Difference between revisions of "SUNScholar/Prepare Ubuntu/S05"

From Libopedia
Jump to navigation Jump to search
 
(34 intermediate revisions by one other user not shown)
Line 1: Line 1:
 
<center>
 
<center>
   '''[[SUNScholar/Prepare Ubuntu/S06|STEP 6]]'''
+
   '''[[SUNScholar/Prepare Ubuntu/S06|NEXT - STEP 6]]'''
 
</center>
 
</center>
==Step 5. Setup Tomcat Java Webapp Server==
+
==Step 5. Install the Tomcat Java server==
===<font color="red">'''Please note and be warned:'''===
+
===<font color="red">PLEASE NOTE:</font>===
#'''This procedure does <u>NOT</u> require "mod_jk" or Apache2 port re-direction with firewall rules <u>or the Apache2 server installation itself, in fact</u>.
+
# *** ''This procedure is completely different from the official DSpace documentation, in that it applies best system admin practice for Unix based systems'' ***
#'''If you want to do URL rewrites as you did with Apache2, then try: http://tuckey.org/urlrewrite to do the same with Tomcat6.
+
#This procedure does <u>NOT</u> require "mod_jk", "jsvc" or Apache2 port re-direction with firewall rules <u>or the Apache2 server installation itself, in fact</u>.
#'''If you want to enable Shibboleth with Java only, try: http://shibboleth.net/products/opensaml-java.html.
+
#This procedure enables Tomcat security, please check carefully that it is enabled correctly!
#'''This procedure has only been tested on an Ubuntu server installation!
+
#If you want to do URL rewrites as you did with Apache2, then try: http://tuckey.org/urlrewrite to do the same with Tomcat.
#'''This procedure is completely different from the official DSpace documentation.
+
#If you want to enable Shibboleth with Java only, try: http://shibboleth.net/products/opensaml-java.html.
</font>
 
  
==Step 5.1: Install Tomcat==
+
==[[SUNScholar/Prepare_Ubuntu/S05/Ubuntu-16.04|For Ubuntu 16.04 LTS]]==
Type the following:
+
==[[SUNScholar/Prepare_Ubuntu/S05/Ubuntu-14.04|For Ubuntu 14.04 LTS]]==
 
+
==[[SUNScholar/Prepare_Ubuntu/S05/Ubuntu-12.04|For Ubuntu 12.04 LTS]]==
sudo apt-get install tomcat6
+
<center>
 
+
'''[[SUNScholar/Prepare Ubuntu/S04|PREVIOUS - STEP 4]]'''
==Step 5.2: Allow Tomcat to listen on ports "80" and "443"==
+
</center>
===Step 5.2.1: Setup "authbind" for Tomcat===
 
To enable Tomcat to listen on a privileged port below 100, we need to enable "authbind". Edit the '''/etc/default/tomcat6''' file as follows:
 
sudo nano /etc/default/tomcat6
 
Remove the hash sign from in front of the authbind parameter and change authbind to yes as follows
 
<pre>
 
# If you run Tomcat on port numbers that are all higher than 1023, then you
 
# do not need authbind.  It is used for binding Tomcat to lower port numbers.
 
# NOTE: authbind works only with IPv4.  Do not enable it when using IPv6.
 
# (yes/no, default: no)
 
AUTHBIND=yes
 
</pre>
 
 
 
{{NANO}}
 
 
 
Now we need to tell "authbind" that Tomcat is allowed to use lower port numbers. Type the following commands:
 
sudo touch /etc/authbind/byport/80
 
 
 
sudo touch /etc/authbind/byport/443
 
 
 
sudo chmod 0755 /etc/authbind/byport/80
 
 
 
sudo chmod 0755 /etc/authbind/byport/443
 
 
 
sudo chown tomcat6.tomcat6 /etc/authbind/byport/80
 
 
 
sudo chown tomcat6.tomcat6 /etc/authbind/byport/443
 
 
 
cd /etc/authbind/byport
 
 
 
ls -l
 
Now Tomcat has permission to use ports 80 and 443. See below for an example listing of the files in the '''/etc/authbind/byport''' folder.
 
<pre>
 
root@ir1:/etc/authbind/byport# ls -l
 
total 0
 
-rwxr-xr-x 1 tomcat6 tomcat6 0 2011-06-10 18:33 443
 
-rwxr-xr-x 1 tomcat6 tomcat6 0 2011-06-10 18:33 80
 
</pre>
 
 
 
===Step 5.2.2: Setup Tomcat for open port 80===
 
Now we tell the Tomcat server to listen on the "authbind" ports. Edit the following file.
 
sudo nano /etc/tomcat6/server.xml
 
Find the connector for port 8080 and change it to port 80.
 
 
 
See example below.
 
<pre>
 
    <Connector port="80" protocol="HTTP/1.1"
 
      enableLookups="false"
 
              connectionTimeout="20000"
 
              URIEncoding="UTF-8"
 
              redirectPort="443" />
 
</pre>
 
 
 
<font color="red">'''If enabled, comment out the AJP 1.3 connector. It is not needed.'''</font>
 
 
 
{{NANO}}
 
 
 
===Step 5.2.3: Setup Tomcat for secure port 443===
 
Please go to: http://wiki.lib.sun.ac.za/index.php/SUNScholar/Secure_Internet_Connections later, after installation to do secure port 443 setup.
 
 
 
For now and testing it is ok, just to use port 80 only for Tomcat connections.
 
 
 
==Step 5.3: Setup Tomcat admin users==
 
Type as follows:
 
 
 
sudo nano /etc/tomcat6/tomcat-users.xml
 
 
 
Delete all the contents of the file and add the following admin and manager roles with a password.
 
<pre>
 
<?xml version='1.0' encoding='utf-8'?>
 
<tomcat-users>
 
  <role rolename="manager"/>
 
  <role rolename="admin"/>
 
  <user username="dspace" password="%%%%%%%" roles="admin,manager"/>
 
</tomcat-users>
 
</pre>
 
 
 
{{NANO}}
 
 
 
==Step 5.4: Restart the Tomcat server==
 
Now restart the tomcat server as follows:
 
 
 
sudo /etc/init.d/tomcat6 restart
 
 
 
==Step 5.5: Post Tomcat installation checks==
 
Now let's look if all went well:
 
 
 
sudo netstat -tapn | grep java
 
 
 
Tomcat should be listening on port 80 now:
 
 
 
<pre>
 
root@server1:~# netstat -tapn | grep java
 
tcp        0      0 127.0.0.1:8005          0.0.0.0:*              LISTEN      8063/java     
 
tcp        0      0 0.0.0.0:80              0.0.0.0:*              LISTEN      8063/java     
 
</pre>
 
 
 
Thats it, now you have a working Java webapp server.
 
 
 
==Step 5.6: Troubleshooting==
 
*;Please remember only '''ONE''' server at time may listen on any TCP/UDP port on your server.
 
*A reboot of the server may be needed to get Tomcat working on ports 80 and 443 correctly.
 
*Later on during the actual DSpace installation, you will have to select a "root" webapp so that you have a clean URL. See link below.
 
http://wiki.lib.sun.ac.za/index.php/SUNScholar/Install_DSpace/S08
 
 
 
==Sample "server.xml" file for tomcat 6==
 
<pre>
 
<?xml version='1.0' encoding='utf-8'?>
 
<!--
 
  Licensed to the Apache Software Foundation (ASF) under one or more
 
  contributor license agreements.  See the NOTICE file distributed with
 
  this work for additional information regarding copyright ownership.
 
  The ASF licenses this file to You under the Apache License, Version 2.0
 
  (the "License"); you may not use this file except in compliance with
 
  the License.  You may obtain a copy of the License at
 
 
 
      http://www.apache.org/licenses/LICENSE-2.0
 
 
 
  Unless required by applicable law or agreed to in writing, software
 
  distributed under the License is distributed on an "AS IS" BASIS,
 
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 
  See the License for the specific language governing permissions and
 
  limitations under the License.
 
-->
 
<!-- Note:  A "Server" is not itself a "Container", so you may not
 
    define subcomponents such as "Valves" at this level.
 
    Documentation at /docs/config/server.html
 
-->
 
<Server port="8005" shutdown="SHUTDOWN">
 
 
 
  <!--APR library loader. Documentation at /docs/apr.html -->
 
  <!--
 
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
 
  -->
 
  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
 
  <Listener className="org.apache.catalina.core.JasperListener" />
 
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
 
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
 
  <!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
 
  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
 
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
 
 
 
<!-- Global JNDI resources
 
      Documentation at /docs/jndi-resources-howto.html
 
  -->
 
  <GlobalNamingResources>
 
    <!-- Editable user database that can also be used by
 
        UserDatabaseRealm to authenticate users
 
    -->
 
    <Resource name="UserDatabase" auth="Container"
 
              type="org.apache.catalina.UserDatabase"
 
              description="User database that can be updated and saved"
 
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
 
              pathname="conf/tomcat-users.xml" />
 
  </GlobalNamingResources>
 
 
 
  <!-- A "Service" is a collection of one or more "Connectors" that share
 
      a single "Container" Note:  A "Service" is not itself a "Container",
 
      so you may not define subcomponents such as "Valves" at this level.
 
      Documentation at /docs/config/service.html
 
  -->
 
  <Service name="Catalina">
 
 
 
    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
 
    <!--
 
    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
 
        maxThreads="150" minSpareThreads="4"/>
 
    -->
 
   
 
   
 
    <!-- A "Connector" represents an endpoint by which requests are received
 
        and responses are returned. Documentation at :
 
        Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
 
        Java AJP  Connector: /docs/config/ajp.html
 
        APR (HTTP/AJP) Connector: /docs/apr.html
 
        Define a non-SSL HTTP/1.1 Connector on port 8080
 
    -->
 
 
 
    <!-- Added enableLookups="false" by H Gibson -->
 
    <!-- Added maxHttpHeaderSize by H Gibson -->
 
    <Connector port="80" protocol="HTTP/1.1"
 
      enableLookups="false"
 
              maxHttpHeaderSize="16384"
 
              connectionTimeout="20000"
 
              URIEncoding="UTF-8"
 
              redirectPort="443" />
 
    <!-- A "Connector" using the shared thread pool-->
 
    <!--
 
    <Connector executor="tomcatThreadPool"
 
              port="8080" protocol="HTTP/1.1"
 
              connectionTimeout="20000"
 
              redirectPort="8443" />
 
    -->         
 
    <!-- Define a SSL HTTP/1.1 Connector on port 8443
 
        This connector uses the JSSE configuration, when using APR, the
 
        connector should be using the OpenSSL style configuration
 
        described in the APR documentation -->
 
   
 
    <!-- Added enableLookups="false" by H Gibson -->
 
    <!-- Added maxHttpHeaderSize by H Gibson -->
 
    <Connector port="443" protocol="HTTP/1.1"
 
              enableLookups="false"
 
              maxHttpHeaderSize="16384"
 
              maxThreads="150"
 
              URIEncoding="UTF-8"
 
              SSLEnabled="true"
 
              scheme="https" secure="true"
 
              clientAuth="false" sslProtocol="TLS"
 
              keystoreFile="/etc/ssl/certs/scholar.sun.ac.za.pkcs12"
 
              keystoreType="PKCS12"
 
              keystorePass="XXXXXX" />
 
   
 
    <!-- Define an AJP 1.3 Connector on port 8009 -->
 
<!--
 
        <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
 
    -->
 
 
 
 
 
    <!-- An Engine represents the entry point (within Catalina) that processes
 
        every request.  The Engine implementation for Tomcat stand alone
 
        analyzes the HTTP headers included with the request, and passes them
 
        on to the appropriate Host (virtual host).
 
        Documentation at /docs/config/engine.html -->
 
 
 
    <!-- You should set jvmRoute to support load-balancing via AJP ie :
 
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">       
 
    -->
 
    <Engine name="Catalina" defaultHost="localhost">
 
 
 
      <!--For clustering, please take a look at documentation at:
 
          /docs/cluster-howto.html  (simple how to)
 
          /docs/config/cluster.html (reference documentation) -->
 
      <!--
 
      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
 
      -->       
 
 
 
      <!-- The request dumper valve dumps useful debugging information about
 
          the request and response data received and sent by Tomcat.
 
          Documentation at: /docs/config/valve.html -->
 
      <!--
 
      <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
 
      -->
 
 
 
      <!-- This Realm uses the UserDatabase configured in the global JNDI
 
          resources under the key "UserDatabase".  Any edits
 
          that are performed against this UserDatabase are immediately
 
          available for use by the Realm.  -->
 
      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
 
            resourceName="UserDatabase"/>
 
 
 
      <!-- Define the default virtual host
 
          Note: XML Schema validation will not work with Xerces 2.2.
 
      -->
 
      <Host name="localhost"  appBase="webapps"
 
            unpackWARs="true" autoDeploy="false"
 
            xmlValidation="false" xmlNamespaceAware="false">
 
 
 
        <!-- SingleSignOn valve, share authentication between web applications
 
            Documentation at: /docs/config/valve.html -->
 
        <!--
 
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
 
        -->
 
 
 
        <!-- Access log processes all example.
 
            Documentation at: /docs/config/valve.html -->
 
        <!--
 
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" 
 
              prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
 
        -->
 
  
      </Host>
+
[[Category:Installation]]
    </Engine>
+
__NOTOC__
  </Service>
 
</Server>
 
</pre>
 

Latest revision as of 14:09, 30 October 2019

 NEXT - STEP 6

Step 5. Install the Tomcat Java server

PLEASE NOTE:

  1. *** This procedure is completely different from the official DSpace documentation, in that it applies best system admin practice for Unix based systems ***
  2. This procedure does NOT require "mod_jk", "jsvc" or Apache2 port re-direction with firewall rules or the Apache2 server installation itself, in fact.
  3. This procedure enables Tomcat security, please check carefully that it is enabled correctly!
  4. If you want to do URL rewrites as you did with Apache2, then try: http://tuckey.org/urlrewrite to do the same with Tomcat.
  5. If you want to enable Shibboleth with Java only, try: http://shibboleth.net/products/opensaml-java.html.

For Ubuntu 16.04 LTS

For Ubuntu 14.04 LTS

For Ubuntu 12.04 LTS

PREVIOUS - STEP 4
Retrieved from "http://wiki.lib.sun.ac.za/index.php?title=SUNScholar/Prepare_Ubuntu/S05&oldid=45656"