From 9c5c513a97ce9baf0fda35b2b3126ede7a9c84a5 Mon Sep 17 00:00:00 2001
From: Pierre Mauduit <pierre.mauduit@camptocamp.com>
Date: Tue, 11 Apr 2023 17:07:06 +0200
Subject: [PATCH] removing tomcat ssl connector on proxycas instance (#115)

Note: there are still some occurences for "8443" in the repository, but
related to the redirectPort, and even if I am not sure if this is still
needed, I think it comes from the default tomcat configuration. I am
pretty sure we can leave them as they are, as it won't harm. In the
other tomcat configurations, they appear in a commented block.

Also I kept all the logic of trusting the generated self signed
certificate, because I think it should be still in use by the JVM /
server-to-server communication.
---
 roles/tomcat/templates/server-proxycas.xml.j2 | 13 -------------
 spec/georchestra/georchestra_spec.rb          |  4 ----
 2 files changed, 17 deletions(-)

diff --git a/roles/tomcat/templates/server-proxycas.xml.j2 b/roles/tomcat/templates/server-proxycas.xml.j2
index 7b6106a..ed61d31 100644
--- a/roles/tomcat/templates/server-proxycas.xml.j2
+++ b/roles/tomcat/templates/server-proxycas.xml.j2
@@ -71,19 +71,6 @@
                URIEncoding="UTF-8"
                redirectPort="8443" />
 
-<Connector port="8443" protocol="HTTP/1.1"
-               SSLEnabled="true"
-               scheme="https"
-               secure="true"
-               URIEncoding="UTF-8"
-               maxThreads="150"
-               clientAuth="false"
-               keystoreFile="/usr/lib/jvm/adoptopenjdk-11-hotspot-amd64/lib/security/cacerts"
-               keystorePass="changeit"
-               compression="on"
-               compressionMinSize="2048"
-               noCompressionUserAgents="gozilla, traviata"
-               compressableMimeType="text/html,text/xml,application/xml,text/javascript,application/x-javascript,application/javascript,text/css" />
     <!-- A "Connector" using the shared thread pool-->
     <!--
     <Connector executor="tomcatThreadPool"
diff --git a/spec/georchestra/georchestra_spec.rb b/spec/georchestra/georchestra_spec.rb
index a64cce6..1cea516 100644
--- a/spec/georchestra/georchestra_spec.rb
+++ b/spec/georchestra/georchestra_spec.rb
@@ -48,10 +48,6 @@
   it { should be_listening }
 end
 
-describe port(8443) do
-  it { should be_listening }
-end
-
 # datafeeder
 describe port(8480) do
   it { should be_listening }