Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagexml
<Context>
    <!-- lines omitted -->
	<Resources allowLinking="true" cachingAllowed="true" cacheMaxSize="1000000" />
</Context>


Note

You do not need to read this note to complete the tomcat configuration; these notes are provided for a reference of why we have recommended certain settings in the connection configuration.

Cache Max Size

Code Block
cacheMaxSize="1000000"

Tomcat caches static files in memory so that it can respond faster. The cache has a max. size to stop it taking up too much memory. PhixFlow's static files (things like icons) are collectively too large to fit in the default cacheMaxSize, so we set it to a size that can accommodate all PhixFlow's static files.

conf/server.xml: Connector settings

...

  • Use the required port number (port="8080"). Tomcat defaults to port 8080 for HTTP, but you may need to use a different port if you are running other web servers on the same host.
  • Enable compression (compression="force"). Compressing responses from the server is particularly important if you are going to access the PhixFlow server over a slow connection (e.g. a mobile data connection).on")

After editing, the <Connector/> block should look like this:

Code Block
languagexml
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443"
           compresscompression="forceon"/>

Remember to enable this port in the server’s firewall (if enabled).

Note

You do not need to read this note to complete the tomcat configuration; these notes are provided for a reference of why we have recommended certain settings in the connection configuration.

Compression

Code Block
compression="on"

Turning compression on reduces the amount of data passed between a client (i.e. a web browser on someone's computer), so this setting should improve the performance of the PhixFlow front end, especially if users are going to access the front end over a slow connection.

web.xml: Session timeout

The default session timeout period is 30 minutes. We recommend that you You can change this to a longer different period , e.g. 12 hours (720 minutes) .by doing the following:

Edit $TOMCAT/conf/web.xml

...

Warning

We recommend that you remove all web applications that are provided as part of the Tomcat installation as they are not required for PhixFlow's normal operation and constitute potential security loopholes.

These are the supplied pre-installed web apps, in more detail.

Supplied Web ApplicationDescription
ROOTThe ROOT web application presents a very low security risk but it does include the version of Tomcat that is being used. The ROOT web application should normally be removed from a publicly accessible Tomcat instance, not for security reasons, but so that a more appropriate default page is shown to users.
DocumentationThe documentation web application presents a very low security risk but it does identify the version of Tomcat that is being used. It should normally be removed from a publicly accessible Tomcat instance.
ExamplesThe examples web application should always be removed from any security sensitive installation.
ManagerThe Manager application allows the remote deployment of web applications and is frequently targeted by attackers due to the widespread use of weak passwords and publicly accessible Tomcat instances with the Manager application enabled.
Host ManagerThe Host Manager application allows the creation and management of virtual hosts - including the enabling of the Manager application for a virtual host.

Database JDBC Drivers

The drivers needed to connect to PhixFlow’s own database are included within the release pack and no action is needed.

...