------------| -| [``](http://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html#UserDatabaseRealm "The tomcat-users element represents the single outermost element in tomcat-users.xml"){:target="_blank"} | 1...1 | Not modified. (The only tag you get by default.) | -|     [``](http://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html#UserDatabaseRealm "The role element defines one role or group a user can belong to."){:target="_blank"} | 1...\* | You will have at least two of these: one for the Tomcat manager application and one for the TDS. (You will need to add if you want to enable role-based authentication.) | -|     [``](http://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html#UserDatabaseRealm "The user element represents one valid user."){:target="_blank"} | 1...\* | You will need to create an entry for each user who needs access to the Tomcat manager application and/or the restricted areas of the TDS. (You will need to add if you want to enable user authentication.) | +| [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#UserDatabaseRealm "The tomcat-users element represents the single outermost element in tomcat-users.xml"){:target="_blank"} | 1...1 | Not modified. (The only tag you get by default.) | +|     [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#UserDatabaseRealm "The role element defines one role or group a user can belong to."){:target="_blank"} | 1...\* | You will have at least two of these: one for the Tomcat manager application and one for the TDS. (You will need to add if you want to enable role-based authentication.) | +|     [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#UserDatabaseRealm "The user element represents one valid user."){:target="_blank"} | 1...\* | You will need to create an entry for each user who needs access to the Tomcat manager application and/or the restricted areas of the TDS. (You will need to add if you want to enable user authentication.) | ## Next Step diff --git a/docs/quickstart/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md b/docs/quickstart/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md index 7b4492cf20..9497bdb619 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md @@ -20,7 +20,7 @@ This section assumes you have successfully installed the JDK and Tomcat Servlet * Provides server status statistics for the JVM and each connector you have configured in `${tomcat_home}/conf/server.xml`. {%include note.html content= -"For more information about the Tomcat manager application, see the [Tomcat Manager App HOW-TO](https://tomcat.apache.org/tomcat-8.5-doc/manager-howto.html){:target='_blank'} documentation. +"For more information about the Tomcat manager application, see the [Tomcat Manager App HOW-TO](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html){:target='_blank'} documentation. " %} ## Accessing The Manager Application @@ -58,7 +58,7 @@ This will be done in the following 2 steps: ~~~ {%include note.html content=" - For more information about web application context configuration files and their security options, please review the [Tomcat Manager App How-To](http://tomcat.apache.org/tomcat-8.5-doc/manager-howto.html#Introduction){:target='_blank'} documentation. + For more information about web application context configuration files and their security options, please review the [Tomcat Manager App How-To](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html#Introduction){:target='_blank'} documentation. " %} diff --git a/docs/quickstart/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md b/docs/quickstart/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md index 547b1a11b5..85f8a09097 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md @@ -106,7 +106,7 @@ pattern="%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-A {%include note.html content=" -For more information on access log format configuration, see the Tomcat [Valve Component](http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html){:target='_blank'} documentation. +For more information on access log format configuration, see the Tomcat [Valve Component](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html){:target='_blank'} documentation. " %} diff --git a/docs/quickstart/src/site/pages/tds_tutorial/production/DigestedPasswords.md b/docs/quickstart/src/site/pages/tds_tutorial/production/DigestedPasswords.md index 97e092aee8..4be08789b5 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/production/DigestedPasswords.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/production/DigestedPasswords.md @@ -93,7 +93,7 @@ A Tomcat Realm represents a "database" of usernames, passwords, and roles assign ~~~ {% include note.html content=" - To use a different algorithm, a salt, or to limit the length of the resulting password hash, consult the [syntax options](https://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html#Digested_Passwords){:target='_blank'} for the `tomcat_home/bin/digest.[bat|sh]` script. + To use a different algorithm, a salt, or to limit the length of the resulting password hash, consult the [syntax options](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#Digested_Passwords){:target='_blank'} for the `tomcat_home/bin/digest.[bat|sh]` script. " %} 3. Update `${tomcat_home}/conf/tomcat-users.xml` to replace your clear-text password with the encrypted version: diff --git a/docs/quickstart/src/site/pages/tds_tutorial/production/EnableTLSEncryption.md b/docs/quickstart/src/site/pages/tds_tutorial/production/EnableTLSEncryption.md index bd5f981df9..4bb5010b77 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/production/EnableTLSEncryption.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/production/EnableTLSEncryption.md @@ -44,7 +44,7 @@ Unidata _highly_ recommends the use of a certificate signed by a Certificate Aut ### Certificate `keystore` File A keystore file stores the details of the TLS/SSL certificate necessary to make the protocol secured. -The Tomcat documentation includes a section on [importing your certificate](https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target="_blank"} into a keystore file. +The Tomcat documentation includes a section on [importing your certificate](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target="_blank"} into a keystore file. Tomcat uses the keystore file for TLS/SSL transactions. ## Enabling TLS/SSL In Tomcat @@ -52,7 +52,7 @@ Tomcat uses the keystore file for TLS/SSL transactions. The following example demonstrates enabling TLS/SSL in the Tomcat Servlet Container on a linux system as the `root` user. {%include note.html content=" -This section assumes you have already imported your CA-signed certificate into the [keystore](https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target='_blank'} file. +This section assumes you have already imported your CA-signed certificate into the [keystore](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target='_blank'} file. " %} 1. Modify the Tomcat configuration to enable TLS/SSL: @@ -86,7 +86,7 @@ This section assumes you have already imported your CA-signed certificate into t ~~~ {%include note.html content=" - Tomcat also offers a `SSL/TLS HTTP/1.1 Connector` which utilizes `APR/native implementation`. Consult the [Documentation](http://tomcat.apache.org/tomcat-8.5-doc/config/http.html){:target='_blank'} to see if you should use this connector in lieu of the `NIO implementation SSL HTTP/1.1` connector. + Tomcat also offers a `SSL/TLS HTTP/1.1 Connector` which utilizes `APR/native implementation`. Consult the [Documentation](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/http.html){:target='_blank'} to see if you should use this connector in lieu of the `NIO implementation SSL HTTP/1.1` connector. " %} Specify the keystore file in the `certificateKeystoreFile` attribute of the `Certificate` element to tell Tomcat where to find your keystore (the path will be relative to `${tomcat_home}` directory). @@ -251,7 +251,7 @@ Other than the compelling security reasons, you will want to enable TLS/SSL to t * [Qualys SSL Server Test](https://www.ssllabs.com/ssltest/){:target="_blank"} is a free online service that analyzes the configuration of any public TLS/SSL web server. Note: be sure to check the Do not show the results on the boards box if you do not want your results to be public. -* [TLS/SSL Configuration HOW-TO](https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html){:target="_blank"} +* [TLS/SSL Configuration HOW-TO](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/ssl-howto.html){:target="_blank"} The Apache Tomcat document detailing how to enable TLS/SSL. * [Tomcat Migration Guide](https://tomcat.apache.org/migration.html){:target="_blank"} A document detailing the various changes between Tomcat versions. diff --git a/docs/quickstart/src/site/pages/tds_tutorial/production/PerformanceTips.md b/docs/quickstart/src/site/pages/tds_tutorial/production/PerformanceTips.md index 3a84336f99..a6ba77f214 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/production/PerformanceTips.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/production/PerformanceTips.md @@ -57,7 +57,7 @@ This affects the number of files to keep in the [File Handle Caches](#file-handl ### Version -We recommend the latest stable version of Tomcat 8 and JDK 1.8. +We recommend the latest stable version of Tomcat {{ site.tomcat_version }} and JDK 1.8. ### Compression @@ -75,7 +75,7 @@ Have a look at the `compression` and `compressibleMimeType` attributes of the To ~~~ This says to compress (`gzip` or `deflate`) when the number of bytes is `>= 1000`, for the named `mime-types`. -See the Tomcat HTTP Connector [reference page](https://tomcat.apache.org/tomcat-8.5-doc/config/http.html){:target="_blank"} for more details. +See the Tomcat HTTP Connector [reference page](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/http.html){:target="_blank"} for more details. ### Automatic Startup diff --git a/docs/quickstart/src/site/pages/tds_tutorial/production/RemoveUnusedWebapps.md b/docs/quickstart/src/site/pages/tds_tutorial/production/RemoveUnusedWebapps.md index d9f3366142..f7a4ea8e65 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/production/RemoveUnusedWebapps.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/production/RemoveUnusedWebapps.md @@ -23,6 +23,6 @@ Tomcat "ships" with several default web applications you may want to consider re To use this application, you must add a user with role of `admin-gui` in `tomcat-users.xml`. If you are not planning to do a lot of virtual hosting in Tomcat this application should be removed. * The `examples` application should probably be removed from a production server to minimize security exposure. -* The docs are a copy of the [Online tomcat documentation](https://tomcat.apache.org/tomcat-8.5-doc/){:target="_blank"}. +* The docs are a copy of the [Online tomcat documentation](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/){:target="_blank"}. Unless you have need for a local copy, removing docs would help to tidy-up `${tomcat_home}/webapps`. diff --git a/docs/quickstart/src/site/pages/tds_tutorial/production/RestrictAccessToTds.md b/docs/quickstart/src/site/pages/tds_tutorial/production/RestrictAccessToTds.md index 059880bcaf..a552573415 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/production/RestrictAccessToTds.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/production/RestrictAccessToTds.md @@ -63,7 +63,7 @@ The `RemoteHostValve` compares the client hostname against one or more regular e ~~~ {%include note.html content=" - Consult the Tomcat [Remote Host Valve](https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Remote_Host_Valve){:target='_blank'} documentation for more information about valve syntax and options. + Consult the Tomcat [Remote Host Valve](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html#Remote_Host_Valve){:target='_blank'} documentation for more information about valve syntax and options. " %} diff --git a/docs/quickstart/src/site/pages/tds_tutorial/production/SecureManagerApp.md b/docs/quickstart/src/site/pages/tds_tutorial/production/SecureManagerApp.md index f4a686d5a2..33743a27e8 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/production/SecureManagerApp.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/production/SecureManagerApp.md @@ -83,7 +83,7 @@ The following example demonstrates enabling TLS/SSL for the Tomcat Manager Appli ~~~ - The Tomcat 8.x version of the Manager application deployment descriptor contains a `` section for each of the four possible `ContactPaths` (as per [Manager Application](https://tomcat.apache.org/migration.html){:target="_blank"} section of the Tomcat Migration Guide). + The Tomcat {{ site.tomcat_version }} version of the Manager application deployment descriptor contains a `` section for each of the four possible `ContactPaths` (as per [Manager Application](https://tomcat.apache.org/migration.html){:target="_blank"} section of the Tomcat Migration Guide). Add a `` with a `` of `CONFIDENTIAL` for the desired `ContactPaths` to to enable port-forwarding to port `8443`: @@ -163,7 +163,7 @@ The following example demonstrates enabling TLS/SSL for the Tomcat Manager Appli * Did you restart Tomcat after you made your changes to `web.xml`? ## Resources -* [Manager App HOW-TO](https://tomcat.apache.org/tomcat-8.5-doc/manager-howto.html){:target="_blank"} +* [Manager App HOW-TO](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html){:target="_blank"} The Apache Tomcat document referencing how to use and configure the Manager application. * [Tomcat Migration Guide](https://tomcat.apache.org/migration.html){:target="_blank"} A document detailing the various changes between Tomcat versions contains a section dedicated to the Manager application. diff --git a/docs/quickstart/src/site/pages/tds_tutorial/production/TdsBehindProxy.md b/docs/quickstart/src/site/pages/tds_tutorial/production/TdsBehindProxy.md index 9a53920450..1410049ade 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/production/TdsBehindProxy.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/production/TdsBehindProxy.md @@ -47,17 +47,17 @@ Other HTTPD servers (e.g., NGINX) have not yet been explored. ### Tomcat-Apache Proxy Documentation -* [Tomcat Connectors](https://tomcat.apache.org/tomcat-8.5-doc/connectors.html){:target="_blank"} +* [Tomcat Connectors](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/connectors.html){:target="_blank"} Documentation describing the difference between the Tomcat HTTP and AJP connectors. * `mod_proxy` - * [Tomcat HTTP Connector](https://tomcat.apache.org/tomcat-8.5-doc/config/http.html){:target="_blank"} + * [Tomcat HTTP Connector](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/http.html){:target="_blank"} Configuration for the Tomcat HTTP connector (for use with Apache's mod_proxy). - * [Tomcat Proxy Support - How To](https://tomcat.apache.org/tomcat-8.5-doc/proxy-howto.html){:target="_blank"} + * [Tomcat Proxy Support - How To](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/proxy-howto.html){:target="_blank"} Tomcat documentation showing how to use the build-in Apache module mod_proxy for Apache versions 1.3X and 2.X. * `mod_jk` - * [Tomcat AJP Connector](https://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html){:target="_blank"} + * [Tomcat AJP Connector](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/ajp.html){:target="_blank"} Configuration for the Tomcat AJP connector (for use with Apache's mod_jk). - * [Tomcat Reverse Proxy - How To](https://tomcat.apache.org/tomcat-8.5-doc/proxy-howto.html){:target="_blank"} + * [Tomcat Reverse Proxy - How To](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/proxy-howto.html){:target="_blank"} Configurations and fine-tuning of a reverse proxy set up using the mod_jk Apache module. {%include note.html content=" @@ -211,7 +211,7 @@ The following example shows how to implement a proxy using the Apache HTTPD serv ~~~ {% include note.html content=" - Consult the Tomcat documentation for more information about the [AJP Connector](https://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html){:target='_blank'} configuration options. + Consult the Tomcat documentation for more information about the [AJP Connector](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/ajp.html){:target='_blank'} configuration options. " %} 2. Disable any active `Java HTTP/1.1 Connector` and the `SSL HTTP/1.1 Connector` Tomcat connectors. diff --git a/docs/quickstart/src/site/pages/tds_tutorial/production/Upgrade.md b/docs/quickstart/src/site/pages/tds_tutorial/production/Upgrade.md index 2dd137f499..aafd88f124 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/production/Upgrade.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/production/Upgrade.md @@ -8,8 +8,8 @@ permalink: upgrade.html ## Requirements -* Java 11 is required -* Tomcat 8 (servlet 3.1) +* Java {{ site.java_version }} is required +* Tomcat {{ site.tomcat_version }} * On the command line when starting up Tomcat/TDS, you must specify `-Dtds.content.root.path=` where `` points to the top of the content directory. Note, in this example, that this is `/data/content/`, not`/data/content/thredds/`. Don't forget the trailing slash. diff --git a/docs/quickstart/src/site/pages/thredds/NcssRef.md b/docs/quickstart/src/site/pages/thredds/NcssRef.md index af7eb0f361..0402026dac 100644 --- a/docs/quickstart/src/site/pages/thredds/NcssRef.md +++ b/docs/quickstart/src/site/pages/thredds/NcssRef.md @@ -8,7 +8,7 @@ permalink: netcdf_subset_service_ref.html ## Overview -The NetCDF Subset Service (NCSS) is a web service for subsetting [CDM scientific datasets](https://docs.unidata.ucar.edu/netcdf-java/5.4/userguide/reading_cdm.html){:target="_blank"}. +The NetCDF Subset Service (NCSS) is a web service for subsetting [CDM scientific datasets](https://docs.unidata.ucar.edu/netcdf-java/{{site.netcdf-java_docset_version}}/userguide/reading_cdm.html){:target="_blank"}. The subsetting is specified using earth coordinates, such as lat/lon or projection coordinates bounding boxes and date ranges, rather than index ranges that refer to the underlying data arrays. The data arrays are subsetted but not re-sampled or reprojected, and preserve the resolution and accuracy of the original dataset. diff --git a/docs/shared/src/site/_data/topnav.yml.golden b/docs/shared/src/site/_data/topnav.yml.golden index 9347cd8b42..90f8c742ef 100644 --- a/docs/shared/src/site/_data/topnav.yml.golden +++ b/docs/shared/src/site/_data/topnav.yml.golden @@ -18,9 +18,9 @@ topnav_dropdowns: - title: GitHub external_url: https://github.com/Unidata/netcdf-java - title: User's guide - external_url: https://docs.unidata.ucar.edu/netcdf-java/5.6/userguide/index.html + external_url: https://docs.unidata.ucar.edu/netcdf-java/5.7/userguide/index.html - title: Public API - external_url: https://docs.unidata.ucar.edu/netcdf-java/5.6/javadoc/index.html + external_url: https://docs.unidata.ucar.edu/netcdf-java/5.7/javadoc/index.html - title: TDS folderitems: @@ -31,15 +31,6 @@ topnav_dropdowns: - title: Documentation external_url: https://docs.unidata.ucar.edu/tds/current/userguide/index.html - - title: Rosetta - folderitems: - - title: Unidata Homepage - external_url: https://www.unidata.ucar.edu/software/rosetta/ - - title: GitHub - external_url: https://github.com/Unidata/Rosetta - - title: User guide - external_url: https://docs.unidata.ucar.edu/rosetta/current/userguide/index.html - - title: Siphon folderitems: - title: Unidata Homepage diff --git a/docs/userguide/src/site/_config.yml b/docs/userguide/src/site/_config.yml index 86bbc60358..aa64775b78 100644 --- a/docs/userguide/src/site/_config.yml +++ b/docs/userguide/src/site/_config.yml @@ -76,5 +76,7 @@ docset_name: userguide # this will appear in the sidebar and various doc pages netcdf-java_docset_version: 5.7 -# this will appear in various doc pages +# these will appear in various doc pages tomcat_version: 10.1 +java_version: 17 +servlet_spec: 3.1 diff --git a/docs/userguide/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md b/docs/userguide/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md index aabad07771..b4070ce310 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md +++ b/docs/userguide/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md @@ -39,7 +39,7 @@ This section assumes you have successfully installed the JDK and Tomcat Servlet ~~~ {%include note.html content=" - Consult the Tomcat documentation about [web application context](http://tomcat.apache.org/tomcat-8.5-doc/config/context.html){:target='_blank'} for more information about the `META-INF/context.xml` file. + Consult the Tomcat documentation about [web application context](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/context.html){:target='_blank'} for more information about the `META-INF/context.xml` file. " %} The down-side of renaming the WAR file to merely `thredds.war` is that a quick glance at the WAR file will not tell you (the server administrator) which version of the TDS is deployed. diff --git a/docs/userguide/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md b/docs/userguide/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md index 6eb6d8cf5f..8a6c941490 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md +++ b/docs/userguide/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md @@ -14,10 +14,10 @@ Users of OS-provided packages via package management systems for Java and/or Tom ## System Requirements -* OpenJDK Java 17 -* Apache Tomcat 10.x +* OpenJDK Java {{ site.java_version }} +* Apache Tomcat {{ site.tomcat_version }} (or a servlet container that supports servlet specification {{ site.servlet_spec }}) -While there are different distributors of Java and servlet containers, Unidata develops, uses and tests the THREDDS Data Server using _OpenJDK Java_ and the _Apache Tomcat_ servlet container. +While there are different distributors of Java and servlet containers, Unidata develops, uses and tests the THREDDS Data Server using _Eclipse Temurin_ and the _Apache Tomcat_ servlet container. ## Installing OpenJDK Java JDK @@ -26,10 +26,10 @@ The following example shows the JDK installation on a linux system. The installation is being performed as the `root` user. {% include note.html content=" -For installation of the JDK on Windows or Mac OS, see the [JDK Installation Guide](https://adoptium.net/installation.html){:target='_blank'}. +For installation of the JDK on Windows or Mac OS, see the [JDK Installation Guide](https://https://adoptium.net/installation/){:target='_blank'}. " %} -1. [Download](https://adoptium.net/){:target="_blank"} the required OpenJDK version from the AdoptOpenJDK site. +1. [Download](https://adoptium.net/){:target="_blank"} current OpenJDK {{ site.java_version }} (LTS) version from the Adoptium site. 2. Install the JDK. @@ -83,12 +83,15 @@ The following example shows Tomcat installation on a linux system. The installation is performed as the `root` user. {% include note.html content=" -For installation of Tomcat on Windows, see the [Tomcat Setup Guide](http://tomcat.apache.org/tomcat-10.1-doc/setup.html#Windows){:target='_blank'}. +For installation of Tomcat on Windows, see the [Tomcat Setup Guide](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/setup.html#Windows){:target='_blank'}. " %} -1. [Download](https://tomcat.apache.org/download-10.cgi){:target="_blank"} current version of the Tomcat servlet container. - -2. Install Tomcat as per the Apache Tomcat [installation instructions](http://tomcat.apache.org/tomcat-10.1-doc/setup.html){:target="_blank"}. +{%- assign tomcat_version_split = site.tomcat_version | split: '.' -%} +{%- assign tomcat_version_split = tomcat_version_split[0] -%} + +1. [Download](https://tomcat.apache.org/download-{{ tomcat_version_split }}.cgi){:target="_blank"} current version of the Tomcat servlet container. + +2. Install Tomcat as per the Apache Tomcat [installation instructions](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/setup.html){:target="_blank"}. Copy the binary tar.gz file into the installation directory (`/usr/local` in this example): diff --git a/docs/userguide/src/site/pages/tds_tutorial/getting_started/TomcatConfigurationFiles.md b/docs/userguide/src/site/pages/tds_tutorial/getting_started/TomcatConfigurationFiles.md index 12ace1597c..60c5404078 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/getting_started/TomcatConfigurationFiles.md +++ b/docs/userguide/src/site/pages/tds_tutorial/getting_started/TomcatConfigurationFiles.md @@ -33,16 +33,16 @@ Move into the `${tomcat_home}/conf` directory and examine the `server.xml` file |-----------------|-----------|-------------------------------| | Tag Name | Instances | How it relates to the TDS | |:----------------|:---------:|:------------------------------| -| [``](http://tomcat.apache.org/tomcat-8.5-doc/config/server.html "The Server element represents the entire Catalina servlet container as a whole. It is the single outermost element in server.xml"){:target="_blank"} | 1...1 | Not modified unless you want to change the port number Tomcat listens for a `SHUTDOWN` command. (Enabled by default.) | -|    [``](http://tomcat.apache.org/tomcat-8.5-doc/config/globalresources.html "The GlobalNamingResources element defines the global Java Naming and Directory Interface (JNDI) resources for the Server."){:target="_blank"} | 0...\* | Needed to contain the `UserDatabase` that corresponds to the `UserDatabaseRealm` used to authenticate users. (Enabled by default.) | -|         [``](http://tomcat.apache.org/tomcat-8.5-doc/config/resources.html "The Resource element represents a static resource from which classes will be loaded and static files will be served."){:target="_blank"} | 0...\* | Editable user database (`tomcat-users.xml`) used by `UserDatabaseRealm` to authenticate users. (`UserDatabaseRealm` Resource enabled by default.) | -|     [``](http://tomcat.apache.org/tomcat-8.5-doc/config/service.html "The Service element represents the combination of one or more Connector components that share a single Engine component for processing incoming requests. The top Tomcat service is named Catalina (hence the log file name of catalina.out)."){:target="_blank"} | 1...\* | Not modified unless `you` wish to establish more than one service. (Catalina Service enabled by default.) | -|         [``](http://tomcat.apache.org/tomcat-8.5-doc/connectors.html "The Connector element forward requests to the Engine using a specific protocol and returns the results to the requesting client."){:target="_blank"} | 1...\* | Used to establish HTTP and SSL connections. Also will communicate with an web server for proxying requests. (HTTP connector enabled by default on port 8080.) | -|         [``](http://tomcat.apache.org/tomcat-8.5-doc/config/engine.html "The Engine element represents the entire request processing machinery associated with a particular Catlina Service."){:target="_blank"} | 1...1 | Not modified unless you specify a Host other than `localhost`. (Enabled by default.) | -|         [``](http://tomcat.apache.org/tomcat-8.5-doc/config/realm.html "The Realm element represents a database of usernames, passwords, and roles (groups) assigned to those users."){:target="_blank"} | 0...\* | The `UserDatabaseRealm` uses the `UserDatabase` configured in the global JNDI Resource. (`UserDatabaseRealm` enabled by default.) | -|         [``](http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html "The Valve element represents a component that will be inserted into the request processing pipeline for the associated containing element."){:target="_blank"} | 0...\* | The `RemoteAddrValve` is used to filter access to the TDS based on IP address. (NOT enabled by default. You will need to add this if you want to use IP Filtering.) | -|         [``](http://tomcat.apache.org/tomcat-8.5-doc/config/host.html "The Host element represents a virtual host."){:target="_blank"} | 1...\* | Not modified unless you specify a `Host` other than `localhost`. (`localhost` enabled by default.) | -|            [``](http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html "The Valve element represents a component that will be inserted into the request processing pipeline for the associated containing element."){:target="_blank"} | 0...\* | We modify the `AccessLogValve` to customize the access logs generated by Tomcat. (NOT enabled by default. You will need to add this if you want to enable access logging. ) | +| [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/server.html "The Server element represents the entire Catalina servlet container as a whole. It is the single outermost element in server.xml"){:target="_blank"} | 1...1 | Not modified unless you want to change the port number Tomcat listens for a `SHUTDOWN` command. (Enabled by default.) | +|    [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/globalresources.html "The GlobalNamingResources element defines the global Java Naming and Directory Interface (JNDI) resources for the Server."){:target="_blank"} | 0...\* | Needed to contain the `UserDatabase` that corresponds to the `UserDatabaseRealm` used to authenticate users. (Enabled by default.) | +|         [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/resources.html "The Resource element represents a static resource from which classes will be loaded and static files will be served."){:target="_blank"} | 0...\* | Editable user database (`tomcat-users.xml`) used by `UserDatabaseRealm` to authenticate users. (`UserDatabaseRealm` Resource enabled by default.) | +|     [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/service.html "The Service element represents the combination of one or more Connector components that share a single Engine component for processing incoming requests. The top Tomcat service is named Catalina (hence the log file name of catalina.out)."){:target="_blank"} | 1...\* | Not modified unless `you` wish to establish more than one service. (Catalina Service enabled by default.) | +|         [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/connectors.html "The Connector element forward requests to the Engine using a specific protocol and returns the results to the requesting client."){:target="_blank"} | 1...\* | Used to establish HTTP and SSL connections. Also will communicate with an web server for proxying requests. (HTTP connector enabled by default on port 8080.) | +|         [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/engine.html "The Engine element represents the entire request processing machinery associated with a particular Catlina Service."){:target="_blank"} | 1...1 | Not modified unless you specify a Host other than `localhost`. (Enabled by default.) | +|         [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/realm.html "The Realm element represents a database of usernames, passwords, and roles (groups) assigned to those users."){:target="_blank"} | 0...\* | The `UserDatabaseRealm` uses the `UserDatabase` configured in the global JNDI Resource. (`UserDatabaseRealm` enabled by default.) | +|         [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html "The Valve element represents a component that will be inserted into the request processing pipeline for the associated containing element."){:target="_blank"} | 0...\* | The `RemoteAddrValve` is used to filter access to the TDS based on IP address. (NOT enabled by default. You will need to add this if you want to use IP Filtering.) | +|         [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/host.html "The Host element represents a virtual host."){:target="_blank"} | 1...\* | Not modified unless you specify a `Host` other than `localhost`. (`localhost` enabled by default.) | +|            [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html "The Valve element represents a component that will be inserted into the request processing pipeline for the associated containing element."){:target="_blank"} | 0...\* | We modify the `AccessLogValve` to customize the access logs generated by Tomcat. (NOT enabled by default. You will need to add this if you want to enable access logging. ) | ## `${tomcat_home}/conf/tomcat-users.xml` @@ -68,9 +68,9 @@ Reference the table below to see how the tomcat-users.xml elements relate to con |----------|-----------|---------------------------| | Tag Name | Instances | How it relates to the TDS | |:---------|:---------:|:--------------------------| -| [``](http://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html#UserDatabaseRealm "The tomcat-users element represents the single outermost element in tomcat-users.xml"){:target="_blank"} | 1...1 | Not modified. (The only tag you get by default.) | -|     [``](http://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html#UserDatabaseRealm "The role element defines one role or group a user can belong to."){:target="_blank"} | 1...\* | You will have at least two of these: one for the Tomcat manager application and one for the TDS. (You will need to add if you want to enable role-based authentication.) | -|     [``](http://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html#UserDatabaseRealm "The user element represents one valid user."){:target="_blank"} | 1...\* | You will need to create an entry for each user who needs access to the Tomcat manager application and/or the restricted areas of the TDS. (You will need to add if you want to enable user authentication.) | +| [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#UserDatabaseRealm "The tomcat-users element represents the single outermost element in tomcat-users.xml"){:target="_blank"} | 1...1 | Not modified. (The only tag you get by default.) | +|     [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#UserDatabaseRealm "The role element defines one role or group a user can belong to."){:target="_blank"} | 1...\* | You will have at least two of these: one for the Tomcat manager application and one for the TDS. (You will need to add if you want to enable role-based authentication.) | +|     [``](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#UserDatabaseRealm "The user element represents one valid user."){:target="_blank"} | 1...\* | You will need to create an entry for each user who needs access to the Tomcat manager application and/or the restricted areas of the TDS. (You will need to add if you want to enable user authentication.) | ## Next Step diff --git a/docs/userguide/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md b/docs/userguide/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md index 73424bce96..ca1a7fabb7 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md +++ b/docs/userguide/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md @@ -20,7 +20,7 @@ This section assumes you have successfully installed the JDK and Tomcat Servlet * Provides server status statistics for the JVM and each connector you have configured in `${tomcat_home}/conf/server.xml`. {%include note.html content= -"For more information about the Tomcat manager application, see the [Tomcat Manager App HOW-TO](https://tomcat.apache.org/tomcat-8.5-doc/manager-howto.html){:target='_blank'} documentation. +"For more information about the Tomcat manager application, see the [Tomcat Manager App HOW-TO](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html){:target='_blank'} documentation. " %} ## Accessing The Manager Application @@ -58,7 +58,7 @@ This will be done in the following 2 steps: ~~~ {%include note.html content=" - For more information about web application context configuration files and their security options, please review the [Tomcat Manager App How-To](http://tomcat.apache.org/tomcat-8.5-doc/manager-howto.html#Introduction){:target='_blank'} documentation. + For more information about web application context configuration files and their security options, please review the [Tomcat Manager App How-To](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html#Introduction){:target='_blank'} documentation. " %} diff --git a/docs/userguide/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md b/docs/userguide/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md index 8c397a9b58..a561fe3c6e 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md +++ b/docs/userguide/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md @@ -106,7 +106,7 @@ pattern="%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-A {%include note.html content=" -For more information on access log format configuration, see the Tomcat [Valve Component](http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html){:target='_blank'} documentation. +For more information on access log format configuration, see the Tomcat [Valve Component](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html){:target='_blank'} documentation. " %} diff --git a/docs/userguide/src/site/pages/tds_tutorial/production/DigestedPasswords.md b/docs/userguide/src/site/pages/tds_tutorial/production/DigestedPasswords.md index d2a55215ce..9d26bd0f95 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/production/DigestedPasswords.md +++ b/docs/userguide/src/site/pages/tds_tutorial/production/DigestedPasswords.md @@ -93,7 +93,7 @@ A Tomcat Realm represents a "database" of usernames, passwords, and roles assign ~~~ {% include note.html content=" - To use a different algorithm, a salt, or to limit the length of the resulting password hash, consult the [syntax options](https://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html#Digested_Passwords){:target='_blank'} for the `tomcat_home/bin/digest.[bat|sh]` script. + To use a different algorithm, a salt, or to limit the length of the resulting password hash, consult the [syntax options](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#Digested_Passwords){:target='_blank'} for the `tomcat_home/bin/digest.[bat|sh]` script. " %} 3. Update `${tomcat_home}/conf/tomcat-users.xml` to replace your clear-text password with the encrypted version: diff --git a/docs/userguide/src/site/pages/tds_tutorial/production/EnableTLSEncryption.md b/docs/userguide/src/site/pages/tds_tutorial/production/EnableTLSEncryption.md index 51e37b7a5f..29d989d727 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/production/EnableTLSEncryption.md +++ b/docs/userguide/src/site/pages/tds_tutorial/production/EnableTLSEncryption.md @@ -44,7 +44,7 @@ Unidata _highly_ recommends the use of a certificate signed by a Certificate Aut ### Certificate `keystore` File A keystore file stores the details of the TLS/SSL certificate necessary to make the protocol secured. -The Tomcat documentation includes a section on [importing your certificate](https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target="_blank"} into a keystore file. +The Tomcat documentation includes a section on [importing your certificate](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target="_blank"} into a keystore file. Tomcat uses the keystore file for TLS/SSL transactions. ## Enabling TLS/SSL In Tomcat @@ -52,7 +52,7 @@ Tomcat uses the keystore file for TLS/SSL transactions. The following example demonstrates enabling TLS/SSL in the Tomcat Servlet Container on a linux system as the `root` user. {%include note.html content=" -This section assumes you have already imported your CA-signed certificate into the [keystore](https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target='_blank'} file. +This section assumes you have already imported your CA-signed certificate into the [keystore](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target='_blank'} file. " %} 1. Modify the Tomcat configuration to enable TLS/SSL: @@ -86,7 +86,7 @@ This section assumes you have already imported your CA-signed certificate into t ~~~ {%include note.html content=" - Tomcat also offers a `SSL/TLS HTTP/1.1 Connector` which utilizes `APR/native implementation`. Consult the [Documentation](http://tomcat.apache.org/tomcat-8.5-doc/config/http.html){:target='_blank'} to see if you should use this connector in lieu of the `NIO implementation SSL HTTP/1.1` connector. + Tomcat also offers a `SSL/TLS HTTP/1.1 Connector` which utilizes `APR/native implementation`. Consult the [Documentation](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/http.html){:target='_blank'} to see if you should use this connector in lieu of the `NIO implementation SSL HTTP/1.1` connector. " %} Specify the keystore file in the `certificateKeystoreFile` attribute of the `Certificate` element to tell Tomcat where to find your keystore (the path will be relative to `${tomcat_home}` directory). @@ -251,7 +251,7 @@ Other than the compelling security reasons, you will want to enable TLS/SSL to t * [Qualys SSL Server Test](https://www.ssllabs.com/ssltest/){:target="_blank"} is a free online service that analyzes the configuration of any public TLS/SSL web server. Note: be sure to check the Do not show the results on the boards box if you do not want your results to be public. -* [TLS/SSL Configuration HOW-TO](https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html){:target="_blank"} +* [TLS/SSL Configuration HOW-TO](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/ssl-howto.html){:target="_blank"} The Apache Tomcat document detailing how to enable TLS/SSL. * [Tomcat Migration Guide](https://tomcat.apache.org/migration.html){:target="_blank"} A document detailing the various changes between Tomcat versions. diff --git a/docs/userguide/src/site/pages/tds_tutorial/production/PerformanceTips.md b/docs/userguide/src/site/pages/tds_tutorial/production/PerformanceTips.md index 6abed40c0e..1a08c207ef 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/production/PerformanceTips.md +++ b/docs/userguide/src/site/pages/tds_tutorial/production/PerformanceTips.md @@ -74,7 +74,7 @@ Have a look at the `compression` and `compressibleMimeType` attributes of the To ~~~ This says to compress (`gzip` or `deflate`) when the number of bytes is `>= 1000`, for the named `mime-types`. -See the Tomcat HTTP Connector [reference page](https://tomcat.apache.org/tomcat-8.5-doc/config/http.html){:target="_blank"} for more details. +See the Tomcat HTTP Connector [reference page](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/http.html){:target="_blank"} for more details. ### Automatic Startup diff --git a/docs/userguide/src/site/pages/tds_tutorial/production/RemoveUnusedWebapps.md b/docs/userguide/src/site/pages/tds_tutorial/production/RemoveUnusedWebapps.md index 2aff71a027..448f2d53cc 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/production/RemoveUnusedWebapps.md +++ b/docs/userguide/src/site/pages/tds_tutorial/production/RemoveUnusedWebapps.md @@ -23,6 +23,6 @@ Tomcat "ships" with several default web applications you may want to consider re To use this application, you must add a user with role of `admin-gui` in `tomcat-users.xml`. If you are not planning to do a lot of virtual hosting in Tomcat this application should be removed. * The `examples` application should probably be removed from a production server to minimize security exposure. -* The docs are a copy of the [Online tomcat documentation](https://tomcat.apache.org/tomcat-8.5-doc/){:target="_blank"}. +* The docs are a copy of the [Online tomcat documentation](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/){:target="_blank"}. Unless you have need for a local copy, removing docs would help to tidy-up `${tomcat_home}/webapps`. diff --git a/docs/userguide/src/site/pages/tds_tutorial/production/RestrictAccessToTds.md b/docs/userguide/src/site/pages/tds_tutorial/production/RestrictAccessToTds.md index 27228d4eae..5b2a7d4b17 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/production/RestrictAccessToTds.md +++ b/docs/userguide/src/site/pages/tds_tutorial/production/RestrictAccessToTds.md @@ -63,7 +63,7 @@ The `RemoteHostValve` compares the client hostname against one or more regular e ~~~ {%include note.html content=" - Consult the Tomcat [Remote Host Valve](https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Remote_Host_Valve){:target='_blank'} documentation for more information about valve syntax and options. + Consult the Tomcat [Remote Host Valve](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html#Remote_Host_Valve){:target='_blank'} documentation for more information about valve syntax and options. " %} diff --git a/docs/userguide/src/site/pages/tds_tutorial/production/SecureManagerApp.md b/docs/userguide/src/site/pages/tds_tutorial/production/SecureManagerApp.md index 0e914c8871..652bab4de1 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/production/SecureManagerApp.md +++ b/docs/userguide/src/site/pages/tds_tutorial/production/SecureManagerApp.md @@ -83,7 +83,7 @@ The following example demonstrates enabling TLS/SSL for the Tomcat Manager Appli ~~~ - The Tomcat 8.x version of the Manager application deployment descriptor contains a `` section for each of the four possible `ContactPaths` (as per [Manager Application](https://tomcat.apache.org/migration.html){:target="_blank"} section of the Tomcat Migration Guide). + The Tomcat {{ site.tomcat_version }} version of the Manager application deployment descriptor contains a `` section for each of the four possible `ContactPaths` (as per [Manager Application](https://tomcat.apache.org/migration.html){:target="_blank"} section of the Tomcat Migration Guide). Add a `` with a `` of `CONFIDENTIAL` for the desired `ContactPaths` to to enable port-forwarding to port `8443`: @@ -163,7 +163,7 @@ The following example demonstrates enabling TLS/SSL for the Tomcat Manager Appli * Did you restart Tomcat after you made your changes to `web.xml`? ## Resources -* [Manager App HOW-TO](https://tomcat.apache.org/tomcat-8.5-doc/manager-howto.html){:target="_blank"} +* [Manager App HOW-TO](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html){:target="_blank"} The Apache Tomcat document referencing how to use and configure the Manager application. * [Tomcat Migration Guide](https://tomcat.apache.org/migration.html){:target="_blank"} A document detailing the various changes between Tomcat versions contains a section dedicated to the Manager application. diff --git a/docs/userguide/src/site/pages/tds_tutorial/production/TdsBehindProxy.md b/docs/userguide/src/site/pages/tds_tutorial/production/TdsBehindProxy.md index 830e2fd8e7..80a715b6cc 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/production/TdsBehindProxy.md +++ b/docs/userguide/src/site/pages/tds_tutorial/production/TdsBehindProxy.md @@ -47,17 +47,17 @@ Other HTTPD servers (e.g., NGINX) have not yet been explored. ### Tomcat-Apache Proxy Documentation -* [Tomcat Connectors](https://tomcat.apache.org/tomcat-8.5-doc/connectors.html){:target="_blank"} +* [Tomcat Connectors](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/connectors.html){:target="_blank"} Documentation describing the difference between the Tomcat HTTP and AJP connectors. * `mod_proxy` - * [Tomcat HTTP Connector](https://tomcat.apache.org/tomcat-8.5-doc/config/http.html){:target="_blank"} + * [Tomcat HTTP Connector](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/http.html){:target="_blank"} Configuration for the Tomcat HTTP connector (for use with Apache's mod_proxy). - * [Tomcat Proxy Support - How To](https://tomcat.apache.org/tomcat-8.5-doc/proxy-howto.html){:target="_blank"} + * [Tomcat Proxy Support - How To](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/proxy-howto.html){:target="_blank"} Tomcat documentation showing how to use the build-in Apache module mod_proxy for Apache versions 1.3X and 2.X. * `mod_jk` - * [Tomcat AJP Connector](https://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html){:target="_blank"} + * [Tomcat AJP Connector](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/ajp.html){:target="_blank"} Configuration for the Tomcat AJP connector (for use with Apache's mod_jk). - * [Tomcat Reverse Proxy - How To](https://tomcat.apache.org/tomcat-8.5-doc/proxy-howto.html){:target="_blank"} + * [Tomcat Reverse Proxy - How To](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/proxy-howto.html){:target="_blank"} Configurations and fine-tuning of a reverse proxy set up using the mod_jk Apache module. {%include note.html content=" @@ -211,7 +211,7 @@ The following example shows how to implement a proxy using the Apache HTTPD serv ~~~ {% include note.html content=" - Consult the Tomcat documentation for more information about the [AJP Connector](https://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html){:target='_blank'} configuration options. + Consult the Tomcat documentation for more information about the [AJP Connector](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/ajp.html){:target='_blank'} configuration options. " %} 2. Disable any active `Java HTTP/1.1 Connector` and the `SSL HTTP/1.1 Connector` Tomcat connectors. diff --git a/docs/userguide/src/site/pages/tds_tutorial/production/TomcatPermissions.md b/docs/userguide/src/site/pages/tds_tutorial/production/TomcatPermissions.md index 77180191fa..b28c6f1cff 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/production/TomcatPermissions.md +++ b/docs/userguide/src/site/pages/tds_tutorial/production/TomcatPermissions.md @@ -58,7 +58,7 @@ We also recommend restricting the permissions of the Tomcat `user/group` within ~~~bash # cd /usr/local - # chown -R tomcat:tomcat apache-tomcat-8.5.34 + # chown -R tomcat:tomcat apache-tomcat-{{ site.tomcat_version }}.x # ls -l tomcat total 148 drwxr-x--- 2 tomcat tomcat 4096 Oct 24 14:22 bin @@ -125,7 +125,7 @@ We also recommend restricting the permissions of the Tomcat `user/group` within 4. Change the user/group permissions of the files and subdirectories in `${tomcat_home}/conf` directory. - (Depending on the web applications you are running and/or your virtual host configurations, Tomcat may create a `${tomcat_home}/conf/Catalina` directory with corresponding subdirectories and files for [context](https://tomcat.apache.org/tomcat-8.5-doc/virtual-hosting-howto.html#Configuring_Your_Contexts){:target="_blank"} information.) + (Depending on the web applications you are running and/or your virtual host configurations, Tomcat may create a `${tomcat_home}/conf/Catalina` directory with corresponding subdirectories and files for [context](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/virtual-hosting-howto.html#Configuring_Your_Contexts){:target="_blank"} information.) ~~~bash # cd /usr/local/tomcat/conf From 4b23de14fe127a9a5f685e94ad118224dfd136d7 Mon Sep 17 00:00:00 2001 From: Sean Arms <67096+lesserwhirls@users.noreply.github.com> Date: Fri, 17 Jan 2025 12:34:17 -0700 Subject: [PATCH 2/2] Fix info, note, etc. content to build with variable substitution --- .../installation_upgrade/TdsBehindProxy.md | 5 +++-- .../site/pages/reference/TomcatManagerApp.md | 6 +++--- .../site/pages/securing/DigestedPasswords.md | 7 ++++--- .../site/pages/securing/RestrictAccessToTds.md | 9 ++++----- .../ModifyingTomcatAccessLogs.md | 8 +++----- .../getting_started/DeployingTheTds.md | 7 ++++--- .../getting_started/InstallJavaTomcat.md | 12 +++++++----- .../getting_started/TomcatManagerApp.md | 11 ++++++----- .../ModifyingTomcatAccessLogs.md | 8 +++----- docs/quickstart/src/site/pages/TLSEncryption.md | 5 ++++- .../getting_started/DeployingTheTds.md | 7 ++++--- .../getting_started/InstallJavaTomcat.md | 5 +++-- .../getting_started/TomcatManagerApp.md | 11 ++++++----- .../ModifyingTomcatAccessLogs.md | 8 +++----- .../production/DigestedPasswords.md | 7 ++++--- .../production/EnableTLSEncryption.md | 17 ++++++++++------- .../production/RestrictAccessToTds.md | 8 ++++---- .../tds_tutorial/production/TdsBehindProxy.md | 5 +++-- .../getting_started/DeployingTheTds.md | 7 ++++--- .../getting_started/InstallJavaTomcat.md | 5 +++-- .../getting_started/TomcatManagerApp.md | 11 ++++++----- .../ModifyingTomcatAccessLogs.md | 8 +++----- .../production/DigestedPasswords.md | 7 ++++--- .../production/EnableTLSEncryption.md | 15 +++++++++------ .../production/RestrictAccessToTds.md | 8 ++++---- .../tds_tutorial/production/TdsBehindProxy.md | 5 +++-- 26 files changed, 114 insertions(+), 98 deletions(-) diff --git a/docs/adminguide/src/site/pages/installation_upgrade/TdsBehindProxy.md b/docs/adminguide/src/site/pages/installation_upgrade/TdsBehindProxy.md index 23494fb215..6694311a59 100644 --- a/docs/adminguide/src/site/pages/installation_upgrade/TdsBehindProxy.md +++ b/docs/adminguide/src/site/pages/installation_upgrade/TdsBehindProxy.md @@ -188,9 +188,10 @@ The following example shows how to implement a proxy using the Apache HTTPD serv protocol="AJP/1.3" /> ~~~ - {% include info.html content=" + {% capture ajp_connector %} Consult the Tomcat documentation for more information about the [AJP Connector](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/ajp.html){:target='_blank'} configuration options. - " %} + {% endcapture %} + {% include info.html content=ajp_connector %} 2. Disable any active `Java HTTP/1.1 Connector` and the `SSL HTTP/1.1 Connector` Tomcat connectors. diff --git a/docs/adminguide/src/site/pages/reference/TomcatManagerApp.md b/docs/adminguide/src/site/pages/reference/TomcatManagerApp.md index 986bd24a26..597a272fb5 100644 --- a/docs/adminguide/src/site/pages/reference/TomcatManagerApp.md +++ b/docs/adminguide/src/site/pages/reference/TomcatManagerApp.md @@ -57,10 +57,10 @@ This will be done in the following 2 steps: ~~~ - {%include note.html content=" + {% capture context_config %} For more information about web application context configuration files and their security options, please review the [Tomcat Manager App How-To](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html#Introduction){:target='_blank'} documentation. - " %} - + {% endcapture %} + {% include info.html content=context_config %} #### II. Modify `tomcat-users.xml` diff --git a/docs/adminguide/src/site/pages/securing/DigestedPasswords.md b/docs/adminguide/src/site/pages/securing/DigestedPasswords.md index 48e6997f09..3d7e6e6fc4 100644 --- a/docs/adminguide/src/site/pages/securing/DigestedPasswords.md +++ b/docs/adminguide/src/site/pages/securing/DigestedPasswords.md @@ -97,9 +97,10 @@ A Tomcat Realm represents a "database" of usernames, passwords, and roles assign supersecretpassword:bb7a2b6cf8da7122125c663fc1585808170b2027677195e0ad121f87b27320ae$1$55003acb56e907b19d29d3b4211dc98c837354690bc90579742d6747efeec4ea ~~~ - {% include note.html content=" - To use a different algorithm, a salt, or to limit the length of the resulting password hash, consult the [syntax options](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#Digested_Passwords){:target='_blank'} for the `tomcat_home/bin/digest.[bat|sh]` script. - " %} + {% capture algo %} + To use a different algorithm, a salt, or to limit the length of the resulting password hash, consult the [syntax options](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#Digested_Passwords){:target='_blank'} for the `tomcat_home/bin/digest.[bat|sh]` script. + {% endcapture %} + {% include info.html content=algo %} 3. Update `${tomcat_home}/conf/tomcat-users.xml` to replace your clear-text password with the encrypted version: diff --git a/docs/adminguide/src/site/pages/securing/RestrictAccessToTds.md b/docs/adminguide/src/site/pages/securing/RestrictAccessToTds.md index 9784b5676d..1fbd2848a8 100644 --- a/docs/adminguide/src/site/pages/securing/RestrictAccessToTds.md +++ b/docs/adminguide/src/site/pages/securing/RestrictAccessToTds.md @@ -64,11 +64,10 @@ The `RemoteHostValve` compares the client hostname against one or more regular e deny=".*\.bandwidthhogs\.com" /> ~~~ -{% capture remote_host_valve %} - Consult the Tomcat [Remote Host Valve](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html#Remote_Host_Valve){:target='_blank'} documentation for more information about valve syntax and options. -{% endcapture %} - - {% include info.html content=remote_host_valve%} + {% capture remote_host_valve %} + Consult the Tomcat [Remote Host Valve](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html#Remote_Host_Valve){:target='_blank'} documentation for more information about valve syntax and options. + {% endcapture %} + {% include info.html content=remote_host_valve%} ## Limit Access To Parts Or Entire TDS By User/Role diff --git a/docs/adminguide/src/site/pages/support_troubleshooting/ModifyingTomcatAccessLogs.md b/docs/adminguide/src/site/pages/support_troubleshooting/ModifyingTomcatAccessLogs.md index 5db4a6c1cb..9a3afcd072 100644 --- a/docs/adminguide/src/site/pages/support_troubleshooting/ModifyingTomcatAccessLogs.md +++ b/docs/adminguide/src/site/pages/support_troubleshooting/ModifyingTomcatAccessLogs.md @@ -108,12 +108,10 @@ The access log entry format we are using is almost identical to the standard com pattern="%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i" %D" ~~~ - - -{%include note.html content=" +{% capture logfmt %} For more information on access log format configuration, see the Tomcat [Valve Component](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html){:target='_blank'} documentation. -" %} - +{% endcapture %} +{% include info.html content=logfmt %} The above pattern makes use of the following codes: diff --git a/docs/devguide/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md b/docs/devguide/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md index 5fdb89bd0e..e40c8eeffa 100644 --- a/docs/devguide/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md +++ b/docs/devguide/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md @@ -38,10 +38,11 @@ This section assumes you have successfully installed the JDK and Tomcat Servlet ~~~ - {%include note.html content=" + {% capture context %} Consult the Tomcat documentation about [web application context](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/context.html){:target='_blank'} for more information about the `META-INF/context.xml` file. - " %} - + {% endcapture %} + {% include info.html content=context %} + The down-side of renaming the WAR file to merely `thredds.war` is that a quick glance at the WAR file will not tell you (the server administrator) which version of the TDS is deployed. diff --git a/docs/devguide/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md b/docs/devguide/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md index 0917657b5d..ec6e889728 100644 --- a/docs/devguide/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md +++ b/docs/devguide/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md @@ -25,9 +25,10 @@ While there are different distributors of Java and servlet containers, Unidata d The following example shows the JDK installation on a linux system. The installation is being performed as the `root` user. -{% include note.html content=" -For installation of the JDK on Windows or Mac OS, see the [JDK Installation Guide](https://https://adoptium.net/installation/){:target='_blank'}. -" %} +{% capture tomcatinstall %} +For installation of Tomcat on Windows, see the [Tomcat Setup Guide](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/setup.html#Windows){:target='_blank'}. +{% endcapture %} +{% include info.html content=tomcatinstall %} 1. [Download](https://adoptium.net/){:target="_blank"} current OpenJDK {{ site.java_version }} (LTS) JDK version from the Adoptium site. @@ -82,9 +83,10 @@ The following example shows Tomcat installation on a linux system. (This type of installation will work on Mac OS systems as well.) The installation is performed as the `root` user. -{% include note.html content=" +{% capture tomcatinstall %} For installation of Tomcat on Windows, see the [Tomcat Setup Guide](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/setup.html#Windows){:target='_blank'}. -" %} +{% endcapture %} +{% include info.html content=tomcatinstall %} {%- assign tomcat_version_split = site.tomcat_version | split: '.' -%} {%- assign tomcat_version_split = tomcat_version_split[0] -%} diff --git a/docs/devguide/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md b/docs/devguide/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md index fd13dd5988..0a3b0405a3 100644 --- a/docs/devguide/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md +++ b/docs/devguide/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md @@ -19,9 +19,10 @@ This section assumes you have successfully installed the JDK and Tomcat Servlet * Allows Tomcat administrators to deploy, un-deploy, or reload web applications such as the TDS without having to shut down and restart Tomcat. * Provides server status statistics for the JVM and each connector you have configured in `${tomcat_home}/conf/server.xml`. -{%include note.html content= +{% capture tcmanager %} "For more information about the Tomcat manager application, see the [Tomcat Manager App HOW-TO](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html){:target='_blank'} documentation. -" %} +{% endcapture %} +{% include info.html content=tcmanager %} ## Accessing The Manager Application @@ -57,10 +58,10 @@ This will be done in the following 2 steps: ~~~ - {%include note.html content=" + {% capture context_config %} For more information about web application context configuration files and their security options, please review the [Tomcat Manager App How-To](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html#Introduction){:target='_blank'} documentation. - " %} - + {% endcapture %} + {% include info.html content=context_config %} #### II. Modify `tomcat-users.xml` diff --git a/docs/devguide/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md b/docs/devguide/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md index d156674c61..7fdb460c86 100644 --- a/docs/devguide/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md +++ b/docs/devguide/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md @@ -103,12 +103,10 @@ The access log entry format we are using is almost identical to the standard com pattern="%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i" %D" ~~~ - - -{%include note.html content=" +{% capture logfmt %} For more information on access log format configuration, see the Tomcat [Valve Component](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html){:target='_blank'} documentation. -" %} - +{% endcapture %} +{% include info.html content=logfmt %} The above pattern makes use of the following codes: diff --git a/docs/quickstart/src/site/pages/TLSEncryption.md b/docs/quickstart/src/site/pages/TLSEncryption.md index 3b3d2790ff..0ebfdce95b 100644 --- a/docs/quickstart/src/site/pages/TLSEncryption.md +++ b/docs/quickstart/src/site/pages/TLSEncryption.md @@ -97,8 +97,11 @@ The following example demonstrates enabling Transport Layer Security in the Tomc ~~~ - Note: Tomcat also offers a `SSL/TLS HTTP/1.1 Connector` which utilizes `APR/native implementation`. + {% capture connector %} + Tomcat also offers a `SSL/TLS HTTP/1.1 Connector` which utilizes `APR/native implementation`. Consult the [Documentation](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/http.html){:target='_blank'} to see if you should use this connector in lieu of the `NIO implementation SSL HTTP/1.1` connector. + {% endcapture %} + {% include info.html content=connector %} Specify the keystore file in the `certificateKeystoreFile` attribute of the `Certificate` element to tell Tomcat where to find your keystore (the path will be relative to `${tomcat_home}` directory). diff --git a/docs/quickstart/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md b/docs/quickstart/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md index b9e8c2f6c1..2e19ddfd25 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md @@ -37,10 +37,11 @@ This section assumes you have successfully installed the JDK and Tomcat Servlet ~~~ - - {%include note.html content=" + + {% capture context %} Consult the Tomcat documentation about [web application context](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/context.html){:target='_blank'} for more information about the `META-INF/context.xml` file. - " %} + {% endcapture %} + {% include info.html content=context %} The down-side of renaming the WAR file to merely `thredds.war` is that a quick glance at the WAR file will not tell you (the server administrator) which version of the TDS is deployed. diff --git a/docs/quickstart/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md b/docs/quickstart/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md index 3356d6efbe..39df6df7b9 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md @@ -82,9 +82,10 @@ The following example shows Tomcat installation on a linux system. (This type of installation will work on Mac OS systems as well.) The installation is performed as the `root` user. -{% include note.html content=" +{% capture tomcatinstall %} For installation of Tomcat on Windows, see the [Tomcat Setup Guide](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/setup.html#Windows){:target='_blank'}. -" %} +{% endcapture %} +{% include info.html content=tomcatinstall %} {%- assign tomcat_version_split = site.tomcat_version | split: '.' -%} {%- assign tomcat_version_split = tomcat_version_split[0] -%} diff --git a/docs/quickstart/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md b/docs/quickstart/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md index 9497bdb619..a99a5fa762 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md @@ -19,9 +19,10 @@ This section assumes you have successfully installed the JDK and Tomcat Servlet * Allows Tomcat administrators to deploy, un-deploy, or reload web applications such as the TDS without having to shut down and restart Tomcat. * Provides server status statistics for the JVM and each connector you have configured in `${tomcat_home}/conf/server.xml`. -{%include note.html content= +{% capture tcmanager %} "For more information about the Tomcat manager application, see the [Tomcat Manager App HOW-TO](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html){:target='_blank'} documentation. -" %} +{% endcapture %} +{% include info.html content=tcmanager %} ## Accessing The Manager Application @@ -57,10 +58,10 @@ This will be done in the following 2 steps: ~~~ - {%include note.html content=" + {% capture context_config %} For more information about web application context configuration files and their security options, please review the [Tomcat Manager App How-To](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html#Introduction){:target='_blank'} documentation. - " %} - + {% endcapture %} + {% include info.html content=context_config %} #### II. Modify `tomcat-users.xml` diff --git a/docs/quickstart/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md b/docs/quickstart/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md index 85f8a09097..0c77485409 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md @@ -103,12 +103,10 @@ The access log entry format we are using is almost identical to the standard com pattern="%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i" %D" ~~~ - - -{%include note.html content=" +{% capture logfmt %} For more information on access log format configuration, see the Tomcat [Valve Component](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html){:target='_blank'} documentation. -" %} - +{% endcapture %} +{% include info.html content=logfmt %} The above pattern makes use of the following codes: diff --git a/docs/quickstart/src/site/pages/tds_tutorial/production/DigestedPasswords.md b/docs/quickstart/src/site/pages/tds_tutorial/production/DigestedPasswords.md index 4be08789b5..c9ce7bd17f 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/production/DigestedPasswords.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/production/DigestedPasswords.md @@ -92,9 +92,10 @@ A Tomcat Realm represents a "database" of usernames, passwords, and roles assign supersecretpassword:bb7a2b6cf8da7122125c663fc1585808170b2027677195e0ad121f87b27320ae$1$55003acb56e907b19d29d3b4211dc98c837354690bc90579742d6747efeec4ea ~~~ - {% include note.html content=" - To use a different algorithm, a salt, or to limit the length of the resulting password hash, consult the [syntax options](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#Digested_Passwords){:target='_blank'} for the `tomcat_home/bin/digest.[bat|sh]` script. - " %} + {% capture algo %} + To use a different algorithm, a salt, or to limit the length of the resulting password hash, consult the [syntax options](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#Digested_Passwords){:target='_blank'} for the `tomcat_home/bin/digest.[bat|sh]` script. + {% endcapture %} + {% include info.html content=algo %} 3. Update `${tomcat_home}/conf/tomcat-users.xml` to replace your clear-text password with the encrypted version: diff --git a/docs/quickstart/src/site/pages/tds_tutorial/production/EnableTLSEncryption.md b/docs/quickstart/src/site/pages/tds_tutorial/production/EnableTLSEncryption.md index 4bb5010b77..912a2d2a87 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/production/EnableTLSEncryption.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/production/EnableTLSEncryption.md @@ -49,11 +49,12 @@ Tomcat uses the keystore file for TLS/SSL transactions. ## Enabling TLS/SSL In Tomcat -The following example demonstrates enabling TLS/SSL in the Tomcat Servlet Container on a linux system as the `root` user. +The following example demonstrates enabling TLS/SSL in the Tomcat Servlet Container on a linux system as the `root` user. -{%include note.html content=" +{% capture cert %} This section assumes you have already imported your CA-signed certificate into the [keystore](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target='_blank'} file. -" %} +{% endcapture %} +{% include info.html content=cert %} 1. Modify the Tomcat configuration to enable TLS/SSL: @@ -84,10 +85,12 @@ This section assumes you have already imported your CA-signed certificate into t ~~~ - - {%include note.html content=" - Tomcat also offers a `SSL/TLS HTTP/1.1 Connector` which utilizes `APR/native implementation`. Consult the [Documentation](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/http.html){:target='_blank'} to see if you should use this connector in lieu of the `NIO implementation SSL HTTP/1.1` connector. - " %} + + {% capture connector %} + Tomcat also offers a `SSL/TLS HTTP/1.1 Connector` which utilizes `APR/native implementation`. + Consult the [Documentation](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/http.html){:target='_blank'} to see if you should use this connector in lieu of the `NIO implementation SSL HTTP/1.1` connector. + {% endcapture %} + {% include info.html content=connector %} Specify the keystore file in the `certificateKeystoreFile` attribute of the `Certificate` element to tell Tomcat where to find your keystore (the path will be relative to `${tomcat_home}` directory). diff --git a/docs/quickstart/src/site/pages/tds_tutorial/production/RestrictAccessToTds.md b/docs/quickstart/src/site/pages/tds_tutorial/production/RestrictAccessToTds.md index a552573415..71d7fbe684 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/production/RestrictAccessToTds.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/production/RestrictAccessToTds.md @@ -62,10 +62,10 @@ The `RemoteHostValve` compares the client hostname against one or more regular e deny=".*\.bandwidthhogs\.com" /> ~~~ - {%include note.html content=" - Consult the Tomcat [Remote Host Valve](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html#Remote_Host_Valve){:target='_blank'} documentation for more information about valve syntax and options. - " %} - + {% capture remote_host_valve %} + Consult the Tomcat [Remote Host Valve](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html#Remote_Host_Valve){:target='_blank'} documentation for more information about valve syntax and options. + {% endcapture %} + {% include info.html content=remote_host_valve%} ## Restrict Access Via Web Application Deployment Descriptor diff --git a/docs/quickstart/src/site/pages/tds_tutorial/production/TdsBehindProxy.md b/docs/quickstart/src/site/pages/tds_tutorial/production/TdsBehindProxy.md index 1410049ade..18f9002a84 100644 --- a/docs/quickstart/src/site/pages/tds_tutorial/production/TdsBehindProxy.md +++ b/docs/quickstart/src/site/pages/tds_tutorial/production/TdsBehindProxy.md @@ -210,9 +210,10 @@ The following example shows how to implement a proxy using the Apache HTTPD serv protocol="AJP/1.3" /> ~~~ - {% include note.html content=" + {% capture ajp_connector %} Consult the Tomcat documentation for more information about the [AJP Connector](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/ajp.html){:target='_blank'} configuration options. - " %} + {% endcapture %} + {% include info.html content=ajp_connector %} 2. Disable any active `Java HTTP/1.1 Connector` and the `SSL HTTP/1.1 Connector` Tomcat connectors. diff --git a/docs/userguide/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md b/docs/userguide/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md index b4070ce310..743ef1b47c 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md +++ b/docs/userguide/src/site/pages/tds_tutorial/getting_started/DeployingTheTds.md @@ -37,10 +37,11 @@ This section assumes you have successfully installed the JDK and Tomcat Servlet ~~~ - - {%include note.html content=" + + {% capture context %} Consult the Tomcat documentation about [web application context](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/context.html){:target='_blank'} for more information about the `META-INF/context.xml` file. - " %} + {% endcapture %} + {% include info.html content=context %} The down-side of renaming the WAR file to merely `thredds.war` is that a quick glance at the WAR file will not tell you (the server administrator) which version of the TDS is deployed. diff --git a/docs/userguide/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md b/docs/userguide/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md index 8a6c941490..5da2b903ce 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md +++ b/docs/userguide/src/site/pages/tds_tutorial/getting_started/InstallJavaTomcat.md @@ -82,9 +82,10 @@ The following example shows Tomcat installation on a linux system. (This type of installation will work on Mac OS systems as well.) The installation is performed as the `root` user. -{% include note.html content=" +{% capture tomcatinstall %} For installation of Tomcat on Windows, see the [Tomcat Setup Guide](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/setup.html#Windows){:target='_blank'}. -" %} +{% endcapture %} +{% include info.html content=tomcatinstall %} {%- assign tomcat_version_split = site.tomcat_version | split: '.' -%} {%- assign tomcat_version_split = tomcat_version_split[0] -%} diff --git a/docs/userguide/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md b/docs/userguide/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md index ca1a7fabb7..c7954e15a8 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md +++ b/docs/userguide/src/site/pages/tds_tutorial/getting_started/TomcatManagerApp.md @@ -19,9 +19,10 @@ This section assumes you have successfully installed the JDK and Tomcat Servlet * Allows Tomcat administrators to deploy, un-deploy, or reload web applications such as the TDS without having to shut down and restart Tomcat. * Provides server status statistics for the JVM and each connector you have configured in `${tomcat_home}/conf/server.xml`. -{%include note.html content= +{% capture tcmanager %} "For more information about the Tomcat manager application, see the [Tomcat Manager App HOW-TO](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html){:target='_blank'} documentation. -" %} +{% endcapture %} +{% include info.html content=tcmanager %} ## Accessing The Manager Application @@ -57,10 +58,10 @@ This will be done in the following 2 steps: ~~~ - {%include note.html content=" + {% capture context_config %} For more information about web application context configuration files and their security options, please review the [Tomcat Manager App How-To](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html#Introduction){:target='_blank'} documentation. - " %} - + {% endcapture %} + {% include info.html content=context_config %} #### II. Modify `tomcat-users.xml` diff --git a/docs/userguide/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md b/docs/userguide/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md index a561fe3c6e..4b3424e3fe 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md +++ b/docs/userguide/src/site/pages/tds_tutorial/monitoring_and_debugging/ModifyingTomcatAccessLogs.md @@ -103,12 +103,10 @@ The access log entry format we are using is almost identical to the standard com pattern="%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i" %D" ~~~ - - -{%include note.html content=" +{% capture logfmt %} For more information on access log format configuration, see the Tomcat [Valve Component](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html){:target='_blank'} documentation. -" %} - +{% endcapture %} +{% include info.html content=logfmt %} The above pattern makes use of the following codes: diff --git a/docs/userguide/src/site/pages/tds_tutorial/production/DigestedPasswords.md b/docs/userguide/src/site/pages/tds_tutorial/production/DigestedPasswords.md index 9d26bd0f95..779d3b466c 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/production/DigestedPasswords.md +++ b/docs/userguide/src/site/pages/tds_tutorial/production/DigestedPasswords.md @@ -92,9 +92,10 @@ A Tomcat Realm represents a "database" of usernames, passwords, and roles assign supersecretpassword:bb7a2b6cf8da7122125c663fc1585808170b2027677195e0ad121f87b27320ae$1$55003acb56e907b19d29d3b4211dc98c837354690bc90579742d6747efeec4ea ~~~ - {% include note.html content=" - To use a different algorithm, a salt, or to limit the length of the resulting password hash, consult the [syntax options](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#Digested_Passwords){:target='_blank'} for the `tomcat_home/bin/digest.[bat|sh]` script. - " %} + {% capture algo %} + To use a different algorithm, a salt, or to limit the length of the resulting password hash, consult the [syntax options](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#Digested_Passwords){:target='_blank'} for the `tomcat_home/bin/digest.[bat|sh]` script. + {% endcapture %} + {% include info.html content=algo %} 3. Update `${tomcat_home}/conf/tomcat-users.xml` to replace your clear-text password with the encrypted version: diff --git a/docs/userguide/src/site/pages/tds_tutorial/production/EnableTLSEncryption.md b/docs/userguide/src/site/pages/tds_tutorial/production/EnableTLSEncryption.md index 29d989d727..b566673e51 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/production/EnableTLSEncryption.md +++ b/docs/userguide/src/site/pages/tds_tutorial/production/EnableTLSEncryption.md @@ -51,9 +51,10 @@ Tomcat uses the keystore file for TLS/SSL transactions. The following example demonstrates enabling TLS/SSL in the Tomcat Servlet Container on a linux system as the `root` user. -{%include note.html content=" +{% capture cert %} This section assumes you have already imported your CA-signed certificate into the [keystore](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target='_blank'} file. -" %} +{% endcapture %} +{% include info.html content=cert %} 1. Modify the Tomcat configuration to enable TLS/SSL: @@ -84,10 +85,12 @@ This section assumes you have already imported your CA-signed certificate into t ~~~ - - {%include note.html content=" - Tomcat also offers a `SSL/TLS HTTP/1.1 Connector` which utilizes `APR/native implementation`. Consult the [Documentation](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/http.html){:target='_blank'} to see if you should use this connector in lieu of the `NIO implementation SSL HTTP/1.1` connector. - " %} + + {% capture connector %} + Tomcat also offers a `SSL/TLS HTTP/1.1 Connector` which utilizes `APR/native implementation`. + Consult the [Documentation](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/http.html){:target='_blank'} to see if you should use this connector in lieu of the `NIO implementation SSL HTTP/1.1` connector. + {% endcapture %} + {% include info.html content=connector %} Specify the keystore file in the `certificateKeystoreFile` attribute of the `Certificate` element to tell Tomcat where to find your keystore (the path will be relative to `${tomcat_home}` directory). diff --git a/docs/userguide/src/site/pages/tds_tutorial/production/RestrictAccessToTds.md b/docs/userguide/src/site/pages/tds_tutorial/production/RestrictAccessToTds.md index 5b2a7d4b17..a9de0c02a9 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/production/RestrictAccessToTds.md +++ b/docs/userguide/src/site/pages/tds_tutorial/production/RestrictAccessToTds.md @@ -62,10 +62,10 @@ The `RemoteHostValve` compares the client hostname against one or more regular e deny=".*\.bandwidthhogs\.com" /> ~~~ - {%include note.html content=" - Consult the Tomcat [Remote Host Valve](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html#Remote_Host_Valve){:target='_blank'} documentation for more information about valve syntax and options. - " %} - + {% capture remote_host_valve %} + Consult the Tomcat [Remote Host Valve](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html#Remote_Host_Valve){:target='_blank'} documentation for more information about valve syntax and options. + {% endcapture %} + {% include info.html content=remote_host_valve%} ## Restrict Access Via Web Application Deployment Descriptor diff --git a/docs/userguide/src/site/pages/tds_tutorial/production/TdsBehindProxy.md b/docs/userguide/src/site/pages/tds_tutorial/production/TdsBehindProxy.md index 80a715b6cc..bee76cb631 100644 --- a/docs/userguide/src/site/pages/tds_tutorial/production/TdsBehindProxy.md +++ b/docs/userguide/src/site/pages/tds_tutorial/production/TdsBehindProxy.md @@ -210,9 +210,10 @@ The following example shows how to implement a proxy using the Apache HTTPD serv protocol="AJP/1.3" /> ~~~ - {% include note.html content=" + {% capture ajp_connector %} Consult the Tomcat documentation for more information about the [AJP Connector](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/ajp.html){:target='_blank'} configuration options. - " %} + {% endcapture %} + {% include info.html content=ajp_connector %} 2. Disable any active `Java HTTP/1.1 Connector` and the `SSL HTTP/1.1 Connector` Tomcat connectors.