Update files included with embedded distributions

server/configs/application.properties

@@ -1,6 +1,5 @@
 ## These properties are used for development and test deployments.
 ## Many properties here will be filled in and uncommented by the Gradle 'pickPg' and 'pickMssql' tasks
-## See '/webapps/application.properties' for more examples
 
 server.port=@@serverPort@@
 
@@ -19,9 +18,8 @@ server.port=@@serverPort@@
 ## HTTP-only port for servers that need to handle both HTTPS (configure via server.port and server.ssl above) and HTTP
 #context.httpPort=8080
 
-## Database connections. All deployments need a labkeyDataSource as their primary database. Add additional external
-## data sources by specifying the required properties (at least driverClassName, url, username, and password)
-## with a prefix of context.resources.jdbc.<dataSourceName>.
+## Database connections.
+## All deployments need a "labkeyDataSource" as their primary database.
 context.resources.jdbc.labkeyDataSource.type=javax.sql.DataSource
 context.resources.jdbc.labkeyDataSource.driverClassName=@@jdbcDriverClassName@@
 context.resources.jdbc.labkeyDataSource.url=@@jdbcURL@@
@@ -35,21 +33,38 @@ context.resources.jdbc.labkeyDataSource.validationQuery=SELECT 1
 #context.resources.jdbc.labkeyDataSource.logQueries=true
 #context.resources.jdbc.labkeyDataSource.displayName=Alternate Display Name
 
+## Add additional external data sources with a prefix of context.resources.jdbc.<dataSourceName>.
+## At a minimum, they must include the required properties: driverClassName, url, username, and password
 #context.resources.jdbc.@@extraJdbcDataSource@@.driverClassName=@@extraJdbcDriverClassName@@
 #context.resources.jdbc.@@extraJdbcDataSource@@.url=@@extraJdbcUrl@@
 #context.resources.jdbc.@@extraJdbcDataSource@@.username=@@extraJdbcUsername@@
 #context.resources.jdbc.@@extraJdbcDataSource@@.password=@@extraJdbcPassword@@
 
 #useLocalBuild#context.webAppLocation=@@pathToServer@@/build/deploy/labkeyWebapp
 context.encryptionKey=@@encryptionKey@@
-
 #context.oldEncryptionKey=
+
+## By default, we serve LabKey at the root context path (e.g. http://localhost:8080)
+## You may customize the context path if you wish (e.g. http://localhost:8080/labkey)
+#context.contextPath=/labkey
+
+## Using a legacy context path provides backwards compatibility with old deployments. A typical use case would be to
+## deploy to the root context (the default) and configure /labkey as the legacy path. GETs will be redirected.
+## All other methods (POSTs, PUTs, etc) will be handled server-side via a servlet forward.
+#context.legacyContextPath=/labkey
+
+## Other webapps to be deployed, most commonly to deliver a set of static files. The context path to deploy into is the
+## property name after the "context.additionalWebapps." prefix, and the value is the location of the webapp on disk
+#context.additionalWebapps.firstContextPath=/my/webapp/path
+#context.additionalWebapps.secondContextPath=/my/other/webapp/path
+
 #context.requiredModules=
 #context.pipelineConfig=/path/to/pipeline/config/dir
 #context.serverGUID=
 #context.bypass2FA=true
 #context.workDirLocation=/path/to/desired/workDir
 
+## SMTP configuration
 mail.smtpHost=@@smtpHost@@
 mail.smtpPort=@@smtpPort@@
 mail.smtpUser=@@smtpUser@@
@@ -59,11 +74,32 @@ mail.smtpUser=@@smtpUser@@
 #mail.smtpSocketFactoryClass=@@smtpSocketFactoryClass@@
 #mail.smtpAuth=@@smtpAuth@@
 
-#useLocalBuild#spring.devtools.restart.additional-paths=@@pathToServer@@/build/deploy/modules
-# Use a trigger file for smoother restart behavior
-#useLocalBuild#spring.devtools.restart.trigger-file=.restartTrigger
-
-## HTTP session timeout for users - defaults to 30 minutes
+# Optional - JMS configuration for remote ActiveMQ message management for distributed pipeline jobs
+# https://www.labkey.org/Documentation/wiki-page.view?name=jmsQueue
+#context.resources.jms.ConnectionFactory.type=org.apache.activemq.ActiveMQConnectionFactory
+#context.resources.jms.ConnectionFactory.factory=org.apache.activemq.jndi.JNDIReferenceFactory
+#context.resources.jms.ConnectionFactory.description=JMS Connection Factory
+# Use an in-process ActiveMQ queue
+#context.resources.jms.ConnectionFactory.brokerURL=vm://localhost?broker.persistent=false&broker.useJmx=false
+# Use an out-of-process ActiveMQ queue
+#context.resources.jms.ConnectionFactory.brokerURL=tcp://localhost:61616
+#context.resources.jms.ConnectionFactory.brokerName=LocalActiveMQBroker
+
+# Optional - LDAP configuration for LDAP group/user synchronization
+# https://www.labkey.org/Documentation/wiki-page.view?name=LDAP_sync
+#context.resources.ldap.ConfigFactory.type=org.labkey.premium.ldap.LdapConnectionConfigFactory
+#context.resources.ldap.ConfigFactory.factory=org.labkey.premium.ldap.LdapConnectionConfigFactory
+#context.resources.ldap.ConfigFactory.host=myldap.mydomain.com
+#context.resources.ldap.ConfigFactory.port=389
+#context.resources.ldap.ConfigFactory.principal=cn=read_user
+#context.resources.ldap.ConfigFactory.credentials=read_user_password
+#context.resources.ldap.ConfigFactory.useTls=false
+#context.resources.ldap.ConfigFactory.useSsl=false
+#context.resources.ldap.ConfigFactory.sslProtocol=SSLv3
+
+#useLocalBuild#spring.devtools.restart.additional-paths=@@pathToServer@@/build/deploy/modules,@@pathToServer@@/build/deploy/embedded/config
+
+# HTTP session timeout for users - defaults to 30 minutes
 #server.servlet.session.timeout=30m
 
 ## Enable shutdown endpoint
@@ -75,8 +111,48 @@ management.endpoints.web.exposure.include=*
 ## Use a separate port for management endpoints. Required if LabKey is using default (ROOT) context path
 management.server.port=@@shutdownPort@@
 
-## Don't show the Spring banner on startup
-spring.main.banner-mode=off
+## Turn on JSON-formatted HTTP access logging to stdout. See issue 48565
+## https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#JSON_Access_Log_Valve
+#jsonaccesslog.enabled=true
+
+## Optional configuration, modeled on the non-JSON Spring Boot properties
+## https://docs.spring.io/spring-boot/docs/current/reference/html/application-properties.html#application-properties.server.server.tomcat.accesslog.buffered
+#jsonaccesslog.pattern=%h %t %m %U %s %b %D %S "%{Referer}i" "%{User-Agent}i" %{LABKEY.username}s
+#jsonaccesslog.condition-if=attributeName
+#jsonaccesslog.condition-unless=attributeName
+
+## Define one or both of 'csp.report' and 'csp.enforce' to enable Content Security Policy (CSP) headers
+## Do not use these examples for any production environment without understanding the meaning of each directive!
+
+## example usage 1 - very strict, disallows 'external' websites, disallows unsafe-inline, but only reports violations (does not enforce)
+
+#csp.report=\
+#    default-src 'self';\
+#    connect-src 'self' ${LABKEY.ALLOWED.CONNECTIONS} ;\
+#    object-src 'none' ;\
+#    style-src 'self' 'unsafe-inline' ;\
+#    img-src 'self' data: ;\
+#    font-src 'self' data: ;\
+#    script-src 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}';\
+#    base-uri 'self' ;\
+#    upgrade-insecure-requests ;\
+#    frame-ancestors 'self' ;\
+#    report-uri https://www.labkey.org/admin-contentsecuritypolicyreport.api?${CSP.REPORT.PARAMS} ;
+
+## example usage 2 - less strict but enforces directives, (NOTE: unsafe-inline is still required for many modules)
+
+#csp.enforce=\
+#    default-src 'self' https: ;\
+#    connect-src 'self' https: ${LABKEY.ALLOWED.CONNECTIONS};\
+#    object-src 'none' ;\
+#    style-src 'self' https: 'unsafe-inline' ;\
+#    img-src 'self' data: ;\
+#    font-src 'self' data: ;\
+#    script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}';\
+#    base-uri 'self' ;\
+#    upgrade-insecure-requests ;\
+#    frame-ancestors 'self' ;\
+#    report-uri  https://www.labkey.org/admin-contentsecuritypolicyreport.api?${CSP.REPORT.PARAMS} ;
 
 ## Default CSP for TeamCity and dev deployments
 csp.report=\
@@ -91,6 +167,9 @@ csp.report=\
     frame-ancestors 'self' ;\
     report-uri /admin-contentsecuritypolicyreport.api?${CSP.REPORT.PARAMS} ;
 
+## Use a custom logging configuration
+#logging.config=path/to/alternative/log4j2.xml
+
 ## Use a non-temp directory for tomcat
 server.tomcat.basedir=.
 

server/configs/webapps/embedded/config/application.properties

@@ -1,7 +1,6 @@
 server.port=8080
 
 ## To use ssl, update the properties below for your local installation
-
 #server.ssl.enabled=true
 #server.ssl.enabled-protocols=TLSv1.3,TLSv1.2,TLSv1.1
 #server.ssl.protocol=TLS
@@ -15,14 +14,13 @@ server.port=8080
 ## HTTP-only port for servers that need to handle both HTTPS (configure via server.port and server.ssl above) and HTTP
 #context.httpPort=8080
 
-## Database connections. All deployments need a labkeyDataSource as their primary database. Add additional external
-## data sources by specifying the required properties (at least driverClassName, url, username, and password)
-## with a prefix of context.resources.jdbc.<dataSourceName>.
+## Database connections.
+## All deployments need a "labkeyDataSource" as their primary database.
 context.resources.jdbc.labkeyDataSource.type=javax.sql.DataSource
-context.resources.jdbc.labkeyDataSource.driverClassName=@@jdbcDriverClassName@@
-context.resources.jdbc.labkeyDataSource.url=@@jdbcURL@@
-context.resources.jdbc.labkeyDataSource.username=@@jdbcUser@@
-context.resources.jdbc.labkeyDataSource.password=@@jdbcPassword@@
+context.resources.jdbc.labkeyDataSource.driverClassName=org.postgresql.Driver
+context.resources.jdbc.labkeyDataSource.url=jdbc:postgresql://localhost:5432/labkey
+context.resources.jdbc.labkeyDataSource.username=<username>
+context.resources.jdbc.labkeyDataSource.password=<password>
 context.resources.jdbc.labkeyDataSource.maxTotal=50
 context.resources.jdbc.labkeyDataSource.maxIdle=10
 context.resources.jdbc.labkeyDataSource.maxWaitMillis=120000
@@ -31,14 +29,18 @@ context.resources.jdbc.labkeyDataSource.validationQuery=SELECT 1
 #context.resources.jdbc.labkeyDataSource.logQueries=true
 #context.resources.jdbc.labkeyDataSource.displayName=Alternate Display Name
 
-#context.resources.jdbc.@@extraJdbcDataSource@@.driverClassName=@@extraJdbcDriverClassName@@
-#context.resources.jdbc.@@extraJdbcDataSource@@.url=@@extraJdbcUrl@@
-#context.resources.jdbc.@@extraJdbcDataSource@@.username=@@extraJdbcUsername@@
-#context.resources.jdbc.@@extraJdbcDataSource@@.password=@@extraJdbcPassword@@
+## Add additional external data sources with a prefix of context.resources.jdbc.<dataSourceName>.
+## At a minimum, they must include the required properties: driverClassName, url, username, and password
+#context.resources.jdbc.extraDataSource.driverClassName=org.postgresql.Driver
+#context.resources.jdbc.extraDataSource.url=jdbc:postgresql://localhost:5432/extraDataSource
+#context.resources.jdbc.extraDataSource.username=<username>
+#context.resources.jdbc.extraDataSource.password=<password>
 
-context.encryptionKey=@@encryptionKey@@
+context.encryptionKey=<encryptionKey>
+#context.oldEncryptionKey=
 
-## By default, we deploy to the root context path. However, some servers have historically used /labkey or even /cpas
+## We strongly recommend deploying LabKey at the root context path (e.g. http://localhost:8080)
+## You may customize the context path if you wish (e.g. http://localhost:8080/labkey)
 #context.contextPath=/labkey
 
 ## Using a legacy context path provides backwards compatibility with old deployments. A typical use case would be to
@@ -51,23 +53,24 @@ context.encryptionKey=@@encryptionKey@@
 #context.additionalWebapps.firstContextPath=/my/webapp/path
 #context.additionalWebapps.secondContextPath=/my/other/webapp/path
 
-#context.oldEncryptionKey=
+## Other properties that were previously defined in 'labkey.xml'
 #context.requiredModules=
 #context.pipelineConfig=/path/to/pipeline/config/dir
 #context.serverGUID=
 #context.bypass2FA=true
 #context.workDirLocation=/path/to/desired/workDir
 
-mail.smtpHost=@@smtpHost@@
-mail.smtpPort=@@smtpPort@@
-mail.smtpUser=@@smtpUser@@
+## SMTP configuration
+mail.smtpHost=localhost
+mail.smtpPort=25
+mail.smtpUser=Anonymous
 #mail.smtpFrom=@@smtpFrom@@
 #mail.smtpPassword=@@smtpPassword@@
 #mail.startTlsEnable=@@smtpStartTlsEnable@@
 #mail.smtpSocketFactoryClass=@@smtpSocketFactoryClass@@
 #mail.smtpAuth=@@smtpAuth@@
 
-## Optional - JMS configuration for remote ActiveMQ message management for distributed pipeline jobs
+## JMS configuration for remote ActiveMQ message management for distributed pipeline jobs
 ## https://www.labkey.org/Documentation/wiki-page.view?name=jmsQueue
 #context.resources.jms.ConnectionFactory.type=org.apache.activemq.ActiveMQConnectionFactory
 #context.resources.jms.ConnectionFactory.factory=org.apache.activemq.jndi.JNDIReferenceFactory
@@ -78,7 +81,7 @@ mail.smtpUser=@@smtpUser@@
 #context.resources.jms.ConnectionFactory.brokerURL=tcp://localhost:61616
 #context.resources.jms.ConnectionFactory.brokerName=LocalActiveMQBroker
 
-## Optional - LDAP configuration for LDAP group/user synchronization
+## LDAP configuration for LDAP group/user synchronization
 ## https://www.labkey.org/Documentation/wiki-page.view?name=LDAP_sync
 #context.resources.ldap.ConfigFactory.type=org.labkey.premium.ldap.LdapConnectionConfigFactory
 #context.resources.ldap.ConfigFactory.factory=org.labkey.premium.ldap.LdapConnectionConfigFactory
@@ -93,68 +96,15 @@ mail.smtpUser=@@smtpUser@@
 ## HTTP session timeout for users - defaults to 30 minutes
 #server.servlet.session.timeout=30m
 
-## Enable shutdown endpoint. Allows server to be shutdown with a POST to 'localhost:8081/actuator/shutdown
+## Configure shutdown endpoint. Allows server to be shutdown with a POST to 'localhost:8081/actuator/shutdown'
+## This endpoint is insecure and should be used with caution
 #management.endpoint.shutdown.enabled=true
 #management.endpoints.enabled-by-default=false
 #management.endpoints.web.exposure.include=*
 #management.server.port=8081
 
-## Don't show the Spring banner on startup
-spring.main.banner-mode=off
-#logging.config=path/to/alternative/log4j2.xml
-
-## Optional - JMS configuration for remote ActiveMQ message management for distributed pipeline jobs
-## https://www.labkey.org/Documentation/wiki-page.view?name=jmsQueue
-#context.resources.jms.name=jms/ConnectionFactory
-#context.resources.jms.type=org.apache.activemq.ActiveMQConnectionFactory
-#context.resources.jms.factory=org.apache.activemq.jndi.JNDIReferenceFactory
-#context.resources.jms.description=JMS Connection Factory
-#context.resources.jms.brokerURL=vm://localhost?broker.persistent=false&broker.useJmx=false
-#context.resources.jms.brokerName=LocalActiveMQBroker
-
-## Turn on JSON-formatted HTTP access logging to stdout. See issue 48565
-## https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#JSON_Access_Log_Valve
-#jsonaccesslog.enabled=true
-
-## Optional configuration, modeled on the non-JSON Spring Boot properties
-## https://docs.spring.io/spring-boot/docs/current/reference/html/application-properties.html#application-properties.server.server.tomcat.accesslog.buffered
-#jsonaccesslog.pattern=%h %t %m %U %s %b %D %S "%{Referer}i" "%{User-Agent}i" %{LABKEY.username}s
-#jsonaccesslog.condition-if=attributeName
-#jsonaccesslog.condition-unless=attributeName
-
-## Define one or both of 'csp.report' and 'csp.enforce' to enable Content Security Policy (CSP) headers
-## Do not use these examples for any production environment without understanding the meaning of each directive!
-
-## example usage 1 - very strict, disallows 'external' websites, disallows unsafe-inline, but only reports violations (does not enforce)
-
-#csp.report=\
-#    default-src 'self';\
-#    connect-src 'self' ${LABKEY.ALLOWED.CONNECTIONS} ;\
-#    object-src 'none' ;\
-#    style-src 'self' 'unsafe-inline' ;\
-#    img-src 'self' data: ;\
-#    font-src 'self' data: ;\
-#    script-src 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}';\
-#    base-uri 'self' ;\
-#    upgrade-insecure-requests ;\
-#    frame-ancestors 'self' ;\
-#    report-uri https://www.labkey.org/admin-contentsecuritypolicyreport.api?${CSP.REPORT.PARAMS} ;
-
-## example usage 2 - less strict but enforces directives, (NOTE: unsafe-inline is still required for many modules)
-
-#csp.enforce=\
-#    default-src 'self' https: ;\
-#    connect-src 'self' https: ${LABKEY.ALLOWED.CONNECTIONS};\
-#    object-src 'none' ;\
-#    style-src 'self' https: 'unsafe-inline' ;\
-#    img-src 'self' data: ;\
-#    font-src 'self' data: ;\
-#    script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}';\
-#    base-uri 'self' ;\
-#    upgrade-insecure-requests ;\
-#    frame-ancestors 'self' ;\
-#    report-uri  https://www.labkey.org/admin-contentsecuritypolicyreport.api?${CSP.REPORT.PARAMS} ;
-
+## Use a custom logging configuration
+#logging.config=labkeywebapp/WEB-INF/classes/log4j2.xml
 
 ## Enable tomcat access log
 #server.tomcat.basedir=.

server/configs/webapps/service.bat → server/configs/webapps/embedded/install_service.bat

@@ -1,10 +1,11 @@
 set LABKEY_HOME=C:\labkey\labkey
-set JAVA_HOME=C:\labkey\apps\java\jdk-17.0.9+9
+set LABKEY_APPS=C:\labkey\apps
+set JAVA_HOME=%LABKEY_APPS%\java\jdk-17.0.9+9
 
-prunsrv.exe //IS//tc10embedded ^
-    --DisplayName "LabKey Tomcat 10 Embedded - tc10embedded" ^
-    --Description "LabKey Tomcat 10 Embedded" ^
-    --Install "%LABKEY_HOME%\prunsrv.exe" ^
+prunsrv.exe //IS//labkeyServer ^
+    --DisplayName "LabKey Server - labkeyServer" ^
+    --Description "LabKey Server Scientific Data Management System" ^
+    --Install "%LABKEY_APPS%\prunsrv.exe" ^
     --LogPath "%LABKEY_HOME%\logs" ^
     --StdOutput auto ^
     --StdError auto ^
@@ -22,7 +23,7 @@ prunsrv.exe //IS//tc10embedded ^
     --StopTimeout 60 ^
     --Startup manual ^
     --LogLevel Debug ^
-    --JvmOptions "-Djava.io.tmpdir=%LABKEY_HOME%\tomcat-tmp;-XX:+HeapDumpOnOutOfMemoryError;-XX:HeapDumpPath=%LABKEY_HOME%\tomcat-tmp;-DterminateOnStartupFailure=true;%JvmArgs%" ^
+    --JvmOptions "-Djava.io.tmpdir=%LABKEY_HOME%\labkey-tmp;-XX:+HeapDumpOnOutOfMemoryError;-XX:HeapDumpPath=%LABKEY_HOME%\labkey-tmp;-DterminateOnStartupFailure=true;%JvmArgs%" ^
     --JvmOptions9 "--add-opens=java.base/java.lang=ALL-UNNAMED#--add-opens=java.base/java.io=ALL-UNNAMED#--add-opens=java.base/java.util=ALL-UNNAMED#--add-opens=java.base/java.util.concurrent=ALL-UNNAMED#--add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED" ^
     --JvmMs 2048 ^
     --JvmMx 2048