The AWS OpsWorks Stacks service reached end of life on May 26, 2024 and has been disabled for both new and existing customers. We strongly recommend customers migrate their workloads to other solutions as soon as possible. If you have questions about migration, reach out to the AWS Support Team on AWS re:Post or through AWS Premium Support.
NoteThis layer is available only for Linux-based stacks.
The Java App Server layer is an OpsWorks Stacks layer that provides a blueprint for instances that function as Java application servers. This layer is based on Apache Tomcat 7.0 and Open JDK 7. OpsWorks Stacks also installs the Java connector library, which allows Java apps to use a JDBC DataSource object to connect to a back end data store.
Installation: Tomcat is installed in /usr/share/tomcat7.
The Add Layer page provides the following configuration options:
You can use this setting to specify custom Java VM options; there are no default options. For example, a common set of options is -Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweepGC. If you use Java VM Options, make sure that you pass a valid set of options; OpsWorks Stacks does not validate the string. If you attempt to pass an invalid option, the Tomcat server typically fails to start, which causes setup to fail. If that happens, you can examine the instance's setup Chef log for details. For more information on how to view and interpret Chef logs, see Chef Logs.
This setting appears if you chose to not automatically associate a built-in OpsWorks Stacks security group with your layers. You must specify which security group to associate with the layer. For more information, see Create a New Stack.
You can attach an Elastic Load Balancing load balancer to the layer's instances. For more information, see Elastic Load Balancing Layer.
You can specify other configuration settings by using custom JSON or a custom attributes file. For more information, see Custom Configuration.
Disabling SSLv3 for Apache ServersTo disable SSLv3, you must modify the Apache server's ssl.conf file's SSLProtocol setting. To do so, you must override the built-in apache2 cookbook's ssl.conf.erb template file, which the Java App Server layer's Setup recipes use to create ssl.conf. The details depend on which operating system you specify for the layer's instances. The following summarizes the required modifications for Amazon Linux and Ubuntu systems. SSLv3 is automatically disabled for Red Hat Enterprise Linux (RHEL) systems. For more information on how to override a built-in template, see Using Custom Templates.
The ssl.conf.erb file for these operating systems is in the apache2 cookbook's apache2/templates/default/mods directory. The following shows the relevant part of the built-in file.
...
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# enable only secure protocols: SSLv3 and TLSv1.2, but not SSLv2
SSLProtocol all -SSLv2
</IfModule>Override ssl.conf.erb and modify the SSLProtocol setting as follows.
...
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# enable only secure protocols: SSLv3 and TLSv1.2, but not SSLv2
SSLProtocol all -SSLv3 -SSLv2
</IfModule>The ssl.conf.erb file for this operating system is in the apache2 cookbook's apache2/templates/ubuntu-14.04/mods directory. The following shows the relevant part of the built-in file.
...
# The protocols to enable.
# Available values: all, SSLv3, TLSv1.2
# SSL v2 is no longer supported
SSLProtocol all
...Change this setting to the following.
...
# The protocols to enable.
# Available values: all, SSLv3, TLSv1.2
# SSL v2 is no longer supported
SSLProtocol all -SSLv3 -SSLv2
...RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4