...
The steps begin with a tar.gz version of Tomcat from the Apache website and start int the root directory of Tomcat. For example,
| Code Block | ||
|---|---|---|
| ||
sudo serveradmin # log in as the user who will be running the service tar -xvpf apache-tomcat-6.0.32 mkdir apache mv ./apache-tomcat-6.0.32/ ./apache/ |
To make scripts consistent, the BonsaiFramework uses symbolic links as described in Portable Tomcat 6.x & Instances.
| Code Block | ||
|---|---|---|
| ||
cd apache/ ln -s ./apache-tomcat-6.0.32/ ./tomcat.0 |
As a user with sudo rights,
| Code Block | ||
|---|---|---|
| ||
sudo mv ./apache/ /opt/apache/ |
This document is for reference. To get up and started, go ahead and download Bonsai Framework Tomcat 6.0.32.
...
Delete sample applications,
| Code Block | ||
|---|---|---|
| ||
cd /opt/apache/apache-tomcat-6.0.32/webapps
rm -rf docs examples |
...
| Code Block |
|---|
# You should still be in the webapps directory
rm -rf host-manager manager
cd ..
|
Remove Unnecessary Ports
By default Tomcat listens to the following ports,
- 8080 - http port for the application server
- 8009 - http port use by mod_jk
In the BonsaiFramework we front Apache in front of Tomcat, as such we do not need 8080. Edit /opt/apache/
References
http://blogs.mulesoft.org/is-your-tomcat-secure/ - looks like a good lead.
| Wiki Markup |
|---|
\[http://www.cisecurity.org/resources-publications/ |
| Wiki Markup |
|---|
\[\[https://www.owasp.org/index.php/Securing_tomcat |
...
References
http
] |
...
...
...