Difference between revisions of "Tomcat"
Line 97: | Line 97: | ||
# Change permissions on tomcat-users.xml so that others can’t read it (but tomcat): | # Change permissions on tomcat-users.xml so that others can’t read it (but tomcat): | ||
chmod 640 /opt/tomcat-home/conf/tomcat-users.xml /opt/tomcat-base/conf/tomcat-users.xml | chmod 640 /opt/tomcat-home/conf/tomcat-users.xml /opt/tomcat-base/conf/tomcat-users.xml | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | # Allow execution of ''tomcat-home'' scripts | |
− | + | chmod 755 /opt/tomcat-home/**/*.sh | |
− | |||
− | |||
</syntaxhighlight> | </syntaxhighlight> | ||
− | |||
− | |||
− | |||
− | |||
Revision as of 12:40, 31 March 2015
Tomcat is a Java servlet container, it can be used to display simple JSP and run Spring applications.
However, it cannot run Java EE, you'll need a proper application server such IBM WAS, Glassfish, Jboss, etc. to do so.
Contents
installation
Automatic install (Linux)
This is the recommended installation.
apt-get install tomcat7 tomcat7-admin tomcat7-common tomcat7-docs tomcat7-examples
On Debian, the service is not available. So you can add a symlink for tomcat7:
ln -s /etc/init.d/tomcat7 /usr/bin/tomcat7
Manual install (Linux)
Source: http://satishchilukuri.com/blog/entry/installing-java-8-and-tomcat-8-on-debian-wheezy
Get and install archive
Get Tomcat latest version from the official website: http://tomcat.apache.org/
Unzip Tomcat to /opt: => /opt/tomcat-8.0.21 (adjust to your own version number)
Binary VS deployment
Tomcat recommends to have 2 directories:
- Tomcat binary. This is the tomcat version you can update
- Tomcat deployment. These are your configuration file. Their life-cycle is different as the server updates.
Create Tomcat binary "home":
ln -s /opt/tomcat-8.0.21 /opt/tomcat-home
Now create a deployment directory "tomcat-base" + all the required folders:
mkdir /opt/tomcat-base
cp -r /opt/tomcat-home/conf/ /opt/tomcat-base/
cp -r /opt/tomcat-home/webapps/ /opt/tomcat-base/
mkdir /opt/tomcat-base/bin
mkdir /opt/tomcat-base/lib
mkdir /opt/tomcat-base/logs
mkdir /opt/tomcat-base/work
mkdir /opt/tomcat-base/temp
Create user/group
# Create tomcat group
addgroup --system "tomcat"
# Create Tomcat user !! Adjust the home directory
adduser --system --home /opt/tomcat-home --no-create-home \
--ingroup "tomcat" --disabled-password --shell /bin/false \
"tomcat"
!! Don't forget to adjust the default directory /opt/tomcat8
to your own setting !! (Ex: /usr/local/tomcat
)
Adjust rights
For security reasons you should use:
- Tomcat user & group as both /opt/tomcat-home + /opt/tomcat-base
- Tomcat user should only have read access. The configuration is reserved to the administrator
# Set ownership
chown -R tomcat /opt/tomcat-base /opt/tomcat-home /opt/tomcat-home/*
chgrp -R tomcat /opt/tomcat-base /opt/tomcat-home /opt/tomcat-home/*
# Set rights
chown -Rh root:tomcat /opt/tomcat-home/conf /opt/tomcat-home/lib /opt/tomcat-home/bin
chown -Rh root:tomcat /opt/tomcat-base/conf /opt/tomcat-base/lib /opt/tomcat-base/bin
# Ensure configuration files are group readable
chmod go+r /opt/tomcat-home/conf/* /opt/tomcat-base/conf/*
# Change permissions on tomcat-users.xml so that others can’t read it (but tomcat):
chmod 640 /opt/tomcat-home/conf/tomcat-users.xml /opt/tomcat-base/conf/tomcat-users.xml
# Allow execution of ''tomcat-home'' scripts
chmod 755 /opt/tomcat-home/**/*.sh
Startup script
vim /etc/init.d/tomcat
Put the following content:
#!/bin/sh
### BEGIN INIT INFO
# Provides: tomcat
# Required-Start: $ local_fs $ $ remote_fs network
# Required-Stop: $ local_fs $ $ remote_fs network
# Should-Start: $ named
# Should-Stop: $ named
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start Tomcat.
# Description: Start the Tomcat servlet engine.
### END INIT INFO
if [ $(id -u) -ne 0 ]; then
echo " "
echo "!!!!!!!!!!!!!!!!!!!!"
echo "!! Security alert !!"
echo "!!!!!!!!!!!!!!!!!!!!"
echo "You need to be root or have root privileges to run this script!\n\n"
echo " "
exit 1
fi
# Oracle JDK 8
export JAVA_HOME=/usr/lib/jvm/java-8-oracle
# Tomcat installation path
export CATALINA_BASE=/opt/tomcat8
export CATALINA_HOME=/opt/tomcat8
case $1 in
start)
/bin/su tomcat $CATALINA_HOME/bin/startup.sh
;;
stop)
/bin/su tomcat $CATALINA_HOME/bin/shutdown.sh
;;
restart)
stop
start
;;
*)
echo "usage: service tomcat {start|stop|restart}"
;;
esac
exit 0
Update rights
chmod 755 /etc/init.d/tomcat
Update boot sequence
cd /etc/init.d
update-rc.d tomcat defaults
Remove from boot sequence
update-rc.d tomcat remove
Installation as Windows service
Installation
1. Download the latest tomcat version (Windows installer): http://tomcat.apache.org/download-70.cgi
2. During installation, add a specific user This user will be used to access the manager-app (= configuration pages)
3. After install, start the tomcat service and go to: http://localhost:8080
4. Go to the manager app: http://localhost:8080/manager/html
5. Deploy you war file(s)
Upgrade Tomcat privileges
In order to start “Tomcat server as a service” on windows startup, you must improve the Tomcat privileges. To do so, go to TOMCAT_install_dir / bin
- Right click on “tomcat7w.exe” -> Properties
- Go to the “compatibility” panel
- Enable “run this program as an administrator”
- Click on “change settings for all users”
- Once again, enable “run this program as an administrator”
Increase server memory
In order to avoid memory errors such as “permGen space exception”, you have to increase your server JVM memory settings.
- Launch the Tomcat Manager “configuration” panel: Right click on the manager -> Configure…
- Go to the “Java” tab and adjust memory settings
- Increase permsize by adding the following line in the text panel
-XX:MaxPermSize=256m
- Set maximum memory pool size to 512 MB (see max. memory pool)
Server configuration
Create users and user-rights
Manual installation
vim /opt/tomcat/conf/tomcat-users.xml
Automatic installation
vim /etc/tomcat7/tomcat-users.xml
Add / uncomment:
<role rolename="manager" />
<role rolename="admin" />
<role rolename="manager-gui" />
<role rolename="manager-script" />
<role rolename="admin-gui" />
<user username="tomcat" password="password" roles="admin, admin-gui, manager, manager-gui, manager-script" />
Increase permgen space
Manual install
Add JAVA_OPTS parameters as environment variable
vim /etc/profile
Add following line:
export JAVA_OPTS="-Xms1024m -Xmx1024m -XX:NewSize=256m -XX:MaxNewSize=256m -XX:PermSize=256m -XX:MaxPermSize=512m -XX:+DisableExplicitGC"
Take changes into account
source /etc/profile
Check changes
echo $JAVA_OPTS
Automatic install
vim /etc/default/tomcat7
Add following line:
JAVA_OPTS="-server -Djava.awt.headiless=true -XX:+UseConcMarkSweepGC -XX:+CMSIncrementalMode -XX:+CMSPermGenSweepingEnabled -XX:+CMSClassUnloadingEnabled"
JAVA_OPTS="${JAVA_OPTS} -Xms256m -Xmx2048m"
JAVA_OPTS="${JAVA_OPTS} -XX:NewSize=128m -XX:MaxNewSize=256m"
Take changes into account
service tomcat7 restart
Add UTF-8 support on Tomcat
By default Tomcat will rely on the O.S locale.
In order to support UTF-8 URLs, you’ve to manually update the server’s configuration.
- automatic install: $Tomcat = /etc/tomcat7
vim $TOMCAT/conf/server.xml
~ Line 70 change the “<connector port=”8080” …” value.
- Before
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
- After
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" URIEncoding="UTF-8" />
Restart Tomcat server
service tomcat7 restart
War deployment
There is 2 ways to deploy a war:
- By pushing the target war into ${Tomcat root} / webapps
- By using the graphical tool http://localhost:8080/manager
If you plan to use the graphical tool then you have to adjust the war file max size.
Edit:
${Tomcat root} / webapps / manager / WEB-INF / web.xml
Adjust following values ~line 54 :
<multipart-config>
<max-file-size>104857600</max-file-size>
<max-request-size>104857600</max-request-size>
<file-size-threshold>0</file-size-threshold>
</multipart-config>
add JMX management
Tomcat can be remotely monitored through JMX. That’s useful to check the status of the server: memory, threads and processes, performances, etc.
Restricted access configuration
You should restrict the JMX access.
Create the JMX users rights
vim /var/lib/tomcat7/conf/jmxremote.access
Put the following
monitorRole readonly → replace monitorRole by your ''userName''
controlRole readwrite
Create the JMX users password
vim /var/lib/tomcat7/conf/jmxremote.password
Put the following
monitorRole tomcat → replace monitorRole by username | replace tomcat by password
controlRole tomcat
Set rights and permissions upon login files
chmod 600 /var/lib/tomcat7/conf/jmxremote.*
chown tomcat7:tomcat7 /var/lib/tomcat7/conf/jmxremote.*
Tomcat launcher configuration
Just edit your default Tomcat launcher:
vim /etc/default/tomcat7
Add the following lines:
JAVA_HOME=/usr/lib/jvm/default-jvm/ → That must be the ORACLE JDK
# JMX configuration
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote"
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.port=8090"
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.ssl=false"
JAVA_OPTS="${JAVA_OPTS} -Djava.rmi.server.hostname=preprodrtd.vehco.com"
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.authenticate=true"
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.access.file=/var/lib/tomcat7/conf/jmxremote.access"
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.password.file=/var/lib/tomcat7/conf/jmxremote.password"
!! The rmi.server.hostname must match /etc/hostname !!
Restart tomcat
Service tomcat7 restart
Open firewall
Edit your firewall script
vim /etc/firewall/firewall-start.sh
Incoming connections
$IPTABLES -A INPUT -p tcp --dport 8090 -j ACCEPT # Tomcat JMX
Outgoing connections
$IPTABLES -t filter -A OUTPUT -p tcp -m state --state NEW --dport 8090 -j ACCEPT # Tomcat JMX
Just restart your firewall to apply changes
firewall restart
Access JMX data
Just execute jvisualvm or jconsole. Fill up the information and use a none-secure connection.
Add MySQL datasource
Setup MySQL JDBC connector
1. Download MySQL JDBC driver http://dev.mysql.com/downloads/connector/j/
2. Decompress content and extract mysql-connector-java-XXX-bin.jar
3. Copy this file into $TOMCAT/libs Automatic install: /usr/share/tomcat7/lib
Declare MySQL datasource
Server.xml
Automatic install: /etc/tomcat7/server.xml
$TOMCAT/server.xml
Add
<host>
...
<GlobalNamingResources>
...
<!-- ####################################################################### -->
<!-- MySQL datasource -->
<!-- ####################################################################### -->
<!-- maxActive: Maximum number of database connections in pool. Set to -1 for no limit. -->
<!-- maxIdle: Maximum number of idle database connections to retain in pool. Set to -1 for no limit. -->
<!-- maxWait: Maximum time to wait for a database connection to become available in ms. Set to -1 to wait indefinitely. -->
<!-- driverClassName: Class name for the official MySQL Connector/J driver is com.mysql.jdbc.Driver. -->
<Resource name="jdbc/myDataSource"
auth="Container" type="javax.sql.DataSource"
username="user" password="password"
url="jdbc:mysql://localhost:3306/mySchema"
maxActive="50" maxIdle="30" maxWait="10000"
driverClassName="com.mysql.jdbc.Driver"
factory="org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory"
removeAbandoned="true"
validationQuery="select 1" validationInterval="30000"
testOnBorrow="true" testWhileIdle="true"
timeBetweenEvictionRunsMillis="60000"
numTestsPerEvictionRun="5"
poolPreparedStatements="true"
/>
</GlobalNamingResources>
- Tomcat 8 : factory="org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory"
- Tomcat 7 >= 7.0.52 : factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory"
- Tomcat 6,7 < 7.0.52 : factory="org.apache.commons.dbcp.BasicDataSourceFactory"
Context.xml
Edit:
$TOMCAT/context.xml
Add the following declaration
<!-- ####################################################################### -->
<!-- MySQL datasource -->
<!-- ####################################################################### -->
<ResourceLink name="jdbc/myDataSource"
global="jdbc/myDataSource"
type="javax.sql.datasource" />
web.xml
Edit
$TOMCAT/web.xml
Add the following declaration
<!-- ####################################################################### -->
<!-- MySQL datasource -->
<!-- ####################################################################### -->
<resource-ref>
<description>RTD database</description>
<res-ref-name>jdbc/VehcoData</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
Take changes into account
Restart tomcat
service tomcat7 restart
Check result: http://localhost:8080/manager/text/resources
Use datasource
To use the datasource with a JNDI name you must prefix it with: java:comp/env/
java:comp/env/jdbc/myDataSource
Datasource improvements
You can tweak the datasource using some specific config parameters. Edit:
$TOMCAT/server.xml
Edit your JDBC resource:
<Resource auth="Container"
name="jdbc/APP_NAME"
username="user"
password="password"
type="javax.sql.DataSource"
url="jdbc:oracle:thin:@server.domain:1521:development" → ORACLE database
driverClassName="oracle.jdbc.driver.OracleDriver"
url="jdbc:mysql://localhost:3306/rtd" → MySQL database
driverClassName="com.mysql.jdbc.Driver"
maxActive="50" maxIdle="30" maxWait="10000" → Connection pool
maxIdle="10"
maxWait="5000"
maxActive="30" → To remove none close connections
logAbandoned="true" To report the stacktrace of the faulty code
removeAbandoned="true" To remedy connection starvation while leaky code is not fixed
removeAbandonedTimeout="60" Interval for fixing connection starvation
validationQuery="select 1 from dual" custom query to perform regular checks
validationInterval="30000" To be adjusted! Interval in ms.
testOnBorrow="true"
testOnReturn="false"
testWhileIdle="true"
timeBetweenEvictionRunsMillis="5000"
numTestsPerEvictionRun="3"
minEvictableIdleTimeMillis="30000"
/>
More tweaks: http://commons.apache.org/proper/commons-dbcp/configuration.html
Basic tasks
Files location
The applications files are in $Tomcat/webapps
- Automatic installation: /var/lib/tomcat/webapps
Remove old temp files
In case of bugs, you can remove the working directory: $Tomcat/work/Catalina/localhost/*
rm -Rf /var/lib/tomcat7/work/Catalina/localhost/*