diff --git a/server/configs/application.properties b/server/configs/application.properties index c77e14283d..654295dae7 100644 --- a/server/configs/application.properties +++ b/server/configs/application.properties @@ -50,7 +50,7 @@ context.encryptionKey=@@encryptionKey@@ ## Using a legacy context path provides backwards compatibility with old deployments. A typical use case would be to ## deploy to the root context (the default) and configure /labkey as the legacy path. GETs will be redirected. -## All other methods (POSTs, PUTs, etc) will be handled server-side via a servlet forward. +## All other methods (POSTs, PUTs, etc.) will be handled server-side via a servlet forward. #context.legacyContextPath=/labkey ## Other webapps to be deployed, most commonly to deliver a set of static files. The context path to deploy into is the @@ -67,11 +67,12 @@ context.encryptionKey=@@encryptionKey@@ ## Tomcat v10.1.42 lowered the default for part count from 1000 to 10. Our default is now 500. ## Tomcat also lowered the header size default from 10Kb to 512, which is also our default. -## We lower max connections from default 8192 to 250, providing ample concurrent requests for LabKey Server scenarios. -## These settings can be overridden if needed, but reasonable limits reduce your server's vulnerability to DoS attacks. -server.tomcat.max-part-count=500 -server.tomcat.max-part-header-size=512 -server.tomcat.max-connections=250 +## We lowered max connections from default 8192 to 250, providing ample concurrent requests for LabKey Server scenarios. +## These default values are set via the server code (LabKeyServer.java), but they can be overridden below, if needed. +## However, note that reasonable limits reduce your server's vulnerability to DoS attacks. +#server.tomcat.max-part-count=500 +#server.tomcat.max-part-header-size=512 +#server.tomcat.max-connections=250 ## SMTP configuration mail.smtpHost=@@smtpHost@@ @@ -112,15 +113,6 @@ mail.smtpUser=@@smtpUser@@ # HTTP session timeout for users - defaults to 30 minutes #server.servlet.session.timeout=30m -## Enable shutdown endpoint -management.endpoint.shutdown.enabled=true -## turn off other endpoints -management.endpoints.enabled-by-default=false -## allow access via http -management.endpoints.web.exposure.include=* -## Use a separate port for management endpoints. Required if LabKey is using default (ROOT) context path -management.server.port=@@shutdownPort@@ - ## Turn on JSON-formatted HTTP access logging to stdout. See issue 48565 ## https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#JSON_Access_Log_Valve #jsonaccesslog.enabled=true diff --git a/server/configs/webapps/embedded/config/application.properties b/server/configs/webapps/embedded/config/application.properties index 5a171dc332..627322d21b 100644 --- a/server/configs/webapps/embedded/config/application.properties +++ b/server/configs/webapps/embedded/config/application.properties @@ -58,15 +58,15 @@ server.error.include-message=always ## This must not be the same as the server.port set above. #context.httpPort=80 -## We strongly recommend deploying LabKey at the root context path (e.g. http://localhost:8080) +## We strongly recommend deploying LabKey at the root context path (e.g., http://localhost:8080) ## If your previous configuration file was named "ROOT.xml", you were already deployed at the root. -## If you previously used a different context path, such as "/labkey" (i.e. with a configuration +## If you previously used a different context path, such as "/labkey" (i.e., with a configuration ## file named "labkey.xml"), set a legacy context path for backwards compatibility. ## Previous URLs, GETs, etc. will be redirected or handled server-side via a servlet forward. #context.legacyContextPath=/labkey -## We do not recommend deploying to a non-root context path (e.g. http://localhost:8080/labkey) -## If you do set this property, do not set a legacyContextPath. +## We do not recommend deploying to a non-root context path (e.g., http://localhost:8080/labkey) +## If you do set this property, do not set a legacyContextPath. And the context path value must start with a slash. #context.contextPath=/labkey #################################################################################### @@ -105,11 +105,12 @@ mail.smtpUser=Anonymous ## Tomcat v10.1.42 lowered the default for part count from 1000 to 10. Our default is now 500. ## Tomcat also lowered the header size default from 10Kb to 512, which is also our default. -## We lower max connections from default 8192 to 250, providing ample concurrent requests for LabKey Server scenarios. -## These settings can be overridden if needed, but reasonable limits reduce your server's vulnerability to DoS attacks. -server.tomcat.max-part-count=500 -server.tomcat.max-part-header-size=512 -server.tomcat.max-connections=250 +## We lowered max connections from default 8192 to 250, providing ample concurrent requests for LabKey Server scenarios. +## These default values are set via the server code (LabKeyServer.java), but they can be overridden below, if needed. +## However, note that reasonable limits reduce your server's vulnerability to DoS attacks. +#server.tomcat.max-part-count=500 +#server.tomcat.max-part-header-size=512 +#server.tomcat.max-connections=250 ## Other webapps to be deployed, most commonly to deliver a set of static files. The context path to deploy into is the ## property name after the "context.additionalWebapps." prefix, and the value is the location of the webapp on disk diff --git a/server/embedded/src/org/labkey/embedded/LabKeyServer.java b/server/embedded/src/org/labkey/embedded/LabKeyServer.java index bb7370e99f..dc111f3916 100644 --- a/server/embedded/src/org/labkey/embedded/LabKeyServer.java +++ b/server/embedded/src/org/labkey/embedded/LabKeyServer.java @@ -15,6 +15,7 @@ import java.io.File; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; import java.util.Map; @@ -88,24 +89,32 @@ public static void main(String[] args) String reportCsp = baseCsp + """ report-uri ${context.contextPath:}/admin-contentSecurityPolicyReport.api?cspVersion=r12&${CSP.REPORT.PARAMS} ; """; - application.setDefaultProperties(Map.of( - "server.tomcat.basedir", ".", - "server.tomcat.accesslog.directory", logHome, - // Enable HTTP compression for response content - "server.compression.enabled", "true", + application.setDefaultProperties(new HashMap<>() + {{ + put("server.tomcat.basedir", "."); + put("server.tomcat.accesslog.directory", logHome); - "server.tomcat.accesslog.enabled", "true", - "server.tomcat.accesslog.pattern", "%h %l %u %t \"%r\" %s %b %D %S %I \"%{Referer}i\" \"%{User-Agent}i\" %{LABKEY.username}s %{X-Forwarded-For}i", - "jsonaccesslog.pattern", "%h %t %m %U %s %b %D %S \"%{Referer}i\" \"%{User-Agent}i\" %{LABKEY.username}s %{X-Forwarded-For}i", + // Boost limits imposed by Tomcat v10.1.42 + put("server.tomcat.max-part-count", 500); + put("server.tomcat.max-part-header-size", 512); + put("server.tomcat.max-connections", 250); - // Issue 52415: Omit stack traces from Tomcat error pages by default, but propagate error messages - "server.error.include-stacktrace", "never", - "server.error.include-message", "always", + // Enable HTTP compression for response content + put("server.compression.enabled", "true"); - "csp.enforce", enforceCsp, - "csp.report", reportCsp - )); + put("server.tomcat.accesslog.enabled", "true"); + put("server.tomcat.accesslog.pattern", "%h %l %u %t \"%r\" %s %b %D %S %I \"%{Referer}i\" \"%{User-Agent}i\" %{LABKEY.username}s %{X-Forwarded-For}i"); + put("jsonaccesslog.pattern", "%h %t %m %U %s %b %D %S \"%{Referer}i\" \"%{User-Agent}i\" %{LABKEY.username}s %{X-Forwarded-For}i"); + + // Issue 52415: Omit stack traces from Tomcat error pages by default, but propagate error messages + put("server.error.include-stacktrace", "never"); + put("server.error.include-message", "always"); + + put("csp.enforce", enforceCsp); + put("csp.report", reportCsp); + }} + ); application.setBannerMode(Banner.Mode.OFF); application.run(args); }