SUNScholar/Prepare Ubuntu/S05

From Libopedia
Jump to navigation Jump to search 
 STEP 6

Step 5. Setup Tomcat Java Webapp Server

Please note and be warned:

  1. This procedure does NOT require "mod_jk" or Apache2 port re-direction with firewall rules or the Apache2 server installation itself, in fact.
  2. If you want to do URL rewrites as you did with Apache2, then try: http://tuckey.org/urlrewrite to do the same with Tomcat6.
  3. If you want to enable Shibboleth with Java only, try: http://shibboleth.net/products/opensaml-java.html.
  4. This procedure has only been tested on an Ubuntu server installation!
  5. This procedure is completely different from the official DSpace documentation.

Step 5.1: Install Tomcat

Type the following: 

sudo apt-get install tomcat6

https://help.ubuntu.com/14.04/serverguide/tomcat.html

Step 5.2: Allow Tomcat to listen on ports "80" and "443"

Step 5.2.1: Setup "authbind" for Tomcat

To enable Tomcat to listen on a privileged port below 100, we need to enable "authbind". Edit the /etc/default/tomcat6 file as follows: 

sudo nano /etc/default/tomcat6

Remove the hash sign from in front of the authbind parameter and change authbind to yes as follows 

# If you run Tomcat on port numbers that are all higher than 1023, then you
# do not need authbind.  It is used for binding Tomcat to lower port numbers.
# NOTE: authbind works only with IPv4.  Do not enable it when using IPv6.
# (yes/no, default: no)
AUTHBIND=yes
NANO Editor Help
CTL+O = Save the file and then press Enter
CTL+X = Exit "nano"
CTL+K = Delete line
CTL+U = Undelete line
CTL+W = Search for %%string%%
CTL+\ = Search for %%string%% and replace with $$string$$
CTL+C = Show line numbers

More info = http://en.wikipedia.org/wiki/Nano_(text_editor)

Now we need to tell "authbind" that Tomcat is allowed to use lower port numbers. Type the following commands: 

sudo touch /etc/authbind/byport/80

sudo touch /etc/authbind/byport/443

sudo chmod 0755 /etc/authbind/byport/80

sudo chmod 0755 /etc/authbind/byport/443

sudo chown tomcat6.tomcat6 /etc/authbind/byport/80

sudo chown tomcat6.tomcat6 /etc/authbind/byport/443

cd /etc/authbind/byport

ls -l

Now Tomcat has permission to use ports 80 and 443. See below for an example listing of the files in the /etc/authbind/byport folder. 

root@ir1:/etc/authbind/byport# ls -l
total 0
-rwxr-xr-x 1 tomcat6 tomcat6 0 2011-06-10 18:33 443
-rwxr-xr-x 1 tomcat6 tomcat6 0 2011-06-10 18:33 80

Step 5.2.2: Setup Tomcat for open port 80

Now we tell the Tomcat server to listen on the "authbind" ports. Edit the following file. 

sudo nano /etc/tomcat6/server.xml

Find the connector for port 8080 and change it to port 80.

See example below. 

    <Connector port="80" protocol="HTTP/1.1" 
	       enableLookups="false"
               connectionTimeout="20000" 
               URIEncoding="UTF-8"
               redirectPort="443" />

If enabled, comment out the AJP 1.3 connector. It is not needed.

NANO Editor Help
CTL+O = Save the file and then press Enter
CTL+X = Exit "nano"
CTL+K = Delete line
CTL+U = Undelete line
CTL+W = Search for %%string%%
CTL+\ = Search for %%string%% and replace with $$string$$
CTL+C = Show line numbers

More info = http://en.wikipedia.org/wiki/Nano_(text_editor)

Step 5.2.3: Setup Tomcat for secure port 443

Please go to: http://wiki.lib.sun.ac.za/index.php/SUNScholar/Secure_Internet_Connections later, after installation to do secure port 443 setup.

For now and testing it is ok, just to use port 80 only for Tomcat connections.

Step 5.3: Setup Tomcat admin users

Type as follows: 

sudo nano /etc/tomcat6/tomcat-users.xml

Delete all the contents of the file and add the following admin and manager roles with a password. 

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="dspace" password="%%%%%%%" roles="admin,manager"/>
</tomcat-users>
NANO Editor Help
CTL+O = Save the file and then press Enter
CTL+X = Exit "nano"
CTL+K = Delete line
CTL+U = Undelete line
CTL+W = Search for %%string%%
CTL+\ = Search for %%string%% and replace with $$string$$
CTL+C = Show line numbers

More info = http://en.wikipedia.org/wiki/Nano_(text_editor)

Step 5.4: Restart the Tomcat server

Now restart the tomcat server as follows: 

sudo /etc/init.d/tomcat6 restart

Step 5.5: Post Tomcat installation checks

Now let's look if all went well: 

sudo netstat -tapn | grep java

Tomcat should be listening on port 80 now: 

root@server1:~# netstat -tapn | grep java
tcp        0      0 127.0.0.1:8005          0.0.0.0:*               LISTEN      8063/java       
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      8063/java

Thats it, now you have a working Java webapp server.

Step 5.6: Troubleshooting

  • Check optimisations done for Tomcat in the link below
http://wiki.lib.sun.ac.za/index.php/SUNScholar/Optimisations/Tomcat
  • Please remember only ONE server at time may listen on any TCP/UDP port on your server.
  • A reboot of the server may be needed to get Tomcat working on ports 80 and 443 correctly.
  • Later on during the actual DSpace installation, you will have to select a "root" webapp so that you have a clean URL. See link below.
http://wiki.lib.sun.ac.za/index.php/SUNScholar/Install_DSpace/S08
Retrieved from "http://wiki.lib.sun.ac.za/index.php?title=SUNScholar/Prepare_Ubuntu/S05&oldid=26557"