Difference between revisions of "SUNScholar/Prepare Ubuntu/S05"
| Line 3: | Line 3: | ||
==Step 5. Setup Tomcat Java Webapp Server== | ==Step 5. Setup Tomcat Java Webapp Server== | ||
===<font color="red">'''Please note:=== | ===<font color="red">'''Please note:=== | ||
| − | #'''This procedure does | + | #'''This procedure does <u>NOT</u> require "mod_jk" or Apache2 port re-direction with firewall rules <u>or the Apache2 server installation itself, in fact</u>. |
#'''If you want to do URL rewrites as you did with Apache2, then try: http://tuckey.org/urlrewrite to do the same with Tomcat6. | #'''If you want to do URL rewrites as you did with Apache2, then try: http://tuckey.org/urlrewrite to do the same with Tomcat6. | ||
#'''This procedure has only been tested on an Ubuntu server installation! | #'''This procedure has only been tested on an Ubuntu server installation! | ||
Revision as of 23:35, 15 May 2013
Contents
Step 5. Setup Tomcat Java Webapp Server
Please note:
- This procedure does NOT require "mod_jk" or Apache2 port re-direction with firewall rules or the Apache2 server installation itself, in fact.
- If you want to do URL rewrites as you did with Apache2, then try: http://tuckey.org/urlrewrite to do the same with Tomcat6.
- This procedure has only been tested on an Ubuntu server installation!
- This procedure is completely different from the official DSpace documentation.
Step 5.1: Install Tomcat
Type the following:
sudo apt-get install tomcat6
Step 5.2: Allow Tomcat to listen on ports "80" and "443"
Step 5.2.1: Setup "authbind" for Tomcat
To enable Tomcat to listen on a privileged port below 100, we need to enable "authbind". Edit the /etc/default/tomcat6 file as follows:
sudo nano /etc/default/tomcat6
Remove the hash sign from in front of the authbind parameter and change authbind to yes as follows
# If you run Tomcat on port numbers that are all higher than 1023, then you # do not need authbind. It is used for binding Tomcat to lower port numbers. # NOTE: authbind works only with IPv4. Do not enable it when using IPv6. # (yes/no, default: no) AUTHBIND=yes
- NANO Editor Help
| CTL+O | = Save the file and then press Enter |
| CTL+X | = Exit "nano" |
| CTL+K | = Delete line |
| CTL+U | = Undelete line |
| CTL+W | = Search for %%string%% |
| CTL+\ | = Search for %%string%% and replace with $$string$$ |
| CTL+C | = Show line numbers |
More info = http://en.wikipedia.org/wiki/Nano_(text_editor)
Now we need to tell "authbind" that Tomcat is allowed to use lower port numbers. Type the following commands:
sudo touch /etc/authbind/byport/80
sudo touch /etc/authbind/byport/443
sudo chmod 0755 /etc/authbind/byport/80
sudo chmod 0755 /etc/authbind/byport/443
sudo chown tomcat6.tomcat6 /etc/authbind/byport/80
sudo chown tomcat6.tomcat6 /etc/authbind/byport/443
cd /etc/authbind/byport
ls -l
Now Tomcat has permission to use ports 80 and 443. See below for an example listing of the files in the /etc/authbind/byport folder.
root@ir1:/etc/authbind/byport# ls -l total 0 -rwxr-xr-x 1 tomcat6 tomcat6 0 2011-06-10 18:33 443 -rwxr-xr-x 1 tomcat6 tomcat6 0 2011-06-10 18:33 80
Step 5.2.2: Setup Tomcat for open port 80
Now we tell the Tomcat server to listen on the "authbind" ports. Edit the following file.
sudo nano /etc/tomcat6/server.xml
Find the connector for port 8080 and change it to port 80. Also add the UTF-8 encoding. See example below.
<Connector port="80" protocol="HTTP/1.1"
enableLookups="false"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="443" />
If enabled, comment out the AJP 1.3 connector. It is not needed.
- NANO Editor Help
| CTL+O | = Save the file and then press Enter |
| CTL+X | = Exit "nano" |
| CTL+K | = Delete line |
| CTL+U | = Undelete line |
| CTL+W | = Search for %%string%% |
| CTL+\ | = Search for %%string%% and replace with $$string$$ |
| CTL+C | = Show line numbers |
More info = http://en.wikipedia.org/wiki/Nano_(text_editor)
Step 5.2.3: Setup Tomcat for secure port 443
Please go to: http://wiki.lib.sun.ac.za/index.php/SUNScholar/Secure_Internet_Connections later, after installation to do secure port 443 setup.
For now and testing it is ok, just to use port 80 only for Tomcat connections.
Step 5.3: Setup Tomcat admin users
Type as follows:
sudo nano /etc/tomcat6/tomcat-users.xml
Delete all the contents of the file and add the following admin and manager roles with a password.
<?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="manager"/> <role rolename="admin"/> <user username="dspace" password="%%%%%%%" roles="admin,manager"/> </tomcat-users>
- NANO Editor Help
| CTL+O | = Save the file and then press Enter |
| CTL+X | = Exit "nano" |
| CTL+K | = Delete line |
| CTL+U | = Undelete line |
| CTL+W | = Search for %%string%% |
| CTL+\ | = Search for %%string%% and replace with $$string$$ |
| CTL+C | = Show line numbers |
More info = http://en.wikipedia.org/wiki/Nano_(text_editor)
Step 5.4: Restart the Tomcat server
Now restart the tomcat server as follows:
sudo /etc/init.d/tomcat6 restart
Step 5.5: Post Tomcat installation checks
Now let's look if all went well:
sudo netstat -tapn | grep java
Tomcat should be listening on port 80 now:
root@server1:~# netstat -tapn | grep java tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 8063/java tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8063/java
Thats it, now you have a working Java webapp server.
SUNScholar server load using the Tomcat "authbind" method.
|
All our tweaks and optimisations seem to be working. The load dropped when we started using "authbind" for Tomcat thereby eliminating the need for the Apache "mod_jk" module, which was creating extra processing overhead.
|
Looks like we have enough disk space in the /home partition for the next 3yrs at least, at our current rate of submissions. The /var partition which holds the database was reduced in size by tweaking the bitstream checker properties and then running a full database vacuum.
|
|
We have more than enough compute muscle.
|
Our memory usage stabilised when we stopped using the JSPUI. However after the upgrade to DSpace 1.8.2 and enabling discovery we are back to a memory intensive system.
|
PREVIOUS
NEXT
