Tomcat

Revision as of 09:21, 31 March 2015 by WikiFreak (talk | contribs) (Create user/group)


Tomcat is a Java servlet container, it can be used to display simple JSP and run Spring applications.

However, it cannot run Java EE, you'll need a proper application server such IBM WAS, Glassfish, Jboss, etc. to do so.


installation

Automatic install (Linux)

This is the recommended installation.

apt-get install tomcat7 tomcat7-admin tomcat7-common tomcat7-docs tomcat7-examples

On Debian, the service is not available. So you can add a symlink for tomcat7:

ln -s /etc/init.d/tomcat7 /usr/bin/tomcat7


Manual install (Linux)

Get and install archive

Get Tomcat latest version from the official website: http://tomcat.apache.org/

Unzip Tomcat to /opt: => /opt/tomcat8


Create user/group

# Create tomcat group
groupadd tomcat
# Create Tomcat user 
# !! Adjust the directory !!
useradd -s /bin/sh -g tomcat -d /opt/tomcat8 tomcat
# Add Tomcat user to the 'www-data' group
usermod -G www-data tomcat

!! Don't forget to adjust the default directory /opt/tomcat8 to your own setting !! (Ex: /usr/local/tomcat)

Adjust rights

chown -R tomcat:tomcat /opt/tomcat8
chmod -R 777 /opt/tomcat8/logs


Add server to path

You need to add an environment variable:

vim /etc/profile

Add

export CATALINA_HOME="/opt/tomcat8"
PATH="[...]:$JAVA_HOME/bin:$M2:$CATALINA_HOME/bin"

Take changes into account

source /etc/profile


Startup script

vim /etc/init.d/tomcat

Put the following content:

#!/bin/sh
### BEGIN INIT INFO
# Provides: tomcat
# Required-Start: $ local_fs $ $ remote_fs network
# Required-Stop: $ local_fs $ $ remote_fs network
# Should-Start: $ named
# Should-Stop: $ named
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start Tomcat.
# Description: Start the Tomcat servlet engine.
### END INIT INFO


if [ $(id -u) -ne 0 ]; then
	echo " " 
	echo "!!!!!!!!!!!!!!!!!!!!"
	echo "!! Security alert !!"
	echo "!!!!!!!!!!!!!!!!!!!!"
	echo "You need to be root or have root privileges to run this script!\n\n"
	echo " " 
	exit 1
fi


# Oracle JDK 8
export JAVA_HOME=/usr/lib/jvm/java-8-oracle
# Tomcat installation path
export CATALINA_BASE=/opt/tomcat8
export CATALINA_HOME=/opt/tomcat8


case $1 in
	start)
	    /bin/su tomcat $CATALINA_HOME/bin/startup.sh
	    ;;
	stop)
	    /bin/su tomcat $CATALINA_HOME/bin/shutdown.sh
	    ;;
	restart)
	    stop
	    start
	    ;;
	*)
	    echo "usage: service tomcat {start|stop|restart}"
	    ;;
esac
exit 0

Update rights

chmod 755 /etc/init.d/tomcat


Update boot sequence

cd /etc/init.d
update-rc.d tomcat defaults


Remove from boot sequence

update-rc.d tomcat remove


Installation as Windows service

Installation

1. Download the latest tomcat version (Windows installer): http://tomcat.apache.org/download-70.cgi

2. During installation, add a specific user This user will be used to access the manager-app (= configuration pages)

3. After install, start the tomcat service and go to: http://localhost:8080

4. Go to the manager app: http://localhost:8080/manager/html

5. Deploy you war file(s)


Upgrade Tomcat privileges

In order to start “Tomcat server as a service” on windows startup, you must improve the Tomcat privileges. To do so, go to TOMCAT_install_dir / bin

  • Right click on “tomcat7w.exe” -> Properties
Tomcat properties
  • Go to the “compatibility” panel
    • Enable “run this program as an administrator”
    • Click on “change settings for all users”
    • Once again, enable “run this program as an administrator”


Increase server memory

In order to avoid memory errors such as “permGen space exception”, you have to increase your server JVM memory settings.

  • Launch the Tomcat Manager “configuration” panel: Right click on the manager -> Configure…
Tomcat settings
  • Go to the “Java” tab and adjust memory settings
    • Increase permsize by adding the following line in the text panel
-XX:MaxPermSize=256m
    • Set maximum memory pool size to 512 MB (see max. memory pool)
Java settings


Server configuration

Create users and user-rights

Manual installation

vim /opt/tomcat/conf/tomcat-users.xml

Automatic installation

vim /etc/tomcat7/tomcat-users.xml


Add / uncomment:

<role rolename="manager" />
<role rolename="admin" />
<role rolename="manager-gui" />
<role rolename="manager-script" />
<role rolename="admin-gui" />

<user username="tomcat" password="password"  roles="admin, admin-gui, manager, manager-gui, manager-script" />


Increase permgen space

Manual install

Add JAVA_OPTS parameters as environment variable

vim /etc/profile

Add following line:

export JAVA_OPTS="-Xms1024m -Xmx1024m -XX:NewSize=256m -XX:MaxNewSize=256m -XX:PermSize=256m -XX:MaxPermSize=512m -XX:+DisableExplicitGC"

Take changes into account

source /etc/profile

Check changes

echo $JAVA_OPTS


Automatic install

vim /etc/default/tomcat7

Add following line:

JAVA_OPTS="-server -Djava.awt.headiless=true -XX:+UseConcMarkSweepGC -XX:+CMSIncrementalMode -XX:+CMSPermGenSweepingEnabled -XX:+CMSClassUnloadingEnabled"
JAVA_OPTS="${JAVA_OPTS} -Xms256m -Xmx2048m"
JAVA_OPTS="${JAVA_OPTS} -XX:NewSize=128m -XX:MaxNewSize=256m"

Take changes into account

service tomcat7 restart


Add UTF-8 support on Tomcat

By default Tomcat will rely on the O.S locale.

In order to support UTF-8 URLs, you’ve to manually update the server’s configuration.

  • automatic install: $Tomcat = /etc/tomcat7
vim $TOMCAT/conf/server.xml

~ Line 70 change the “<connector port=”8080” …” value.

  • Before
<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
  • After
<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" URIEncoding="UTF-8" />


Restart Tomcat server

service tomcat7 restart


War deployment

There is 2 ways to deploy a war:


If you plan to use the graphical tool then you have to adjust the war file max size. Edit:

${Tomcat root} / webapps / manager / WEB-INF / web.xml


Adjust following values ~line 54 :

<multipart-config>
    <max-file-size>104857600</max-file-size>
    <max-request-size>104857600</max-request-size>
    <file-size-threshold>0</file-size-threshold>
</multipart-config>


add JMX management

Tomcat can be remotely monitored through JMX. That’s useful to check the status of the server: memory, threads and processes, performances, etc.


Restricted access configuration

You should restrict the JMX access.

Create the JMX users rights

vim /var/lib/tomcat7/conf/jmxremote.access

Put the following

monitorRole readonly		→ replace monitorRole by your ''userName''
controlRole readwrite

Create the JMX users password

vim /var/lib/tomcat7/conf/jmxremote.password

Put the following

monitorRole tomcat	         → replace monitorRole by username | replace tomcat by password
controlRole tomcat

Set rights and permissions upon login files

chmod 600 /var/lib/tomcat7/conf/jmxremote.*
chown tomcat7:tomcat7 /var/lib/tomcat7/conf/jmxremote.*

Tomcat launcher configuration

Just edit your default Tomcat launcher:

vim /etc/default/tomcat7

Add the following lines:

JAVA_HOME=/usr/lib/jvm/default-jvm/ 	          → That must be the ORACLE JDK

# JMX configuration
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote"
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.port=8090"
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.ssl=false"
JAVA_OPTS="${JAVA_OPTS} -Djava.rmi.server.hostname=preprodrtd.vehco.com"
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.authenticate=true"
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.access.file=/var/lib/tomcat7/conf/jmxremote.access"
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.password.file=/var/lib/tomcat7/conf/jmxremote.password"

!! The rmi.server.hostname must match /etc/hostname !!


Restart tomcat

Service tomcat7 restart


Open firewall

Edit your firewall script

vim /etc/firewall/firewall-start.sh

Incoming connections

$IPTABLES -A INPUT -p tcp --dport 8090 -j ACCEPT     # Tomcat JMX

Outgoing connections

$IPTABLES -t filter -A OUTPUT -p tcp -m state --state NEW --dport 8090 -j ACCEPT      # Tomcat JMX

Just restart your firewall to apply changes

firewall restart


Access JMX data

Just execute jvisualvm or jconsole. Fill up the information and use a none-secure connection.


Add MySQL datasource

Setup MySQL JDBC connector

1. Download MySQL JDBC driver http://dev.mysql.com/downloads/connector/j/

2. Decompress content and extract mysql-connector-java-XXX-bin.jar

3. Copy this file into $TOMCAT/libs Automatic install: /usr/share/tomcat7/lib

Declare MySQL datasource

Server.xml

Automatic install: /etc/tomcat7/server.xml

$TOMCAT/server.xml

Add

<host>
... 
<GlobalNamingResources>
...

<!-- ####################################################################### -->
<!--                              MySQL datasource                           -->
<!-- ####################################################################### -->

<!-- maxActive: Maximum number of database connections in pool. Set to -1 for no limit. -->
<!-- maxIdle: Maximum number of idle database connections to retain in pool. Set to -1 for no limit.  -->
<!-- maxWait: Maximum time to wait for a database connection to become available in ms. Set to -1 to wait indefinitely. -->
<!-- driverClassName: Class name for the official MySQL Connector/J driver is com.mysql.jdbc.Driver. -->

<Resource name="jdbc/myDataSource" 
	      auth="Container" type="javax.sql.DataSource"
	      username="user" password="password" 
	      url="jdbc:mysql://localhost:3306/mySchema" 
	      maxActive="50" maxIdle="30" maxWait="10000"
	      driverClassName="com.mysql.jdbc.Driver"
              factory="org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory"
              removeAbandoned="true"
              validationQuery="select 1" validationInterval="30000"
              testOnBorrow="true" testWhileIdle="true" 
              timeBetweenEvictionRunsMillis="60000"
              numTestsPerEvictionRun="5"
              poolPreparedStatements="true"
/>

</GlobalNamingResources>
  • Tomcat 8 : factory="org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory"
  • Tomcat 7 >= 7.0.52 : factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory"
  • Tomcat 6,7 < 7.0.52 : factory="org.apache.commons.dbcp.BasicDataSourceFactory"


Context.xml

Edit:

$TOMCAT/context.xml

Add the following declaration

<!-- ####################################################################### -->
<!--                              MySQL datasource                           -->
<!-- ####################################################################### -->
<ResourceLink name="jdbc/myDataSource" 	
              global="jdbc/myDataSource"
              type="javax.sql.datasource" />


web.xml

Edit

$TOMCAT/web.xml

Add the following declaration

<!-- ####################################################################### -->
<!--                              MySQL datasource                           -->
<!-- ####################################################################### -->

    <resource-ref>
	    <description>RTD database</description>
	    <res-ref-name>jdbc/VehcoData</res-ref-name>
	    <res-type>javax.sql.DataSource</res-type>
	    <res-auth>Container</res-auth>
    </resource-ref>


Take changes into account

Restart tomcat

service tomcat7 restart

Check result: http://localhost:8080/manager/text/resources


Use datasource

To use the datasource with a JNDI name you must prefix it with: java:comp/env/

      java:comp/env/jdbc/myDataSource


Datasource improvements

You can tweak the datasource using some specific config parameters. Edit:

$TOMCAT/server.xml

Edit your JDBC resource:

<Resource auth="Container"
   name="jdbc/APP_NAME"
   username="user"
   password="password"
   type="javax.sql.DataSource"

   url="jdbc:oracle:thin:@server.domain:1521:development"    	→ ORACLE database
   driverClassName="oracle.jdbc.driver.OracleDriver"

   url="jdbc:mysql://localhost:3306/rtd"		→ MySQL database
   driverClassName="com.mysql.jdbc.Driver"

   maxActive="50" maxIdle="30" maxWait="10000"		→ Connection pool
   maxIdle="10"
   maxWait="5000"
   maxActive="30"   	             → To remove none close connections

   logAbandoned="true" 		     To report the stacktrace of the faulty code
   removeAbandoned="true"	     To remedy connection starvation while leaky code is not fixed
   removeAbandonedTimeout="60"	     Interval for fixing connection starvation

   validationQuery="select 1 from dual"     custom query to perform regular checks
   validationInterval="30000"		    To be adjusted!  Interval in ms.
   testOnBorrow="true"
   testOnReturn="false"
   testWhileIdle="true"
   timeBetweenEvictionRunsMillis="5000"
   numTestsPerEvictionRun="3"
   minEvictableIdleTimeMillis="30000"
/>

More tweaks: http://commons.apache.org/proper/commons-dbcp/configuration.html


Basic tasks

Files location

The applications files are in $Tomcat/webapps

  • Automatic installation: /var/lib/tomcat/webapps

Remove old temp files

In case of bugs, you can remove the working directory: $Tomcat/work/Catalina/localhost/*

rm -Rf /var/lib/tomcat7/work/Catalina/localhost/*

Server access

http://server:8080