Difference between revisions of "Tomcat"

Line 23: Line 23:
 
||
 
||
 
|-
 
|-
| [[Tomcat windows setup|Windows setup]]
+
| [[Tomcat Linux startup|Linux Tomcat on boot]]
 
|| [[Tomcat IPv4 over IPv6|IPv4 over IPv6]]
 
|| [[Tomcat IPv4 over IPv6|IPv4 over IPv6]]
 
|| Example || Example
 
|| Example || Example
Line 30: Line 30:
 
|| Example || Example
 
|| Example || Example
 
|-
 
|-
| Example || Example || Example || Example
+
| [[Tomcat windows setup|Windows setup]] || Example || Example || Example
 
|}
 
|}
  
Line 37: Line 37:
 
=installation=
 
=installation=
  
 
==Automatic install (Linux)==
 
This is the recommended installation.
 
<syntaxhighlight lang="bash">
 
apt-get install tomcat7 tomcat7-admin tomcat7-common tomcat7-docs tomcat7-examples
 
</syntaxhighlight>
 
On Debian, the service is not available. So you can add a symlink for tomcat7:
 
<syntaxhighlight lang="bash">
 
ln -s /etc/init.d/tomcat7 /usr/bin/tomcat7
 
</syntaxhighlight>
 
 
 
==Manual install (Linux)==
 
 
Source: http://satishchilukuri.com/blog/entry/installing-java-8-and-tomcat-8-on-debian-wheezy
 
 
===Get and install archive===
 
Get Tomcat latest version from the official website: http://tomcat.apache.org/
 
 
Unzip Tomcat to /opt: => /opt/tomcat-8.0.21  (adjust to your own version number)
 
 
 
==Binary VS deployment==
 
 
Tomcat recommends to have 2 directories:
 
* Tomcat '''binary'''. This is the tomcat version you can update
 
* Tomcat '''deployment'''. These are your configuration file. Their life-cycle is different as the server updates.
 
 
 
Create Tomcat binary "home":
 
 
<syntaxhighlight lang="bash">
 
ln -s /opt/tomcat-8.0.21 /opt/tomcat-home
 
</syntaxhighlight>
 
 
 
Now create a deployment directory "tomcat-base" + all the required folders:
 
 
<syntaxhighlight lang="bash">
 
mkdir /opt/tomcat-base
 
cp -r /opt/tomcat-home/conf/ /opt/tomcat-base/
 
cp -r /opt/tomcat-home/webapps/ /opt/tomcat-base/
 
mkdir /opt/tomcat-base/bin
 
mkdir /opt/tomcat-base/lib
 
mkdir /opt/tomcat-base/logs
 
mkdir /opt/tomcat-base/work
 
mkdir /opt/tomcat-base/temp
 
</syntaxhighlight>
 
 
 
 
===Create user/group===
 
 
<syntaxhighlight lang="bash">
 
# Create tomcat group
 
addgroup --system "tomcat"
 
 
# Create Tomcat user !! Adjust the home directory
 
adduser --system --home /opt/tomcat-home --no-create-home \
 
--ingroup "tomcat" --disabled-password --shell /bin/false \
 
"tomcat"
 
 
</syntaxhighlight>
 
 
!! Don't forget to adjust the default directory <code>/opt/tomcat8</code> to your own setting !! (Ex: <code>/usr/local/tomcat</code>)
 
 
===Adjust rights===
 
 
For security reasons you should use:
 
* ''Tomcat'' user & group as both ''/opt/tomcat-home'' + ''/opt/tomcat-base''
 
* ''Tomcat'' user should only have '''read''' access. The configuration is reserved to the administrator
 
 
 
<syntaxhighlight lang="bash">
 
# Set ownership
 
chown -R tomcat /opt/tomcat-base /opt/tomcat-home /opt/tomcat-home/*
 
chgrp -R tomcat /opt/tomcat-base /opt/tomcat-home /opt/tomcat-home/*
 
 
# Set rights
 
chown -Rh root:tomcat /opt/tomcat-home/conf /opt/tomcat-home/lib /opt/tomcat-home/bin
 
chown -Rh root:tomcat /opt/tomcat-base/conf /opt/tomcat-base/lib /opt/tomcat-base/bin
 
 
# Ensure configuration files are group readable
 
chmod go+r /opt/tomcat-home/conf/* /opt/tomcat-base/conf/*
 
 
# Change permissions on tomcat-users.xml so that others can’t read it (but tomcat):
 
chmod 640 /opt/tomcat-home/conf/tomcat-users.xml /opt/tomcat-base/conf/tomcat-users.xml
 
 
# Allow execution of ''tomcat-home'' scripts
 
chmod 755 /opt/tomcat-home/**/*.sh
 
</syntaxhighlight>
 
 
 
 
===Startup script===
 
<syntaxhighlight lang="bash">
 
vim /etc/init.d/tomcat
 
</syntaxhighlight>
 
 
Put the following content:
 
<syntaxhighlight lang="bash">
 
#!/bin/sh
 
### BEGIN INIT INFO
 
# Provides: tomcat
 
# Required-Start: $ local_fs $ $ remote_fs network
 
# Required-Stop: $ local_fs $ $ remote_fs network
 
# Should-Start: $ named
 
# Should-Stop: $ named
 
# Default-Start: 2 3 4 5
 
# Default-Stop: 0 1 6
 
# Short-Description: Start Tomcat.
 
# Description: Start the Tomcat servlet engine.
 
### END INIT INFO
 
 
 
if [ $(id -u) -ne 0 ]; then
 
echo " "
 
echo "!!!!!!!!!!!!!!!!!!!!"
 
echo "!! Security alert !!"
 
echo "!!!!!!!!!!!!!!!!!!!!"
 
echo "You need to be root or have root privileges to run this script!\n\n"
 
echo " "
 
exit 1
 
fi
 
 
 
# Oracle JDK 8
 
export JAVA_HOME=/usr/lib/jvm/java-8-oracle
 
# Tomcat installation path
 
export CATALINA_BASE=/opt/tomcat8
 
export CATALINA_HOME=/opt/tomcat8
 
 
 
case $1 in
 
start)
 
    /bin/su tomcat $CATALINA_HOME/bin/startup.sh
 
    ;;
 
stop)
 
    /bin/su tomcat $CATALINA_HOME/bin/shutdown.sh
 
    ;;
 
restart)
 
    stop
 
    start
 
    ;;
 
*)
 
    echo "usage: service tomcat {start|stop|restart}"
 
    ;;
 
esac
 
exit 0
 
</syntaxhighlight>
 
 
Update rights
 
<syntaxhighlight lang="bash">
 
chmod 755 /etc/init.d/tomcat
 
</syntaxhighlight>
 
  
  

Revision as of 15:17, 31 March 2015


Tomcat is a Java servlet container, it can be used to display simple JSP and run Spring applications.

However, it cannot run JavaEE, you'll need a proper application server such IBM WAS, Glassfish, Jboss, etc. to do so.



Installation Server configuration Application configuration Other
Linux apt-get setup UTF-8 MySQL datasource Apache 2 proxy
Linux manual setup Increase PermGen
Linux Tomcat on boot IPv4 over IPv6 Example Example
JMX configuration Example Example
Windows setup Example Example Example


installation

Update boot sequence

cd /etc/init.d
update-rc.d tomcat defaults


Remove from boot sequence

update-rc.d tomcat remove


Installation as Windows service

Installation

1. Download the latest tomcat version (Windows installer): http://tomcat.apache.org/download-70.cgi

2. During installation, add a specific user This user will be used to access the manager-app (= configuration pages)

3. After install, start the tomcat service and go to: http://localhost:8080

4. Go to the manager app: http://localhost:8080/manager/html

5. Deploy you war file(s)


Upgrade Tomcat privileges

In order to start “Tomcat server as a service” on windows startup, you must improve the Tomcat privileges. To do so, go to TOMCAT_install_dir / bin

  • Right click on “tomcat7w.exe” -> Properties
Tomcat properties
  • Go to the “compatibility” panel
    • Enable “run this program as an administrator”
    • Click on “change settings for all users”
    • Once again, enable “run this program as an administrator”


Increase server memory

In order to avoid memory errors such as “permGen space exception”, you have to increase your server JVM memory settings.

  • Launch the Tomcat Manager “configuration” panel: Right click on the manager -> Configure…
Tomcat settings
  • Go to the “Java” tab and adjust memory settings
    • Increase permsize by adding the following line in the text panel
-XX:MaxPermSize=256m
    • Set maximum memory pool size to 512 MB (see max. memory pool)
Java settings


Server configuration

Create users and user-rights

Manual installation

vim /opt/tomcat/conf/tomcat-users.xml

Automatic installation

vim /etc/tomcat7/tomcat-users.xml


Add / uncomment:

<role rolename="manager" />
<role rolename="admin" />
<role rolename="manager-gui" />
<role rolename="manager-script" />
<role rolename="admin-gui" />

<user username="tomcat" password="password"  roles="admin, admin-gui, manager, manager-gui, manager-script" />


Increase permgen space

Manual install

Add JAVA_OPTS parameters as environment variable

vim /etc/profile

Add following line:

export JAVA_OPTS="-Xms1024m -Xmx1024m -XX:NewSize=256m -XX:MaxNewSize=256m -XX:PermSize=256m -XX:MaxPermSize=512m -XX:+DisableExplicitGC"

Take changes into account

source /etc/profile

Check changes

echo $JAVA_OPTS


Automatic install

vim /etc/default/tomcat7

Add following line:

JAVA_OPTS="-server -Djava.awt.headiless=true -XX:+UseConcMarkSweepGC -XX:+CMSIncrementalMode -XX:+CMSPermGenSweepingEnabled -XX:+CMSClassUnloadingEnabled"
JAVA_OPTS="${JAVA_OPTS} -Xms256m -Xmx2048m"
JAVA_OPTS="${JAVA_OPTS} -XX:NewSize=128m -XX:MaxNewSize=256m"

Take changes into account

service tomcat7 restart


Add UTF-8 support on Tomcat

By default Tomcat will rely on the O.S locale.

In order to support UTF-8 URLs, you’ve to manually update the server’s configuration.

  • automatic install: $Tomcat = /etc/tomcat7
vim $TOMCAT/conf/server.xml

~ Line 70 change the “<connector port=”8080” …” value.

  • Before
<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
  • After
<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" URIEncoding="UTF-8" />


Restart Tomcat server

service tomcat7 restart


War deployment

There is 2 ways to deploy a war:


If you plan to use the graphical tool then you have to adjust the war file max size. Edit:

${Tomcat root} / webapps / manager / WEB-INF / web.xml


Adjust following values ~line 54 :

<multipart-config>
    <max-file-size>104857600</max-file-size>
    <max-request-size>104857600</max-request-size>
    <file-size-threshold>0</file-size-threshold>
</multipart-config>


add JMX management

Tomcat can be remotely monitored through JMX. That’s useful to check the status of the server: memory, threads and processes, performances, etc.


Restricted access configuration

You should restrict the JMX access.

Create the JMX users rights

vim /var/lib/tomcat7/conf/jmxremote.access

Put the following

monitorRole readonly		→ replace monitorRole by your ''userName''
controlRole readwrite

Create the JMX users password

vim /var/lib/tomcat7/conf/jmxremote.password

Put the following

monitorRole tomcat	         → replace monitorRole by username | replace tomcat by password
controlRole tomcat

Set rights and permissions upon login files

chmod 600 /var/lib/tomcat7/conf/jmxremote.*
chown tomcat7:tomcat7 /var/lib/tomcat7/conf/jmxremote.*

Tomcat launcher configuration

Just edit your default Tomcat launcher:

vim /etc/default/tomcat7

Add the following lines:

JAVA_HOME=/usr/lib/jvm/default-jvm/ 	          → That must be the ORACLE JDK

# JMX configuration
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote"
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.port=8090"
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.ssl=false"
JAVA_OPTS="${JAVA_OPTS} -Djava.rmi.server.hostname=preprodrtd.vehco.com"
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.authenticate=true"
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.access.file=/var/lib/tomcat7/conf/jmxremote.access"
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.password.file=/var/lib/tomcat7/conf/jmxremote.password"

!! The rmi.server.hostname must match /etc/hostname !!


Restart tomcat

Service tomcat7 restart


Open firewall

Edit your firewall script

vim /etc/firewall/firewall-start.sh

Incoming connections

$IPTABLES -A INPUT -p tcp --dport 8090 -j ACCEPT     # Tomcat JMX

Outgoing connections

$IPTABLES -t filter -A OUTPUT -p tcp -m state --state NEW --dport 8090 -j ACCEPT      # Tomcat JMX

Just restart your firewall to apply changes

firewall restart


Access JMX data

Just execute jvisualvm or jconsole. Fill up the information and use a none-secure connection.


Add MySQL datasource

Setup MySQL JDBC connector

1. Download MySQL JDBC driver http://dev.mysql.com/downloads/connector/j/

2. Decompress content and extract mysql-connector-java-XXX-bin.jar

3. Copy this file into $TOMCAT/libs Automatic install: /usr/share/tomcat7/lib

Declare MySQL datasource

Server.xml

Automatic install: /etc/tomcat7/server.xml

$TOMCAT/server.xml

Add

<host>
... 
<GlobalNamingResources>
...

<!-- ####################################################################### -->
<!--                              MySQL datasource                           -->
<!-- ####################################################################### -->

<!-- maxActive: Maximum number of database connections in pool. Set to -1 for no limit. -->
<!-- maxIdle: Maximum number of idle database connections to retain in pool. Set to -1 for no limit.  -->
<!-- maxWait: Maximum time to wait for a database connection to become available in ms. Set to -1 to wait indefinitely. -->
<!-- driverClassName: Class name for the official MySQL Connector/J driver is com.mysql.jdbc.Driver. -->

<Resource name="jdbc/myDataSource" 
	      auth="Container" type="javax.sql.DataSource"
	      username="user" password="password" 
	      url="jdbc:mysql://localhost:3306/mySchema" 
	      maxActive="50" maxIdle="30" maxWait="10000"
	      driverClassName="com.mysql.jdbc.Driver"
              factory="org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory"
              removeAbandoned="true"
              validationQuery="select 1" validationInterval="30000"
              testOnBorrow="true" testWhileIdle="true" 
              timeBetweenEvictionRunsMillis="60000"
              numTestsPerEvictionRun="5"
              poolPreparedStatements="true"
/>

</GlobalNamingResources>
  • Tomcat 8 : factory="org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory"
  • Tomcat 7 >= 7.0.52 : factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory"
  • Tomcat 6,7 < 7.0.52 : factory="org.apache.commons.dbcp.BasicDataSourceFactory"


Context.xml

Edit:

$TOMCAT/context.xml

Add the following declaration

<!-- ####################################################################### -->
<!--                              MySQL datasource                           -->
<!-- ####################################################################### -->
<ResourceLink name="jdbc/myDataSource" 	
              global="jdbc/myDataSource"
              type="javax.sql.datasource" />


web.xml

Edit

$TOMCAT/web.xml

Add the following declaration

<!-- ####################################################################### -->
<!--                              MySQL datasource                           -->
<!-- ####################################################################### -->

    <resource-ref>
	    <description>RTD database</description>
	    <res-ref-name>jdbc/VehcoData</res-ref-name>
	    <res-type>javax.sql.DataSource</res-type>
	    <res-auth>Container</res-auth>
    </resource-ref>


Take changes into account

Restart tomcat

service tomcat7 restart

Check result: http://localhost:8080/manager/text/resources


Use datasource

To use the datasource with a JNDI name you must prefix it with: java:comp/env/

      java:comp/env/jdbc/myDataSource


Datasource improvements

You can tweak the datasource using some specific config parameters. Edit:

$TOMCAT/server.xml

Edit your JDBC resource:

<Resource auth="Container"
   name="jdbc/APP_NAME"
   username="user"
   password="password"
   type="javax.sql.DataSource"

   url="jdbc:oracle:thin:@server.domain:1521:development"    	→ ORACLE database
   driverClassName="oracle.jdbc.driver.OracleDriver"

   url="jdbc:mysql://localhost:3306/rtd"		→ MySQL database
   driverClassName="com.mysql.jdbc.Driver"

   maxActive="50" maxIdle="30" maxWait="10000"		→ Connection pool
   maxIdle="10"
   maxWait="5000"
   maxActive="30"   	             → To remove none close connections

   logAbandoned="true" 		     To report the stacktrace of the faulty code
   removeAbandoned="true"	     To remedy connection starvation while leaky code is not fixed
   removeAbandonedTimeout="60"	     Interval for fixing connection starvation

   validationQuery="select 1 from dual"     custom query to perform regular checks
   validationInterval="30000"		    To be adjusted!  Interval in ms.
   testOnBorrow="true"
   testOnReturn="false"
   testWhileIdle="true"
   timeBetweenEvictionRunsMillis="5000"
   numTestsPerEvictionRun="3"
   minEvictableIdleTimeMillis="30000"
/>

More tweaks: http://commons.apache.org/proper/commons-dbcp/configuration.html


Basic tasks

Files location

The applications files are in $Tomcat/webapps

  • Automatic installation: /var/lib/tomcat/webapps

Remove old temp files

In case of bugs, you can remove the working directory: $Tomcat/work/Catalina/localhost/*

rm -Rf /var/lib/tomcat7/work/Catalina/localhost/*

Server access

http://server:8080