From 25eea2284f3b0dbbe4f2d8c35e3bcd5fcc18d290 Mon Sep 17 00:00:00 2001
From: ndp-opendap <ndp@opendap.org>
Date: Tue, 16 Sep 2025 08:51:52 -0700
Subject: [PATCH 1/3] Added secure="true" to the Tomcat Connector

---
 builds/ngap/tomcat9-server.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builds/ngap/tomcat9-server.xml b/builds/ngap/tomcat9-server.xml
index 763330ec..24db6c75 100644
--- a/builds/ngap/tomcat9-server.xml
+++ b/builds/ngap/tomcat9-server.xml
@@ -114,7 +114,7 @@
     -->
 
     <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
-               maxThreads="150" SSLEnabled="true" >
+               maxThreads="150" SSLEnabled="true" secure="true" >
         <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
         <SSLHostConfig>
             <Certificate certificateKeyFile="/usr/share/tomcat/conf/NGAP-CA-certificate.key"

From 8f4079ad7c46dd10525f9ac59b437f0617d6e30e Mon Sep 17 00:00:00 2001
From: ndp-opendap <ndp@opendap.org>
Date: Thu, 12 Mar 2026 13:58:26 -0700
Subject: [PATCH 2/3] Cleaned up TODO Added the mime-type modernization for
 javascript

---
 el8-builds/ngap/Dockerfile |  8 +++-----
 el9-builds/ngap/Dockerfile | 21 ++++++---------------
 2 files changed, 9 insertions(+), 20 deletions(-)

diff --git a/el8-builds/ngap/Dockerfile b/el8-builds/ngap/Dockerfile
index 2c937cc0..4b57d7ee 100644
--- a/el8-builds/ngap/Dockerfile
+++ b/el8-builds/ngap/Dockerfile
@@ -200,12 +200,10 @@ ENV PATH $CATALINA_HOME/bin:$PATH
 RUN set -e && echo "CATALINA_HOME: ${CATALINA_HOME}" >&2
 
 # Install our modified server.xml so that the server compresses responses.
-COPY tomcat9-server.xml /
-RUN set -e \
-    && mv /tomcat9-server.xml ${CATALINA_HOME}/conf/server.xml \
-    && chown -R tomcat:tomcat ${CATALINA_HOME}/conf/server.xml
+COPY tomcat9-server.xml ${CATALINA_HOME}/conf/server.xml
+RUN set -e && chown -R tomcat:tomcat ${CATALINA_HOME}/conf/server.xml
 
-# Tweak the mime-type for javascript. (@TODO Will this satisfy X-Content-Type-Options=nosniff issues?)
+# Modernize the mime-type for javascript. from text/javascript to application/javascript
 Run set -e \
     && sed -i 's+text/javascript+application/javascript+g' ${CATALINA_HOME}/conf/web.xml
 
diff --git a/el9-builds/ngap/Dockerfile b/el9-builds/ngap/Dockerfile
index f65833f1..715c5bfe 100644
--- a/el9-builds/ngap/Dockerfile
+++ b/el9-builds/ngap/Dockerfile
@@ -332,26 +332,17 @@ RUN set -e \
     && chown -R tomcat:tomcat /var/log/tomcat /home/tomcat \
     && echo "# Tomcat is unpacked and ready. >&2 "
 
-# @TODO REMOVE THIS FOLLOWING COMMENTED OUT CODE BEFORE MERGE
-#COPY tomcat.service /etc/systemd/system/tomcat.service
-#RUN set -e \
-#    && echo "$HR2" >&2 \
-#    && echo "# Calling: 'systemctl enable tomcat'" >&2 \
-#    && echo "# $(systemctl enable tomcat)" >&2 \
-#    && echo "# systemctl status: $?" >&2 \
-#    && echo "$HR" >&2
-#RUN firewall-cmd --add-port 8080/tcp --permanent
-#RUN firewall-cmd --reload
-
 ENV CATALINA_HOME="/usr/share/tomcat"
 ENV PATH="$CATALINA_HOME/bin:$PATH"
 RUN set -e && echo "# CATALINA_HOME: $CATALINA_HOME" >&2
 
 # Install our modified server.xml so that the server compresses responses.
-COPY tomcat11-server.xml /
-RUN set -e \
-    && mv "/tomcat11-server.xml" "$CATALINA_HOME/conf/server.xml" \
-    && chown -R tomcat:tomcat "$CATALINA_HOME/conf/server.xml"
+COPY tomcat11-server.xml "$CATALINA_HOME/conf/server.xml"
+RUN set -e && chown -R tomcat:tomcat "$CATALINA_HOME/conf/server.xml"
+
+# Modernize the mime-type for javascript. from text/javascript to application/javascript
+Run set -e \
+    && sed -i 's+text/javascript+application/javascript+g' ${CATALINA_HOME}/conf/web.xml
 
 RUN set -e \
     && echo "Cleaning up Tomcat distribution files..." >&2 \

From 7a45420b23f44a8a22bd4c6e5210361df75a3ae3 Mon Sep 17 00:00:00 2001
From: ndp-opendap <ndp@opendap.org>
Date: Thu, 12 Mar 2026 14:01:32 -0700
Subject: [PATCH 3/3] Added secure="true" to Connector in tomcat11-server.xml

---
 el9-builds/ngap/tomcat11-server.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/el9-builds/ngap/tomcat11-server.xml b/el9-builds/ngap/tomcat11-server.xml
index 80c71f77..b9adb7ba 100644
--- a/el9-builds/ngap/tomcat11-server.xml
+++ b/el9-builds/ngap/tomcat11-server.xml
@@ -118,6 +118,7 @@
         protocol="org.apache.coyote.http11.Http11NioProtocol"
         maxThreads="150"
         SSLEnabled="true"
+        secure="true"
         compression="force"
         compressionMinSize="2048"
         compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/octet-stream,application/vnd.opendap.dap4.dataset-metadata+xml,application/vnd.opendap.dap4.data,application/vnd.opendap.dap4.error+xml,application/json,application/prs.coverage+json,application/rdf+xml,application/x-netcdf,image/tiff;application=geotiff"