Difference between revisions of "Recommended Tomcat Setup"

From Fusion Registry Wiki
Jump to navigation Jump to search
(Created page with " == Recommended Apache Tomcat Setup == Fusion Registry 11 is designed to run on a variety of web servers and platforms, although we recommend and support Fusion Registry runn...")
 
(Recommended Apache Tomcat Setup)
Line 2: Line 2:
 
== Recommended Apache Tomcat Setup ==
 
== Recommended Apache Tomcat Setup ==
  
Fusion Registry 11 is designed to run on a variety of web servers and platforms, although we recommend and support Fusion Registry running on Apache Tomcat.
+
Fusion Registry must be run within a Java Servlet Container. Regnology recommends using Apache Tomcat as the Java Servlet Container, as this has been used during the testing lifecycle of Fusion Registry. The Fusion Registry has only been tested in Apache Tomcat and therefore we cannot guarantee that the Fusion Registry will work with other Java Servlet Containers.
  
 
There are a few things to consider when running Fusion Registry on Apache Tomcat.
 
There are a few things to consider when running Fusion Registry on Apache Tomcat.

Revision as of 14:54, 14 January 2024

Recommended Apache Tomcat Setup

Fusion Registry must be run within a Java Servlet Container. Regnology recommends using Apache Tomcat as the Java Servlet Container, as this has been used during the testing lifecycle of Fusion Registry. The Fusion Registry has only been tested in Apache Tomcat and therefore we cannot guarantee that the Fusion Registry will work with other Java Servlet Containers.

There are a few things to consider when running Fusion Registry on Apache Tomcat.

Security

For enhanced security, we recommend the following:

server.xml file

To prevent Tomcat related stack traces from being displayed in certain circumstances, we recommend the following changes be made to the server.xml file. This file can be found in (Apache Tomcat Directory)/conf.

Open the file in a text editor, and just before the </Host> tag, insert

<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false"/>

and then save the file.

This prevents stack traces from being displayed to the user with HTTP error codes.

context.xml file

This is not a change you are required to make, but we present the following for informational purposes. To prevent potential vulnerabilities related to Cross-Site Request Forgery (CSRF), we have included a context.xml file, which is located in the META-INF directory in the Fusion Registry directory. This file overwrites Tomcat's cookie pre-processor settings and enforces a strict SameSite cookies policy. More information on SameSite cookie security policies can be found here.