blsmith/dc-deployments-automation
1
0
Fork 0
mirror of https://bitbucket.org/atlassian/dc-deployments-automation.git synced 2025-12-14 08:53:07 -06:00
Code Issues Packages Projects Releases Wiki Activity

DCD-352: Start of Confluence config role.

Browse Source
This commit is contained in:
Steve Smith
2019-05-22 14:11:13 +10:00
parent e9d1fd2a47
commit bb63a8333a
11 changed files with 443 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
roles/confluence_config/templates/seraph-config.xml.j2 Normal file
View File

@@ -0,0 +1,71 @@
<security-config>
<parameters>
<init-param>
<param-name>login.url</param-name>
<param-value>/login.action?os_destination=${originalurl}&amp;permissionViolation=true</param-value>
</init-param>
<init-param>
<param-name>link.login.url</param-name>
<param-value>/login.action</param-value>
</init-param>
<init-param>
<param-name>cookie.encoding</param-name>
<param-value>cNf</param-value>
</init-param>
<init-param>
<param-name>login.cookie.key</param-name>
<param-value>seraph.confluence</param-value>
</init-param>
{% if atl_autologin_cookie_age is defined and atl_autologin_cookie_age|length %}
<init-param>
<param-name>autologin.cookie.age</param-name>
<param-value>{{ atl_autologin_cookie_age }}</param-value>
</init-param>
{% endif %}
<!--only basic authentication available-->
<init-param>
<param-name>authentication.type</param-name>
<param-value>os_authType</param-value>
</init-param>
<!-- Invalidate session on login to prevent session fixation attack -->
<init-param>
<param-name>invalidate.session.on.login</param-name>
<param-value>true</param-value>
</init-param>
<!-- Add names for session attributes that must not be copied to a new session when the old one gets invalidated.
Currently it is empty (i.e. all attributes will be copied). -->
<init-param>
<param-name>invalidate.session.exclude.list</param-name>
<param-value></param-value>
</init-param>
</parameters>
<rolemapper class="com.atlassian.confluence.security.ConfluenceRoleMapper"/>
<controller class="com.atlassian.confluence.setup.seraph.ConfluenceSecurityController"/>
<!-- Default Confluence authenticator, which uses the configured user management for authentication. -->
<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>
<!-- Custom authenticators appear below. To enable one of them, comment out the default authenticator above and uncomment the one below. -->
<!-- Authenticator with support for Crowd single-sign on (SSO). -->
<!-- <authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/> -->
<!-- Specialised version of the default authenticator which adds authenticated users to confluence-users if they aren't already a member. -->
<!-- <authenticator class="com.atlassian.confluence.user.ConfluenceGroupJoiningAuthenticator"/> -->
<services>
<service class="com.atlassian.seraph.service.PathService">
<init-param>
<param-name>config.file</param-name>
<param-value>seraph-paths.xml</param-value>
</init-param>
</service>
</services>
<elevatedsecurityguard class="com.atlassian.confluence.security.seraph.ConfluenceElevatedSecurityGuard"/>
</security-config>

67
roles/confluence_config/templates/server.xml.j2 Normal file
View File

@@ -0,0 +1,67 @@
<?xml version="1.0" encoding="utf-8"?>
<Server port="{{ atl_tomcat_mgmt_port }}"
shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<Service name="Catalina">
<Connector port="{{ atl_tomcat_port }}"
maxThreads="{{ atl_tomcat_maxthreads }}"
minSpareThreads="{{ atl_tomcat_minsparethreads }}"
connectionTimeout="{{ atl_tomcat_connectiontimeout }}"
enableLookups="{{ atl_tomcat_enablelookups }}"
protocol="{{ atl_tomcat_protocol }}"
redirectPort="{{ atl_tomcat_redirectport }}"
acceptCount="{{ atl_tomcat_acceptcount }}"
secure="{{ atl_tomcat_secure }}"
scheme="{{ atl_tomcat_scheme }}"
{% if atl_proxy_name is defined and atl_proxy_name != '' %}
proxyName="{{ atl_proxy_name }}"
{% endif %}
{% if atl_proxy_port is defined and atl_proxy_port != '' %}
proxyPort="{{ atl_proxy_port }}"
{% endif %}
relaxedPathChars="[]|"
relaxedQueryChars="[]|{}^\`&quot;&lt;&gt;"
bindOnInit="false"
maxHttpHeaderSize="8192"
useBodyEncodingForURI="true"
disableUploadTimeout="true" />
<Engine name="Catalina"
defaultHost="localhost">
<Host name="localhost"
appBase="webapps"
unpackWARs="true"
autoDeploy="true">
<Context path="{{ atl_tomcat_contextpath }}"
docBase="${catalina.home}/atlassian-jira"
reloadable="false"
useHttpOnly="true">
<Resource name="UserTransaction"
auth="Container"
type="javax.transaction.UserTransaction"
factory="org.objectweb.jotm.UserTransactionFactory"
jotm.timeout="60"/>
<Manager pathname=""/>
<JarScanner scanManifest="false"/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve"
threshold="120" />
</Context>
</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;"/>
</Engine>
</Service>
</Server>