SUNScholar/Prepare Ubuntu/S05
Jump to navigation
Jump to search
STEP 6
Contents
- 1 Step 5. Setup Tomcat Java Webapp Server
- 2 Step 5.1: Install Tomcat
- 3 Step 5.2: Allow Tomcat to listen on ports "80" and "443"
- 4 Step 5.3: Setup Tomcat admin users
- 5 Step 5.4: Restart the Tomcat server
- 6 Step 5.5: Post Tomcat installation checks
- 7 Step 5.6: Troubleshooting
- 8 Sample "server.xml" file for tomcat 6
Step 5. Setup Tomcat Java Webapp Server
Please note and be warned:
- This procedure does NOT require "mod_jk" or Apache2 port re-direction with firewall rules or the Apache2 server installation itself, in fact.
- If you want to do URL rewrites as you did with Apache2, then try: http://tuckey.org/urlrewrite to do the same with Tomcat6.
- If you want to enable Shibboleth with Java only, try: http://shibboleth.net/products/opensaml-java.html.
- This procedure has only been tested on an Ubuntu server installation!
- This procedure is completely different from the official DSpace documentation.
Step 5.1: Install Tomcat
Type the following:
sudo apt-get install tomcat6
Step 5.2: Allow Tomcat to listen on ports "80" and "443"
Step 5.2.1: Setup "authbind" for Tomcat
To enable Tomcat to listen on a privileged port below 100, we need to enable "authbind". Edit the /etc/default/tomcat6 file as follows:
sudo nano /etc/default/tomcat6
Remove the hash sign from in front of the authbind parameter and change authbind to yes as follows
# If you run Tomcat on port numbers that are all higher than 1023, then you # do not need authbind. It is used for binding Tomcat to lower port numbers. # NOTE: authbind works only with IPv4. Do not enable it when using IPv6. # (yes/no, default: no) AUTHBIND=yes
- NANO Editor Help
| CTL+O | = Save the file and then press Enter |
| CTL+X | = Exit "nano" |
| CTL+K | = Delete line |
| CTL+U | = Undelete line |
| CTL+W | = Search for %%string%% |
| CTL+\ | = Search for %%string%% and replace with $$string$$ |
| CTL+C | = Show line numbers |
More info = http://en.wikipedia.org/wiki/Nano_(text_editor)
Now we need to tell "authbind" that Tomcat is allowed to use lower port numbers. Type the following commands:
sudo touch /etc/authbind/byport/80
sudo touch /etc/authbind/byport/443
sudo chmod 0755 /etc/authbind/byport/80
sudo chmod 0755 /etc/authbind/byport/443
sudo chown tomcat6.tomcat6 /etc/authbind/byport/80
sudo chown tomcat6.tomcat6 /etc/authbind/byport/443
cd /etc/authbind/byport
ls -l
Now Tomcat has permission to use ports 80 and 443. See below for an example listing of the files in the /etc/authbind/byport folder.
root@ir1:/etc/authbind/byport# ls -l total 0 -rwxr-xr-x 1 tomcat6 tomcat6 0 2011-06-10 18:33 443 -rwxr-xr-x 1 tomcat6 tomcat6 0 2011-06-10 18:33 80
Step 5.2.2: Setup Tomcat for open port 80
Now we tell the Tomcat server to listen on the "authbind" ports. Edit the following file.
sudo nano /etc/tomcat6/server.xml
Find the connector for port 8080 and change it to port 80.
See example below.
<Connector port="80" protocol="HTTP/1.1"
enableLookups="false"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="443" />
If enabled, comment out the AJP 1.3 connector. It is not needed.
- NANO Editor Help
| CTL+O | = Save the file and then press Enter |
| CTL+X | = Exit "nano" |
| CTL+K | = Delete line |
| CTL+U | = Undelete line |
| CTL+W | = Search for %%string%% |
| CTL+\ | = Search for %%string%% and replace with $$string$$ |
| CTL+C | = Show line numbers |
More info = http://en.wikipedia.org/wiki/Nano_(text_editor)
Step 5.2.3: Setup Tomcat for secure port 443
Please go to: http://wiki.lib.sun.ac.za/index.php/SUNScholar/Secure_Internet_Connections later, after installation to do secure port 443 setup.
For now and testing it is ok, just to use port 80 only for Tomcat connections.
Step 5.3: Setup Tomcat admin users
Type as follows:
sudo nano /etc/tomcat6/tomcat-users.xml
Delete all the contents of the file and add the following admin and manager roles with a password.
<?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="manager"/> <role rolename="admin"/> <user username="dspace" password="%%%%%%%" roles="admin,manager"/> </tomcat-users>
- NANO Editor Help
| CTL+O | = Save the file and then press Enter |
| CTL+X | = Exit "nano" |
| CTL+K | = Delete line |
| CTL+U | = Undelete line |
| CTL+W | = Search for %%string%% |
| CTL+\ | = Search for %%string%% and replace with $$string$$ |
| CTL+C | = Show line numbers |
More info = http://en.wikipedia.org/wiki/Nano_(text_editor)
Step 5.4: Restart the Tomcat server
Now restart the tomcat server as follows:
sudo /etc/init.d/tomcat6 restart
Step 5.5: Post Tomcat installation checks
Now let's look if all went well:
sudo netstat -tapn | grep java
Tomcat should be listening on port 80 now:
root@server1:~# netstat -tapn | grep java tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 8063/java tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8063/java
Thats it, now you have a working Java webapp server.
Step 5.6: Troubleshooting
- Please remember only ONE server at time may listen on any TCP/UDP port on your server.
- A reboot of the server may be needed to get Tomcat working on ports 80 and 443 correctly.
- Later on during the actual DSpace installation, you will have to select a "root" webapp so that you have a clean URL. See link below.
http://wiki.lib.sun.ac.za/index.php/SUNScholar/Install_DSpace/S08
Sample "server.xml" file for tomcat 6
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<!--APR library loader. Documentation at /docs/apr.html -->
<!--
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
-->
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<!-- Added enableLookups="false" by H Gibson -->
<!-- Added maxHttpHeaderSize by H Gibson -->
<Connector port="80" protocol="HTTP/1.1"
enableLookups="false"
maxHttpHeaderSize="16384"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!-- Added enableLookups="false" by H Gibson -->
<!-- Added maxHttpHeaderSize by H Gibson -->
<Connector port="443" protocol="HTTP/1.1"
enableLookups="false"
maxHttpHeaderSize="16384"
maxThreads="150"
URIEncoding="UTF-8"
SSLEnabled="true"
scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/ssl/certs/scholar.sun.ac.za.pkcs12"
keystoreType="PKCS12"
keystorePass="XXXXXX" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!--
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-->
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- The request dumper valve dumps useful debugging information about
the request and response data received and sent by Tomcat.
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
-->
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<!-- Define the default virtual host
Note: XML Schema validation will not work with Xerces 2.2.
-->
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="false"
xmlValidation="false" xmlNamespaceAware="false">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
-->
</Host>
</Engine>
</Service>
</Server>
