Difference between revisions of "Tomcat"

(Create user/group)
 
(21 intermediate revisions by the same user not shown)
Line 4: Line 4:
 
Tomcat is a Java servlet container, it can be used to display simple JSP and run ''Spring'' applications.
 
Tomcat is a Java servlet container, it can be used to display simple JSP and run ''Spring'' applications.
  
However, it cannot run Java EE, you'll need a proper application server such IBM WAS, Glassfish, Jboss, etc. to do so.
+
However, it cannot run JavaEE, you'll need a proper application server such IBM WAS, Glassfish, Jboss, etc. to do so.
  
  
  
=installation=
 
  
 +
{| class="wikitable sortable" style="margin: 1em auto 1em auto"
 +
|-
 +
! Installation !! Server configuration !! Application configuration !! Other
 +
|-valign="top"
 +
|width="20%"| [[Tomcat linux apt-get setup|Linux apt-get setup]]
 +
|width="20%"| [[Tomcat users management|Users management]]
 +
|width="20%"| [[Tomcat MySQL datasource|MySQL datasource]]
 +
|width="20%"| [[Apache 2 - proxy]]
 +
|-
 +
| [[Tomcat linux manual setup|Linux manual setup]]
 +
|| [[Tomcat UTF-8|UTF-8]] ||  ||
 +
|-
 +
| [[Tomcat Linux startup|Linux Tomcat on boot]]
 +
|| [[Tomcat IPv4 over IPv6|IPv4 over IPv6]] ||  ||
 +
|-
 +
| [[Tomcat windows setup|Windows setup]]
 +
||  [[Tomcat security restricted access|Server access restriction]] ||  ||
 +
|-
 +
| || [[Tomcat JMX|JMX configuration]]  ||  ||
 +
|-
 +
| || [[Tomcat increase PermGen|Increase PermGen]] ||  ||
 +
|-
 +
| || [[Tomcat war deployment through manager|War deployment through manager]] ||  ||
 +
|}
  
==Automatic install (Linux)==
 
This is the recommended installation.
 
<syntaxhighlight lang="bash">
 
apt-get install tomcat7 tomcat7-admin tomcat7-common tomcat7-docs tomcat7-examples
 
</syntaxhighlight>
 
On Debian, the service is not available. So you can add a symlink for tomcat7:
 
<syntaxhighlight lang="bash">
 
ln -s /etc/init.d/tomcat7 /usr/bin/tomcat7
 
</syntaxhighlight>
 
 
 
==Manual install (Linux)==
 
 
===Get and install archive===
 
Get Tomcat latest version from the official website: http://tomcat.apache.org/
 
 
Unzip Tomcat to /opt: => /opt/tomcat
 
 
 
===Create user/group===
 
 
<syntaxhighlight lang="bash">
 
# Create tomcat group
 
groupadd tomcat
 
# Create Tomcat user
 
# !! Adjust the directory !!
 
useradd -g tomcat -d /opt/tomcat8
 
# Add Tomcat user to the 'www-data' group
 
usermod -G www-data tomcat
 
</syntaxhighlight>
 
 
!! Don't forget to adjust the default directory <code>/opt/tomcat8</code> to your own setting !! (Ex: <code>/usr/local/tomcat</code>)
 
 
===Adjust rights===
 
<syntaxhighlight lang="bash">
 
chown -R tomcat:tomcat /opt/tomcat
 
</syntaxhighlight>
 
 
===Add server to path===
 
You need to add an environment variable:
 
<syntaxhighlight lang="bash">
 
vim /etc/profile
 
</syntaxhighlight>
 
 
Add
 
<syntaxhighlight lang="bash">
 
export CATALINA_HOME="/opt/tomcat"
 
PATH="[...]:$JAVA_HOME/bin:$M2:$CATALINA_HOME/bin"
 
</syntaxhighlight>
 
 
Take changes into account
 
<syntaxhighlight lang="bash">
 
source /etc/profile
 
</syntaxhighlight>
 
 
===Startup script===
 
<syntaxhighlight lang="bash">
 
vim /etc/init.d/tomcat
 
</syntaxhighlight>
 
 
Put the following content:
 
<syntaxhighlight lang="bash">
 
#!/bin/sh
 
### BEGIN INIT INFO
 
# Provides: tomcat
 
# Required-Start: $ local_fs $ $ remote_fs network
 
# Required-Stop: $ local_fs $ $ remote_fs network
 
# Should-Start: $ named
 
# Should-Stop: $ named
 
# Default-Start: 2 3 4 5
 
# Default-Stop: 0 1 6
 
# Short-Description: Start Tomcat.
 
# Description: Start the Tomcat servlet engine.
 
### END INIT INFO
 
 
 
if [ $(id -u) -ne 0 ]; then
 
echo " "
 
echo "!!!!!!!!!!!!!!!!!!!!"
 
echo "!! Security alert !!"
 
echo "!!!!!!!!!!!!!!!!!!!!"
 
echo "You need to be root or have root privileges to run this script!\n\n"
 
echo " "
 
exit 1
 
fi
 
 
 
# Oracle JDK 8
 
export JAVA_HOME=/usr/lib/jvm/java-8-oracle
 
# Tomcat installation path
 
export CATALINA_BASE=/opt/tomcat7
 
export CATALINA_HOME=/opt/tomcat7
 
 
 
case $1 in
 
start)
 
    $CATALINA_HOME/bin/catalina.sh start
 
    ;;
 
stop)
 
    $CATALINA_HOME/bin/catalina.sh stop
 
    ;;
 
restart)
 
    stop
 
    start
 
    ;;
 
*)
 
    echo "usage: service tomcat8 {start|stop|restart}"
 
    ;;
 
esac
 
exit 0
 
</syntaxhighlight>
 
 
Update rights
 
<syntaxhighlight lang="bash">
 
chmod 750 /etc/init.d/tomcat
 
</syntaxhighlight>
 
 
 
===Update boot sequence===
 
<syntaxhighlight lang="bash">
 
cd /etc/init.d
 
update-rc.d tomcat defaults
 
</syntaxhighlight>
 
 
 
===Remove from boot sequence===
 
<syntaxhighlight lang="bash">
 
update-rc.d tomee remove
 
</syntaxhighlight>
 
 
 
==Installation as Windows service==
 
 
 
===Installation===
 
 
1. Download the latest tomcat version (Windows installer): http://tomcat.apache.org/download-70.cgi
 
 
2. During installation, add a specific user
 
This user will be used to access the manager-app (= configuration pages)
 
 
3. After install, start the tomcat service and go to: http://localhost:8080
 
 
4. Go to the manager app: http://localhost:8080/manager/html
 
 
5. Deploy you war file(s)
 
 
 
===Upgrade Tomcat privileges===
 
In order to start “Tomcat server as a service” on windows startup, you must improve the Tomcat privileges.
 
To do so, go to TOMCAT_install_dir / bin
 
* Right click on “tomcat7w.exe” -> Properties
 
[[File:Tomcat win 01.png|none|Tomcat properties]]
 
 
* Go to the “compatibility” panel
 
** Enable “run this program as an administrator”
 
** Click on “change settings for all users”
 
** Once again, enable “run this program as an administrator”
 
 
 
===Increase server memory===
 
In order to avoid memory errors such as “permGen space exception”, you have to increase your server JVM memory settings.
 
 
* Launch the Tomcat Manager “configuration” panel: Right click on the manager -> Configure…
 
[[File:Tomcat win 02.png|none|Tomcat settings]]
 
 
* Go to the “Java” tab and adjust memory settings
 
** Increase permsize by adding the following line in the text panel
 
<syntaxhighlight lang="bash">
 
-XX:MaxPermSize=256m
 
</syntaxhighlight>
 
** Set maximum memory pool size to '''512''' MB (see max. memory pool)
 
[[File:Tomcat win 03.png|none|Java settings]]
 
 
 
 
=Server configuration=
 
 
 
==Create users and user-rights==
 
Manual installation
 
<syntaxhighlight lang="bash">
 
vim /opt/tomcat/conf/tomcat-users.xml
 
</syntaxhighlight>
 
 
Automatic installation
 
<syntaxhighlight lang="bash">
 
vim /etc/tomcat7/tomcat-users.xml
 
</syntaxhighlight>
 
 
 
Add / uncomment:
 
<syntaxhighlight lang="bash">
 
<role rolename="manager" />
 
<role rolename="admin" />
 
<role rolename="manager-gui" />
 
<role rolename="manager-script" />
 
<role rolename="admin-gui" />
 
 
<user username="tomcat" password="password"  roles="admin, admin-gui, manager, manager-gui, manager-script" />
 
</syntaxhighlight>
 
 
 
 
==Increase permgen space==
 
 
===Manual install===
 
Add JAVA_OPTS parameters as environment variable
 
<syntaxhighlight lang="bash">
 
vim /etc/profile
 
</syntaxhighlight>
 
 
Add following line:
 
<syntaxhighlight lang="bash">
 
export JAVA_OPTS="-Xms1024m -Xmx1024m -XX:NewSize=256m -XX:MaxNewSize=256m -XX:PermSize=256m -XX:MaxPermSize=512m -XX:+DisableExplicitGC"
 
</syntaxhighlight>
 
 
Take changes into account
 
<syntaxhighlight lang="bash">
 
source /etc/profile
 
</syntaxhighlight>
 
 
Check changes
 
<syntaxhighlight lang="bash">
 
echo $JAVA_OPTS
 
</syntaxhighlight>
 
 
===Automatic install===
 
 
<syntaxhighlight lang="bash">
 
vim /etc/default/tomcat7
 
</syntaxhighlight>
 
 
Add following line:
 
<syntaxhighlight lang="bash">
 
JAVA_OPTS="-server -Djava.awt.headiless=true -XX:+UseConcMarkSweepGC -XX:+CMSIncrementalMode -XX:+CMSPermGenSweepingEnabled -XX:+CMSClassUnloadingEnabled"
 
JAVA_OPTS="${JAVA_OPTS} -Xms256m -Xmx2048m"
 
JAVA_OPTS="${JAVA_OPTS} -XX:NewSize=128m -XX:MaxNewSize=256m"
 
</syntaxhighlight>
 
 
Take changes into account
 
<syntaxhighlight lang="bash">
 
service tomcat7 restart
 
</syntaxhighlight>
 
 
==Add UTF-8 support on Tomcat==
 
By default Tomcat will rely on the O.S locale.
 
  
In order to support UTF-8 URLs, you’ve to manually update the server’s configuration.
 
* automatic install: $Tomcat = /etc/tomcat7
 
 
<syntaxhighlight lang="bash">
 
vim $TOMCAT/conf/server.xml
 
</syntaxhighlight>
 
 
~ Line 70 change the “<connector port=”8080” …” value.
 
 
*Before
 
<syntaxhighlight lang="bash">
 
<Connector port="8080" protocol="HTTP/1.1"
 
              connectionTimeout="20000"
 
              redirectPort="8443" />
 
</syntaxhighlight>
 
 
*After
 
<syntaxhighlight lang="bash">
 
<Connector port="8080" protocol="HTTP/1.1"
 
              connectionTimeout="20000"
 
              redirectPort="8443" URIEncoding="UTF-8" />
 
</syntaxhighlight>
 
 
 
Restart Tomcat server
 
<syntaxhighlight lang="bash">
 
service tomcat7 restart
 
</syntaxhighlight>
 
 
 
 
==War deployment==
 
There is 2 ways to deploy a war:
 
* By pushing the target war into ${Tomcat root} / webapps
 
* By using the graphical tool http://localhost:8080/manager
 
 
 
If you plan to use the graphical tool then you have to adjust the war file max size.
 
Edit:
 
<syntaxhighlight lang="bash">
 
${Tomcat root} / webapps / manager / WEB-INF / web.xml
 
</syntaxhighlight>
 
 
 
Adjust following values ~line 54 :
 
<syntaxhighlight lang="bash">
 
<multipart-config>
 
    <max-file-size>104857600</max-file-size>
 
    <max-request-size>104857600</max-request-size>
 
    <file-size-threshold>0</file-size-threshold>
 
</multipart-config>
 
</syntaxhighlight>
 
 
 
 
=add JMX management=
 
 
Tomcat can be remotely monitored through JMX.
 
That’s useful to check the status of the server: memory, threads and processes, performances, etc.
 
 
 
==Restricted access configuration==
 
You should restrict the JMX access.
 
 
Create the JMX users rights
 
<syntaxhighlight lang="bash">
 
vim /var/lib/tomcat7/conf/jmxremote.access 
 
</syntaxhighlight>
 
 
Put the following
 
<syntaxhighlight lang="bash">
 
monitorRole readonly → replace monitorRole by your ''userName''
 
controlRole readwrite 
 
</syntaxhighlight>
 
 
Create the JMX users password
 
<syntaxhighlight lang="bash">
 
vim /var/lib/tomcat7/conf/jmxremote.password
 
</syntaxhighlight>
 
 
Put the following
 
<syntaxhighlight lang="bash">
 
monitorRole tomcat         → replace monitorRole by username | replace tomcat by password
 
controlRole tomcat
 
</syntaxhighlight>
 
 
Set rights and permissions upon login files
 
<syntaxhighlight lang="bash">
 
chmod 600 /var/lib/tomcat7/conf/jmxremote.*
 
chown tomcat7:tomcat7 /var/lib/tomcat7/conf/jmxremote.*
 
</syntaxhighlight>
 
 
==Tomcat launcher configuration==
 
 
Just edit your default Tomcat launcher:
 
<syntaxhighlight lang="bash">
 
vim /etc/default/tomcat7
 
</syntaxhighlight>
 
 
Add the following lines:
 
<syntaxhighlight lang="bash">
 
JAVA_HOME=/usr/lib/jvm/default-jvm/           → That must be the ORACLE JDK
 
 
# JMX configuration
 
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote"
 
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.port=8090"
 
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.ssl=false"
 
JAVA_OPTS="${JAVA_OPTS} -Djava.rmi.server.hostname=preprodrtd.vehco.com"
 
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.authenticate=true"
 
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.access.file=/var/lib/tomcat7/conf/jmxremote.access"
 
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.password.file=/var/lib/tomcat7/conf/jmxremote.password"
 
</syntaxhighlight>
 
 
!! The ''rmi.server.hostname'' must match /etc/hostname !!
 
 
 
Restart tomcat
 
<syntaxhighlight lang="bash">
 
Service tomcat7 restart
 
</syntaxhighlight>
 
 
 
==Open firewall==
 
Edit your firewall script
 
<syntaxhighlight lang="bash">
 
vim /etc/firewall/firewall-start.sh
 
</syntaxhighlight>
 
 
'''Incoming connections'''
 
<syntaxhighlight lang="bash">
 
$IPTABLES -A INPUT -p tcp --dport 8090 -j ACCEPT    # Tomcat JMX
 
</syntaxhighlight>
 
 
'''Outgoing connections'''
 
<syntaxhighlight lang="bash">
 
$IPTABLES -t filter -A OUTPUT -p tcp -m state --state NEW --dport 8090 -j ACCEPT      # Tomcat JMX
 
</syntaxhighlight>
 
 
Just restart your firewall to apply changes
 
<syntaxhighlight lang="bash">
 
firewall restart
 
</syntaxhighlight>
 
 
 
==Access JMX data==
 
Just execute '''jvisualvm''' or ''jconsole''.
 
Fill up the information and use a none-secure connection.
 
 
 
 
=Add MySQL datasource=
 
 
==Setup MySQL JDBC connector==
 
 
1. Download MySQL JDBC driver
 
http://dev.mysql.com/downloads/connector/j/
 
 
2. Decompress content and extract mysql-connector-java-XXX-bin.jar
 
 
3. Copy this file into $TOMCAT/libs
 
Automatic install: /usr/share/tomcat7/lib
 
 
==Declare MySQL datasource==
 
 
===Server.xml===
 
Automatic install: /etc/tomcat7/server.xml
 
 
<syntaxhighlight lang="bash">
 
$TOMCAT/server.xml
 
</syntaxhighlight>
 
 
Add
 
<syntaxhighlight lang="bash">
 
<host>
 
...
 
<GlobalNamingResources>
 
...
 
 
<!-- ####################################################################### -->
 
<!--                              MySQL datasource                          -->
 
<!-- ####################################################################### -->
 
 
<!-- maxActive: Maximum number of database connections in pool. Set to -1 for no limit. -->
 
<!-- maxIdle: Maximum number of idle database connections to retain in pool. Set to -1 for no limit.  -->
 
<!-- maxWait: Maximum time to wait for a database connection to become available in ms. Set to -1 to wait indefinitely. -->
 
<!-- driverClassName: Class name for the official MySQL Connector/J driver is com.mysql.jdbc.Driver. -->
 
 
<Resource name="jdbc/myDataSource"
 
      auth="Container" type="javax.sql.DataSource"
 
      username="user" password="password"
 
      url="jdbc:mysql://localhost:3306/mySchema"
 
      maxActive="50" maxIdle="30" maxWait="10000"
 
      driverClassName="com.mysql.jdbc.Driver"
 
              factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory"
 
/>
 
 
<!-- Old Tomcat 7 (v below 7.0.52 must use:        factory="org.apache.commons.dbcp.BasicDataSourceFactory"  -->
 
 
 
</GlobalNamingResources>
 
</syntaxhighlight>
 
 
 
''Ubuntu Tomcat Fix''
 
 
You must use the Factory line for Ubuntu !
 
 
This will fix the “ClassNotFoundException: BasicDataSourceFactory”
 
 
You may encountered this error with a Tomcat out of the box.
 
 
Source:  http://stackoverflow.com/questions/14712308/ubuntu-tomcat7-java-lang-classnotfoundexception-org-apache-tomcat-dbcp-dbcp-bas
 
 
===Context.xml===
 
Edit:
 
<syntaxhighlight lang="bash">
 
$TOMCAT/context.xml
 
</syntaxhighlight>
 
 
Add the following declaration
 
<syntaxhighlight lang="bash">
 
<!-- ####################################################################### -->
 
<!--                              MySQL datasource                          -->
 
<!-- ####################################################################### -->
 
<ResourceLink name="jdbc/myDataSource"
 
              global="jdbc/myDataSource"
 
              type="javax.sql.datasource" />
 
</syntaxhighlight>
 
 
 
===web.xml===
 
Edit
 
<syntaxhighlight lang="bash">
 
$TOMCAT/web.xml
 
</syntaxhighlight>
 
 
Add the following declaration
 
<syntaxhighlight lang="bash">
 
<!-- ####################################################################### -->
 
<!--                              MySQL datasource                          -->
 
<!-- ####################################################################### -->
 
 
    <resource-ref>
 
    <description>RTD database</description>
 
    <res-ref-name>jdbc/VehcoData</res-ref-name>
 
    <res-type>javax.sql.DataSource</res-type>
 
    <res-auth>Container</res-auth>
 
    </resource-ref>
 
</syntaxhighlight>
 
 
 
===Take changes into account===
 
Restart tomcat
 
<syntaxhighlight lang="bash">
 
service tomcat7 restart
 
</syntaxhighlight>
 
 
Check result:
 
http://localhost:8080/manager/text/resources
 
 
 
==Use datasource==
 
To use the datasource with a JNDI name you must prefix it with:  java:comp/env/
 
 
<syntaxhighlight lang="bash">
 
      java:comp/env/jdbc/myDataSource
 
</syntaxhighlight>
 
 
 
==Datasource improvements==
 
You can tweak the datasource using some specific config parameters.
 
Edit:
 
<syntaxhighlight lang="bash">
 
$TOMCAT/server.xml
 
</syntaxhighlight>
 
 
Edit your JDBC resource:
 
<syntaxhighlight lang="bash">
 
<Resource auth="Container"
 
  name="jdbc/APP_NAME"
 
  username="user"
 
  password="password"
 
  type="javax.sql.DataSource"
 
 
  url="jdbc:oracle:thin:@server.domain:1521:development"    → ORACLE database
 
  driverClassName="oracle.jdbc.driver.OracleDriver"
 
 
  url="jdbc:mysql://localhost:3306/rtd" → MySQL database
 
  driverClassName="com.mysql.jdbc.Driver"
 
 
  maxActive="50" maxIdle="30" maxWait="10000" → Connection pool
 
  maxIdle="10"
 
  maxWait="5000"
 
  maxActive="30"              → To remove none close connections
 
 
  logAbandoned="true"     To report the stacktrace of the faulty code
 
  removeAbandoned="true"     To remedy connection starvation while leaky code is not fixed
 
  removeAbandonedTimeout="60"     Interval for fixing connection starvation
 
 
  validationQuery="select 1 from dual"    custom query to perform regular checks
 
  validationInterval="30000"     To be adjusted!  Interval in ms.
 
  testOnBorrow="true"
 
  testOnReturn="false"
 
  testWhileIdle="true"
 
  timeBetweenEvictionRunsMillis="5000"
 
  numTestsPerEvictionRun="3"
 
  minEvictableIdleTimeMillis="30000"
 
/>
 
</syntaxhighlight>
 
 
More tweaks: http://commons.apache.org/proper/commons-dbcp/configuration.html
 
  
  
Line 575: Line 40:
  
 
==Files location==
 
==Files location==
 +
 
The applications files are in $Tomcat/webapps
 
The applications files are in $Tomcat/webapps
 
* Automatic installation: /var/lib/tomcat/webapps  
 
* Automatic installation: /var/lib/tomcat/webapps  
 +
* Manual installation (tomcat instance): /opt/tomcat-base/webapps
 +
  
 
==Remove old temp files==
 
==Remove old temp files==
 +
 
In case of bugs, you can remove the working directory: $Tomcat/work/Catalina/localhost/*
 
In case of bugs, you can remove the working directory: $Tomcat/work/Catalina/localhost/*
 +
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
 +
# Package installation
 
rm -Rf /var/lib/tomcat7/work/Catalina/localhost/*
 
rm -Rf /var/lib/tomcat7/work/Catalina/localhost/*
 +
 +
# Manual installation, Tomcat instance
 +
rm -Rf /opt/tomcat-base/work/Catalina/localhost/*
 
</syntaxhighlight>
 
</syntaxhighlight>
 
==Server access==
 
http://server:8080
 

Latest revision as of 12:24, 1 April 2015


Tomcat is a Java servlet container, it can be used to display simple JSP and run Spring applications.

However, it cannot run JavaEE, you'll need a proper application server such IBM WAS, Glassfish, Jboss, etc. to do so.



Installation Server configuration Application configuration Other
Linux apt-get setup Users management MySQL datasource Apache 2 - proxy
Linux manual setup UTF-8
Linux Tomcat on boot IPv4 over IPv6
Windows setup Server access restriction
JMX configuration
Increase PermGen
War deployment through manager



Basic tasks

Files location

The applications files are in $Tomcat/webapps

  • Automatic installation: /var/lib/tomcat/webapps
  • Manual installation (tomcat instance): /opt/tomcat-base/webapps


Remove old temp files

In case of bugs, you can remove the working directory: $Tomcat/work/Catalina/localhost/*

# Package installation
rm -Rf /var/lib/tomcat7/work/Catalina/localhost/*

# Manual installation, Tomcat instance
rm -Rf /opt/tomcat-base/work/Catalina/localhost/*