Aug 25 2006
We have a newsletter that goes out to our petstore members
every morning. Some people complained that they were not getting
the newsletter so the first thing that i checked was the maillog.
I checked the sendmail maillog for an email address that
was supposed to get the newsletter and i saw that sendmail never sent that
email.
Continua”HOW TO INCREASE MEMORY HEAP FOR JAVA AND TOMCAT”
Comments Off
Mar 17 2006
[code lang="html"]
1. Installing Tomcat 5 on Linux
Download the latest Tomcat binary from the Tomcat 5 section of http://jakarta.apache.org/site/binindex.cgi. Currently, Tomcat 5.0.28 is the latest.
Install Tomcat by unzipping/untaring the download file and placing in the desired directory (I used /usr/local)
cd /usr/local
tar zxf ./jakarta-tomcat-5.0.28.tar.gz
Note the location of your Tomcat installation - we will refer to this as $CATALINA_HOME
Optionally, save time on typing by creating a symbolic link like this:
ln -s jakarta-tomcat-5.0.28 tomcat5
2. Configuring Tomcat 5 for SSL (with keytool)
Skip this step if you want to generate certificates with OpenSSL.
If you are using Java 1.3.x, download the latest Java Secure Sockets Extension (JSSE) 1.0.2 at http://java.sun.com/products/jsse/
Install JSSE by unpacking it into the desired directory
Copy jcert.jar, jnet.jar and jsse.jar to $JAVA_HOME/jre/lib/ext
cd jsse1.0.2/lib
cp *.jar $JAVA_HOME/jre/lib/ext
Add the bin directory of the JSSE installation to your $PATH:
export PATH=$PATH:/usr/local/jsse1.0.2/bin
Generate a certificate:
cd jsse1.0.2/bin
keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/keystore -storepass mysecretpass
Set the -keystore parameter to wherever you want the generated keys to be stored. Set the -storepass to whatever password you want. When prompted, provide the other requested info (name, company, location, etc.).
Edit $CATALINA_HOME/conf/server.xml and undefine the SSL connector:
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreType="JKS"
keystoreFile="/etc/.keystore" keystorePass="mysecretpass"/>
Set port and the other parameters as desired. Note that if you change the port you should also change the “redirect” parameter for the non-HTTPS connector to the same value. In the Factory tag, set keystoreFile to point to the location where you placed the keystore. You’ll need to set keystorePass if you changed the password from the default of “changeit” to something else.
The “keystoreType” attribute is set to JKS for “Java Keystore”: the format produced by Java’s keytool.
3. Building OpenSSL on Linux
Download the latest OpenSSL distribution from http://www.openssl.org/source/. As of this writing, the latest version is 0.9.7e.
Unpack the distribution
tar zxvf openssl-0.9.7e.tar.gz
Configure OpenSSL
cd openssl-0.9.7e
./config -fPIC –prefix=/usr –openssldir=/usr/openssl
If you omit the –prefix and –openssldir parameters, openssl will install into /usr/local/openssl.
Compile OpenSSL
make
make test
The “make test” step is optional, but useful to make sure all works as it is supposed to.
Install OpenSSL
make install
4. Configuring Tomcat 5 for SSL (with OpenSSL)
Skip this step if you want to generate certificates with Java’s keytool.
Generate an RSA key for signing the certificate:
openssl genrsa -out mykey.pem 2048
Generate a certificate using the new key:
openssl req -new -x509 -key mykey.pem -out mycert.pem -days 365
Enter your name, organization name and address as prompted.
In this example, we’ve created a key file, mykey.pem, and a self-signed certificate. Normally, you want a certificate from a “certificate authority” or CA. Using a self-signed certificate IS NOT FOR PRODUCTION!
Since the certificate is in PEM format, convert it to PKCS12 for Tomcat:
openssl pkcs12 -export -in mycert.pem -inkey mykey.pem -out mycert.p12 -name tomcat
You MUST specify an export password! Tomcat expects one.
Edit $CATALINA_HOME/conf/server.xml and undefine the SSL connector:
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"
keystoreFile="/opt/openssl/mycert.p12" keystorePass="mysecretpass"/>
Set port and the other parameters as desired. Note that if you change the port you should also change the “redirect” parameter for the non-HTTPS connector to the same value. In the Factory tag, set keystoreFile to point to the location where you placed the keystore. You’ll need to set keystorePass if you changed the password from the default of “changeit” to something else.
The “keystoreType” attribute must be set to PKCS12.
5. Testing
Start Tomcat:
cd $CATALINA_HOME/bin
catalina.sh start
Point your browser to the http://localhost:8443 (or whatever port you choose). If everything works right, you’ll get prompted to accept the certificate and you should see the Tomcat splash page.
[/code]
Comments Off
Feb 17 2006
[code lang="html"]
TOMCAT AND MULTIPLE VIRTUAL HOSTS
We had Tomcat working on a single web server. Then we added some virtual hosts and the tomcat didn’t work on the virtual web servers. “Not a problem” we thought, we can get this working without any problems.
Four days later and its finally working. What I expected to be simple turned out to be a nightmare of hacking things. The documentation was hazy at best, so this is the brief recap on what we did. Part of the problem I’m sure was because multiple people had set up the server, so things were in different places with multiple instances and configuration files installed.
First step was to get the latest and greatest install of Tomcat.
Mistake one - don’t get the RPM. The RPM over-writes various configuration files. Although it does make a backup, the first time it ran it failed halfway through, so I ran it again and the original backup files were overwritten with the first backup from the RPM. Luckily I had made backups of all the files except for one which I didn’t know about.
We used the binary version of tomcat (Tomcat-4.1.24). You uncompress it, then copy it to the desired destination.
I like things on the local machine being in /usr/local/ So I put it in /usr/local/tomcat-4.1.24 and created a symbolic link /usr/local/tomcat pointing to that directory.
Of course, the old install had been in /var/tomcat, so putting the new one in /usr/local broke things, so there was an enjoyable half a day fixing things and getting it back to the same state it was in before hand.
I won’t put in here how to configure a basic install of tomcat, that is relatively straight forward and there is decent documentation on the web about that.
Lets also assume that your web server is setup with virtual hosts. Somewhere in your Apache configuration you should have something that looks like this:
ServerAdmin webmaster@somewhere.com
DocumentRoot /var/www/virtual/public_html
ServerName virtual.domainname.com
ErrorLog /var/www/virtual/weblogs/error_log
CustomLog /var/www/virtual/weblogs/access_log common
Options ExecCGI
SetHandler cgi-script
First thing you want to do it put in the handler entries for the Tomcat stuff so the Apache server knows not to try and interpret the .jsp pages and instead send it to the Tomcat system.
JkMount /servlet/* connect_id
JkMount /*.jsp connect_id
So you end up with something like this:
ServerAdmin webmaster@somewhere.com
DocumentRoot /var/www/virtual/public_html
ServerName virtual.domainname.com
ErrorLog /var/www/virtual/weblogs/error_log
CustomLog /var/www/virtual/weblogs/access_log common
Options ExecCGI
SetHandler cgi-script
JkMount /servlet/* connect_id
JkMount /*.jsp connect_id
First file you should edit is the server.xml file. You should find it in the config directory of your tomcat install. You need to create a connector for tomcat to run on. The default port is 8109, so don’t use that, I just moved things up to port 8112
acceptCount="10" debug="0"/>
This will run a virtual machine on port 8112. The other parameters to be aware of are the min and max numbers of processors to run. We don’t envsinge a lot of work or connections, so we throttled the min processors back to 3 and a max of 10. We may have to change this later, but with 21 virtual hosts, it does save a fair amount of CPU load.
Further down in server you need to add the entry for the virtual host. Ensure that you add this below the descriptor for the default (localhost?) host.
pattern="common"/>
Hostname is the name of the virtual host. There is some logging info. Something to take note of is the Context path. Notice the empty quotes. Don’t put in “/” it doesn’t work. Also set the docBase to the same as DocumentRoot in the virtual hosts entry.
Other file that needs editing is workers.properties First thing. Add the connection name to the worker.list
worker.list=ajp12, ajp13, connect_id
Next add that connection to the worker
worker.connect_id.port=8112
worker.connect_id.host=virtual.domainname.com
worker.connect_id.type=ajp13
Within the document root directory, ensure there is a WEB-INF directory. I discovered that it doesn’t work without one. Or you could probably redirect that using a directory alias within the virtual hosts directive.
Restart Tomcat.
Restart Apache.
Test.
If it doens’t work, start running things in debug mode and looking at logs, hopefully its just a simple thing.
TROUBLESHOOTING
Problems that I had:
Permissions not set for the Tomcat user. If you test things as root, then try to get the user that tomcat runs under to run them, it will most likely fail. You need to do a chown for the tomcat working area.
Permissions not set correctly for the web areas.
Tomcat being braindead when it came to setting the environment variables. This was fixed by starting the tomcat process as a daemon rather than as a su’ing to the tomcat user.
[/code]
Comments Off
Feb 09 2006
[code lang="html"]
TOMCAT AND MULTIPLE VIRTUAL HOSTS
We had Tomcat working on a single web server. Then we added some virtual hosts and the tomcat didn’t work on the virtual web servers. “Not a problem” we thought, we can get this working without any problems.
Four days later and its finally working. What I expected to be simple turned out to be a nightmare of hacking things. The documentation was hazy at best, so this is the brief recap on what we did. Part of the problem I’m sure was because multiple people had set up the server, so things were in different places with multiple instances and configuration files installed.
First step was to get the latest and greatest install of Tomcat.
Mistake one - don’t get the RPM. The RPM over-writes various configuration files. Although it does make a backup, the first time it ran it failed halfway through, so I ran it again and the original backup files were overwritten with the first backup from the RPM. Luckily I had made backups of all the files except for one which I didn’t know about.
We used the binary version of tomcat (Tomcat-4.1.24). You uncompress it, then copy it to the desired destination.
I like things on the local machine being in /usr/local/ So I put it in /usr/local/tomcat-4.1.24 and created a symbolic link /usr/local/tomcat pointing to that directory.
Of course, the old install had been in /var/tomcat, so putting the new one in /usr/local broke things, so there was an enjoyable half a day fixing things and getting it back to the same state it was in before hand.
I won’t put in here how to configure a basic install of tomcat, that is relatively straight forward and there is decent documentation on the web about that.
Lets also assume that your web server is setup with virtual hosts. Somewhere in your Apache configuration you should have something that looks like this:
ServerAdmin webmaster@somewhere.com
DocumentRoot /var/www/virtual/public_html
ServerName virtual.domainname.com
ErrorLog /var/www/virtual/weblogs/error_log
CustomLog /var/www/virtual/weblogs/access_log common
Options ExecCGI
SetHandler cgi-script
First thing you want to do it put in the handler entries for the Tomcat stuff so the Apache server knows not to try and interpret the .jsp pages and instead send it to the Tomcat system.
JkMount /servlet/* connect_id
JkMount /*.jsp connect_id
So you end up with something like this:
ServerAdmin webmaster@somewhere.com
DocumentRoot /var/www/virtual/public_html
ServerName virtual.domainname.com
ErrorLog /var/www/virtual/weblogs/error_log
CustomLog /var/www/virtual/weblogs/access_log common
Options ExecCGI
SetHandler cgi-script
JkMount /servlet/* connect_id
JkMount /*.jsp connect_id
First file you should edit is the server.xml file. You should find it in the config directory of your tomcat install. You need to create a connector for tomcat to run on. The default port is 8109, so don’t use that, I just moved things up to port 8112
acceptCount="10" debug="0"/>
This will run a virtual machine on port 8112. The other parameters to be aware of are the min and max numbers of processors to run. We don’t envsinge a lot of work or connections, so we throttled the min processors back to 3 and a max of 10. We may have to change this later, but with 21 virtual hosts, it does save a fair amount of CPU load.
Further down in server you need to add the entry for the virtual host. Ensure that you add this below the descriptor for the default (localhost?) host.
pattern="common"/>
Hostname is the name of the virtual host. There is some logging info. Something to take note of is the Context path. Notice the empty quotes. Don’t put in “/” it doesn’t work. Also set the docBase to the same as DocumentRoot in the virtual hosts entry.
Other file that needs editing is workers.properties First thing. Add the connection name to the worker.list
worker.list=ajp12, ajp13, connect_id
Next add that connection to the worker
worker.connect_id.port=8112
worker.connect_id.host=virtual.domainname.com
worker.connect_id.type=ajp13
Within the document root directory, ensure there is a WEB-INF directory. I discovered that it doesn’t work without one. Or you could probably redirect that using a directory alias within the virtual hosts directive.
Restart Tomcat.
Restart Apache.
Test.
If it doens’t work, start running things in debug mode and looking at logs, hopefully its just a simple thing.
TROUBLESHOOTING
Problems that I had:
Permissions not set for the Tomcat user. If you test things as root, then try to get the user that tomcat runs under to run them, it will most likely fail. You need to do a chown for the tomcat working area.
Permissions not set correctly for the web areas.
Tomcat being braindead when it came to setting the environment variables. This was fixed by starting the tomcat process as a daemon rather than as a su’ing to the tomcat user.
More tips from another site.
How can I configure Tomcat with multiple virtual hosts?
Highly recommended tutorial:
http://www.csse.uwa.edu.au/~ryan/tech/tomcat.html
Example “/etc/tomcat4/server.xml” file:
Example “/etc/httpd/conf/mod_jk.conf” file:
JkWorkersFile conf/workers.properties
# JkLogFile logs/mod_jk.log
# JkLogLevel info
JkMount /*.jsp ajp13
JkMount /hw/* ajp13
# JkMount /examples/* worker1
# JkMount /*/servlet/ worker1
# JkMount /webdav/* worker1
# JkMount /tomcat-docs/* worker1
# JkMount /admin/* ajp13
# JkMount /manager/* worker1
# JkLogStampFormat “[%a %b %d %H:%M:%S %Y] ”
# JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
# JkRequestLogFormat “%w %V %T”
# JkOptions +ForwardURICompat
ServerName domain1.com
ServerAlias www.domain1.com
DocumentRoot /var/tomcat4/webapps/domain1
JkMount /* ajp13
ServerName domain2.com
ServerAlias www.domain2.com
DocumentRoot /var/tomcat4/webapps/domain2
JkMount /* ajp13
[/code]
Comments Off
Sep 22 2005
Created by Oscar Carrillo - Updated on 05/10/2005 @ 18:04
You use these instructions at your own risk. I am not responsible for any damage or loss to your data, or damage or loss to your business, etc.
For the impatient: Download all my install scripts, config files, webapp, and misc files
Table Of Contents
When I first tried to build a webapp, it was very difficult to understand how all these open source technologies connect together. I find these tools to be very powerful and well-written, but daunting to configure them for a useful project. I hope this page assists people in getting these technologies to work together. I hope this creates a larger user base and thus ultimately making these technologies better. This is my small contribution to these projects that many others contribute their valuable time and resources to.
My previous hosting abilities came to an end, and I needed a new home for my Documentation Project. A special thanks to ServePath for supporting my Documentation Project by donating the co-location of my server. They were very helpful, especially in providing me extra IPs so I could test out SSL deployment. They do various hosting scenarios, including Tomcat and Apache hosting. Check out ServePath hosting and if you do decide you like them, please use this link for ordering as it provides me as a reference, and I get a small referral fee.
Continua”HOWTO : Installing Web Services with Linux / Tomcat / Apache / Struts / Postgresql / OpenSSL / JDBC / JNDI / DBCP”
Comments Off
Sep 21 2005
Configuring Apache
Now that Tomcat is configured to listen to port 8009 for incoming AJP13 request, let’s tell Apache to actually talk to Tomcat using that port and protocol. This process, while not terribly complicated, is somewhat more complicated than Tomcat’s equivalent configuration, so I have broken it down into several sections.
Continua”Configure Apache for mod_jk Another guide”
Comments Off
Sep 21 2005
For those of us who are confused about the server.xml file, I found this online that I can use for future reference. It is a good reading and can help you solve many issues that affect your Tomcat server.
Continua”How to decypher Tomcat’s server.xml file”
Comments Off
Sep 21 2005
This is a document that talks about tomcat version 3 but I found it interesting so I am going to keep it here just for my own reference.
Continua”Tomcat workers.properties file”
Comments Off
Sep 21 2005
Having problems installing mod_jk and configure apache to use it. Yes I did have the same problem when trying to compile mod_jk on our servers at work.
Through trial and error I was able to figure out how to do it with the help of www.google.com and lots of reading. Here is a quick walkthrough on how to do it.
:)
if you do not know how to install Tomcat you will find the guide on this same blog here.
How to install Tomcat with Apache
How to manage Tomcat and deploy servlets.
How to create a Tomcat script to initialize tomcat at boot
Continua”mod_jk integration with Apache and Tomcat”
Comments Off
Sep 13 2005
This is the second part of my on going process of becoming more familiar with Tomcat installation and management of Java servlet deployments.
This is a guide just for me to remind myself in case I need to refer to this guides in the future.
Continua”Managing Tomcat and Deploying Java Servlets”
Comments Off
