How to install tomacat on centos,Linux,Ubunut


Step one: Install JDK 1.7

You can transfer the most recent JDK here: http://www.oracle.com/technetwork/java/javase/downloads/index.html

We'll install the most recent JDK, that is JDK seven, Update 5. The JDK is restricted to thirty two and sixty four bit versions.

My CentOS box is sixty four bit, therefore i am going to need: jdk-7u9-linux-x64.tar.gz.

If you're on thirty two bit, you may need: jdk-7u9-linux-i586.tar.gz

Start by making a brand new directory /usr/java:

view plaincopy to clipboardprint?

    [root@Desktop ~]# mkdir /usr/java  



Change to the /usr/java directory we have a tendency to created

view plaincopy to clipboardprint?

    [root@Desktop ~]# cd /usr/java  
    [root@Desktop java ]#



Download the acceptable JDK and put it aside to /usr/java directory we have a tendency to created higher than.

Unpack jdk-7u5-linux-x64.tar.gz within the /usr/java directory victimization tar -xzf:

view plaincopy to clipboardprint?

    [root@Desktop java]# tar -xzf jdk-7u5-linux-x64.tar.gz



This will produce the directory /usr/java/jdk1.7.0_05. this may be our JAVA_HOME.


We can currently set JAVA_HOME and place Java into the trail of our users.

To set it for your current session, you'll issue the subsequent from the CLI:
view plaincopy to clipboardprint?

    [root@Desktop java]# JAVA_HOME=/usr/java/jdk1.7.0_09  
    [root@Desktop java]# export JAVA_HOME  
    [root@Desktop java]# PATH=$JAVA_HOME/bin:$PATH
    [root@Desktop java]# export PATH


To set the JAVA_HOME for good, however, we want to feature below to the ~/.bash_profile of the user (in this case, root).
We can conjointly add it /etc/profile then supply it to offer to any or all users.
view plaincopy to clipboardprint?

    JAVA_HOME=/usr/java/jdk1.7.0_09  
    export JAVA_HOME  
    PATH=$JAVA_HOME/bin:$PATH  
    export PATH

Once you've got additional the higher than to ~/.bash_profile, you must exit, then log back in and make sure the JAVA_HOME is about properly.

view plaincopy to clipboardprint?

    [root@DEsktop ~]#  echo $JAVA_HOME
    /usr/java/jdk1.7.0_09



Note: If you made the choice to use JDK half-dozen instead of seven as we have a tendency to did higher than, merely save the JDK half-dozen bin file to /opt (or another location), then navigate to /usr/java and issue: 'sh /opt/jdk-6u33-linux-x64.bin'. this may produce a JAVA Home of /usr/java/jdk1.6.0.33


Step 2: transfer and take out tom seven.0.29 (or latest)

We will install tom seven below /usr/share.

Switch to the /usr/share directory:

view plaincopy to clipboardprint?

    [root@Desktop ~]# cd /usr/share  
    [root@Desktop share ]#

Download apache-tomcat-7.0.29.tar.gz (or the most recent version) here
http://tomcat.apache.org/download-70.cgi

and put it aside to /usr/share

Once downloaded, you must verify the MD5 verification for your tom transfer victimization the md5sum command.

view plaincopy to clipboardprint?

    [root@Desktop share ]# md5sum apache-tomcat-7.0.64.tar.gz  
    307076fa3827e19fa9b03f3ef7cf1f3f *apache-tomcat-7.0.29.tar.gz

Compare the output higher than to the MD5 verification provided next to the transfer link and you used higher than and make sure it matches.

unpack the file victimization tar -xzf:

view plaincopy to clipboardprint?

    [root@Desktop share ]# tar -xzf apache-tomcat-7.0.64.tar.gz    

This will produce the directory /usr/share/apache-tomcat-7.0.64


Step 3: tack together tom to Run as a Service.

We will currently see a way to run tom as a service and make an easy Start/Stop/Restart script, furthermore on begin tom at boot.

Change to the /etc/init.d directory and make a script known as 'tomcat' as shown below.

view plaincopy to clipboardprint?

    [root@Desktop share]# cd /etc/init.d  
    [root@Desktop init.d]# vi tomcat  

And here is that the script we'll use.

view plaincopy to clipboardprint?

    #!/bin/bash  
    # description: tom begin Stop Restart  
    # processname: tom  
    # chkconfig: 234 twenty eighty  
    JAVA_HOME=/usr/java/jdk1.7.0_09  
    export JAVA_HOME  
    PATH=$JAVA_HOME/bin:$PATH  
    export PATH  
    CATALINA_HOME=/usr/share/apache-tomcat-7.0.64  
      
    case $1 in  
    start)  
    sh $CATALINA_HOME/bin/startup.sh  
    ;;   
    stop)     
    sh $CATALINA_HOME/bin/shutdown.sh  
    ;;   
    restart)  
    sh $CATALINA_HOME/bin/shutdown.sh  
    sh $CATALINA_HOME/bin/startup.sh  
    ;;   
    esac      
    exit 0

The higher than script is easy and contains all of the fundamental components you may have to be compelled to get going.

As you'll see, we have a tendency to ar merely line of work the startup.sh and closedown.sh scripts set within the tom bin directory (/usr/share/apache-tomcat-7.0.64/bin).

You can alter your script in step with your desires and, in consequent posts, we'll check out further examples.

CATALINA_HOME is that the tom home directory (/usr/share/apache-tomcat-7.0.64)

Now, set the permissions for your script to create it executable:

view plaincopy to clipboardprint?

    [root@Desktop init.d]# chmod 755 tom  

We currently use the chkconfig utility to possess tom begin at boot time. In my script higher than, i'm victimization chkconfig: 234 twenty eighty. 2345 ar the run levels and twenty and eighty ar the stop and begin priorities severally. you'll alter pro re nata.

view plaincopy to clipboardprint?

    [root@DEsktop init.d]# chkconfig --add tom  
    [root@Desktop init.d]# chkconfig --level 234 tom on  

Verify it:

view plaincopy to clipboardprint?

    [root@Desktop init.d]# chkconfig --list tom  
 tom          0:off   1:off   2:on    3:on    4:on    5:off   6:off

Now, let's check our script.

Start Tomcat:
view plaincopy to clipboardprint?

    [root@Desktop ~]# service tom begin  
 victimization CATALINA_BASE:   /usr/share/apache-tomcat-7.0.64
 victimization CATALINA_HOME:   /usr/share/apache-tomcat-7.0.64
 victimization CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.64/temp
 victimization JRE_HOME:        /usr/java/jdk1.7.0_09
 victimization CLASSPATH:       /usr/share/apache-tomcat-7.0.64/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.64/bin/tomcat-juli.jar

Stop Tomcat:

view plaincopy to clipboardprint?

    [root@Desktop ~]# service tom stop  
 victimization CATALINA_BASE:   /usr/share/apache-tomcat-7.0.64
 victimization CATALINA_HOME:   /usr/share/apache-tomcat-7.0.64
 victimization CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.64/temp
 victimization JRE_HOME:        /usr/java/jdk1.7.0_09
 victimization CLASSPATH:       /usr/share/apache-tomcat-7.0.64/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.64/bin/tomcat-juli.jar

Restarting tom (Must be started first):

view plaincopy to clipboardprint?

    [root@Desktop ~]# service tom restart  
 victimization CATALINA_BASE:   /usr/share/apache-tomcat-7.0.64
 victimization CATALINA_HOME:   /usr/share/apache-tomcat-7.0.64
 victimization CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.64/temp
 victimization JRE_HOME:        /usr/java/jdk1.7.0_09
 victimization CLASSPATH:       /usr/share/apache-tomcat-7.0.64/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.64/bin/tomcat-juli.jar
 victimization CATALINA_BASE:   /usr/share/apache-tomcat-7.0.64
 victimization CATALINA_HOME:   /usr/share/apache-tomcat-7.0.64
 victimization CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.64/temp
 victimization JRE_HOME:        /usr/java/jdk1.7.0_09
 victimization CLASSPATH:       /usr/share/apache-tomcat-7.0.64/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.64/bin/tomcat-juli.jar

We should review the Catalina.out log set at /usr/share/apache-tomcat-7.0.64/logs/catalina.out and check for any errors.

view plaincopy to clipboardprint?

    [root@Desktop init.d]# additional /usr/share/apache-tomcat-7.0.64/logs/catalina.out  

We can currently access the tom Manager page at:

http://yourdomain.com:8080 or http://yourIPaddress:8080 and that we ought to see the tom home page.


Step 4: Configuring tom Manager Access.

Tomcat seven contains variety of changes that provide finer-grain roles.

For security reasons, no users or passwords ar created for the tom manager roles by default. during a production readying, it's continuously best to get rid of the Manager application.

To set roles, user name(s) and password(s), we want to tack together the tomcat-users.xml file set at $CATALINA_HOME/conf/tomcat-users.xml.

In the case of our installation, $CATALINA_HOME is found at /usr/share/apache-tomcat-7.0.29.

By default the tom seven tomcat-users.xml file can have the weather between the and tags commented-out. .

New roles for tom seven supply finer-grained access and also the following roles ar currently available:

manager-gui
manager-status
manager-jmx
manager-script
admin-gu
admin-script.

We can set the manager-gui role, as an example as below

:
view plaincopy to clipboardprint?
 
Caution ought to be exercised in granting multiple roles therefore as to not under-mind security.
Step five (Oprtional): Manage Memory Usage victimization JAVA_OPTS.
Getting the correct heap memory settings for your installation can rely on variety of things.

For simplicity, we'll set our inital heap size, Xms, and our most heap size, Xmx, to identical price of 128 Mb

Simliarly, there ar many approaches you'll take on wherever and the way you set your JAVA_OPTS

Again, for simplicity, we'll add our JAVA_OPTS memory parameters in our Catalina.sh file.

So, open the Catalina.sh file set below /usr/share/apache-tomcat-7.0.29/bin with a text editor or vi.

Since we have a tendency to ar victimization 128 Mb for each initial and most heap size, add the subsequent line to Catalina.sh

view plaincopy to clipboardprint?

    JAVA_OPTS="-Xms128m -Xmx128m"



I sometimes simply add this within the second line of the file therefore it's as so:

view plaincopy to clipboardprint?

    #!/bin/sh
    JAVA_OPTS="-Xms128m -Xmx128m"
    # authorized  to the Apache code Foundation (ASF) below one or additional
    # contributor license agreements.  See the NOTICE file distributed with
    # this work for extra info relating to copyright possession.
    # The ASF licenses this file to You below the Apache License, Version 2.0
    # (the "License"); you'll not use this file except in compliance with
    # the License. you'll acquire a replica of the License at

Step half-dozen (Optional): a way to Run tom victimization Minimally Privileged (non-root) User.

in our tom configuration higher than, we have a tendency to ar running tom as Root.

For security reasons, it's continuously best to run services with the sole those privileges that ar necessary.

There ar some UN agency create a robust case that this is often not needed, however it is often best to err on the facet of caution.

To run tom as non-root user, we want to try and do the following:

1. produce the cluster 'tomcat':

view plaincopy to clipboardprint?

    [root@DEsktop ~]# groupadd tomcat  

2. produce the user 'tomcat' and add this user to the tom cluster we have a tendency to created higher than.

view plaincopy to clipboardprint?

    [root@Desktop ~]# useradd -s /bin/bash -g tomcat tomcat  

The higher than can produce a home directory for the user tom within the default user home as /home/tomcat

If we would like the house directory to be elsewhere, we have a tendency to merely specify therefore victimization the -d switch.

view plaincopy to clipboardprint?

    [root@Desktop ~]# useradd -g tom -d /usr/share/apache-tomcat-7.0.64/tomcat tomcat 

The higher than can produce the user tomcat's home directory as /usr/share/apache-tomcat-7.0.64/tomcat

3. modification possession of the tom files to the user tom we have a tendency to created above:

view plaincopy to clipboardprint?

    [root@Desktop ~]# chown -Rf tom.tomcat /usr/share/apache-tomcat-7.0.64/  

Note: it's attainable to boost our security still any by guaranteeing files and directories read-only. this may not be lined during this post and care ought to be used once setting such permissions.

4. alter the start/stop service script we have a tendency to created higher than. In our new script, we want to su to the user tomcat:

view plaincopy to clipboardprint?

    #!/bin/bash  
    # description: tom begin Stop Restart  
    # processname: tom  
    # chkconfig: 234 twenty eighty  
    JAVA_HOME=/usr/java/jdk1.7.0_09 
    export JAVA_HOME  
    PATH=$JAVA_HOME/bin:$PATH  
    export PATH  
    CATALINA_HOME=/usr/share/apache-tomcat-7.0.64/bin  
      
    case $1 in  
    start)  
    /bin/su tom $CATALINA_HOME/startup.sh  
    ;;   
    stop)     
    /bin/su tom $CATALINA_HOME/shutdown.sh  
    ;;   
    restart)  
    /bin/su tom $CATALINA_HOME/shutdown.sh  
    /bin/su tom $CATALINA_HOME/startup.sh  
    ;;   
    esac      
    exit 0  




Step seven (Optional): a way to Run tom on Port eighty as Non-Root User.



Note: the subsequent applies after you ar running tom in "stand alone" mode with tom running below the minimally privileged user tom we have a tendency to created within the previous step.

To run services below port 1024 as a user apart from root, you'll add the subsequent to your information processing tables:

view plaincopy to clipboardprint?

    [root@Desktop ~]# iptables -t nat -A PREROUTING -p communications protocol -m communications protocol --dport eighty -j airt --to-ports 8080    
    [root@Desktop ~]# iptables -t nat -A PREROUTING -p udp -m udp --dport eighty -j airt --to-ports 8080    



Be sure to save lots of and restart your information processing Tables.

Step eight (Optional): Running tom behind Apache



As an alternate to running tom on port eighty, if you've got Apache ahead of tom, you'll use mod_proxy furthermore as ajp instrumentality to map your domain to your tom application(s) victimization associate degree Apache vhost as shown below.

While tom has improved it's 'standalone performance', I still favor to have chop-chop ahead of it for variety of reasons.

In your Apache config, make sure to line KeepAlive to 'on'. Apache calibration, of course, may be a whole subject in itself...


Example 1: VHOST with mod_proxy:

view plaincopy to clipboardprint?

   
        ServerAdmin admin@yourdomain.com
        ServerName yourdomain.com
        ServerAlias web.yourdomain.com
   
   
        ProxyRequests Off
        ProxyPreserveHost On
       
           Order permit,deny
 permit from all
       
   
   
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/
   
   
        ErrorLog logs/yourdomain.com-error_log
        CustomLog logs/yourdomain.com-access_log common
   
   



Example 2: VHOST with ajp instrumentality and mod_proxy:

view plaincopy to clipboardprint?

   
        ServerAdmin admin@yourdomain.com
        ServerName yourdomain.com
        ServerAlias web.yourdomain.com
   
   
        ProxyRequests Off
        ProxyPreserveHost On
       
        Order permit,deny
 permit from all
       
   
        ProxyPass / ajp://localhost:8009/
        ProxyPassReverse / ajp://localhost:8009/
   
   
        ErrorLog logs/yourdomain.com-error_log
        CustomLog logs/yourdomain.com-access_log common
   



In each vhost examples higher than, we have a tendency to ar "mapping" the domain to Tomcat's ROOT directory.

If we have a tendency to would like to map to associate degree application like yourdomain.com/myapp, we are able to add some rewrite as shown below.

This will rewrite all requests for yourdomain.com to yourdomain.com/myapp.

Example 3: VHOST with rewrite:

view plaincopy to clipboardprint?

   
        ServerAdmin admin@yourdomain.com
        ServerName yourdomain.com
        ServerAlias web.yourdomain.com
   
   
        RewriteEngine On
        RewriteRule ^/$ myapp/ [R=301]
   
        ProxyRequests Off
        ProxyPreserveHost On
       
        Order permit,deny
 permit from all
       
   
        ProxyPass / ajp://localhost:8009/
        ProxyPassReverse / ajp://localhost:8009/
   
   
        ErrorLog logs/yourdomain.com-error_log
        CustomLog logs/yourdomain.com-access_log common
   

0 comments:

Post a Comment