1.
Introduction
: -
Tomcat is a Java Servlet container and web server from
the Jakarta project of the Apache software foundation. A web server dishes out
web pages in response to requests from a user sitting at a web browser. But web
servers are not limited to serving up static HTML pages; they can also run
programs in response to user requests and return the dynamic results to the users’
browser. Tomcat is very good at this because it provides both Java
servlet and JavaServerPages (JSP) technologies (in addition to traditional
static pages and external CGI programming). The result is that Tomcat is good choice
for use as a web server for many applications; also if you want a free servlet
and JSP engine. It can be used standalone or used behind traditional web
servers such as Apache httpd, with the traditional server serving static pages
and Tomcat serving dynamic servlet and JSP requests.
2. Required Packages:-
The packages which are being used in <My Company> for
configuration are defined below. The package version of these may vary with
coming updated version.
i)
apache-tomcat-6.0.33
ii)
jdk1.6.0_22
iii)
Red
Hat Enterprise Linux 5.5
3. Installation:-
i)
Install
the RHEL 5.5 operating system on Hardware as defined by <My Company> OS installation
guide.
ii)
Create
a tomcat user on Linux server for ownership of tomcat server. For security
reasons we will be working in low privilege user mode instead of root user.
Run:
useradd –c “Tomcat
Web Server Account” -m –d /home/tomcat
–s /bin/bash tomcat
iv)
Download
apache-tomcat-6.0.33 & jdk1.6.0_22 packages from Internet .
Move these packages into /home/tomcat directory and
change ownership to tomcat user.
Run:-
$ cd /home/tomcat
$ chown –R tomcat.tomcat /home/tomcat/apache-tomcat-6.0.33
$ chown -R tomcat.tomcat
/home/tomcat/jdk1.6.0_22
$ chmod -R u+x /home/tomcat/jdk1.6.0_22/bin
4.
Tomcat Server Configuration:-
Set the
ENVIROMENTAL VARIABLES in /home/tomcat/.bashrc file as defined below.
$
vi /home/tomcat/.bashrc
EDIT:-
####
JAVA & TOMCAT ENVIROMENT VARIABLE DEFINITIONS ####
JAVA_HOME=/home/tomcat/jdk1.6.0_22
CATALINA_HOME=/home/tomcat/apache-tomcat-6.0.33
CATALINA_BASE=/home/tomcat/apache-tomcat-6.0.33
PATH=$JAVA_HOME/bin:$CATALINA_HOME/bin:$PATH
export JAVA_HOME CATALINA_HOME PATH
5.
SSL Configuration:-
i)
Generate
keystore file with self-signed Certificate
Tomcat currently operates only on
To create a
new keystore from scratch, containing a single self-signed Certificate, execute
the following from a terminal command line:JKS
, PKCS11
or PKCS12
format keystores.
The JKS
format is Java's
standard "Java KeyStore" format, and is the format created by the keytool
command-line
utility.
$JAVA_HOME/bin/keytool
-genkey -alias tomcat -keyalg RSA \
-keystore /home/tomcat/.keystore
After executing this command, you will
first be prompted for the keystore password. The default password used by
Tomcat is "
changeit
" (all lower
case), although you can specify a custom password if you like. You will also
need to specify the custom password in the server.xml
configuration file, as described later.Finally, you will be prompted for the key password, which is the password specifically for this Certificate (as opposed to any other Certificates stored in the same keystore file). You MUST use the same password here as was used for the keystore password itself. This is a restriction of the Tomcat implementation. (Currently, the
keytool
prompt will tell you that pressing the ENTER key does this for you
automatically.)If everything was successful, you now have a keystore file with a Certificate that can be used by your server.
ii)
Edit the tomcat
configuration file
$ vi
$CATALINA_BASE/conf/server.xml
Uncomment the following lines and add keystore file path
and define keystore certificate password for SSL configuration for tomcat
server.
<Connector port="8443"
protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150"
scheme="https" secure="true"
keystoreFile="/home/tomcat/.keystore"
keystorePass="changeit"
clientAuth="false"
sslProtocol="TLS" />
Comment out the following entries in server.xml file to
disable the tomcat web server to run on http protocol.
<!
--
<Connector port="8080"
protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-- >
6.
Start and stop tomcat service to activate the
configuration.
Stop tomcat service:
$CATALINA_HOME/bin/shutdown.sh
Start tomcat service:
$CATALINA_HOME/bin/startup.sh
7.
Enable Logging:-
Edit the server.xml file to enable
logging for tomcat server.
$ vi $CATALINA_HOME/conf/server.xml
<Valve
className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="combined" resolveHosts="false"/>
The Logs are generated in $CATALINA_HOME/logs
directory which can be analyzed for troubleshooting of tomcat server.
8.
Configure Heap Size in Tomcat 6.0:-
Stop Tomcat server, set environment
variable CATALINA_OPTS, and then restart Tomcat. Look at the file
tomcat-install/bin/catalina.sh or catalina.bat for how this variable is used.
For example,
Edit $CATALINA_HOME/bin/catalina.sh
export CATALINA_OPTS="-Xms1024m -Xmx1024m -XX:PermSize=256m XX:MaxPermSize=1024m"
9. Finalization:-
After completing these configuration changes, you
must restart Tomcat as you normally do, and you should be in business. You
should be able to access any web application supported by Tomcat via SSL. For
example, try:
https://localhost:8443
|
No comments:
Post a Comment