Versions Compared

Old Version 11

changes.mady.by.user Omry Koschitzky

Saved on

compared with

New Version 12

changes.mady.by.user Omry Koschitzky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In the General Settings tab, you can do the following:

...

Disabling HTTP/HTTPS Access to XpoLog

To disable the HTTP/HTTPS access to XpoLog it is required to edit the servlet container configuration that XpoLog uses (standalone installations only, if XpoLog is deployed on a different application server then it has to be done on the application server level):

  1. Stop XpoLog
  2. Go to XPOLOG_INSTALLATION_DIRECTORY/ServletContainer/conf/ and edit the file server.xml
  3. Follow these:
    1. To disable HTTP comment the line:
      <!--
      <Connector protocol="HTTP/1.1" acceptCount="100" connectionTimeout="50000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxPostSize="0" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="30303" redirectPort="30443" xpolog="http"/>
      -->
    2. To disable HTTPS comment the line:
      <!--
      <Connector acceptCount="100" clientAuth="false" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" compressableMimeType="text/html,text/xml" compression="on" compressionMinSize="2048" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="${catalina.home}/.keystore" maxHttpHeaderSize="8192" maxPostSize="0" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" noCompressionUserAgents="gozilla, traviata" port="30443" scheme="https" secure="true" sslProtocol="TLS" xpolog="ssl"/>
      -->
  4. Save the modification and restart XpoLog.
    Note: XpoLog will not be accessible on the disabled protocol and port (also consider modifying XpoLog agents account URLs if required).

 

HTTPS Certificate in XpoLog

XpoLog is not shipped with a certificate. These could leave you vulnerable, because the default certificate is the same in every XpoLog download.
Data encryption (HTTPS) can be easily used in XpoLog. Keep in mind that encryption with the default certificate is not fully secure and you're encouraged to create and replace it with your organization's trusted CA certificate.
For better security, replace the default certificates with certificates signed by a trusted CA. We strongly recommend using CA certs (note that a self-signed certificate is considered untrusted by users' browsers).

XpoLog standalone installation runs on a Tomcat, for more information about installing a certificate please refer to https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html