diff --git a/docker/Dockerfile b/docker/Dockerfile
index e3c3652da9e72ddd0d2c266c1beb9a5172ff0fb7..6d4f46fb4ee2615cbe9752027bc07d62f90c52f5 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -19,10 +19,11 @@ ENV CATALINA_TMPDIR=/tmp
ENV WEBAPP_DIR=/webapps/vlkb-cutout
-COPY ast_9.2.9-1_amd64.deb ./
+COPY deps/ast_9.2.9-1_amd64.deb ./
RUN dpkg -i /root/ast_9.2.9-1_amd64.deb && ldconfig \
&& mkdir -p ${WEBAPP_DIR} \
- && mkdir -p /srv/surveys && mkdir -p /srv/cutouts
+ && mkdir -p /srv/surveys && mkdir -p /srv/cutouts \
+ && mkdir -p /etc/pki/tls
ARG VLKB_VERSION
@@ -33,7 +34,7 @@ RUN dpkg -i vlkb-${VLKB_VERSION}.deb vlkb-obscore-${VLKB_VERSION}.deb vlkbd-${VL
&& cd ${WEBAPP_DIR} && jar -xf vlkb-cutout-${VLKB_VERSION}.war
# Tomcat must load DB-driver (postgresql_*.jar), vlkb-cutout does not explicitely load DB-drivers
-COPY postgresql-*.jar /var/lib/tomcat9/lib
+COPY deps/postgresql-*.jar /var/lib/tomcat9/lib
@@ -41,7 +42,7 @@ COPY postgresql-*.jar /var/lib/tomcat9/lib
ENV INST_DIR=/usr/local
-COPY vlkbd_exec.sh ${INST_DIR}/bin
+COPY deps/vlkbd_exec.sh ${INST_DIR}/bin
RUN mkdir -p ${INST_DIR}/etc/vlkb-obscore \
&& mkdir -p ${INST_DIR}/etc/vlkbd \
@@ -50,13 +51,11 @@ RUN mkdir -p ${INST_DIR}/etc/vlkb-obscore \
# configure during docker build-time
-COPY config/vlkb-obscore.datasets.conf ${INST_DIR}/etc/vlkb-obscore/datasets.conf
-COPY config/vlkbd.datasets.conf ${INST_DIR}/etc/vlkbd/datasets.conf
+COPY deps/vlkb-obscore.datasets.conf ${INST_DIR}/etc/vlkb-obscore/datasets.conf
+COPY deps/vlkbd.datasets.conf ${INST_DIR}/etc/vlkbd/datasets.conf
-COPY config/auth.properties config/neatoken.properties config/iamtoken.properties ${WEBAPP_DIR}/WEB-INF/classes/
-
-#COPY ssl/keystore.jks /root/
-COPY ssl/server.xml ssl/server-connector-8080.xml ssl/server-connector-8443.xml /etc/tomcat9/
+# precofigure port 8080 (no SSL)
+COPY deps/server.xml deps/server-connector.xml /etc/tomcat9/
# configure during docker run-time
diff --git a/docker/config/authpolicy.properties b/docker/config/authpolicy.properties
deleted file mode 100644
index 1c59ef6ea99316ff778ca7dda6cb2cb3493aa9b3..0000000000000000000000000000000000000000
--- a/docker/config/authpolicy.properties
+++ /dev/null
@@ -1,6 +0,0 @@
-db_uri=jdbc:postgresql://127.0.0.1:5432/vialactea
-db_schema=datasets
-db_user_name=vialactea
-db_password=ia2vlkb
-
-
diff --git a/docker/config/context-cutout.xml b/docker/config/context-cutout.xml
deleted file mode 100644
index 4f5f504df9c52f4119d68bf48434f3afb0ae3861..0000000000000000000000000000000000000000
--- a/docker/config/context-cutout.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<Context docBase="/webapps/vlkb-cutout">
-
- <Resources allowLinking="true">
- <PostResources readOnly="false"
- className="org.apache.catalina.webresources.DirResourceSet"
- base="/srv/cutouts"
- webAppMount="/cutouts"/>
- <PostResources readOnly="true"
- className="org.apache.catalina.webresources.DirResourceSet"
- base="/srv/surveys"
- webAppMount="/surveys"/>
- </Resources>
-
-</Context>
-
diff --git a/docker/config/formatresponsefilter.properties b/docker/config/formatresponsefilter.properties
deleted file mode 100644
index b8acc01981bfba522a55bb187daebe3a2b1cecf0..0000000000000000000000000000000000000000
--- a/docker/config/formatresponsefilter.properties
+++ /dev/null
@@ -1,7 +0,0 @@
-
-# used to retrieve extraCards to add to FITS_header (VLKB-only)
-surveys_metadata_abs_pathname=/srv/surveys/survey_populate.csv
-
-# these URL's are used to construct cutout merge requests strings in response.xml
-cutout_url=http://vlkb-devel.ia2.inaf.it:8080/vlkb/datasets/vlkb_cutout
-merge_url=http://vlkb-devel.ia2.inaf.it:8080/vlkb/datasets/vlkb_merge
diff --git a/docker/config/iamtoken.properties b/docker/config/iamtoken.properties
deleted file mode 100644
index e0935bb1f2d6f832b04b22c9dac817eac6741e5d..0000000000000000000000000000000000000000
--- a/docker/config/iamtoken.properties
+++ /dev/null
@@ -1,10 +0,0 @@
-
-#jwks_url=https://iam-escape.cloud.cnaf.infn.it/jwk
-introspect=https://iam-escape.cloud.cnaf.infn.it/introspect
-client_name=02cc260f-9837-4907-b2cb-a1a2d764fb15
-client_password=AJMi3qrB6AHRp_6y55tEwU-IpJ8uZ6X4QXeQ3W4la6dc-BlkzAY1OQpAE9hb1W7-VfYl4208FUtjE2Cl3hUYLkQ
-
-resource_id=vlkb
-
-non_authn_username=anonymous
-
diff --git a/docker/config/neatoken.properties b/docker/config/neatoken.properties
deleted file mode 100644
index 21793e2600441bc6122e1ce54387ad8525bbd297..0000000000000000000000000000000000000000
--- a/docker/config/neatoken.properties
+++ /dev/null
@@ -1,7 +0,0 @@
-
-jwks_url=https://sso.neanias.eu/auth/realms/neanias-production/protocol/openid-connect/certs
-
-resource_id=vlkb
-
-non_authn_username=anonymous
-
diff --git a/docker/config/tomcat-users.xml b/docker/config/tomcat-users.xml
deleted file mode 100644
index 6587e75e97ec68e52749cd93b9e2a54f5a28e76d..0000000000000000000000000000000000000000
--- a/docker/config/tomcat-users.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<tomcat-users xmlns="http://tomcat.apache.org/xml"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
- version="1.0">
-<!--
- NOTE: By default, no user is included in the "manager-gui" role required
- to operate the "/manager/html" web application. If you wish to use this app,
- you must define such a user - the username and password are arbitrary. It is
- strongly recommended that you do NOT use one of the users in the commented out
- section below since they are intended for use with the examples web
- application.
--->
-<!--
- NOTE: The sample user and role entries below are intended for use with the
- examples web application. They are wrapped in a comment and thus are ignored
- when reading this file. If you wish to configure these users for use with the
- examples web application, do not forget to remove the <!.. ..> that surrounds
- them. You will also need to set the passwords to something appropriate.
--->
-<!--
- <role rolename="tomcat"/>
- <role rolename="role1"/>
- <user username="tomcat" password="<must-be-changed>" roles="tomcat"/>
- <user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
- <user username="role1" password="<must-be-changed>" roles="role1"/>
--->
-
- <role rolename="manager-script"/>
- <user username="admin" password="IA2lbt09" roles="manager-script"/>
-</tomcat-users>
-
diff --git a/docker/config/vlkb-obscore.datasets.conf b/docker/config/vlkb-obscore.datasets.conf
deleted file mode 100644
index 9572cd452614d5a6e0de043eaed03c2d1c168f82..0000000000000000000000000000000000000000
--- a/docker/config/vlkb-obscore.datasets.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-
-# root of path for local access
-fits_path_surveys=/srv/surveys
-
-# obs_publisher_did = <obscore publisher> ? <generated-pubdid>
-obscore_publisher=ivo://ia2.inaf.it/vlkb/datasets
-
-# full access URL: <obscore_access_url>/<storage-path>/<file-name>
-obscore_access_url=https://vlkb-devel.ia2.inaf.it:8443/vlkb/datasets/surveys
-obscore_access_format=application/fits
-
-# logging (holds last exec only)
-# log_dir=/tmp
-# log_filename=vlkb-obscore.log
-
diff --git a/docker/config/vlkbd.datasets.conf b/docker/config/vlkbd.datasets.conf
deleted file mode 100644
index bccc41819036738345cde389866cc381c672eb2f..0000000000000000000000000000000000000000
--- a/docker/config/vlkbd.datasets.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-
-# path to original files
-fits_path_surveys=/srv/surveys
-# path to generated cutouts
-fits_path_cutouts=/srv/cutouts
-
-# logging records last request only
-# log_dir=/tmp
-# log_filename=vlkbd.log
-
diff --git a/docker/ast-9.2.9.tar.gz b/docker/deps/ast-9.2.9.tar.gz
similarity index 100%
rename from docker/ast-9.2.9.tar.gz
rename to docker/deps/ast-9.2.9.tar.gz
diff --git a/docker/ast_9.2.9-1_amd64.deb b/docker/deps/ast_9.2.9-1_amd64.deb
similarity index 100%
rename from docker/ast_9.2.9-1_amd64.deb
rename to docker/deps/ast_9.2.9-1_amd64.deb
diff --git a/docker/postgresql-42.2.5.jar b/docker/deps/postgresql-42.2.5.jar
similarity index 100%
rename from docker/postgresql-42.2.5.jar
rename to docker/deps/postgresql-42.2.5.jar
diff --git a/docker/vlkbd_exec.sh b/docker/deps/vlkbd_exec.sh
similarity index 100%
rename from docker/vlkbd_exec.sh
rename to docker/deps/vlkbd_exec.sh
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 85500956e5fa0786f010a80d281303b4da6f698c..f15a97af7a68ff8f3a27f9b81c4ccd18b27c7e6a 100755
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -30,13 +30,13 @@ echo "CATALINA_TMPDIR : "$CATALINA_TMPDIR
#########################################################################
## configure vlkb-tools
+
if test -n "$VLKBOBSCORE_PG_URI"
then
echo "pg_uri=$VLKBOBSCORE_PG_URI" >> $INST_DIR/etc/vlkb-obscore/datasets.conf
echo "pg_schema=datasets" >> $INST_DIR/etc/vlkb-obscore/datasets.conf
fi
-
## configure VLKB access
cp $WEBAPP_DIR/META-INF/context.xml $CATALINA_BASE/conf/Catalina/localhost/$ACCESS_CONTEXT_ROOT.xml
@@ -90,62 +90,25 @@ then
fi
+#### Security
-if test -n "$SECURITY"
-then
- cd $WEBAPP_DIR/WEB-INF/ && rm -f web.xml && cp web-cutout-$SECURITY.xml web.xml && cd -
- echo "db_uri=$AUTH_DB_URI" > $WEBAPP_DIR/WEB-INF/classes/authpolicy.properties
- echo "db_schema=$AUTH_DB_SCHEMA" >> $WEBAPP_DIR/WEB-INF/classes/authpolicy.properties
- echo "db_user_name=$AUTH_DB_USERNAME" >> $WEBAPP_DIR/WEB-INF/classes/authpolicy.properties
- echo "db_password=$AUTH_DB_PASSWORD" >> $WEBAPP_DIR/WEB-INF/classes/authpolicy.properties
-fi
-
-# configure access-token validation
-if test -f /srv/surveys/iamtoken.properties
-then
- cp /srv/surveys/iamtoken.properties $WEBAPP_DIR/WEB-INF/classes/
-fi
-
-# configure port/SSL connector: (path is relative to the dir where compose.yaml is
-# - web.xml to run filters set above
-# * ssl: set tomcat connector with certificates (ia2 needs SECTIGO, iam needs self-signed keystore.jks)
-# * keep right jjwt*.jar libs (ia2 authlib needs v0.11, iam needs v0.12)
-# assume all files in ssl sub-dir relative to where compose.yaml is
-# set volume mapping in compose.yaml: ssl/ -> /etc/pki/tls/
case $SECURITY in
ia2token)
- #cp ssl/server-connector-8443.xml-SECTIGO-vlkb_ia2_inaf_it /etc/tomcat9/server-connector-8443.xml
- cp /root/ssl/server-connector-8443.xml /etc/tomcat9/server-connector-8443.xml
- # map volume instead of this: cp -r ssl/SECTIGO /etc/pki/tls/
- rm /webapps/vlkb-cutout/WEB-INF/lib/jjwt-*0.12*.jar
+ cd $WEBAPP_DIR/WEB-INF/ && rm -f web.xml && cp web-cutout-$SECURITY.xml web.xml && cd -
+ cp /etc/pki/tls/server-connector.xml /etc/tomcat9/
+ cp /etc/pki/tls/auth*.properties $WEBAPP_DIR/WEB-INF/classes/
+ rm -f /webapps/vlkb-cutout/WEB-INF/lib/jjwt-*0.12*.jar
;;
iamtoken)
- #cp ssl/server-connector-8443.xml-keystore-self-signed /etc/tomcat9/server-connector-8443.xml
- cp /root/ssl/server-connector-8443.xml /etc/tomcat9/server-connector-8443.xml
- # map volume somedir:/etc/pki/tls with somedir/{keystore.jks,SECTIGO/*} XXX cp ssl/keystore.jks /etc/pki/tls/
- rm /webapps/vlkb-cutout/WEB-INF/lib/jjwt-*0.11*.jar
+ cd $WEBAPP_DIR/WEB-INF/ && rm -f web.xml && cp web-cutout-$SECURITY.xml web.xml && cd -
+ cp /etc/pki/tls/server-connector.xml /etc/tomcat9/
+ cp /etc/pki/tls/iamtoken.properties $WEBAPP_DIR/WEB-INF/classes/
+ rm -f /webapps/vlkb-cutout/WEB-INF/lib/jjwt-*0.11*.jar
;;
*)
echo "Security not configured, runs open."
;;
esac
-#
-#if test -f /srv/surveys/keystore.jks
-#then
-# cp /srv/surveys/keystore.jks /root/
-#fi
-#if test -f /srv/surveys/server-connector-8443.xml /etc/tomcat9/
-#then
-# cp /srv/surveys/server-connector-8443.xml /etc/tomcat9/
-#fi
-#
-if test -n "$SECURITY"
-then
- cd /etc/tomcat9/ && ln -s server-connector-8443.xml server-connector.xml && cd -
-else
- cd /etc/tomcat9/ && ln -s server-connector-8080.xml server-connector.xml && cd -
-fi
-
#########################################################################
diff --git a/docker/compose-example-ska-soda.yaml b/docker/example-compose-ska-soda.yaml
similarity index 100%
rename from docker/compose-example-ska-soda.yaml
rename to docker/example-compose-ska-soda.yaml
diff --git a/docker/compose-example-vlkb.yaml b/docker/example-compose-vlkb.yaml
similarity index 100%
rename from docker/compose-example-vlkb.yaml
rename to docker/example-compose-vlkb.yaml
diff --git a/docker/example-security/README.tex b/docker/example-security/README.tex
new file mode 100644
index 0000000000000000000000000000000000000000..8352fe1208d9b48fa581a1efdf33eeffa4cd0cc1
--- /dev/null
+++ b/docker/example-security/README.tex
@@ -0,0 +1,31 @@
+
+# notes on security:
+# set volume mapping in compose.yaml: security/ -> /etc/pki/tls/
+# configure port/SSL connector: (path is relative to the dir where compose.yaml is
+# * server-connector.xml : set tomcat connector with certificates
+# -- ia2 needs SECTIGO
+# -- iam needs self-signed keystore.jks
+# * keep right jjwt*.jar libs (ia2 authlib needs v0.11, iam needs v0.12)
+# FIXME implement *.properties and server-connector.xml by paramters
+
+
+
+#### Security
+# SSL-certificates are site-dependent and must be regularly updated:
+# vlkb-cutout expects them in /etc/pki/tls
+#
+# map volume: ./security:/etc/pki/tls:z,ro
+#
+# ia2token:
+# auth.propeties
+# authpolicy.properties
+# server-connector.xml
+# SECTIGO/*
+#
+# iamtoken:
+# iamtoken.properties
+# server-connector.xml
+# keystore.jks
+#
+
+
diff --git a/docker/ssl/keystore.jks b/docker/example-security/garrtoken/keystore.jks
similarity index 100%
rename from docker/ssl/keystore.jks
rename to docker/example-security/garrtoken/keystore.jks
diff --git a/docker/example-security/garrtoken/neatoken.properties b/docker/example-security/garrtoken/neatoken.properties
new file mode 100644
index 0000000000000000000000000000000000000000..839e15d714346acd080d3bc7474dc164e97a4af8
--- /dev/null
+++ b/docker/example-security/garrtoken/neatoken.properties
@@ -0,0 +1,10 @@
+
+# certificates endpoint
+jwks_url=
+
+# account created for the service
+resource_id=
+
+# username for non-authenticated requests
+non_authn_username=anonymous
+
diff --git a/docker/ssl/server-connector-8443.xml-self-signed-keystore-jks b/docker/example-security/garrtoken/server-connector-8443.xml-self-signed-keystore-jks
similarity index 100%
rename from docker/ssl/server-connector-8443.xml-self-signed-keystore-jks
rename to docker/example-security/garrtoken/server-connector-8443.xml-self-signed-keystore-jks
diff --git a/docker/config/auth.properties b/docker/example-security/ia2token/auth.properties
similarity index 100%
rename from docker/config/auth.properties
rename to docker/example-security/ia2token/auth.properties
diff --git a/docker/example-security/ia2token/authpolicy.properties b/docker/example-security/ia2token/authpolicy.properties
new file mode 100644
index 0000000000000000000000000000000000000000..d1d5756218a28b49df6e1f92a8828c9f62c24cac
--- /dev/null
+++ b/docker/example-security/ia2token/authpolicy.properties
@@ -0,0 +1,7 @@
+# database for table with permissions
+db_uri=
+db_schema=
+db_user_name=
+db_password=
+
+
diff --git a/docker/ssl/server-connector-8443.xml-SECTIGO-vlkb.ia2.inaf.it b/docker/example-security/ia2token/server-connector-8443.xml-SECTIGO-vlkb.ia2.inaf.it
similarity index 100%
rename from docker/ssl/server-connector-8443.xml-SECTIGO-vlkb.ia2.inaf.it
rename to docker/example-security/ia2token/server-connector-8443.xml-SECTIGO-vlkb.ia2.inaf.it
diff --git a/docker/example-security/iamtoken/iamtoken.properties b/docker/example-security/iamtoken/iamtoken.properties
new file mode 100644
index 0000000000000000000000000000000000000000..d275d68bee277ed3450eee1349d4a3a2c48210dc
--- /dev/null
+++ b/docker/example-security/iamtoken/iamtoken.properties
@@ -0,0 +1,13 @@
+
+# certificates endpoint
+#jwks_url=
+introspect=
+client_name=
+client_password=
+
+# account created for the service
+resource_id=
+
+# username for non-authenticated requests
+non_authn_username=anonymous
+
diff --git a/docker/example-security/iamtoken/keystore.jks b/docker/example-security/iamtoken/keystore.jks
new file mode 100644
index 0000000000000000000000000000000000000000..57c469584925bdc3de5f6919123d67c5a3189560
Binary files /dev/null and b/docker/example-security/iamtoken/keystore.jks differ
diff --git a/docker/ssl/server-connector-8443.xml-self-signed-keystore-jks-ORIG b/docker/example-security/iamtoken/server-connector-8443.xml-self-signed-keystore-jks
similarity index 85%
rename from docker/ssl/server-connector-8443.xml-self-signed-keystore-jks-ORIG
rename to docker/example-security/iamtoken/server-connector-8443.xml-self-signed-keystore-jks
index 323456aa568ff5e7589dd347879f495d63833b51..02ca4500189bcdf839f61eb03958e8284c4c9205 100644
--- a/docker/ssl/server-connector-8443.xml-self-signed-keystore-jks-ORIG
+++ b/docker/example-security/iamtoken/server-connector-8443.xml-self-signed-keystore-jks
@@ -3,7 +3,7 @@
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyAlias="tomcat"
- certificateKeystoreFile="/root/keystore.jks"
+ certificateKeystoreFile="/etc/pki/tls/keystore.jks"
certificateKeystorePassword="tomcatskassl"
type="RSA" />
</SSLHostConfig>
diff --git a/docker/ssl/How to generate a self-signed SSL certificate using OpenSSL - Stack Overflow.pdf b/docker/example-security/ssl/How to generate a self-signed SSL certificate using OpenSSL - Stack Overflow.pdf
similarity index 100%
rename from docker/ssl/How to generate a self-signed SSL certificate using OpenSSL - Stack Overflow.pdf
rename to docker/example-security/ssl/How to generate a self-signed SSL certificate using OpenSSL - Stack Overflow.pdf
diff --git a/docker/ssl/How to use OpenSSL and the Internet PKI on Linux systems Enable Sysadmin.pdf b/docker/example-security/ssl/How to use OpenSSL and the Internet PKI on Linux systems Enable Sysadmin.pdf
similarity index 100%
rename from docker/ssl/How to use OpenSSL and the Internet PKI on Linux systems Enable Sysadmin.pdf
rename to docker/example-security/ssl/How to use OpenSSL and the Internet PKI on Linux systems Enable Sysadmin.pdf
diff --git a/docker/ssl/Makefile b/docker/example-security/ssl/Makefile
similarity index 100%
rename from docker/ssl/Makefile
rename to docker/example-security/ssl/Makefile
diff --git a/docker/ssl/server-connector-8080.xml b/docker/ssl/server-connector-8080.xml
deleted file mode 100644
index 2917f61d66eeec97c63fd9718c4530337a0a339a..0000000000000000000000000000000000000000
--- a/docker/ssl/server-connector-8080.xml
+++ /dev/null
@@ -1,3 +0,0 @@
- <Connector port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000" />
-
diff --git a/docker/ssl/server-connector-8443.xml b/docker/ssl/server-connector-8443.xml
deleted file mode 100644
index 1ad61476dbe60e77851fa636d3c40009af30232e..0000000000000000000000000000000000000000
--- a/docker/ssl/server-connector-8443.xml
+++ /dev/null
@@ -1,11 +0,0 @@
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
- maxThreads="150" SSLEnabled="true">
- <SSLHostConfig>
- <Certificate certificateKeyFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.key"
- certificateFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.crt"
- certificateChainFile="/etc/pki/tls/SECTIGO/CA.crt"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
-
diff --git a/docker/ssl/server-connector.xml b/docker/ssl/server-connector.xml
deleted file mode 100644
index 1ad61476dbe60e77851fa636d3c40009af30232e..0000000000000000000000000000000000000000
--- a/docker/ssl/server-connector.xml
+++ /dev/null
@@ -1,11 +0,0 @@
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
- maxThreads="150" SSLEnabled="true">
- <SSLHostConfig>
- <Certificate certificateKeyFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.key"
- certificateFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.crt"
- certificateChainFile="/etc/pki/tls/SECTIGO/CA.crt"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
-
diff --git a/docker/ssl/server.xml b/docker/ssl/server.xml
deleted file mode 100644
index 3ea14238c9561459974a2e3bf1c2c5d4c7730663..0000000000000000000000000000000000000000
--- a/docker/ssl/server.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!DOCTYPE server-xml [
- <!ENTITY connector-config SYSTEM "server-connector.xml">
-]>
-
-<Server port="-1" shutdown="SHUTDOWN">
- <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
- <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
- <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
- <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
-
- <GlobalNamingResources>
- <Resource name="UserDatabase" auth="Container"
- type="org.apache.catalina.UserDatabase"
- description="User database that can be updated and saved"
- factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
- pathname="conf/tomcat-users.xml" />
- </GlobalNamingResources>
-
- <Service name="Catalina">
-
- &connector-config;
-
- <Engine name="Catalina" defaultHost="localhost">
- <Realm className="org.apache.catalina.realm.LockOutRealm">
- <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
- resourceName="UserDatabase"/>
- </Realm>
- <Host name="localhost" appBase="webapps"
- unpackWARs="true" autoDeploy="true">
- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
- prefix="localhost_access_log" suffix=".txt"
- pattern="%h %l %u %t "%r" %s %b" />
- </Host>
- </Engine>
- </Service>
-</Server>