<extension module="org.wildfly.extension.undertow"/>
<subsystem xmlns="urn:jboss:domain:undertow:1.0">
<buffer-cache name="default" buffer-size="1024" buffers-per-region="1024" max-regions="10"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" />
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content" />
<servlet-container name="default" default-buffer-cache="default" stack-trace-on-error="local-only" >
<file name="welcome-content" path="${jboss.home.dir}/welcome-content" directory-listing="true"/>
<buffer-cache name="default" buffer-size="1024" buffers-per-region="1024" max-regions="10"/>
<server name="default-server"default-host="default-host"servlet-container="default">
5、http connector链接,就是上面的http-listener,对应的类型有HTTP, HTTPS and AJP,所有链接都有的属性,我就直接摘抄官方。
Attribute | Description |
socket-binding | The socket binding to use. This determines the address and port the listener listens on. |
worker | A reference to an XNIO worker, as defined in the IO subsystem. The worker that is in use controls the IO and blocking thread pool. |
buffer-pool | A reference to a buffer pool as defined in the IO subsystem. These buffers are used internally to read and write requests. In general these should be at least 8k, unless you are in a memory constrained environment. |
enabled | If the connector is enabled. |
max-post-size | The maximum size of incoming post requests that is allowed. |
buffer-pipelined-data | If responses to HTTP pipelined requests should be buffered, and send out in a single write. This can improve performance if HTTP pipe lining is in use and responses are small. |
max-header-size | The maximum size of a HTTP header block that is allowed. Responses with to much data in their header block will have the request terminated and a bad request response send. |
max-parameters | The maximum number of query or path parameters that are allowed. This limit exists to prevent hash collision based DOS attacks. |
max-headers | The maximum number of headers that are allowed. This limit exists to prevent hash collision based DOS attacks. |
max-cookies | The maximum number of cookies that are allowed. This limit exists to prevent hash collision based DOS attacks. |
allow-encoded-slash | Set this to true if you want the server to decode percent encoded slash characters. This is probably a bad idea, as it can have security implications, due to different servers interpreting the slash differently. Only enable this if you have a legacy application that requires it. |
decode-url | If the URL should be decoded. If this is not set to true then percent encoded characters in the URL will be left as is. |
url-charset | The charset to decode the URL to. |
always-set-keep-alive | If the 'Connection: keep-alive' header should be added to all responses, even if not required by spec. |
<https-listener name="default" socket-binding="https" security-realm="ssl-realm" />
<ajp-listener name="default" socket-binding="ajp" />
<http-listener name="default" socket-binding="http" />
Attribute | Description |
security-realm | The security realm to use for the SSL configuration. See Security realm examples for how to configure it: Examples |
verify-client | One of either NOT_REQUESTED, REQUESTED or REQUIRED. If client cert auth is in use this should be either REQUESTED or REQUIRED. |
enabled-cipher-suites | A list of cypher suit names that are allowed. |
Attribute | Description |
certificate-forwarding | If this is set to true then the HTTP listener will read a client certificate from the SSL_CLIENT_CERT header. This allows client cert authentication to be used, even if the server does not have a direct SSL connection to the end user. This should only be enabled for servers behind a proxy that has been configured to always set these headers. |
redirect-socket | The socket binding to redirect requests that require security too. |
proxy-address-forwarding | If this is enabled then the X-Forwarded-For and X-Forwarded-Proto headers will be used to determine the peer address. This allows applications that are behind a proxy to see the real address of the client, rather than the address of the proxy. |
Attribute | Description |
name | The virtual host name |
alias | A whitespace separated list of additional host names that should be matched |
default-web-module | The name of a deployment that should be used to serve up requests that do not match anything. |