docker startup improvements

docker/src/main/image-files/app/startup.sh

@@ -1,9 +1,35 @@
 #!/usr/bin/env bash
-#Docker Container startup script
-
-JAVA_OPTS="$(sed 's/./&/' /app/java.vmoptions | tr '\n' ' ')"
-export JAVA_OPTS
+#Docker container startup script
 
 mkdir -p /config/logs
 
-java $JAVA_OPTS -jar /app/libs/*onejar*.jar -applicationPath /config
+PRIMARY_OPTIONS_FILE="/app/java.vmoptions"
+USER_OPTIONS_FILE="/config/java.vmoptions"
+USER_REPLACE_FILE="/config/java.vmoptions.replace"
+
+JAVA_OPTS=""
+
+if [[ -f ${PRIMARY_OPTIONS_FILE} ]]; then
+   echo "file $PRIMARY_OPTIONS_FILE exists, adding to java options"
+   JAVA_OPTS+="$(sed 's/./&/' ${PRIMARY_OPTIONS_FILE} | tr '\n' ' ')"
+else
+   echo "file $PRIMARY_OPTIONS_FILE does not exist."
+fi
+
+if [[ -f ${USER_OPTIONS_FILE} ]]; then
+   if [[ -f ${USER_REPLACE_FILE} ]]; then
+      echo "file $USER_OPTIONS_FILE and $USER_REPLACE_FILE both exists, replacing java options"
+      JAVA_OPTS="$(sed 's/./&/' ${USER_OPTIONS_FILE} | tr '\n' ' ')"
+   else
+      echo "file $USER_OPTIONS_FILE exists, adding to java options"
+      JAVA_OPTS+="$(sed 's/./&/' ${USER_OPTIONS_FILE} | tr '\n' ' ')"
+   fi
+else
+   echo "file $USER_OPTIONS_FILE does not exist."
+fi
+
+export JAVA_OPTS
+echo "effective java options: $JAVA_OPTS"
+
+echo "starting java"
+java ${JAVA_OPTS} -jar /app/libs/*onejar*.jar -applicationPath /config

onejar/src/main/java/password/pwm/onejar/TomcatOnejarRunner.java

@@ -53,7 +53,7 @@ import java.util.stream.Collectors;
 
 public class TomcatOnejarRunner
 {
-    final OnejarMain onejarMain;
+    private final OnejarMain onejarMain;
 
     public TomcatOnejarRunner( final OnejarMain onejarMain )
     {
@@ -81,6 +81,7 @@ public class TomcatOnejarRunner
         setupEnv( onejarConfig );
 
         final Tomcat tomcat = new Tomcat();
+        tomcat.setSilent( true );
 
         {
             final File basePath = new File( onejarConfig.getWorkingPath().getPath() + File.separator + "b" );
@@ -164,6 +165,8 @@ public class TomcatOnejarRunner
         connector.setAttribute( "keyAlias", OnejarMain.KEYSTORE_ALIAS );
         connector.setAttribute( "clientAuth", "false" );
 
+        connector.addUpgradeProtocol( new org.apache.coyote.http2.Http2Protocol() );
+
         out( "connector maxThreads=" + connector.getAttribute( "maxThreads" ) );
         out( "connector maxConnections=" + connector.getAttribute( "maxConnections" ) );
 
@@ -239,7 +242,7 @@ public class TomcatOnejarRunner
         }
     }
 
-    void setupEnv( final OnejarConfig onejarConfig )
+    private void setupEnv( final OnejarConfig onejarConfig )
     {
         final String envVarPrefix = Resource.envVarPrefix.getValue();
         System.setProperty( envVarPrefix + "_APPLICATIONPATH", onejarConfig.getApplicationPath().getAbsolutePath() );
@@ -247,7 +250,7 @@ public class TomcatOnejarRunner
         System.setProperty( envVarPrefix + "_APPLICATIONPARAMFILE", onejarConfig.getPwmAppPropertiesFile().getAbsolutePath() );
     }
 
-    void outputPwmAppProperties( final OnejarConfig onejarConfig ) throws IOException
+    private void outputPwmAppProperties( final OnejarConfig onejarConfig ) throws IOException
     {
         final Properties properties = new Properties();
         properties.setProperty( "AutoExportHttpsKeyStoreFile", onejarConfig.getKeystoreFile().getAbsolutePath() );
@@ -260,7 +263,7 @@ public class TomcatOnejarRunner
         }
     }
 
-    void copyFileAndReplace(
+    private void copyFileAndReplace(
             final String srcPath,
             final String destPath,
             final String rootcontext

server/src/main/java/password/pwm/util/cli/commands/ExportHttpsTomcatConfigCommand.java

@@ -132,7 +132,7 @@ public class ExportHttpsTomcatConfigCommand extends AbstractCliCommand
             for ( final Iterator<TLSVersion> versionIterator = tlsVersions.iterator(); versionIterator.hasNext(); )
             {
                 final TLSVersion tlsVersion = versionIterator.next();
-                output.append( tlsVersion.getTomcatValueName() );
+                output.append( "+" ).append( tlsVersion.getTomcatValueName() );
                 if ( versionIterator.hasNext() )
                 {
                     output.append( ", " );