- Add tasks/tomcat-certs.yml: copies cert and key from letsencrypt or mkcert
source directories into a tomcat-readable location, installs the acme.sh
renewal hook script.
- Add templates/tomcat-letsencrypt-hook.j2: shell hook called by acme.sh on
renewal; uses cmp to detect changes and restarts tomcat only when needed.
- Add handlers for 'letsencrypt cert renewed': copy fullchain and key then
notify tomcat restart; triggered via listen from any task in the same play.
- Add HTTPS connector to tomcat-server.xml.j2: Http11NioProtocol with
SSLHostConfig on Tomcat 9+, Http11AprProtocol with inline attributes on
Tomcat 7/8; both connectors share the named Executor thread pool.
- Improve HTTP connector: explicit Http11NioProtocol, remove attributes
ignored when an Executor is referenced (maxThreads, maxQueueSize),
replace disableUploadTimeout with connectionUploadTimeout, make
connectionTimeout and maxHttpHeaderSize variables, drop useBodyEncodingForURI.
- Move Executor definition outside tomcat_http_enabled guard so it is present
whenever any connector is active; move acceptCount to each Connector.
- Add tomcat_http_disable_when_ssl to suppress the HTTP connector when SSL
is active.
- Add new defaults: tomcat_ssl_*, tomcat_connection_timeout,
tomcat_upload_timeout, tomcat_max_http_header_size, tomcat_ssl_port,
tomcat_ssl_protocols, tomcat_executor_accept_count,
tomcat_executor_min_spare_threads.
- Rewrite README.md with full variable documentation and example playbooks.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Andrea Dell'Amico
S2I2S @ ISTI-CNR