SUNScholar/Prepare Ubuntu/S05/Ubuntu-14.04

From Libopedia
Jump to navigation Jump to search
BACK TO STEP 5


Step 5.1: Install Tomcat

Type the following:

sudo apt-get install tomcat7

Step 5.2: Allow Tomcat to listen on ports "80" and "443"

Step 5.2.1: Setup "authbind" for Tomcat

To enable Tomcat to listen on a privileged port below 100, we need to enable "authbind". Edit the /etc/default/tomcat7 file as follows:

sudo nano /etc/default/tomcat7

Remove the hash sign from in front of the authbind parameter and change authbind to yes as follows

# If you run Tomcat on port numbers that are all higher than 1023, then you
# do not need authbind.  It is used for binding Tomcat to lower port numbers.
# NOTE: authbind works only with IPv4.  Do not enable it when using IPv6.
# (yes/no, default: no)
AUTHBIND=yes

Now we need to tell "authbind" that Tomcat is allowed to use lower port numbers. Type the following commands:

sudo touch /etc/authbind/byport/80
sudo touch /etc/authbind/byport/443
sudo chmod 0755 /etc/authbind/byport/80
sudo chmod 0755 /etc/authbind/byport/443
sudo chown tomcat7.tomcat7 /etc/authbind/byport/80
sudo chown tomcat7.tomcat7 /etc/authbind/byport/443
cd /etc/authbind/byport
ls -l

Now Tomcat has permission to use ports 80 and 443. See below for an example listing of the files in the /etc/authbind/byport folder.

dspace@dspace:/etc/authbind/byport# ls -l
total 0
-rwxr-xr-x 1 tomcat7 tomcat7 0 2011-06-10 18:33 443
-rwxr-xr-x 1 tomcat7 tomcat7 0 2011-06-10 18:33 80

Step 5.2.2: Setup Tomcat to listen on insecure port 80

Now we tell the Tomcat server to listen on the "authbind" ports. Edit the following file.

sudo nano /etc/tomcat7/server.xml

Find the connector for port 8080 and change it to port 80.

See example below.

    <Connector port="80" protocol="HTTP/1.1" 
               enableLookups="false"
               maxConnections="-1"
               maxThreads="450"
               maxHttpHeaderSize="16384"
               connectionTimeout="20000" 
               URIEncoding="UTF-8"
               redirectPort="443" />

If enabled, comment out the AJP 1.3 connector. It is not needed.


NANO Editor Help
CTL+O = Save the file and then press Enter
CTL+X = Exit "nano"
CTL+K = Delete line
CTL+U = Undelete line
CTL+W = Search for %%string%%
CTL+\ = Search for %%string%% and replace with $$string$$
CTL+C = Show line numbers

More info = http://en.wikipedia.org/wiki/Nano_(text_editor)


Step 5.2.3: Setup Tomcat to listen on secure port 443

Please go to: http://wiki.lib.sun.ac.za/index.php/SUNScholar/Secure_Internet_Connections later, after installation to do secure port 443 setup.

For now and testing it is ok, just to use port 80 only for Tomcat connections.

Step 5.3: Setup Tomcat admin users

Type as follows:

sudo nano /etc/tomcat7/tomcat-users.xml

Delete all the contents of the file and add the following admin and manager roles with a password. Replace XXXX with your password!

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="manager-gui"/>
  <role rolename="manager-jmx"/>
  <user username="dspace" password="XXXX" roles="manager-gui,manager-jmx"/>
</tomcat-users>

NANO Editor Help
CTL+O = Save the file and then press Enter
CTL+X = Exit "nano"
CTL+K = Delete line
CTL+U = Undelete line
CTL+W = Search for %%string%%
CTL+\ = Search for %%string%% and replace with $$string$$
CTL+C = Show line numbers

More info = http://en.wikipedia.org/wiki/Nano_(text_editor)


Step 5.4 Java environment settings for Tomcat webapp server

To setup the environment variables for Tomcat java web applications, type the following:

sudo nano /etc/default/tomcat7

Check the following for comparison:

# You may pass JVM startup parameters to Java here. If unset, the default
# options (-Djava.awt.headless=true -Xmx128m) will be used.
#JAVA_OPTS="-Djava.awt.headless=true -Xmx128m"
JAVA_OPTS="-Djava.awt.headless=true -Xms1024m -Xmx2048m -XX:MaxPermSize=1024m"

NANO Editor Help
CTL+O = Save the file and then press Enter
CTL+X = Exit "nano"
CTL+K = Delete line
CTL+U = Undelete line
CTL+W = Search for %%string%%
CTL+\ = Search for %%string%% and replace with $$string$$
CTL+C = Show line numbers

More info = http://en.wikipedia.org/wiki/Nano_(text_editor)


Java environment settings used for SUNScholar

Your settings will depend on how much RAM you have available to assign to the Tomcat server. See graph below as well.

JAVA_OPTS="-Djava.awt.headless=true -Xmx8192m -Xms4096m -XX:PermSize=4096m -XX:MaxPermSize=8192m"

Graph of RAM memory usage on SUNScholar.

Sunscholar-memory-year.png

Step 5.5 Setup Tomcat server permissions

Please note: This procedure violates best security practice on an Ubuntu server. See: http://dspace.2283337.n4.nabble.com/DSpace-Security-td4664584.html for a discussion on the DSpace tech mailing list. You apply this procedure at your own risk!

sudo nano /etc/default/tomcat7

See example below.

# Run Tomcat as this user ID. Not setting this or leaving it blank will use the
# default of tomcat6.
TOMCAT6_USER=root

# Run Tomcat as this group ID. Not setting this or leaving it blank will use
# the default of tomcat6.
TOMCAT6_GROUP=root

NANO Editor Help
CTL+O = Save the file and then press Enter
CTL+X = Exit "nano"
CTL+K = Delete line
CTL+U = Undelete line
CTL+W = Search for %%string%%
CTL+\ = Search for %%string%% and replace with $$string$$
CTL+C = Show line numbers

More info = http://en.wikipedia.org/wiki/Nano_(text_editor)


Step 5.6: Setup file permissions

cd
sudo adduser tomcat7 dspace
sudo adduser dspace tomcat7
sudo chown dspace.dspace -R $HOME
sudo chmod 0777 -R $HOME

Step 5.7: Restart the Tomcat server

Now restart the tomcat server as follows:

sudo service tomcat7 restart

Step 5.8: Post Tomcat installation checks

Now let's look if all went well:

sudo netstat -tapn | grep java

Tomcat should be listening on port 80 now:

root@server1:~# netstat -tapn | grep java
tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN      11093/java      
tcp6       0      0 :::80                   :::*                    LISTEN      11093/java      

Thats it, now you have a working Java webapp server.

Step 5.9: Troubleshooting

  • Check optimisations done for Tomcat in the link below
http://wiki.lib.sun.ac.za/index.php/SUNScholar/Optimisations/Tomcat
  • Please remember only ONE server at time may listen on any TCP/UDP port on your server.
  • A reboot of the server may be needed to get Tomcat working on ports 80 and 443 correctly.
  • Later on during the actual DSpace installation, you will have to select a "root" webapp so that you have a clean URL. See link below.
http://wiki.lib.sun.ac.za/index.php/SUNScholar/Install_DSpace/S08

References