From 4421be142f171f44b25341c5e2b16506ab1f5d9f Mon Sep 17 00:00:00 2001
From: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Date: Wed, 22 Jul 2020 16:06:35 +0200
Subject: [PATCH 1/2] replace wrong comment with documentation link in
 server-config.xml

---
 scm-packaging/deb/pom.xml                     | 28 +++++-
 .../deb/src/main/fs/etc/scm/server-config.xml | 92 ++-----------------
 scm-packaging/docker/pom.xml                  | 10 ++
 .../src/main/fs/etc/scm/server-config.xml     | 92 ++-----------------
 scm-packaging/pom.xml                         | 18 ++++
 scm-packaging/rpm/pom.xml                     | 28 +++++-
 .../rpm/src/main/fs/etc/scm/server-config.xml | 92 ++-----------------
 scm-packaging/unix/pom.xml                    |  3 +-
 .../unix/src/main/assembly/scm-server-app.xml | 14 +++
 .../unix/src/main/fs/conf/server-config.xml   | 92 ++-----------------
 .../src/main/assembly/scm-server-app.xml      | 16 +++-
 .../src/main/fs/conf/server-config.xml        | 92 ++-----------------
 12 files changed, 150 insertions(+), 427 deletions(-)

diff --git a/scm-packaging/deb/pom.xml b/scm-packaging/deb/pom.xml
index 2f1c850838..eaac444cb7 100644
--- a/scm-packaging/deb/pom.xml
+++ b/scm-packaging/deb/pom.xml
@@ -54,6 +54,30 @@
   <build>
     <plugins>
 
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-resources-plugin</artifactId>
+        <version>3.1.0</version>
+        <executions>
+          <execution>
+            <id>copy-resources</id>
+            <phase>prepare-package</phase>
+            <goals>
+              <goal>copy-resources</goal>
+            </goals>
+            <configuration>
+              <outputDirectory>${project.build.directory}/deb/etc/scm</outputDirectory>
+              <resources>          
+                <resource>
+                  <directory>src/main/fs/etc/scm</directory>
+                  <filtering>true</filtering>
+                </resource>
+              </resources>              
+            </configuration>            
+          </execution>
+        </executions>
+      </plugin>
+
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-dependency-plugin</artifactId>
@@ -135,7 +159,7 @@
 
             <data>
               <type>file</type>
-              <src>src/main/fs/etc/scm/logging.xml</src>
+              <src>${project.build.directory}/deb/etc/scm/logging.xml</src>
               <dst>/etc/scm/logging.xml</dst>
               <conffile>true</conffile>
               <mapper>
@@ -148,7 +172,7 @@
 
             <data>
               <type>file</type>
-              <src>src/main/fs/etc/scm/server-config.xml</src>
+              <src>${project.build.directory}/deb/etc/scm/server-config.xml</src>
               <dst>/etc/scm/server-config.xml</dst>
               <conffile>true</conffile>
               <mapper>
diff --git a/scm-packaging/deb/src/main/fs/etc/scm/server-config.xml b/scm-packaging/deb/src/main/fs/etc/scm/server-config.xml
index 89f9d56ca4..217e1ae052 100644
--- a/scm-packaging/deb/src/main/fs/etc/scm/server-config.xml
+++ b/scm-packaging/deb/src/main/fs/etc/scm/server-config.xml
@@ -27,6 +27,14 @@
 <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
 <Configure id="ScmServer" class="org.eclipse.jetty.server.Server">
 
+  <!--
+    This default configuration should match 90% of the use cases, 
+    if you have to change something ensure you know what you are doing.
+
+    For further information on configuration scm-server have a look at:
+    https://www.scm-manager.org/docs/${parsedVersion.majorVersion}.${parsedVersion.minorVersion}.x/en/administration/scm-server/
+  -->
+
   <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
     <!-- increase header size for mercurial -->
     <Set name="requestHeaderSize">16384</Set>
@@ -110,88 +118,4 @@
     </New>
   </Set>
   
-  <!-- TODO fix for jetty 9.2.x -->
-  
-  <!-- request logging -->
-  <!--
-  <Ref id="RequestLog">
-    <Set name="requestLog">
-      <New id="RequestLogImpl" class="org.eclipse.jetty.server.NCSARequestLog">
-        <Arg><SystemProperty name="basedir" default="."/>/var/log/yyyy_mm_dd.request.log</Arg>
-        <Set name="retainDays">90</Set>
-        <Set name="append">true</Set>
-        <Set name="extended">false</Set>
-        <Set name="LogTimeZone">GMT</Set>
-       </New>
-    </Set>
-  </Ref>
-  -->
-
-  <!-- mod_proxy_ajp or mod_jk -->
-  <!--
-  <Call name="addConnector">
-    <Arg>
-       <New class="org.eclipse.jetty.ajp.Ajp13SocketConnector">
-         <Set name="port">8009</Set>
-       </New>
-    </Arg>
-  </Call>
-  -->
-
-  <!-- SSL-Connector -->
-  <!--
-     Documentation for the SSL-Connector: 
-     http://wiki.eclipse.org/Jetty/Reference/SSL_Connectors
-  -->
-  <!--
-  Besure SSLv3 protocol is excluded to avoid POODLE vulnerability.
-  See https://groups.google.com/d/msg/scmmanager/sX_Ydy-wAPA/-Dvs5i7RHtQJ
-  -->
-  <!--
-  <Call name="addConnector">
-    <Arg>
-      <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
-        <Arg>
-          <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
-            <Set name="excludeProtocols">
-              <Array type="java.lang.String">
-                <Item>SSLv2Hello</Item>
-                <Item>SSLv3</Item>
-              </Array>
-            </Set>
-          </New>
-        </Arg>
-        <Set name="Port">8181</Set>
-        <Set name="maxIdleTime">30000</Set>
-        <Set name="requestHeaderSize">16384</Set>
-        <Set name="keystore"><SystemProperty name="basedir" default="." />/conf/keystore.jks</Set>
-        <Set name="password">OBF:xxx</Set>
-        <Set name="keyPassword">OBF:xxx</Set>
-        <Set name="truststore"><SystemProperty name="basedir" default="." />/conf/keystore.jks</Set>
-        <Set name="trustPassword">OBF:xxx</Set>
-      </New>
-    </Arg>
-  </Call>
-  -->
-
-  <!-- JMX support -->
-  <!--
-  <Call id="MBeanServer" class="java.lang.management.ManagementFactory"
-    name="getPlatformMBeanServer" />
-
-  <New id="MBeanContainer" class="org.eclipse.jetty.jmx.MBeanContainer">
-    <Arg>
-      <Ref id="MBeanServer" />
-    </Arg>
-  </New>
-
-  <Get id="Container" name="container">
-    <Call name="addEventListener">
-      <Arg>
-        <Ref id="MBeanContainer" />
-      </Arg>
-    </Call>
-  </Get>
-  -->
-
 </Configure>
diff --git a/scm-packaging/docker/pom.xml b/scm-packaging/docker/pom.xml
index ad3b3abab1..dafb65412d 100644
--- a/scm-packaging/docker/pom.xml
+++ b/scm-packaging/docker/pom.xml
@@ -113,6 +113,16 @@
                 <resource>
                   <directory>src/main/fs</directory>
                   <filtering>false</filtering>
+                  <excludes>
+                    <exclude>**/scm/*</exclude>
+                  </excludes>
+                </resource>
+                <resource>
+                  <directory>src/main/fs</directory>
+                  <filtering>true</filtering>
+                  <includes>
+                    <include>**/scm/*</include>
+                  </includes>
                 </resource>
               </resources>
             </configuration>
diff --git a/scm-packaging/docker/src/main/fs/etc/scm/server-config.xml b/scm-packaging/docker/src/main/fs/etc/scm/server-config.xml
index 89f9d56ca4..217e1ae052 100644
--- a/scm-packaging/docker/src/main/fs/etc/scm/server-config.xml
+++ b/scm-packaging/docker/src/main/fs/etc/scm/server-config.xml
@@ -27,6 +27,14 @@
 <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
 <Configure id="ScmServer" class="org.eclipse.jetty.server.Server">
 
+  <!--
+    This default configuration should match 90% of the use cases, 
+    if you have to change something ensure you know what you are doing.
+
+    For further information on configuration scm-server have a look at:
+    https://www.scm-manager.org/docs/${parsedVersion.majorVersion}.${parsedVersion.minorVersion}.x/en/administration/scm-server/
+  -->
+
   <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
     <!-- increase header size for mercurial -->
     <Set name="requestHeaderSize">16384</Set>
@@ -110,88 +118,4 @@
     </New>
   </Set>
   
-  <!-- TODO fix for jetty 9.2.x -->
-  
-  <!-- request logging -->
-  <!--
-  <Ref id="RequestLog">
-    <Set name="requestLog">
-      <New id="RequestLogImpl" class="org.eclipse.jetty.server.NCSARequestLog">
-        <Arg><SystemProperty name="basedir" default="."/>/var/log/yyyy_mm_dd.request.log</Arg>
-        <Set name="retainDays">90</Set>
-        <Set name="append">true</Set>
-        <Set name="extended">false</Set>
-        <Set name="LogTimeZone">GMT</Set>
-       </New>
-    </Set>
-  </Ref>
-  -->
-
-  <!-- mod_proxy_ajp or mod_jk -->
-  <!--
-  <Call name="addConnector">
-    <Arg>
-       <New class="org.eclipse.jetty.ajp.Ajp13SocketConnector">
-         <Set name="port">8009</Set>
-       </New>
-    </Arg>
-  </Call>
-  -->
-
-  <!-- SSL-Connector -->
-  <!--
-     Documentation for the SSL-Connector: 
-     http://wiki.eclipse.org/Jetty/Reference/SSL_Connectors
-  -->
-  <!--
-  Besure SSLv3 protocol is excluded to avoid POODLE vulnerability.
-  See https://groups.google.com/d/msg/scmmanager/sX_Ydy-wAPA/-Dvs5i7RHtQJ
-  -->
-  <!--
-  <Call name="addConnector">
-    <Arg>
-      <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
-        <Arg>
-          <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
-            <Set name="excludeProtocols">
-              <Array type="java.lang.String">
-                <Item>SSLv2Hello</Item>
-                <Item>SSLv3</Item>
-              </Array>
-            </Set>
-          </New>
-        </Arg>
-        <Set name="Port">8181</Set>
-        <Set name="maxIdleTime">30000</Set>
-        <Set name="requestHeaderSize">16384</Set>
-        <Set name="keystore"><SystemProperty name="basedir" default="." />/conf/keystore.jks</Set>
-        <Set name="password">OBF:xxx</Set>
-        <Set name="keyPassword">OBF:xxx</Set>
-        <Set name="truststore"><SystemProperty name="basedir" default="." />/conf/keystore.jks</Set>
-        <Set name="trustPassword">OBF:xxx</Set>
-      </New>
-    </Arg>
-  </Call>
-  -->
-
-  <!-- JMX support -->
-  <!--
-  <Call id="MBeanServer" class="java.lang.management.ManagementFactory"
-    name="getPlatformMBeanServer" />
-
-  <New id="MBeanContainer" class="org.eclipse.jetty.jmx.MBeanContainer">
-    <Arg>
-      <Ref id="MBeanServer" />
-    </Arg>
-  </New>
-
-  <Get id="Container" name="container">
-    <Call name="addEventListener">
-      <Arg>
-        <Ref id="MBeanContainer" />
-      </Arg>
-    </Call>
-  </Get>
-  -->
-
 </Configure>
diff --git a/scm-packaging/pom.xml b/scm-packaging/pom.xml
index 85ec7e86ac..3b3bc562df 100644
--- a/scm-packaging/pom.xml
+++ b/scm-packaging/pom.xml
@@ -44,6 +44,24 @@
     <deployment.target>https://packages.scm-manager.org</deployment.target>
   </properties>
 
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.codehaus.mojo</groupId>
+        <artifactId>build-helper-maven-plugin</artifactId>
+        <version>3.2.0</version>
+        <executions>
+          <execution>
+            <id>parse-version</id>
+            <goals>
+              <goal>parse-version</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+
   <profiles>
     <profile>
       <id>packaging</id>
diff --git a/scm-packaging/rpm/pom.xml b/scm-packaging/rpm/pom.xml
index bcfe3533eb..1a32923cbf 100644
--- a/scm-packaging/rpm/pom.xml
+++ b/scm-packaging/rpm/pom.xml
@@ -60,6 +60,30 @@
   <build>
     <plugins>
 
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-resources-plugin</artifactId>
+        <version>3.1.0</version>
+        <executions>
+          <execution>
+            <id>copy-resources</id>
+            <phase>prepare-package</phase>
+            <goals>
+              <goal>copy-resources</goal>
+            </goals>
+            <configuration>
+              <outputDirectory>${project.build.directory}/rpm/etc/scm</outputDirectory>
+              <resources>          
+                <resource>
+                  <directory>src/main/fs/etc/scm</directory>
+                  <filtering>true</filtering>
+                </resource>
+              </resources>              
+            </configuration>            
+          </execution>
+        </executions>
+      </plugin>
+
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-dependency-plugin</artifactId>
@@ -172,7 +196,7 @@
 
             <entry>
               <name>/etc/scm/logging.xml</name>
-              <file>src/main/fs/etc/scm/logging.xml</file>
+              <file>${project.build.directory}/rpm/etc/scm/logging.xml</file>
               <user>root</user>
               <group>scm</group>
               <mode>0640</mode>
@@ -181,7 +205,7 @@
 
             <entry>
               <name>/etc/scm/server-config.xml</name>
-              <file>src/main/fs/etc/scm/server-config.xml</file>
+              <file>${project.build.directory}/rpm/etc/scm/server-config.xml</file>
               <user>root</user>
               <group>scm</group>
               <mode>0640</mode>
diff --git a/scm-packaging/rpm/src/main/fs/etc/scm/server-config.xml b/scm-packaging/rpm/src/main/fs/etc/scm/server-config.xml
index 89f9d56ca4..bd3b75b72a 100644
--- a/scm-packaging/rpm/src/main/fs/etc/scm/server-config.xml
+++ b/scm-packaging/rpm/src/main/fs/etc/scm/server-config.xml
@@ -27,6 +27,14 @@
 <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
 <Configure id="ScmServer" class="org.eclipse.jetty.server.Server">
 
+  <!--
+    This default configuration should match 90% of the use cases, 
+    if you have to change something ensure you know what you are doing.
+
+    For further information on configuration scm-server have a look at:
+    https://www.scm-manager.org/docs/${parsedVersion.majorVersion}.${parsedVersion.minorVersion}.x/en/administration/scm-server/
+  -->
+
   <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
     <!-- increase header size for mercurial -->
     <Set name="requestHeaderSize">16384</Set>
@@ -109,89 +117,5 @@
       </Set>
     </New>
   </Set>
-  
-  <!-- TODO fix for jetty 9.2.x -->
-  
-  <!-- request logging -->
-  <!--
-  <Ref id="RequestLog">
-    <Set name="requestLog">
-      <New id="RequestLogImpl" class="org.eclipse.jetty.server.NCSARequestLog">
-        <Arg><SystemProperty name="basedir" default="."/>/var/log/yyyy_mm_dd.request.log</Arg>
-        <Set name="retainDays">90</Set>
-        <Set name="append">true</Set>
-        <Set name="extended">false</Set>
-        <Set name="LogTimeZone">GMT</Set>
-       </New>
-    </Set>
-  </Ref>
-  -->
-
-  <!-- mod_proxy_ajp or mod_jk -->
-  <!--
-  <Call name="addConnector">
-    <Arg>
-       <New class="org.eclipse.jetty.ajp.Ajp13SocketConnector">
-         <Set name="port">8009</Set>
-       </New>
-    </Arg>
-  </Call>
-  -->
-
-  <!-- SSL-Connector -->
-  <!--
-     Documentation for the SSL-Connector: 
-     http://wiki.eclipse.org/Jetty/Reference/SSL_Connectors
-  -->
-  <!--
-  Besure SSLv3 protocol is excluded to avoid POODLE vulnerability.
-  See https://groups.google.com/d/msg/scmmanager/sX_Ydy-wAPA/-Dvs5i7RHtQJ
-  -->
-  <!--
-  <Call name="addConnector">
-    <Arg>
-      <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
-        <Arg>
-          <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
-            <Set name="excludeProtocols">
-              <Array type="java.lang.String">
-                <Item>SSLv2Hello</Item>
-                <Item>SSLv3</Item>
-              </Array>
-            </Set>
-          </New>
-        </Arg>
-        <Set name="Port">8181</Set>
-        <Set name="maxIdleTime">30000</Set>
-        <Set name="requestHeaderSize">16384</Set>
-        <Set name="keystore"><SystemProperty name="basedir" default="." />/conf/keystore.jks</Set>
-        <Set name="password">OBF:xxx</Set>
-        <Set name="keyPassword">OBF:xxx</Set>
-        <Set name="truststore"><SystemProperty name="basedir" default="." />/conf/keystore.jks</Set>
-        <Set name="trustPassword">OBF:xxx</Set>
-      </New>
-    </Arg>
-  </Call>
-  -->
-
-  <!-- JMX support -->
-  <!--
-  <Call id="MBeanServer" class="java.lang.management.ManagementFactory"
-    name="getPlatformMBeanServer" />
-
-  <New id="MBeanContainer" class="org.eclipse.jetty.jmx.MBeanContainer">
-    <Arg>
-      <Ref id="MBeanServer" />
-    </Arg>
-  </New>
-
-  <Get id="Container" name="container">
-    <Call name="addEventListener">
-      <Arg>
-        <Ref id="MBeanContainer" />
-      </Arg>
-    </Call>
-  </Get>
-  -->
 
 </Configure>
diff --git a/scm-packaging/unix/pom.xml b/scm-packaging/unix/pom.xml
index 4d77592d35..81dfbe75c1 100644
--- a/scm-packaging/unix/pom.xml
+++ b/scm-packaging/unix/pom.xml
@@ -24,8 +24,7 @@
     SOFTWARE.
 
 -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 
   <modelVersion>4.0.0</modelVersion>
 
diff --git a/scm-packaging/unix/src/main/assembly/scm-server-app.xml b/scm-packaging/unix/src/main/assembly/scm-server-app.xml
index 1b8728fbc9..0521e69681 100644
--- a/scm-packaging/unix/src/main/assembly/scm-server-app.xml
+++ b/scm-packaging/unix/src/main/assembly/scm-server-app.xml
@@ -39,9 +39,23 @@
 
   <fileSets>
 
+    <!-- 
+      we have to filter server-config.xml and logging.xml,
+      in order to add the correct link to the documentation
+    -->
+
+    <fileSet>
+      <directory>src/main/fs/conf</directory>
+      <filtered>true</filtered>
+      <outputDirectory>conf</outputDirectory>
+    </fileSet>
+
     <fileSet>
       <directory>src/main/fs</directory>
       <filtered>false</filtered>
+      <excludes>
+        <exclude>conf/**</exclude>
+      </excludes>
       <outputDirectory></outputDirectory>
     </fileSet>
 
diff --git a/scm-packaging/unix/src/main/fs/conf/server-config.xml b/scm-packaging/unix/src/main/fs/conf/server-config.xml
index 08814ccf68..8e01822c91 100644
--- a/scm-packaging/unix/src/main/fs/conf/server-config.xml
+++ b/scm-packaging/unix/src/main/fs/conf/server-config.xml
@@ -27,6 +27,14 @@
 <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
 <Configure id="ScmServer" class="org.eclipse.jetty.server.Server">
 
+  <!--
+    This default configuration should match 90% of the use cases, 
+    if you have to change something ensure you know what you are doing.
+
+    For further information on configuration scm-server have a look at:
+    https://www.scm-manager.org/docs/${parsedVersion.majorVersion}.${parsedVersion.minorVersion}.x/en/administration/scm-server/
+  -->
+
   <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
     <!-- increase header size for mercurial -->
     <Set name="requestHeaderSize">16384</Set>
@@ -113,89 +121,5 @@
       </Set>
     </New>
   </Set>
-  
-  <!-- TODO fix for jetty 9.2.x -->
-  
-  <!-- request logging -->
-  <!--
-  <Ref id="RequestLog">
-    <Set name="requestLog">
-      <New id="RequestLogImpl" class="org.eclipse.jetty.server.NCSARequestLog">
-        <Arg><SystemProperty name="basedir" default="."/>/var/log/yyyy_mm_dd.request.log</Arg>
-        <Set name="retainDays">90</Set>
-        <Set name="append">true</Set>
-        <Set name="extended">false</Set>
-        <Set name="LogTimeZone">GMT</Set>
-       </New>
-    </Set>
-  </Ref>
-  -->
-
-  <!-- mod_proxy_ajp or mod_jk -->
-  <!--
-  <Call name="addConnector">
-    <Arg>
-       <New class="org.eclipse.jetty.ajp.Ajp13SocketConnector">
-         <Set name="port">8009</Set>
-       </New>
-    </Arg>
-  </Call>
-  -->
-
-  <!-- SSL-Connector -->
-  <!--
-     Documentation for the SSL-Connector: 
-     http://wiki.eclipse.org/Jetty/Reference/SSL_Connectors
-  -->
-  <!--
-  Besure SSLv3 protocol is excluded to avoid POODLE vulnerability.
-  See https://groups.google.com/d/msg/scmmanager/sX_Ydy-wAPA/-Dvs5i7RHtQJ
-  -->
-  <!--
-  <Call name="addConnector">
-    <Arg>
-      <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
-        <Arg>
-          <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
-            <Set name="excludeProtocols">
-              <Array type="java.lang.String">
-                <Item>SSLv2Hello</Item>
-                <Item>SSLv3</Item>
-              </Array>
-            </Set>
-          </New>
-        </Arg>
-        <Set name="Port">8181</Set>
-        <Set name="maxIdleTime">30000</Set>
-        <Set name="requestHeaderSize">16384</Set>
-        <Set name="keystore"><SystemProperty name="basedir" default="." />/conf/keystore.jks</Set>
-        <Set name="password">OBF:xxx</Set>
-        <Set name="keyPassword">OBF:xxx</Set>
-        <Set name="truststore"><SystemProperty name="basedir" default="." />/conf/keystore.jks</Set>
-        <Set name="trustPassword">OBF:xxx</Set>
-      </New>
-    </Arg>
-  </Call>
-  -->
-
-  <!-- JMX support -->
-  <!--
-  <Call id="MBeanServer" class="java.lang.management.ManagementFactory"
-    name="getPlatformMBeanServer" />
-
-  <New id="MBeanContainer" class="org.eclipse.jetty.jmx.MBeanContainer">
-    <Arg>
-      <Ref id="MBeanServer" />
-    </Arg>
-  </New>
-
-  <Get id="Container" name="container">
-    <Call name="addEventListener">
-      <Arg>
-        <Ref id="MBeanContainer" />
-      </Arg>
-    </Call>
-  </Get>
-  -->
 
 </Configure>
diff --git a/scm-packaging/windows/src/main/assembly/scm-server-app.xml b/scm-packaging/windows/src/main/assembly/scm-server-app.xml
index b83ab7b431..2062e53f68 100644
--- a/scm-packaging/windows/src/main/assembly/scm-server-app.xml
+++ b/scm-packaging/windows/src/main/assembly/scm-server-app.xml
@@ -39,12 +39,26 @@
 
   <fileSets>
 
+      <!-- 
+      we have to filter server-config.xml and logging.xml,
+      in order to add the correct link to the documentation
+    -->
+
+    <fileSet>
+      <directory>src/main/fs/conf</directory>
+      <filtered>true</filtered>
+      <outputDirectory>conf</outputDirectory>
+    </fileSet>
+
     <fileSet>
       <directory>src/main/fs</directory>
       <filtered>false</filtered>
+      <excludes>
+        <exclude>conf/**</exclude>
+      </excludes>
       <outputDirectory></outputDirectory>
     </fileSet>
-
+    
     <fileSet>
       <directory>target/windows</directory>
       <filtered>false</filtered>
diff --git a/scm-packaging/windows/src/main/fs/conf/server-config.xml b/scm-packaging/windows/src/main/fs/conf/server-config.xml
index 8aa4333bdc..bbcc515670 100644
--- a/scm-packaging/windows/src/main/fs/conf/server-config.xml
+++ b/scm-packaging/windows/src/main/fs/conf/server-config.xml
@@ -27,6 +27,14 @@
 <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
 <Configure id="ScmServer" class="org.eclipse.jetty.server.Server">
 
+  <!--
+    This default configuration should match 90% of the use cases, 
+    if you have to change something ensure you know what you are doing.
+
+    For further information on configuration scm-server have a look at:
+    https://www.scm-manager.org/docs/${parsedVersion.majorVersion}.${parsedVersion.minorVersion}.x/en/administration/scm-server/
+  -->
+
   <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
     <!-- increase header size for mercurial -->
     <Set name="requestHeaderSize">16384</Set>
@@ -114,89 +122,5 @@
       </Set>
     </New>
   </Set>
-  
-  <!-- TODO fix for jetty 9.2.x -->
-  
-  <!-- request logging -->
-  <!--
-  <Ref id="RequestLog">
-    <Set name="requestLog">
-      <New id="RequestLogImpl" class="org.eclipse.jetty.server.NCSARequestLog">
-        <Arg><SystemProperty name="basedir" default="."/>/var/log/yyyy_mm_dd.request.log</Arg>
-        <Set name="retainDays">90</Set>
-        <Set name="append">true</Set>
-        <Set name="extended">false</Set>
-        <Set name="LogTimeZone">GMT</Set>
-       </New>
-    </Set>
-  </Ref>
-  -->
-
-  <!-- mod_proxy_ajp or mod_jk -->
-  <!--
-  <Call name="addConnector">
-    <Arg>
-       <New class="org.eclipse.jetty.ajp.Ajp13SocketConnector">
-         <Set name="port">8009</Set>
-       </New>
-    </Arg>
-  </Call>
-  -->
-
-  <!-- SSL-Connector -->
-  <!--
-     Documentation for the SSL-Connector: 
-     http://wiki.eclipse.org/Jetty/Reference/SSL_Connectors
-  -->
-  <!--
-  Besure SSLv3 protocol is excluded to avoid POODLE vulnerability.
-  See https://groups.google.com/d/msg/scmmanager/sX_Ydy-wAPA/-Dvs5i7RHtQJ
-  -->
-  <!--
-  <Call name="addConnector">
-    <Arg>
-      <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
-        <Arg>
-          <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
-            <Set name="excludeProtocols">
-              <Array type="java.lang.String">
-                <Item>SSLv2Hello</Item>
-                <Item>SSLv3</Item>
-              </Array>
-            </Set>
-          </New>
-        </Arg>
-        <Set name="Port">8181</Set>
-        <Set name="maxIdleTime">30000</Set>
-        <Set name="requestHeaderSize">16384</Set>
-        <Set name="keystore"><SystemProperty name="basedir" default="." />/conf/keystore.jks</Set>
-        <Set name="password">OBF:xxx</Set>
-        <Set name="keyPassword">OBF:xxx</Set>
-        <Set name="truststore"><SystemProperty name="basedir" default="." />/conf/keystore.jks</Set>
-        <Set name="trustPassword">OBF:xxx</Set>
-      </New>
-    </Arg>
-  </Call>
-  -->
-
-  <!-- JMX support -->
-  <!--
-  <Call id="MBeanServer" class="java.lang.management.ManagementFactory"
-    name="getPlatformMBeanServer" />
-
-  <New id="MBeanContainer" class="org.eclipse.jetty.jmx.MBeanContainer">
-    <Arg>
-      <Ref id="MBeanServer" />
-    </Arg>
-  </New>
-
-  <Get id="Container" name="container">
-    <Call name="addEventListener">
-      <Arg>
-        <Ref id="MBeanContainer" />
-      </Arg>
-    </Call>
-  </Get>
-  -->
 
 </Configure>

From 946ede1e8819244aa8a78312f474f1c16d70e5c6 Mon Sep 17 00:00:00 2001
From: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Date: Thu, 23 Jul 2020 09:28:11 +0200
Subject: [PATCH 2/2] updates scm-server with https documentation

---
 docs/en/administration/scm-server-ssl.md | 117 ---------------
 docs/en/administration/scm-server.md     | 183 +++++++++++++++++++++++
 docs/en/navigation.yml                   |   2 +-
 3 files changed, 184 insertions(+), 118 deletions(-)
 delete mode 100644 docs/en/administration/scm-server-ssl.md
 create mode 100644 docs/en/administration/scm-server.md

diff --git a/docs/en/administration/scm-server-ssl.md b/docs/en/administration/scm-server-ssl.md
deleted file mode 100644
index 71debe72c6..0000000000
--- a/docs/en/administration/scm-server-ssl.md
+++ /dev/null
@@ -1,117 +0,0 @@
----
-title: SCM-Server SSL
----
-
-<!--
-TODO: Update 
-Node: https://ssl-config.mozilla.org/#server=jetty&version=9.4.28&config=intermediate&guideline=5.4
--->
-
-**Note**: This document describes a ssl configuration with a
-        self-signed certificate
-
-1\. Open a shell and go to the conf directory of the scm-server
-
-2\. Create a certificate request. Replace all variables (\*varname\*) 
-
-```bash
-$ keytool -genkey -alias scm -keyalg RSA -keystore keystore.jks
-
-Enter keystore password: your password
-Re-enter new password: your password
-What is your first and last name?
-  [Unknown]:  *your servername*
-What is the name of your organizational unit?
-  [Unknown]:  *organisation unit*
-What is the name of your organization?
-  [Unknown]:  *organisation*
-What is the name of your City or Locality?
-  [Unknown]:  *city*
-What is the name of your State or Province?
-  [Unknown]:  *state*
-What is the two-letter country code for this unit?
-  [Unknown]:  *country code*
-Is CN=your servername, OU=your organisation unit, O=your organisation, L=your city, ST=your state, C=cc correct?
-  [no]:  yes
-
-Enter key password for <scm>
-	(RETURN if same as keystore password): *password*
-Re-enter new password: *password*
-```
-
-**Note**: You have to enter the full qualified hostname of your
-        server for the cn (cn = What is your first and last name?)
-
-3\. Edit the server-config.xml, uncomment the SSL-Connector and set your
-password. For example:
-
-```xml
-<Call name="addConnector">
-  <Arg>
-    <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
-       <Arg>
-       <!--
-       Exclude SSLv3 to avoid POODLE vulnerability.
-       See https://groups.google.com/d/msg/scmmanager/sX_Ydy-wAPA/-Dvs5i7RHtQJ
-        -->
-         <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
-           <Set name="excludeProtocols">
-             <Array type="java.lang.String">
-               <Item>SSLv2Hello</Item>
-               <Item>SSLv3</Item>
-             </Array>
-           </Set>
-         </New>
-      </Arg>
-      <Set name="Port">8181</Set>
-      <Set name="maxIdleTime">30000</Set>
-      <Set name="keystore"><SystemProperty name="basedir" default="." />/conf/keystore.jks</Set>
-      <Set name="password">*password*</Set>
-      <Set name="keyPassword">*password*</Set>
-      <Set name="truststore"><SystemProperty name="basedir" default="." />/conf/keystore.jks</Set>
-      <Set name="trustPassword">*password*</Set>
-    </New>
-  </Arg>
-</Call>
-```
-
-4\. Start or restart the scm-server
-
-**Note**: It looks like there is a error in some version of
-        OpenJDK (issues \#84 and \#151). If you have such a problem,
-        please try to use the Oracle JDK.
-
-### Configure Git
-
-1\. Export the certificate from keystore: 
-
-```bash
-$ keytool -exportcert -keystore keystore.jks -alias scm -rfc -file cert.pem
-```
-
-2\. Copy the certificate to your client and add it to your git config: 
-
-```bash
-$ git config http.sslCAInfo /complete/path/to/cert.pem
-```
-
-### Configure Mercurial
-
-1\. Export the certificate from keystore: 
-
-```bash
-$ keytool -exportcert -keystore keystore.jks -alias scm -rfc -file cert.pem
-```
-
-2\. Copy the certificate to your client and add it to your .hgrc config
-file: 
-
-```bash
-[web]
-cacerts = /complete/path/to/cert.pem
-```
-
-### Sources
-
-- [Keytool](http://download.oracle.com/javase/1.4.2/docs/tooldocs/windows/keytool.html)
-- [Jetty SSL-Connectors](http://wiki.eclipse.org/Jetty/Reference/SSL_Connectors)
diff --git a/docs/en/administration/scm-server.md b/docs/en/administration/scm-server.md
new file mode 100644
index 0000000000..fb382e03f2
--- /dev/null
+++ b/docs/en/administration/scm-server.md
@@ -0,0 +1,183 @@
+---
+title: SCM-Server Configuration
+subtitle: Various configuration options for the SCM-Server
+displayToc: true
+---
+
+## Https
+
+In order to use https with scm-server, you need a keystore with a certificate and the corresponding secret key.
+In the following we will use `openssl` to create a self signed certificate for demonstration purposes. 
+
+### Create self signed certificate
+
+**Warning**: Do not use self signed certificates in production, this is only for demonstration purposes.
+
+```bash
+openssl req -new -x509 -newkey rsa:2048 -sha256 -keyout tls.key -out tls.crt
+```
+
+This command will ask a few questions about metadata for generated certificate:
+
+* PEM pass phrase: This is a password to protect the scret key
+* Country Name (2 letter code)
+* State or Province Name (full name)
+* Locality Name (eg, city)
+* Organization Name (eg, company)
+* Organizational Unit Name (eg, section)
+* Common Name (eg, fully qualified host name)
+* Email Address
+
+Make sure that the common name matches the fqdn, which you are using to access SCM-Manager.
+
+#### Browsers
+
+In order to use a self signed certificate the certificate must be imported into you browser.
+
+#### Configure Git
+
+To use git with a self signed certificate, we have to add the certificate path to the configuration.
+
+```bash
+git config http.sslCAInfo /complete/path/to/tls.crt
+```
+
+#### Configure Mercurial
+
+To use mercurial with a self signed certificate, we have to add the certificate path to the configuration.
+
+```ini
+[web]
+cacerts = /complete/path/to/cert.pem
+```
+
+### Create keystore
+
+Create a keystore in pkcs12 format.
+This command can be used with the self signed certificate from above or with a valid certificate from an authority.
+
+```bash
+openssl pkcs12 -inkey tls.key -in tls.crt -export -out keystore.pkcs12
+```
+
+If your secret key is protected with a pass phrase, you have to enter it first.
+Than you have to enter an export password to protect your keystore.
+
+### Server configuration
+
+Add the following snippet at the end of your `server-config.xml`, be sure it is inside the `Configure` tag:
+
+```xml
+<!-- ssl configuration start -->
+
+<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
+  <!-- 
+    path to your keystore, it can be a java keystore or in the pkcs12 format
+  -->
+  <Set name="KeyStorePath">
+    <SystemProperty name="basedir" default="."/>/conf/keystore.pkcs12
+  </Set>
+  <!--
+    use pkcs12 or jks for java keystore
+  -->
+  <Set name="KeyStoreType">PKCS12</Set>
+  <!--
+    the password of you keystore
+  -->
+  <Set name="KeyStorePassword">secret</Set>
+
+  <!--
+    For a more up to date list of ciphers and protocols, have a look at the mozilla ssl configurator:
+    https://ssl-config.mozilla.org/#server=jetty&version=9.4.28&config=intermediate&guideline=5.4
+  -->
+
+  <!-- TLS 1.3 requires Java 11 or higher -->
+  <Set name="IncludeProtocols">
+    <Array type="String">
+        <Item>TLSv1.2</Item>
+        <Item>TLSv1.3</Item>
+    </Array>
+  </Set>
+
+  <Set name="IncludeCipherSuites">
+    <Array type="String">
+      <Item>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</Item>
+      <Item>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</Item>
+      <Item>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</Item>
+      <Item>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</Item>
+      <Item>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</Item>
+      <Item>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</Item>
+      <Item>TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</Item>
+      <Item>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</Item>
+    </Array>
+  </Set>
+
+  <Set name="useCipherSuitesOrder">
+    <Property name="jetty.sslContext.useCipherSuitesOrder" default="false" />
+  </Set>
+</New>
+
+<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
+  <Arg>
+    <Ref refid="httpConfig"/>
+  </Arg>
+  <Call name="addCustomizer">
+    <Arg>
+      <New class="org.eclipse.jetty.server.SecureRequestCustomizer">
+        <Arg name="sniRequired" type="boolean"><Property name="jetty.ssl.sniRequired" default="false"/></Arg>
+        <Arg name="sniHostCheck" type="boolean"><Property name="jetty.ssl.sniHostCheck" default="true"/></Arg>
+        <Arg name="stsMaxAgeSeconds" type="int"><Property name="jetty.ssl.stsMaxAgeSeconds" default="-1"/></Arg>
+        <Arg name="stsIncludeSubdomains" type="boolean"><Property name="jetty.ssl.stsIncludeSubdomains" default="false"/></Arg>
+      </New>
+    </Arg>
+  </Call>
+</New>
+
+<Call name="addConnector">
+  <Arg>
+    <New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
+      <Arg name="server">
+        <Ref refid="ScmServer" />
+      </Arg>
+      <Arg name="factories">
+        <Array type="org.eclipse.jetty.server.ConnectionFactory">
+          <Item>
+            <New class="org.eclipse.jetty.server.SslConnectionFactory">
+              <Arg name="next">http/1.1</Arg>
+              <Arg name="sslContextFactory">
+                <Ref refid="sslContextFactory"/>
+              </Arg>
+            </New>
+          </Item>
+          <Item>
+            <New class="org.eclipse.jetty.server.HttpConnectionFactory">
+              <Arg name="config">
+                <Ref refid="sslHttpConfig" />
+              </Arg>
+            </New>
+          </Item>
+        </Array>
+      </Arg>
+      <!--
+        Address to listen 0.0.0.0 means on every interface
+      -->
+      <Set name="host">
+        <SystemProperty name="jetty.host" default="0.0.0.0" />
+      </Set>
+      <!--
+        Port for the https connector
+      -->
+      <Set name="port">
+        <Property name="jetty.ssl.port" default="8443" />
+      </Set>
+    </New>
+  </Arg>
+</Call>
+
+<!-- ssl configuration end -->
+```
+
+The snipped above assumes your keystore is in the pkcs12 format and is stored at `conf/keystore.pkcs12` with the password `secret`.
+You have to tweek this settings to match your setup.
+After modifying your `server-config.xml`, you have to **restart** your SCM-Manager instance.
+Now SCM-Manager should open a second port with **https** (in the example above **8443**).
diff --git a/docs/en/navigation.yml b/docs/en/navigation.yml
index 55d9971267..e696c98bc6 100644
--- a/docs/en/navigation.yml
+++ b/docs/en/navigation.yml
@@ -16,7 +16,7 @@
   entries:
   - /administration/basedirectory/
   - /administration/logging/
-  - /administration/scm-server-ssl/
+  - /administration/scm-server/
   - /administration/reverse-proxies/
 
 - section: Development