Table of Contents |
---|
Introduction
This is my preferred a method of installing and running Tomcat in a way that is portable and part of the BonsaiFramework 0FS approach. That is you can tar and zip Tar (zip) up the directory and move your entire application server or duplicate it with a copy command.
My This work comes from a corporate environment where isolation, control and ease of upgrade with a fallback are very important. Also, in some cases I require allows for fast horizontal scaling where multiple Tomcat instances are run on the same machine.
Tip |
---|
Consider writing and then linking article on the merits and advantages of portability. |
In this article I will give This work also is the fundation for understanding and moving towards cloud techniques such as Tomcat based Docker.
This article gives an example of setting up 2 Tomcat instances using the same version of Java as follows,
- Tomcat1 on Java 1.6.0_16 run by user serveradmin
- Tomcat2 on Java 1.6.0_16 run by user serveradmin
After you finish this article you will see that you can You may also opt to further mix and match and with different versions of Tomcat and Java.
Also, we will only allow Tomcat to be stopped and started by the user serveradmin.
For the purposes of this example, we will assume that we want to build the following software stack:
Software Stack Selection,
- Java SE Runtime Environment (JRE) = 6 Update 16
- Tomcat = 6.0.20
...
Gliffy Diagram | ||||
---|---|---|---|---|
|
Shortcut
Everything is all packaged up at www.tin-pham.com/downloads,
Package Version | Comments | Next Step Version |
---|---|---|
v0.1 | Basic Tomcat with Java embedded per this article minus rotation of catalina.out | Fix log rotation after determining best route. Kevin looking into this. |
v0.2 | ... | ... |
Tomcat and serveradmin
The purpose of the serveradmin account is to run Tomcat and java. As such serveradmin can not sudo into root. In the event that Tomcat is somehow attacked serveradmin would be compromised. Not allowing serveradmin access to sudo provides an extra layer of security.
Directory Structure
The directory structure will be as follows,
...
Code Block | ||
---|---|---|
| ||
su - bhitch # We need a staff user who can sudo cd /opt sudo mkdir apache sudo chown -R serveradmin:serveradmin ./apache # Make sure serveradmin can use the folder. |
Manually Setup JRE
Include Page | ||||
---|---|---|---|---|
|
Leave the setup Java folder alone for now. It will be moved into the Tomcat folder as part of the Tomcat setup.
Manually Setup Tomcat
By manually setting up Tomcat there is much more control and you can run multiple tomcat instances. Download tomcat. The tar.gz file is used because permissions are already setup such as execute for startup.sh. A zip file will lose the permissions.
...
Code Block | ||
---|---|---|
| ||
cd /opt/apache sudo chown -R serveradmin:staff ./tomcat.1/ sudo chmod -R o-wrx ./tomcat.1/ |
Change Default Ports
We will change Tomcat1 from the default ports,
...
Code Block |
---|
cd /opt/apache/tomcat.1/conf/ sed -i 's/8005/8105/' server.xml sed -i 's/8009/8109/' server.xml sed -i 's/8080/8180/' server.xml sed -i 's/8443/8543/' server.xml |
Fix Tomcat catalina.out Logging
Tomcat Logging has a bug where if catalina.out reaches over (need to research) logging stops working. Worse if over 2GB Tomcat will not start and also not report any errors. Yes this is pretty crazy that this is not fixed.
...
This solution comes from VMWare who now owns SpringSource. Caveat is that the incorrect process ID being written to the process ID file so I don't like this solution as it will impact shutdown scripts.
Windows
Warning |
---|
TBC - Research and a solution needs to be found for this. This article by SpringSource uses cronolog (they know Tomcat so well they created a variation with more Enterprise features looks promising"). Apache Tomcat's position is to not fix in the near future (we disagree as enough restarts will cause the problem with the log file) and the same article also provides some solutions too. |
Research
http://java.dzone.com/articles/how-rotate-tomcat-catalinaout?utm_source=am6_feedtweet&utm_medium=twitter&utm_campaign=toya256ForRSS - talks about using logrotate (there is a slice of time where the log stops working). Also has a patch to tomcat so this solution works in Solaris.
...
Article by Spring Source using cronolog - http://www.tomcatexpert.com/knowledge-base/rotating-catalinaout-log-files
Naming the Tomcat Process for Solaris (solved)
Solaris' built in ps has a specific limitation of 60 characters. As a result, it is not intuitive to determine which process of tomcat is which when the ps command is executed,
...
Code Block | ||
---|---|---|
| ||
serveradmin 12150 13290 1 11:51:28 pts/2 0:10 /opt/apache/tomcat.1/java -Djava.util.logging.manager=org.apache.juli.ClassLoad serveradmin 5906 13290 0 Jul 24 ? 6:17 /opt/apache/tomcat.2/java -Djava.util.logging.manager=org.apache.juli.ClassLoad |
Only Allow serveradmin to Run Tomcat
Setting up and running Tomcat with serveradmin has the advantage that you can manage the Application server without having to go into root. We want to ensure that only serveradmin starts Tomcat to prevent any issues with permissions. For example, once you start Tomcat1 as root you may find that log files spawned from that startup can no longer be managed by serveradmin. Also, by running Tomcat1s serveradmin rather than root is safer from a security standpoint.
...
Code Block | ||
---|---|---|
| ||
#!/bin/sh # Bonsaiframework - Modification Start # -------------------------------------- if [ "$LOGNAME" != "serveradmin" ]; then echo "This service should only managed with the user serveradmin" exit 1 fi # -------------------------------------- # Bonsaiframework - Modification End # Licensed to the Apache Software Foundation (ASF) under one or more |
Run Tomcat with a Specific Java Version Using setenv.sh
Tomcat can be run with a separate version of JRE or JDK that is not the default system version. To do so, you will have to explicitly set the JRE_HOME variable. The JAVA_HOME variable is also configured as some applications will want to make use of this variable instead.
...
Using this method, you can have different Tomcat instances running different versions of Java and control when you want to move between Java versions.
Setup Tomcat2
In this example we are going to run with 2 instances of tomcat where we will load balance between them. So we duplicate the tomcat directory with a slightly different directory name,
...
Code Block |
---|
cd /opt/apache/tomcat.2/conf sed -i 's/8105/8205/' server.xml sed -i 's/8109/8209/' server.xml sed -i 's/8180/8280/' server.xml sed -i 's/8543/8643/' server.xml |
Verify
Finally startup your Tomcat instances and verify that they are listening,
...
If your server has a web browser you can load the examples page using http://localhost:8180/examples/. From another computer you can see the examples application by browsing to, http://www.krypton.com:8180/examples/ where if www.krypton.com is not a real dns, use the server's IP address or add a host file entry to your client system.
Additional Layers
In my experience all my real world systems do not need any more layers to Tomcat. However, there are some odd scenarios which are covered here.
Automatic Startup and Shutdown of Tomcat
I do not recommend setting this up until you have proper monitoring. If you system reboots you want to know about it.
Warning |
---|
This section is still to be written. |
Setup SSL on Tomcat
For testing purposes or if the only thing you want to do is encrypt the channel of communication you can Setup a Self-Signed Certificate for Tomcat.
...
Note |
---|
The more enterprise solution is to front Tomcat with Apache and setup SSL on Apache. |
UTF-8
Warning |
---|
I have only used this in Production with Confluence. My other i18n projects seem to work fine without this parameter. More testing and research is needed to determine why and if this is a good idea in general. |
...
Code Block | ||
---|---|---|
| ||
<Connector port="8109" protocol="AJP/1.3" redirectPort="8643" URIEncoding="UTF-8" /> |
References
http://wiki.apache.org/tomcat/FAQ/CharacterEncoding#Q9 - still to finish reading
...