Step one: Install JDK 1.7
You can transfer the most recent JDK here: http://www.oracle.com/technetwork/java/javase/downloads/index.html
We'll install the most recent JDK, that is JDK seven, Update 5. The JDK is restricted to thirty two and sixty four bit versions.
My CentOS box is sixty four bit, therefore i am going to need: jdk-7u9-linux-x64.tar.gz.
If you're on thirty two bit, you may need: jdk-7u9-linux-i586.tar.gz
Start by making a brand new directory /usr/java:
view plaincopy to clipboardprint?
[root@Desktop ~]# mkdir /usr/java
Change to the /usr/java directory we have a tendency to created
view plaincopy to clipboardprint?
[root@Desktop ~]# cd /usr/java
[root@Desktop java ]#
Download the acceptable JDK and put it aside to /usr/java directory we have a tendency to created higher than.
Unpack jdk-7u5-linux-x64.tar.gz within the /usr/java directory victimization tar -xzf:
view plaincopy to clipboardprint?
[root@Desktop java]# tar -xzf jdk-7u5-linux-x64.tar.gz
This will produce the directory /usr/java/jdk1.7.0_05. this may be our JAVA_HOME.
We can currently set JAVA_HOME and place Java into the trail of our users.
To set it for your current session, you'll issue the subsequent from the CLI:
view plaincopy to clipboardprint?
[root@Desktop java]# JAVA_HOME=/usr/java/jdk1.7.0_09
[root@Desktop java]# export JAVA_HOME
[root@Desktop java]# PATH=$JAVA_HOME/bin:$PATH
[root@Desktop java]# export PATH
To set the JAVA_HOME for good, however, we want to feature below to the ~/.bash_profile of the user (in this case, root).
We can conjointly add it /etc/profile then supply it to offer to any or all users.
view plaincopy to clipboardprint?
JAVA_HOME=/usr/java/jdk1.7.0_09
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
Once you've got additional the higher than to ~/.bash_profile, you must exit, then log back in and make sure the JAVA_HOME is about properly.
view plaincopy to clipboardprint?
[root@DEsktop ~]# echo $JAVA_HOME
/usr/java/jdk1.7.0_09
Note: If you made the choice to use JDK half-dozen instead of seven as we have a tendency to did higher than, merely save the JDK half-dozen bin file to /opt (or another location), then navigate to /usr/java and issue: 'sh /opt/jdk-6u33-linux-x64.bin'. this may produce a JAVA Home of /usr/java/jdk1.6.0.33
Step 2: transfer and take out tom seven.0.29 (or latest)
We will install tom seven below /usr/share.
Switch to the /usr/share directory:
view plaincopy to clipboardprint?
[root@Desktop ~]# cd /usr/share
[root@Desktop share ]#
Download apache-tomcat-7.0.29.tar.gz (or the most recent version) here
http://tomcat.apache.org/download-70.cgi
and put it aside to /usr/share
Once downloaded, you must verify the MD5 verification for your tom transfer victimization the md5sum command.
view plaincopy to clipboardprint?
[root@Desktop share ]# md5sum apache-tomcat-7.0.64.tar.gz
307076fa3827e19fa9b03f3ef7cf1f3f *apache-tomcat-7.0.29.tar.gz
Compare the output higher than to the MD5 verification provided next to the transfer link and you used higher than and make sure it matches.
unpack the file victimization tar -xzf:
view plaincopy to clipboardprint?
[root@Desktop share ]# tar -xzf apache-tomcat-7.0.64.tar.gz
This will produce the directory /usr/share/apache-tomcat-7.0.64
Step 3: tack together tom to Run as a Service.
We will currently see a way to run tom as a service and make an easy Start/Stop/Restart script, furthermore on begin tom at boot.
Change to the /etc/init.d directory and make a script known as 'tomcat' as shown below.
view plaincopy to clipboardprint?
[root@Desktop share]# cd /etc/init.d
[root@Desktop init.d]# vi tomcat
And here is that the script we'll use.
view plaincopy to clipboardprint?
#!/bin/bash
# description: tom begin Stop Restart
# processname: tom
# chkconfig: 234 twenty eighty
JAVA_HOME=/usr/java/jdk1.7.0_09
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
CATALINA_HOME=/usr/share/apache-tomcat-7.0.64
case $1 in
start)
sh $CATALINA_HOME/bin/startup.sh
;;
stop)
sh $CATALINA_HOME/bin/shutdown.sh
;;
restart)
sh $CATALINA_HOME/bin/shutdown.sh
sh $CATALINA_HOME/bin/startup.sh
;;
esac
exit 0
The higher than script is easy and contains all of the fundamental components you may have to be compelled to get going.
As you'll see, we have a tendency to ar merely line of work the startup.sh and closedown.sh scripts set within the tom bin directory (/usr/share/apache-tomcat-7.0.64/bin).
You can alter your script in step with your desires and, in consequent posts, we'll check out further examples.
CATALINA_HOME is that the tom home directory (/usr/share/apache-tomcat-7.0.64)
Now, set the permissions for your script to create it executable:
view plaincopy to clipboardprint?
[root@Desktop init.d]# chmod 755 tom
We currently use the chkconfig utility to possess tom begin at boot time. In my script higher than, i'm victimization chkconfig: 234 twenty eighty. 2345 ar the run levels and twenty and eighty ar the stop and begin priorities severally. you'll alter pro re nata.
view plaincopy to clipboardprint?
[root@DEsktop init.d]# chkconfig --add tom
[root@Desktop init.d]# chkconfig --level 234 tom on
Verify it:
view plaincopy to clipboardprint?
[root@Desktop init.d]# chkconfig --list tom
tom 0:off 1:off 2:on 3:on 4:on 5:off 6:off
Now, let's check our script.
Start Tomcat:
view plaincopy to clipboardprint?
[root@Desktop ~]# service tom begin
victimization CATALINA_BASE: /usr/share/apache-tomcat-7.0.64
victimization CATALINA_HOME: /usr/share/apache-tomcat-7.0.64
victimization CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.64/temp
victimization JRE_HOME: /usr/java/jdk1.7.0_09
victimization CLASSPATH: /usr/share/apache-tomcat-7.0.64/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.64/bin/tomcat-juli.jar
Stop Tomcat:
view plaincopy to clipboardprint?
[root@Desktop ~]# service tom stop
victimization CATALINA_BASE: /usr/share/apache-tomcat-7.0.64
victimization CATALINA_HOME: /usr/share/apache-tomcat-7.0.64
victimization CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.64/temp
victimization JRE_HOME: /usr/java/jdk1.7.0_09
victimization CLASSPATH: /usr/share/apache-tomcat-7.0.64/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.64/bin/tomcat-juli.jar
Restarting tom (Must be started first):
view plaincopy to clipboardprint?
[root@Desktop ~]# service tom restart
victimization CATALINA_BASE: /usr/share/apache-tomcat-7.0.64
victimization CATALINA_HOME: /usr/share/apache-tomcat-7.0.64
victimization CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.64/temp
victimization JRE_HOME: /usr/java/jdk1.7.0_09
victimization CLASSPATH: /usr/share/apache-tomcat-7.0.64/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.64/bin/tomcat-juli.jar
victimization CATALINA_BASE: /usr/share/apache-tomcat-7.0.64
victimization CATALINA_HOME: /usr/share/apache-tomcat-7.0.64
victimization CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.64/temp
victimization JRE_HOME: /usr/java/jdk1.7.0_09
victimization CLASSPATH: /usr/share/apache-tomcat-7.0.64/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.64/bin/tomcat-juli.jar
We should review the Catalina.out log set at /usr/share/apache-tomcat-7.0.64/logs/catalina.out and check for any errors.
view plaincopy to clipboardprint?
[root@Desktop init.d]# additional /usr/share/apache-tomcat-7.0.64/logs/catalina.out
We can currently access the tom Manager page at:
http://yourdomain.com:8080 or http://yourIPaddress:8080 and that we ought to see the tom home page.
Step 4: Configuring tom Manager Access.
Tomcat seven contains variety of changes that provide finer-grain roles.
For security reasons, no users or passwords ar created for the tom manager roles by default. during a production readying, it's continuously best to get rid of the Manager application.
To set roles, user name(s) and password(s), we want to tack together the tomcat-users.xml file set at $CATALINA_HOME/conf/tomcat-users.xml.
In the case of our installation, $CATALINA_HOME is found at /usr/share/apache-tomcat-7.0.29.
By default the tom seven tomcat-users.xml file can have the weather between the and tags commented-out. .
New roles for tom seven supply finer-grained access and also the following roles ar currently available:
manager-gui
manager-status
manager-jmx
manager-script
admin-gu
admin-script.
We can set the manager-gui role, as an example as below
:
view plaincopy to clipboardprint?
Caution ought to be exercised in granting multiple roles therefore as to not under-mind security.
Step five (Oprtional): Manage Memory Usage victimization JAVA_OPTS.
Getting the correct heap memory settings for your installation can rely on variety of things.
For simplicity, we'll set our inital heap size, Xms, and our most heap size, Xmx, to identical price of 128 Mb
Simliarly, there ar many approaches you'll take on wherever and the way you set your JAVA_OPTS
Again, for simplicity, we'll add our JAVA_OPTS memory parameters in our Catalina.sh file.
So, open the Catalina.sh file set below /usr/share/apache-tomcat-7.0.29/bin with a text editor or vi.
Since we have a tendency to ar victimization 128 Mb for each initial and most heap size, add the subsequent line to Catalina.sh
view plaincopy to clipboardprint?
JAVA_OPTS="-Xms128m -Xmx128m"
I sometimes simply add this within the second line of the file therefore it's as so:
view plaincopy to clipboardprint?
#!/bin/sh
JAVA_OPTS="-Xms128m -Xmx128m"
# authorized to the Apache code Foundation (ASF) below one or additional
# contributor license agreements. See the NOTICE file distributed with
# this work for extra info relating to copyright possession.
# The ASF licenses this file to You below the Apache License, Version 2.0
# (the "License"); you'll not use this file except in compliance with
# the License. you'll acquire a replica of the License at
Step half-dozen (Optional): a way to Run tom victimization Minimally Privileged (non-root) User.
in our tom configuration higher than, we have a tendency to ar running tom as Root.
For security reasons, it's continuously best to run services with the sole those privileges that ar necessary.
There ar some UN agency create a robust case that this is often not needed, however it is often best to err on the facet of caution.
To run tom as non-root user, we want to try and do the following:
1. produce the cluster 'tomcat':
view plaincopy to clipboardprint?
[root@DEsktop ~]# groupadd tomcat
2. produce the user 'tomcat' and add this user to the tom cluster we have a tendency to created higher than.
view plaincopy to clipboardprint?
[root@Desktop ~]# useradd -s /bin/bash -g tomcat tomcat
The higher than can produce a home directory for the user tom within the default user home as /home/tomcat
If we would like the house directory to be elsewhere, we have a tendency to merely specify therefore victimization the -d switch.
view plaincopy to clipboardprint?
[root@Desktop ~]# useradd -g tom -d /usr/share/apache-tomcat-7.0.64/tomcat tomcat
The higher than can produce the user tomcat's home directory as /usr/share/apache-tomcat-7.0.64/tomcat
3. modification possession of the tom files to the user tom we have a tendency to created above:
view plaincopy to clipboardprint?
[root@Desktop ~]# chown -Rf tom.tomcat /usr/share/apache-tomcat-7.0.64/
Note: it's attainable to boost our security still any by guaranteeing files and directories read-only. this may not be lined during this post and care ought to be used once setting such permissions.
4. alter the start/stop service script we have a tendency to created higher than. In our new script, we want to su to the user tomcat:
view plaincopy to clipboardprint?
#!/bin/bash
# description: tom begin Stop Restart
# processname: tom
# chkconfig: 234 twenty eighty
JAVA_HOME=/usr/java/jdk1.7.0_09
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
CATALINA_HOME=/usr/share/apache-tomcat-7.0.64/bin
case $1 in
start)
/bin/su tom $CATALINA_HOME/startup.sh
;;
stop)
/bin/su tom $CATALINA_HOME/shutdown.sh
;;
restart)
/bin/su tom $CATALINA_HOME/shutdown.sh
/bin/su tom $CATALINA_HOME/startup.sh
;;
esac
exit 0
Step seven (Optional): a way to Run tom on Port eighty as Non-Root User.
Note: the subsequent applies after you ar running tom in "stand alone" mode with tom running below the minimally privileged user tom we have a tendency to created within the previous step.
To run services below port 1024 as a user apart from root, you'll add the subsequent to your information processing tables:
view plaincopy to clipboardprint?
[root@Desktop ~]# iptables -t nat -A PREROUTING -p communications protocol -m communications protocol --dport eighty -j airt --to-ports 8080
[root@Desktop ~]# iptables -t nat -A PREROUTING -p udp -m udp --dport eighty -j airt --to-ports 8080
Be sure to save lots of and restart your information processing Tables.
Step eight (Optional): Running tom behind Apache
As an alternate to running tom on port eighty, if you've got Apache ahead of tom, you'll use mod_proxy furthermore as ajp instrumentality to map your domain to your tom application(s) victimization associate degree Apache vhost as shown below.
While tom has improved it's 'standalone performance', I still favor to have chop-chop ahead of it for variety of reasons.
In your Apache config, make sure to line KeepAlive to 'on'. Apache calibration, of course, may be a whole subject in itself...
Example 1: VHOST with mod_proxy:
view plaincopy to clipboardprint?
ServerAdmin admin@yourdomain.com
ServerName yourdomain.com
ServerAlias web.yourdomain.com
ProxyRequests Off
ProxyPreserveHost On
Order permit,deny
permit from all
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ErrorLog logs/yourdomain.com-error_log
CustomLog logs/yourdomain.com-access_log common
Example 2: VHOST with ajp instrumentality and mod_proxy:
view plaincopy to clipboardprint?
ServerAdmin admin@yourdomain.com
ServerName yourdomain.com
ServerAlias web.yourdomain.com
ProxyRequests Off
ProxyPreserveHost On
Order permit,deny
permit from all
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
ErrorLog logs/yourdomain.com-error_log
CustomLog logs/yourdomain.com-access_log common
In each vhost examples higher than, we have a tendency to ar "mapping" the domain to Tomcat's ROOT directory.
If we have a tendency to would like to map to associate degree application like yourdomain.com/myapp, we are able to add some rewrite as shown below.
This will rewrite all requests for yourdomain.com to yourdomain.com/myapp.
Example 3: VHOST with rewrite:
view plaincopy to clipboardprint?
ServerAdmin admin@yourdomain.com
ServerName yourdomain.com
ServerAlias web.yourdomain.com
RewriteEngine On
RewriteRule ^/$ myapp/ [R=301]
ProxyRequests Off
ProxyPreserveHost On
Order permit,deny
permit from all
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
ErrorLog logs/yourdomain.com-error_log
CustomLog logs/yourdomain.com-access_log common
No comments:
Post a Comment