Tomcat Configuration

From Dogtag
Jump to: navigation, search

Global Tomcat Configuration

Global Tomcat configuration is stored in /etc/tomcat/tomcat.conf:

# System-wide configuration file for tomcat services
# This will be loaded by systemd as an environment file,
# so please keep the syntax. For shell expansion support
# place your custom files as /etc/tomcat/conf.d/*.conf
# There are 2 "classes" of startup behavior in this package.
# The old one, the default service named tomcat.service.
# The new named instances are called tomcat@instance.service.
# Use this file to change default values for all services.
# Change the service specific ones to affect only one service.
# For tomcat.service it's /etc/sysconfig/tomcat, for
# tomcat@instance it's /etc/sysconfig/tomcat@instance.

# This variable is used to figure out if config is loaded or not.

# In new-style instances, if CATALINA_BASE isn't specified, it will
# be constructed by joining TOMCATS_BASE and NAME.

# Where your java installation lives

# Where your tomcat installation lives

# System-wide tmp

# You can pass some parameters to java here if you wish to
#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"

# Use JAVA_OPTS to set java.library.path for

# Set default javax.sql.DataSource factory to apache commons one. See rhbz#1214381

# You can change your tomcat locale here

# Run tomcat under the Java Security Manager

# Time to wait in seconds, before killing process
# TODO(stingray): does nothing, fix.

# If you wish to further customize your tomcat environment,
# put your own definitions here
# (i.e. LD_LIBRARY_PATH for some jdbc drivers)

HTTP Connector

The HTTP connector configuration is located in the Connector element in /etc/pki/pki-tomcat/server.xml:


        <Connector name="Unsecure"

        <Connector name="Secure"


See also:


The connectionTimeout parameter specifies the number of milliseconds this Connector will wait, after accepting a connection, for the request URI line to be presented. Use a value of -1 to indicate no (i.e. infinite) timeout. The default value is 60000 (i.e. 60 seconds) but note that the standard server.xml that ships with Tomcat sets this to 20000 (i.e. 20 seconds). Unless disableUploadTimeout is set to false, this timeout will also be used when reading the request body (if any).

In PKI the parameter is set to 20000ms (20 seconds) for the Unsecure connector and 80000 ms (80 seconds) for the Secure connector.


The keepAliveTimeout parameter specifies the number of milliseconds this Connector will wait for another HTTP request before closing the connection. The default value is to use the value that has been set for the connectionTimeout attribute. Use a value of -1 to indicate no (i.e. infinite) timeout.

In PKI 10.3 or older the parameter is unset. In PKI 10.4 or newer the parameter is 300000 ms (5 minutes) for the secure connector.


The sessionTimeout parameter specifies the time, in seconds, after the creation of an SSL session that it will timeout. Use 0 to specify an unlimited timeout. If not specified, a default of 86400 (24 hours) is used.

In PKI the parameter is unset.

Web Application

The default configuration for the main web application is stored in /usr/share/pki/server/webapps/pki/WEB-INF/web.xml. The default configuration for each subsystem web application is stored in /usr/share/pki/ca/webapps/ca/WEB-INF/web.xml.

Each web application has its own session timeout configuration:




The default session timeout is 30 minutes.

To customize the web application for individual instance, see Customization.


See also:

JSP Compiler

The JSP compiler configuration is stored in /etc/pki/pki-tomcat/web.xml:




See also: