SUNScholar/Optimisations/Tomcat

From Libopedia
Jump to navigation Jump to search
Back to Optimisations
When using the Ubuntu 16.04 LTS server change all instances of tomcat to tomcat8.
When using the Ubuntu 14.04 LTS server change all instances of tomcat to tomcat7.
When using the Ubuntu 12.04 LTS server change all instances of tomcat to tomcat6.

Server Configuration

Best system administration practice tells us not modify any of the files packaged for installation using the "dpkg" method, however in this instance modifications of the packaged Tomcat server files are required. For this reason take note of any Tomcat software updates in the future and refer to this page after the Tomcat upgrade.

UTF-8

Add the following to the Tomcat server config file (/etc/tomcatX/server.xml);

URIEncoding="UTF-8"

Please refer to: https://blog.oio.de/2010/12/31/solving-tomcat-encoding-problems-in-utf-8-webapps

Log Files

Edit the following file:

sudo nano /etc/default/tomcat7

Check and modify the log file settings as needed.

In addition, disabled access log with Tomcat7 in the /etc/tomcat7/server.xml file.

See example below:

        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <!-- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log." suffix=".txt"
               pattern="%h %l %u %t "%r" %s %b" />
       -->

Server Security

Also see: https://www.owasp.org/index.php/Securing_tomcat

Relative Redirects

Required for Tomcat 8 and recent versions of Tomcat 7 (most likely on Ubuntu 16.04)

The redirect issue can be encountered on the logout action: https://jira.duraspace.org/browse/DS-3505 and displays the error message "The page isn't redirecting properly" in Firefox.

Add the following to /etc/tomcat8/server.xml /etc/tomcat8/context.xml or /etc/tomcat7/context.xml.

useRelativeRedirects="false"

Inside the <Context> tag. E.g.:

<Context useRelativeRedirects="false">

Restart tomcat:

systemctl tomcat{7..8} restart

NIO Connector

Please note: This is now the default for Tomcat versions => 8.

Please refer to: https://dzone.com/refcardz/getting-started-with-apache-tomcat and https://dzone.com/articles/understanding-tomcat-nio

Notice the use of the NIO protocol (protocol="org.apache.coyote.http11.Http11NioProtocol") in the example Tomcat server config file (/etc/tomcat7/server.xml) below;

    <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
	       enableLookups="false"
               maxThreads="150"
               URIEncoding="UTF-8"
               SSLEnabled="true"
               scheme="https"
               secure="true"
               clientAuth="false"
               sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
               ciphers="TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
	       keystoreFile="/etc/ssl/certs/scholar.sun.ac.za.pkcs12" 
	       keystoreType="PKCS12"
               keystorePass="XXXXXX" />

APR Library

Disable the APR listener.

See: http://sourceforge.net/p/dspace/mailman/message/34380091/

Apache mod_jk module

Remove "mod_jk", use "authbind" exclusively in order to reduce the CPU and memory load

http://wiki.lib.sun.ac.za/index.php/SUNScholar/Prepare_Ubuntu/S05

Max Threads

Added the following to /etc/tomcat6/server.xml".

maxThreads="450"

To able to handle many connections at once.

DNS Lookups

Added the following to /etc/tomcat6/server.xml".

enableLookups="false"

Remove "development mode" of Tomcat by adding the above to reduce DNS lookups.

Http Header Errors

Added the following to /etc/tomcat6/server.xml".

  maxHttpHeaderSize="16384"

This was required after an upgrade from DSpace 1.8.2 to 3.2.

This stopped excessive header size errors.

See: http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#HTTP/1.1_and_HTTP/1.0_Support for further help

Another possible solution is here from the DSpace mailing lists.


If the number of group is hight you can reach the HTTP header limit already managed in this thread or a "tooManyClause Exception" in solr, that can be "solved" incrementing this parameter.

https://github.com/DSpace/DSpace/blob/master/dspace/solr/search/conf/solrconfig.xml#L474

When the number is to large you could also consider to disable the awareness right feature, commenting this line

https://github.com/DSpace/DSpace/blob/master/dspace/config/spring/api/discovery.xml#L25

Default Application Context

Edit the following file and then rebuild DSpace:

nano $HOME/source/dspace/config/default.context.xml

Production Settings

reloadable="false" cachingAllowed="true" allowLinking="false"

Development Settings

reloadable="true" cachingAllowed="false" allowLinking="true"

It is worth noting that the Apache Tomcat documentation recommends production sites leave the default values in place.

See example below:

<?xml version="1.0" ?>
<Context debug="0" reloadable="false" cachingAllowed="true" allowLinking="true" crossContext="true">
	<WatchedResource>WEB-INF/web.xml</WatchedResource>
	<Parameter name="dspace-config" override="false"
		value="/home/dspace/config/dspace.cfg"
		description="Path to the DSpace configuration file." />
</Context>

See Tomcat documentation links below;

References