Unidata · lesserwhirls · Jan 17, 2025 · Jan 17, 2025 · Jan 17, 2025
@@ -77,5 +77,7 @@ docset_name: adminguide
 # this will appear in the sidebar and various doc pages
 netcdf-java_docset_version: 5.7
 
-# this will appear in various doc pages
-tomcat_version: 10.0
+# these will appear in various doc pages
+tomcat_version: 10.1
+java_version: 17
+servlet_spec: 3.1
@@ -34,7 +34,7 @@ Please visit the [Support](support.html) page for information on which version o
 |------------|------------------|
 | File Type | Link For Download |
 |-------------|-----------------|
-| OpenJDK Java | [https://adoptopenjdk.net/](https://adoptopenjdk.net/){:target="_blank"} |
+| OpenJDK Java | [https://adoptium.net/](https://adoptium.net/){:target="_blank"} |
 | Apache Tomcat Servlet Container` | [http://tomcat.apache.org/](http://tomcat.apache.org/){:target="_blank"} |
 | Tomcat Docker Image | [https://hub.docker.com/r/unidata/tomcat-docker](https://hub.docker.com/r/unidata/tomcat-docker){:target="_blank"} |
 

@@ -24,8 +24,8 @@ Deprecated classes and methods have been removed, and the module structure and t
 
 As of TDS 5, the following are considered to be minimum system requirements:
 
-* Java 11 or above
-* Apache Tomcat 8.5 or above (or a servlet contain that supports servlet specification 3.1)
+* Java {{ site.java_version }} or above
+* Apache Tomcat {{ site.tomcat_version }} or above (or a servlet container that supports servlet specification {{ site.servlet_spec }})
 
 ## JVM Setting Requirement Changes
 

@@ -8,8 +8,8 @@ permalink: system_requirements.html
 
 ## Minimum Requirements
 
-* OpenJDK Java 11 or above
-* Apache Tomcat 8.5 or above (or a servlet contain that supports servlet specification 3.1)
+* OpenJDK Java {{ site.java_version }} or above
+* Apache Tomcat {{ site.tomcat_version }} or above (or a servlet container that supports servlet specification {{ site.servlet_spec }})
 * 64-bit operating system
 * High-performance file system
 
@@ -18,7 +18,7 @@ permalink: system_requirements.html
 
 Unidata develops, tests, and runs/deploys the THREDDS Data Server using:
 
-* OpenJDK Java 
+* Eclipse Temurin 
 * Apache Tomcat servlet container
 * Linux OS
 * [ZFS](https://zfsonlinux.org/){:target="_blank"} for Linux systems

@@ -25,17 +25,17 @@ There are two methods to accomplish this:
 
 ### Tomcat-Apache Proxy Documentation
 
-* [Tomcat Connectors](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/connectors.html){:target="_blank"}
+* [Tomcat Connectors](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/connectors.html){:target="_blank"}
   Documentation describing the difference between the Tomcat HTTP and AJP connectors.
 * `mod_proxy`
-   * [Tomcat HTTP Connector](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/config/http.html){:target="_blank"}
+   * [Tomcat HTTP Connector](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/http.html){:target="_blank"}
      Configuration for the Tomcat HTTP connector (for use with Apache's mod_proxy).
-   * [Tomcat Proxy Support - How To](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/proxy-howto.html){:target="_blank"}
+   * [Tomcat Proxy Support - How To](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/proxy-howto.html){:target="_blank"}
      Tomcat documentation showing how to use the build-in Apache module mod_proxy for Apache versions 1.3X and 2.X.
 * `mod_jk`
-  * [Tomcat AJP Connector](https://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html){:target="_blank"}
+  * [Tomcat AJP Connector](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/ajp.html){:target="_blank"}
     Configuration for the Tomcat AJP connector (for use with Apache's mod_jk).
-  * [Tomcat Reverse Proxy - How To](https://tomcat.apache.org/tomcat-8.5-doc/proxy-howto.html){:target="_blank"}
+  * [Tomcat Reverse Proxy - How To](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/proxy-howto.html){:target="_blank"}
     Configurations and fine-tuning of a reverse proxy set up using the mod_jk Apache module.
 
     {%include note.html content="
@@ -188,9 +188,10 @@ The following example shows how to implement a proxy using the Apache HTTPD serv
                   protocol="AJP/1.3" />
    ~~~
 
-   {% include info.html content="
-   Consult the Tomcat documentation for more information about the [AJP Connector](https://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html){:target='_blank'} configuration options.
-   " %}
+   {% capture ajp_connector %}
+   Consult the Tomcat documentation for more information about the [AJP Connector](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/ajp.html){:target='_blank'} configuration options.
+   {% endcapture %}  
+   {% include info.html content=ajp_connector %}
 
 2. Disable any active `Java HTTP/1.1 Connector` and the `SSL HTTP/1.1 Connector` Tomcat connectors.
 

@@ -15,7 +15,7 @@ We also recommend restricting the permissions of the Tomcat `user/group` within
 
    ~~~bash
    # cd /usr/local
-   # chown -R tomcat:tomcat apache-tomcat-8.5.34
+   # chown -R tomcat:tomcat apache-tomcat-{{ site.tomcat_version }}.x
    # ls -l tomcat
    total 148
    drwxr-x--- 2 tomcat tomcat  4096 Oct 24 14:22 bin
@@ -82,7 +82,7 @@ We also recommend restricting the permissions of the Tomcat `user/group` within
 
 4. Change the user/group permissions of the files and subdirectories in `${tomcat_home}/conf` directory. 
 
-   (Depending on the web applications you are running and/or your virtual host configurations, Tomcat may create a `${tomcat_home}/conf/Catalina` directory with corresponding subdirectories and files for [context](https://tomcat.apache.org/tomcat-8.5-doc/virtual-hosting-howto.html#Configuring_Your_Contexts){:target="_blank"} information.)  
+   (Depending on the web applications you are running and/or your virtual host configurations, Tomcat may create a `${tomcat_home}/conf/Catalina` directory with corresponding subdirectories and files for [context](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/virtual-hosting-howto.html#Configuring_Your_Contexts){:target="_blank"} information.)  
 
     ~~~bash
     # cd /usr/local/tomcat/conf

@@ -57,7 +57,7 @@ This affects the number of files to keep in the [File Handle Caches](#file-handl
 
 ### Version
 
-We recommend the latest stable version of Tomcat 8 and JDK 1.8.
+We recommend the latest stable version of Tomcat {{ site.tomcat_version }} and JDK 1.8.
 
 ### Compression
 
@@ -75,7 +75,7 @@ Have a look at the `compression` and `compressibleMimeType` attributes of the To
 ~~~
 
 This says to compress (`gzip` or `deflate`) when the number of bytes is `>= 1000`, for the named `mime-types`.
-See the Tomcat HTTP Connector [reference page](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/config/http.html){:target="_blank"} for more details.
+See the Tomcat HTTP Connector [reference page](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/http.html){:target="_blank"} for more details.
 
 ### Automatic Startup
 

@@ -20,7 +20,7 @@ This section assumes you have successfully installed the JDK and Tomcat Servlet
 * Provides server status statistics for the JVM and each connector you have configured in `${tomcat_home}/conf/server.xml`.
 
 
-For more information about the Tomcat manager application, see the [Tomcat Manager App HOW-TO](https://tomcat.apache.org/tomcat-8.5-doc/manager-howto.html){:target='_blank'} documentation.
+For more information about the Tomcat manager application, see the [Tomcat Manager App HOW-TO](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html){:target='_blank'} documentation.
 
 
 ## Accessing The Manager Application
@@ -57,10 +57,10 @@ This will be done in the following 2 steps:
    <Context privileged="true" antiResourceLocking="false" docBase="${catalina.home}/webapps/manager"/>
    ~~~
 
-   {%include note.html content="  
-   For more information about web application context configuration files and their security options, please review the [Tomcat Manager App How-To](http://tomcat.apache.org/tomcat-8.5-doc/manager-howto.html#Introduction){:target='_blank'} documentation.
-   " %} 
-
+   {% capture context_config %}
+   For more information about web application context configuration files and their security options, please review the [Tomcat Manager App How-To](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html#Introduction){:target='_blank'} documentation.
+   {% endcapture %}  
+   {% include info.html content=context_config %}
 
 #### II. Modify `tomcat-users.xml`
 

@@ -97,9 +97,10 @@ A Tomcat Realm represents a "database" of usernames, passwords, and roles assign
    supersecretpassword:bb7a2b6cf8da7122125c663fc1585808170b2027677195e0ad121f87b27320ae$1$55003acb56e907b19d29d3b4211dc98c837354690bc90579742d6747efeec4ea
    ~~~
 
-    {% include note.html content="
-    To use a different algorithm, a salt, or to limit the length of the resulting password hash, consult the [syntax options](https://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html#Digested_Passwords){:target='_blank'} for the `tomcat_home/bin/digest.[bat|sh]` script.
-    " %}
+   {% capture algo %}  
+   To use a different algorithm, a salt, or to limit the length of the resulting password hash, consult the [syntax options](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/realm-howto.html#Digested_Passwords){:target='_blank'} for the `tomcat_home/bin/digest.[bat|sh]` script.
+   {% endcapture %}  
+   {% include info.html content=algo %}
 
 3. Update `${tomcat_home}/conf/tomcat-users.xml` to replace your clear-text password with the encrypted version:
 

@@ -17,7 +17,7 @@ The following must be performed to create a secure connection for a web applicat
 
 The following example demonstrates enabling Transport Layer Security in the Tomcat Servlet Container on a linux system as the `root` user. 
 
-1. [Import](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target="_blank"} your CA-signed certificate into the keystore file as per the [Tomcat documentation](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target="_blank"}.
+1. [Import](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target="_blank"} your CA-signed certificate into the keystore file as per the [Tomcat documentation](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/ssl-howto.html#Prepare_the_Certificate_Keystore){:target="_blank"}.
 
 
    {% include important.html content="
@@ -61,11 +61,11 @@ The following example demonstrates enabling Transport Layer Security in the Tomc
 
    {% capture connector %}
    Tomcat also offers a `SSL/TLS HTTP/1.1 Connector` which utilizes `APR/native implementation`. 
-   Consult the [Documentation](http://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/config/http.html){:target='_blank'} to see if you should use this connector in lieu of the `NIO implementation SSL HTTP/1.1` connector.
+   Consult the [Documentation](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/http.html){:target='_blank'} to see if you should use this connector in lieu of the `NIO implementation SSL HTTP/1.1` connector.
    {% endcapture %}
    {% include info.html content=connector %}
 
-    Specify the keystore file in the `certificateKeystoreFile` attribute of the `Certificate` element to tell Tomcat where to find your keystore (the path will be relative to `${tomcat_home}` directory).  
+   Specify the keystore file in the `certificateKeystoreFile` attribute of the `Certificate` element to tell Tomcat where to find your keystore (the path will be relative to `${tomcat_home}` directory).  
 
    In this example, the keystore file is `${tomcat_home}/conf/tds-keystore`:
 

@@ -22,6 +22,6 @@ Tomcat "ships" with several default web applications you may want to consider re
   To use this application, you must add a user with role of `admin-gui` in `tomcat-users.xml`. 
   If you are not planning to do a lot of virtual hosting in Tomcat this application should be removed.
 * The `examples` application should probably be removed from a production server to minimize security exposure.
-* The docs are a copy of the [Online tomcat documentation](https://tomcat.apache.org/tomcat-8.5-doc/){:target="_blank"}. 
+* The docs are a copy of the [Online tomcat documentation](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/){:target="_blank"}. 
   Unless you have need for a local copy, removing docs would help to tidy-up `${tomcat_home}/webapps`.
 
@@ -64,11 +64,10 @@ The `RemoteHostValve` compares the client hostname against one or more regular e
               deny=".*\.bandwidthhogs\.com" />
    ~~~  
 
-{% capture remote_host_valve %}
-    Consult the Tomcat [Remote Host Valve](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/config/valve.html#Remote_Host_Valve){:target='_blank'}  documentation for more information about valve syntax and options.
-{% endcapture %}
-
-    {% include info.html content=remote_host_valve%}
+   {% capture remote_host_valve %}
+      Consult the Tomcat [Remote Host Valve](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html#Remote_Host_Valve){:target='_blank'}  documentation for more information about valve syntax and options.
+   {% endcapture %}
+   {% include info.html content=remote_host_valve%}
 
 
 ## Limit Access To Parts Or Entire TDS By User/Role

@@ -93,7 +93,7 @@ The following example demonstrates enabling TLS/SSL for the Tomcat Manager Appli
    </security-constraint>
    ~~~
 
-   The Tomcat 8.x version of the Manager application deployment descriptor contains a `<security-constraint>` section for each of the four possible `ContactPaths` (as per [Manager Application](https://tomcat.apache.org/migration.html){:target="_blank"} section of the Tomcat Migration Guide).
+   The Tomcat {{ site.tomcat_version }} version of the Manager application deployment descriptor contains a `<security-constraint>` section for each of the four possible `ContactPaths` (as per [Manager Application](https://tomcat.apache.org/migration.html){:target="_blank"} section of the Tomcat Migration Guide).
 
    Add a `<user-data-constraint>` with a `<transport-guarantee>` of `CONFIDENTIAL` for the desired `ContactPaths` to to enable port-forwarding to port `8443`:
 
@@ -173,7 +173,7 @@ The following example demonstrates enabling TLS/SSL for the Tomcat Manager Appli
 * Did you restart Tomcat after you made your changes to `web.xml`?
 
 ### Resources
-* [Manager App HOW-TO](https://tomcat.apache.org/tomcat-8.5-doc/manager-howto.html){:target="_blank"}
+* [Manager App HOW-TO](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/manager-howto.html){:target="_blank"}
   The Apache Tomcat document referencing how to use and configure the Manager application.
 * [Tomcat Migration Guide](https://tomcat.apache.org/migration.html){:target="_blank"}
   A document detailing the various changes between Tomcat versions contains a section dedicated to the Manager application.
@@ -108,12 +108,10 @@ The access log entry format we are using is almost identical to the standard com
 pattern="%h %l %u %t &quot;%r&quot; %s %b &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; %D"
 ~~~
 
-
-
-{%include note.html content="
-For more information on access log format configuration, see the Tomcat [Valve Component](http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html){:target='_blank'} documentation.
-" %}
-
+{% capture logfmt %}
+For more information on access log format configuration, see the Tomcat [Valve Component](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/valve.html){:target='_blank'} documentation.
+{% endcapture %}  
+{% include info.html content=logfmt %}
 
 The above pattern makes use of the following codes:
 

@@ -59,7 +59,7 @@ Other than the compelling security reasons, you will want to enable TLS to take
 * [Qualys SSL Server Test](https://www.ssllabs.com/ssltest/){:target="_blank"}
   is a free online service that analyzes the configuration of any public TLS web server. 
   Note: be sure to check the Do not show the results on the boards box if you do not want your results to be public.
-* [TLS/SSL Configuration HOW-TO](https://tomcat.apache.org/tomcat-{{site.tomcat_version}}-doc/ssl-howto.html){:target="_blank"}
+* [TLS/SSL Configuration HOW-TO](https://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/ssl-howto.html){:target="_blank"}
   The Apache Tomcat document detailing how to enable TLS.
 * [Tomcat Migration Guide](https://tomcat.apache.org/migration.html){:target="_blank"}
   A document detailing the various changes between Tomcat versions.

@@ -8,7 +8,7 @@ permalink: netcdf_subset_service_ref.html
 
 ## Overview
 
-The NetCDF Subset Service (NCSS) is a web service for subsetting [CDM scientific datasets](https://docs.unidata.ucar.edu/netcdf-java/5.4/userguide/reading_cdm.html){:target="_blank"}. 
+The NetCDF Subset Service (NCSS) is a web service for subsetting [CDM scientific datasets](https://docs.unidata.ucar.edu/netcdf-java/{{site.netcdf-java_docset_version}}/userguide/reading_cdm.html){:target="_blank"}. 
 The subsetting is specified using earth coordinates, such as lat/lon or projection coordinates bounding boxes and date ranges, rather than index ranges that refer to the underlying data arrays. 
 The data arrays are subsetted but not re-sampled or reprojected, and preserve the resolution and accuracy of the original dataset.
 

@@ -77,5 +77,7 @@ docset_name: devguide
 # this will appear in the sidebar and various doc pages
 netcdf-java_docset_version: 5.7
 
-# this will appear in various doc pages
-tomcat_version: 10.0
+# these will appear in various doc pages
+tomcat_version: 10.1
+java_version: 17
+servlet_spec: 3.1
@@ -38,16 +38,17 @@ This section assumes you have successfully installed the JDK and Tomcat Servlet
    </Context>
    ~~~
 
-   {%include note.html content="
-   Consult the Tomcat documentation about [web application context](http://tomcat.apache.org/tomcat-8.5-doc/config/context.html){:target='_blank'} for more information about the `META-INF/context.xml` file.
-   " %}
-
+   {% capture context %}  
+   Consult the Tomcat documentation about [web application context](http://tomcat.apache.org/tomcat-{{ site.tomcat_version }}-doc/config/context.html){:target='_blank'} for more information about the `META-INF/context.xml` file.
+   {% endcapture %}  
+   {% include info.html content=context %}
+
    The down-side of renaming the WAR file to merely `thredds.war` is that a quick glance at the WAR file will not tell you (the server administrator) which version of the TDS is deployed.
 
 
    To solve this, we can make use of a feature in the Tomcat Servlet Container that ignores anything after **double** hashtag symbols in the name of the WAR file.  
 
-   If we rename the WAR file to `thredds##{{site.docset_version}}.war`, Tomcat will see this matching the context information in the `META-INF/context.xml` file and make the TDS accessible via this URL structure: `http://localhost:8080/thredds` 
+   If we rename the WAR file to `thredds##{{ site.docset_version }}.war`, Tomcat will see this matching the context information in the `META-INF/context.xml` file and make the TDS accessible via this URL structure: `http://localhost:8080/thredds` 
    (And we have the added benefit of seeing which version of the TDS is deployed when viewing the raw WAR file). 
 
    ~~~bash