|
|
| Line 120: |
Line 120: |
| | *Later on during the actual DSpace installation, you will have to select a "root" webapp so that you have a clean URL. See link below. | | *Later on during the actual DSpace installation, you will have to select a "root" webapp so that you have a clean URL. See link below. |
| | http://wiki.lib.sun.ac.za/index.php/SUNScholar/Install_DSpace/S08 | | http://wiki.lib.sun.ac.za/index.php/SUNScholar/Install_DSpace/S08 |
| − |
| |
| − | ==Sample "server.xml" file for tomcat 6==
| |
| − | <pre>
| |
| − | <?xml version='1.0' encoding='utf-8'?>
| |
| − | <!--
| |
| − | Licensed to the Apache Software Foundation (ASF) under one or more
| |
| − | contributor license agreements. See the NOTICE file distributed with
| |
| − | this work for additional information regarding copyright ownership.
| |
| − | The ASF licenses this file to You under the Apache License, Version 2.0
| |
| − | (the "License"); you may not use this file except in compliance with
| |
| − | the License. You may obtain a copy of the License at
| |
| − |
| |
| − | http://www.apache.org/licenses/LICENSE-2.0
| |
| − |
| |
| − | Unless required by applicable law or agreed to in writing, software
| |
| − | distributed under the License is distributed on an "AS IS" BASIS,
| |
| − | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
| |
| − | See the License for the specific language governing permissions and
| |
| − | limitations under the License.
| |
| − | -->
| |
| − | <!-- Note: A "Server" is not itself a "Container", so you may not
| |
| − | define subcomponents such as "Valves" at this level.
| |
| − | Documentation at /docs/config/server.html
| |
| − | -->
| |
| − | <Server port="8005" shutdown="SHUTDOWN">
| |
| − |
| |
| − | <!--APR library loader. Documentation at /docs/apr.html -->
| |
| − | <!--
| |
| − | <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
| |
| − | -->
| |
| − | <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
| |
| − | <Listener className="org.apache.catalina.core.JasperListener" />
| |
| − | <!-- Prevent memory leaks due to use of particular java/javax APIs-->
| |
| − | <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
| |
| − | <!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
| |
| − | <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
| |
| − | <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
| |
| − |
| |
| − | <!-- Global JNDI resources
| |
| − | Documentation at /docs/jndi-resources-howto.html
| |
| − | -->
| |
| − | <GlobalNamingResources>
| |
| − | <!-- Editable user database that can also be used by
| |
| − | UserDatabaseRealm to authenticate users
| |
| − | -->
| |
| − | <Resource name="UserDatabase" auth="Container"
| |
| − | type="org.apache.catalina.UserDatabase"
| |
| − | description="User database that can be updated and saved"
| |
| − | factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
| |
| − | pathname="conf/tomcat-users.xml" />
| |
| − | </GlobalNamingResources>
| |
| − |
| |
| − | <!-- A "Service" is a collection of one or more "Connectors" that share
| |
| − | a single "Container" Note: A "Service" is not itself a "Container",
| |
| − | so you may not define subcomponents such as "Valves" at this level.
| |
| − | Documentation at /docs/config/service.html
| |
| − | -->
| |
| − | <Service name="Catalina">
| |
| − |
| |
| − | <!--The connectors can use a shared executor, you can define one or more named thread pools-->
| |
| − | <!--
| |
| − | <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
| |
| − | maxThreads="150" minSpareThreads="4"/>
| |
| − | -->
| |
| − |
| |
| − |
| |
| − | <!-- A "Connector" represents an endpoint by which requests are received
| |
| − | and responses are returned. Documentation at :
| |
| − | Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
| |
| − | Java AJP Connector: /docs/config/ajp.html
| |
| − | APR (HTTP/AJP) Connector: /docs/apr.html
| |
| − | Define a non-SSL HTTP/1.1 Connector on port 8080
| |
| − | -->
| |
| − |
| |
| − | <!-- Added enableLookups="false" by H Gibson -->
| |
| − | <!-- Added maxHttpHeaderSize by H Gibson -->
| |
| − | <Connector port="80" protocol="HTTP/1.1"
| |
| − | enableLookups="false"
| |
| − | maxHttpHeaderSize="16384"
| |
| − | connectionTimeout="20000"
| |
| − | URIEncoding="UTF-8"
| |
| − | redirectPort="443" />
| |
| − | <!-- A "Connector" using the shared thread pool-->
| |
| − | <!--
| |
| − | <Connector executor="tomcatThreadPool"
| |
| − | port="8080" protocol="HTTP/1.1"
| |
| − | connectionTimeout="20000"
| |
| − | redirectPort="8443" />
| |
| − | -->
| |
| − | <!-- Define a SSL HTTP/1.1 Connector on port 8443
| |
| − | This connector uses the JSSE configuration, when using APR, the
| |
| − | connector should be using the OpenSSL style configuration
| |
| − | described in the APR documentation -->
| |
| − |
| |
| − | <!-- Added enableLookups="false" by H Gibson -->
| |
| − | <!-- Added maxHttpHeaderSize by H Gibson -->
| |
| − | <Connector port="443" protocol="HTTP/1.1"
| |
| − | enableLookups="false"
| |
| − | maxHttpHeaderSize="16384"
| |
| − | maxThreads="150"
| |
| − | URIEncoding="UTF-8"
| |
| − | SSLEnabled="true"
| |
| − | scheme="https" secure="true"
| |
| − | clientAuth="false" sslProtocol="TLS"
| |
| − | keystoreFile="/etc/ssl/certs/scholar.sun.ac.za.pkcs12"
| |
| − | keystoreType="PKCS12"
| |
| − | keystorePass="XXXXXX" />
| |
| − |
| |
| − | <!-- Define an AJP 1.3 Connector on port 8009 -->
| |
| − | <!--
| |
| − | <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
| |
| − | -->
| |
| − |
| |
| − |
| |
| − | <!-- An Engine represents the entry point (within Catalina) that processes
| |
| − | every request. The Engine implementation for Tomcat stand alone
| |
| − | analyzes the HTTP headers included with the request, and passes them
| |
| − | on to the appropriate Host (virtual host).
| |
| − | Documentation at /docs/config/engine.html -->
| |
| − |
| |
| − | <!-- You should set jvmRoute to support load-balancing via AJP ie :
| |
| − | <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
| |
| − | -->
| |
| − | <Engine name="Catalina" defaultHost="localhost">
| |
| − |
| |
| − | <!--For clustering, please take a look at documentation at:
| |
| − | /docs/cluster-howto.html (simple how to)
| |
| − | /docs/config/cluster.html (reference documentation) -->
| |
| − | <!--
| |
| − | <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
| |
| − | -->
| |
| − |
| |
| − | <!-- The request dumper valve dumps useful debugging information about
| |
| − | the request and response data received and sent by Tomcat.
| |
| − | Documentation at: /docs/config/valve.html -->
| |
| − | <!--
| |
| − | <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
| |
| − | -->
| |
| − |
| |
| − | <!-- This Realm uses the UserDatabase configured in the global JNDI
| |
| − | resources under the key "UserDatabase". Any edits
| |
| − | that are performed against this UserDatabase are immediately
| |
| − | available for use by the Realm. -->
| |
| − | <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
| |
| − | resourceName="UserDatabase"/>
| |
| − |
| |
| − | <!-- Define the default virtual host
| |
| − | Note: XML Schema validation will not work with Xerces 2.2.
| |
| − | -->
| |
| − | <Host name="localhost" appBase="webapps"
| |
| − | unpackWARs="true" autoDeploy="false"
| |
| − | xmlValidation="false" xmlNamespaceAware="false">
| |
| − |
| |
| − | <!-- SingleSignOn valve, share authentication between web applications
| |
| − | Documentation at: /docs/config/valve.html -->
| |
| − | <!--
| |
| − | <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
| |
| − | -->
| |
| − |
| |
| − | <!-- Access log processes all example.
| |
| − | Documentation at: /docs/config/valve.html -->
| |
| − | <!--
| |
| − | <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
| |
| − | prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
| |
| − | -->
| |
| − |
| |
| − | </Host>
| |
| − | </Engine>
| |
| − | </Service>
| |
| − | </Server>
| |
| − | </pre>
| |
STEP 6
Step 5. Setup Tomcat Java Webapp Server
Please note and be warned:
- This procedure does NOT require "mod_jk" or Apache2 port re-direction with firewall rules or the Apache2 server installation itself, in fact.
- If you want to do URL rewrites as you did with Apache2, then try: http://tuckey.org/urlrewrite to do the same with Tomcat6.
- If you want to enable Shibboleth with Java only, try: http://shibboleth.net/products/opensaml-java.html.
- This procedure has only been tested on an Ubuntu server installation!
- This procedure is completely different from the official DSpace documentation.
Step 5.1: Install Tomcat
Type the following:
sudo apt-get install tomcat6
Step 5.2: Allow Tomcat to listen on ports "80" and "443"
Step 5.2.1: Setup "authbind" for Tomcat
To enable Tomcat to listen on a privileged port below 100, we need to enable "authbind". Edit the /etc/default/tomcat6 file as follows:
sudo nano /etc/default/tomcat6
Remove the hash sign from in front of the authbind parameter and change authbind to yes as follows
# If you run Tomcat on port numbers that are all higher than 1023, then you
# do not need authbind. It is used for binding Tomcat to lower port numbers.
# NOTE: authbind works only with IPv4. Do not enable it when using IPv6.
# (yes/no, default: no)
AUTHBIND=yes
- NANO Editor Help
| CTL+O
|
= Save the file and then press Enter
|
| CTL+X
|
= Exit "nano"
|
| CTL+K
|
= Delete line
|
| CTL+U
|
= Undelete line
|
| CTL+W
|
= Search for %%string%%
|
| CTL+\
|
= Search for %%string%% and replace with $$string$$
|
| CTL+C
|
= Show line numbers
|
More info = http://en.wikipedia.org/wiki/Nano_(text_editor)
Now we need to tell "authbind" that Tomcat is allowed to use lower port numbers. Type the following commands:
sudo touch /etc/authbind/byport/80
sudo touch /etc/authbind/byport/443
sudo chmod 0755 /etc/authbind/byport/80
sudo chmod 0755 /etc/authbind/byport/443
sudo chown tomcat6.tomcat6 /etc/authbind/byport/80
sudo chown tomcat6.tomcat6 /etc/authbind/byport/443
cd /etc/authbind/byport
ls -l
Now Tomcat has permission to use ports 80 and 443. See below for an example listing of the files in the /etc/authbind/byport folder.
root@ir1:/etc/authbind/byport# ls -l
total 0
-rwxr-xr-x 1 tomcat6 tomcat6 0 2011-06-10 18:33 443
-rwxr-xr-x 1 tomcat6 tomcat6 0 2011-06-10 18:33 80
Step 5.2.2: Setup Tomcat for open port 80
Now we tell the Tomcat server to listen on the "authbind" ports. Edit the following file.
sudo nano /etc/tomcat6/server.xml
Find the connector for port 8080 and change it to port 80.
See example below.
<Connector port="80" protocol="HTTP/1.1"
enableLookups="false"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="443" />
If enabled, comment out the AJP 1.3 connector. It is not needed.
- NANO Editor Help
| CTL+O
|
= Save the file and then press Enter
|
| CTL+X
|
= Exit "nano"
|
| CTL+K
|
= Delete line
|
| CTL+U
|
= Undelete line
|
| CTL+W
|
= Search for %%string%%
|
| CTL+\
|
= Search for %%string%% and replace with $$string$$
|
| CTL+C
|
= Show line numbers
|
More info = http://en.wikipedia.org/wiki/Nano_(text_editor)
Step 5.2.3: Setup Tomcat for secure port 443
Please go to: http://wiki.lib.sun.ac.za/index.php/SUNScholar/Secure_Internet_Connections later, after installation to do secure port 443 setup.
For now and testing it is ok, just to use port 80 only for Tomcat connections.
Step 5.3: Setup Tomcat admin users
Type as follows:
sudo nano /etc/tomcat6/tomcat-users.xml
Delete all the contents of the file and add the following admin and manager roles with a password.
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="dspace" password="%%%%%%%" roles="admin,manager"/>
</tomcat-users>
- NANO Editor Help
| CTL+O
|
= Save the file and then press Enter
|
| CTL+X
|
= Exit "nano"
|
| CTL+K
|
= Delete line
|
| CTL+U
|
= Undelete line
|
| CTL+W
|
= Search for %%string%%
|
| CTL+\
|
= Search for %%string%% and replace with $$string$$
|
| CTL+C
|
= Show line numbers
|
More info = http://en.wikipedia.org/wiki/Nano_(text_editor)
Step 5.4: Restart the Tomcat server
Now restart the tomcat server as follows:
sudo /etc/init.d/tomcat6 restart
Step 5.5: Post Tomcat installation checks
Now let's look if all went well:
sudo netstat -tapn | grep java
Tomcat should be listening on port 80 now:
root@server1:~# netstat -tapn | grep java
tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 8063/java
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8063/java
Thats it, now you have a working Java webapp server.
Step 5.6: Troubleshooting
- Please remember only ONE server at time may listen on any TCP/UDP port on your server.
- A reboot of the server may be needed to get Tomcat working on ports 80 and 443 correctly.
- Later on during the actual DSpace installation, you will have to select a "root" webapp so that you have a clean URL. See link below.
http://wiki.lib.sun.ac.za/index.php/SUNScholar/Install_DSpace/S08
