차이

문서의 선택한 두 판 사이의 차이를 보여줍니다.

--- jboss_eap_7_tuning_cli_script [2022/01/25 10:56] – 만듦 koov
+++ jboss_eap_7_tuning_cli_script [2024/12/19 10:41] (현재) – [Tuning script] koov
@@ 줄 1: / 줄 1: @@
 ====== JBoss EAP 7 Tuning CLI script ======
+ --- //[[koovis@gmail.com|이강우]] 2022/01/26 12:15//
+본 내용은 JBoss EAP 7 설치 후 일반적인 튜닝값을 적용하기 위한 스크립트이다.
+JBoss EAP 7.4 버전에서 테스트 되었으며 JBoss EAP 7 이외의 버전에서는 동작을 보장하지 않는다.
+===== default / runtime value query =====
+<WRAP prewrap>
+<code bash>
+/subsystem=undertow/server=default-server/http-listener=default:read-resource(include-defaults=true,include-runtime=true)
+</code>
+</WRAP>
+===== Tuning script =====
 <WRAP prewrap>
@@ 줄 17: / 줄 32: @@
 /subsystem=undertow/configuration=filter/response-header=server-header:add(header-name="Server",header-value="JBoss-EAP/7")
 /subsystem=undertow/configuration=filter/response-header=x-powered-by-header:add(header-name="X-Powered-By",header-value="Undertow/1")
+##### For X-Powered-By: JSP/2.3 response header
+/subsystem=undertow/servlet-container=default/setting=jsp:write-attribute(name=x-powered-by,value=false)
 ##### welcome-content 제거
 /subsystem=undertow/server=default-server/host=default-host/location=\/:remove
 /subsystem=undertow/configuration=handler/file=welcome-content:remove
+##### http listener 예제, AJP 또는 HTTPS의 경우 별도의 리스너에 설정해줘야 함.
+##### max-post-size  10485760 = 10MB
+/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=max-post-size,value=10485760L)
+/subsystem=undertow/server=default-server/ajp-listener=ajp:write-attribute(name=max-post-size,value=10485760L)
+##### max-header-size  1048576 = 1MB
+/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=max-header-size,value=1048576)
+##### max-headers
+/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=max-headers,value=200)
+##### max-parameters
+/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=max-parameters,value=1000)
+##### JBoss CRS security
+/subsystem=undertow/configuration=filter/response-header=x-frame-options:add(header-name="X-Frame-Options",header-value="SAMEORIGIN")
+/subsystem=undertow/configuration=filter/response-header=x-xss-protection:add(header-name="X-XSS-Protection",header-value="1; mode=block")
+/subsystem=undertow/configuration=filter/response-header=x-content-type-options:add(header-name="X-Content-Type-Options",header-value="nosniff")
+###/subsystem=undertow/configuration=filter/response-header=content-security-policy:add(header-name="Content-Security-Policy",header-value="default-src https:")
+/subsystem=undertow/configuration=filter/response-header=content-security-policy:add(header-name="Content-Security-Policy-Report-Only",header-value="policy")
+/subsystem=undertow/configuration=filter/response-header=strict-transport-security:add(header-name="Strict-Transport-Security",header-value="max-age=31536000; includeSubDomains;")
+/subsystem=undertow/server=default-server/host=default-host/filter-ref=x-frame-options:add()
+/subsystem=undertow/server=default-server/host=default-host/filter-ref=x-xss-protection:add()
+/subsystem=undertow/server=default-server/host=default-host/filter-ref=x-content-type-options:add()
+/subsystem=undertow/server=default-server/host=default-host/filter-ref=content-security-policy:add()
+/subsystem=undertow/server=default-server/host=default-host/filter-ref=strict-transport-security:add()
 </code>
 </WRAP>