Monday, May 5, 2008
Saturday, May 3, 2008
Installing and running Apache Tomcat in Linux
This tutorial covers how to install and run the Apache Tomcat 6 servlet container on a Linux computer. This guide will use Ubuntu 7.04 as an example, but should work with minor adjustments for any distro. If your distro doesn’t use sudo you have to type the commands beginning with “sudo…” as root.
You are not required to have any special Linux skills beyond copying and pasting, but you should familiarize yourself with security aspects of running a server if you intend to run Tomcat in a live environment. I will use the nano editor in this howto for the sake of simplicity, you may use your favorite editor on every line starting with “nano…”.
Ok, let’s get started.
Installing Java
First we need to figure out which Java version we have, if any. Type the following into a command prompt:
java -version
javac -version
You should see that your Java version is at least 1.5.0 or higher. If not you will have to install both the JDK and JRE before we continue. I will use Java 6 for this tutorial, but Java 5 will also work. If you wish to use Java 5, substitute java6 in the following commands for java5.
To install the Sun Java JRE and JDK we first need to make sure that we have the appropriate repositories enabled. Go to System>Administration>Software Sources and make sure that you have all the repositories selected. When you close the window you will be prompted to update your software database, click OK.
Install Java 6 by typing
sudo apt-get install sun-java6-jre sun-java6-jdk
and saying yes to installing the additional packages. You will have to agree with the Sun Java licensing terms to install the packages.
Now that we have Java installed we can go on to installing Tomcat.
Creating user for Tomcat (Optional)
I will now create a separate user for running Tomcat, this isn’t necessary but I recommend it as it minimizes risks if your server ever gets hacked.
Type the following command to create a user “tomcat”:
sudo adduser tomcat
You will first be prompted for your own password, then the new user’s password.
Getting and installing Tomcat
Go to the Tomcat download page and download the “core” distribution as a tar.gz-file.
Go to the directory to which you downloaded the package and extract it with
tar zxvf apache-tomcat-6.0.xx.tar.gz
where 6.0.xx corresponds to the version you downloaded.
We now need to move the extracted folder and to /usr/local and create a symbolic link to it so that we can update the Tomcat version without having to change all our startup scripts. We will also change the tomcat files to be owned by the tomcat user, as this is the user we will be running the server as.
sudo mv apache-tomcat-6.0.xx /usr/local
sudo chown -R tomcat:tomcat /usr/local/apache-tomcat-6.0.xx/
sudo ln -s /usr/local/apache-tomcat-6.0.xx /usr/local/tomcat
Now we have a link /usr/local/tomcat that points to the apache-tomcat-6.0.xx folder. Why? Because now we can update Tomcat by extracting a newer version of Tomcat to the same directory and simply changing the link to point to the new version. This saves us from having to update the path to tomcat in scripts.
Next we need to change the current user to the tomcat user we made (skip this step if you didn’t create one)
su - tomcat
Tomcat needs to have a few environment-variables set for it to work, open .bashrc
nano .bashrc
and append the following lines to it:
export JAVA_HOME=/usr/lib/jvm/java-6-sun/ export CLASSPATH="/usr/local/tomcat/lib/jsp-api.jar;/usr/local/tomcat/lib/servlet-api.jar"
Use Ctrl+X to exit, press Y to save changes and Enter to save with the same name.
Your tomcat installation is now ready. If you’re content with having Tomcat running on the default 8080 port and starting and stopping it manually by writing
sh /usr/local/tomcat/bin/startup.sh
sh /usr/local/tomcat/bin/shutdown.sh
then you are finished and can go and play with your shiny new server.
If you want to change the port Tomcat listens to, have servlets reload without restarting your server or have it start automatically when you boot, stay with me a bit longer.
Changing the default port
Open up /usr/local/tomcat/conf/server.xml in your editor of choice.
nano /usr/local/tomcat/conf/server.xml
On the line
Connector port="8080" protocol="HTTP/1.1" ...
change the port number to whatever port you wish to use.
Port 80 is the default port for HTTP connections and is the port that answers if you type in an address without a specified port number. But if you have other servers, like apache, running on your machine this port is likely to be taken.
NOTE if you use port 80 you need to run tomcat as root, which is not advisable, instead I suggest making a port forward with iptables.
Enabling servlet refreshing
This is only needed and suggested for testing environments. Servlet reloading enables the server to reload changed servlets without having to restart the server. On production systems this leads to performance hits, but it will greatly help you during development stages of your project.
Open /usr/local/tomcat/conf/context.xml
nano /usr/local/tomcat/conf/context.xml
and change the line
Context
to
Context reloadable="true" privileged="true"
Starting the server automatically
If you wish that the server starts automatically when you start your computer you need to download this startup script and place it in your /etc/init.d/ directory.
Tomcat startup script
#!/bin/sh
TOMCAT_USER=tomcat
TOMCAT_PATH=/usr/local/tomcat
export JAVA_HOME=/usr/lib/jvm/java-6-sun/
export CLASSPATH="/usr/local/tomcat/lib/jsp-api.jar;/usr/local/tomcat/lib/servlet-api.jar"
start() {
echo -n "Starting Tomcat: "
su $TOMCAT_USER -c $TOMCAT_PATH/bin/startup.sh
sleep 2
}
stop() {
echo -n "Stopping Tomcat: "
su $TOMCAT_USER -c $TOMCAT_PATH/bin/shutdown.sh
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo $"Usage: tomcat {start|stop|restart}"
exit
esac
Open the script and make sure that the username and path are correct. Then make the script executable and and move it to the correct location.
chmod +x tomcat
sudo mv tomcat /etc/init.d/
sudo ln -s /etc/init.d/tomcat /etc/rc2.d/S99tomcat
sudo ln -s /etc/init.d/tomcat /etc/rc2.d/K99tomcat
Change the number in the rc2.d to correspond to the runlevel you start your computer to. In Ubuntu and Debian this is 2, on most other systems it is 5 if you start X automatically or 3 if you start with a commandprompt.
You can test that the script works by typing
sudo /etc/init.d/tomcat start
and going to http://localhost:8080/,or whatever portnumber you chose and see if you get the Tomcat welcome screen.
Congratulations, you now have a working Tomcat installation!
Enjoy.
Copy from: http://www.2nrds.com/installing-and-running-apache-tomcat-in-linux
You are not required to have any special Linux skills beyond copying and pasting, but you should familiarize yourself with security aspects of running a server if you intend to run Tomcat in a live environment. I will use the nano editor in this howto for the sake of simplicity, you may use your favorite editor on every line starting with “nano…”.
Ok, let’s get started.
Installing Java
First we need to figure out which Java version we have, if any. Type the following into a command prompt:
java -version
javac -version
You should see that your Java version is at least 1.5.0 or higher. If not you will have to install both the JDK and JRE before we continue. I will use Java 6 for this tutorial, but Java 5 will also work. If you wish to use Java 5, substitute java6 in the following commands for java5.
To install the Sun Java JRE and JDK we first need to make sure that we have the appropriate repositories enabled. Go to System>Administration>Software Sources and make sure that you have all the repositories selected. When you close the window you will be prompted to update your software database, click OK.
Install Java 6 by typing
sudo apt-get install sun-java6-jre sun-java6-jdk
and saying yes to installing the additional packages. You will have to agree with the Sun Java licensing terms to install the packages.
Now that we have Java installed we can go on to installing Tomcat.
Creating user for Tomcat (Optional)
I will now create a separate user for running Tomcat, this isn’t necessary but I recommend it as it minimizes risks if your server ever gets hacked.
Type the following command to create a user “tomcat”:
sudo adduser tomcat
You will first be prompted for your own password, then the new user’s password.
Getting and installing Tomcat
Go to the Tomcat download page and download the “core” distribution as a tar.gz-file.
Go to the directory to which you downloaded the package and extract it with
tar zxvf apache-tomcat-6.0.xx.tar.gz
where 6.0.xx corresponds to the version you downloaded.
We now need to move the extracted folder and to /usr/local and create a symbolic link to it so that we can update the Tomcat version without having to change all our startup scripts. We will also change the tomcat files to be owned by the tomcat user, as this is the user we will be running the server as.
sudo mv apache-tomcat-6.0.xx /usr/local
sudo chown -R tomcat:tomcat /usr/local/apache-tomcat-6.0.xx/
sudo ln -s /usr/local/apache-tomcat-6.0.xx /usr/local/tomcat
Now we have a link /usr/local/tomcat that points to the apache-tomcat-6.0.xx folder. Why? Because now we can update Tomcat by extracting a newer version of Tomcat to the same directory and simply changing the link to point to the new version. This saves us from having to update the path to tomcat in scripts.
Next we need to change the current user to the tomcat user we made (skip this step if you didn’t create one)
su - tomcat
Tomcat needs to have a few environment-variables set for it to work, open .bashrc
nano .bashrc
and append the following lines to it:
export JAVA_HOME=/usr/lib/jvm/java-6-sun/ export CLASSPATH="/usr/local/tomcat/lib/jsp-api.jar;/usr/local/tomcat/lib/servlet-api.jar"
Use Ctrl+X to exit, press Y to save changes and Enter to save with the same name.
Your tomcat installation is now ready. If you’re content with having Tomcat running on the default 8080 port and starting and stopping it manually by writing
sh /usr/local/tomcat/bin/startup.sh
sh /usr/local/tomcat/bin/shutdown.sh
then you are finished and can go and play with your shiny new server.
If you want to change the port Tomcat listens to, have servlets reload without restarting your server or have it start automatically when you boot, stay with me a bit longer.
Changing the default port
Open up /usr/local/tomcat/conf/server.xml in your editor of choice.
nano /usr/local/tomcat/conf/server.xml
On the line
Connector port="8080" protocol="HTTP/1.1" ...
change the port number to whatever port you wish to use.
Port 80 is the default port for HTTP connections and is the port that answers if you type in an address without a specified port number. But if you have other servers, like apache, running on your machine this port is likely to be taken.
NOTE if you use port 80 you need to run tomcat as root, which is not advisable, instead I suggest making a port forward with iptables.
Enabling servlet refreshing
This is only needed and suggested for testing environments. Servlet reloading enables the server to reload changed servlets without having to restart the server. On production systems this leads to performance hits, but it will greatly help you during development stages of your project.
Open /usr/local/tomcat/conf/context.xml
nano /usr/local/tomcat/conf/context.xml
and change the line
Context
to
Context reloadable="true" privileged="true"
Starting the server automatically
If you wish that the server starts automatically when you start your computer you need to download this startup script and place it in your /etc/init.d/ directory.
Tomcat startup script
#!/bin/sh
TOMCAT_USER=tomcat
TOMCAT_PATH=/usr/local/tomcat
export JAVA_HOME=/usr/lib/jvm/java-6-sun/
export CLASSPATH="/usr/local/tomcat/lib/jsp-api.jar;/usr/local/tomcat/lib/servlet-api.jar"
start() {
echo -n "Starting Tomcat: "
su $TOMCAT_USER -c $TOMCAT_PATH/bin/startup.sh
sleep 2
}
stop() {
echo -n "Stopping Tomcat: "
su $TOMCAT_USER -c $TOMCAT_PATH/bin/shutdown.sh
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo $"Usage: tomcat {start|stop|restart}"
exit
esac
Open the script and make sure that the username and path are correct. Then make the script executable and and move it to the correct location.
chmod +x tomcat
sudo mv tomcat /etc/init.d/
sudo ln -s /etc/init.d/tomcat /etc/rc2.d/S99tomcat
sudo ln -s /etc/init.d/tomcat /etc/rc2.d/K99tomcat
Change the number in the rc2.d to correspond to the runlevel you start your computer to. In Ubuntu and Debian this is 2, on most other systems it is 5 if you start X automatically or 3 if you start with a commandprompt.
You can test that the script works by typing
sudo /etc/init.d/tomcat start
and going to http://localhost:8080/,or whatever portnumber you chose and see if you get the Tomcat welcome screen.
Congratulations, you now have a working Tomcat installation!
Enjoy.
Copy from: http://www.2nrds.com/installing-and-running-apache-tomcat-in-linux
Port forwarding in Linux
In Linux (and most other *nix systems) ports 1-1024 are called “privileged ports”. That means that only root processes can listen and serve on those ports.
It is not always the best idea to run web server like Apache as root. Also many Java web servers such as Tomcat and application servers like JBoss and Glassfish run as default on port 8080.
I suggest here running various web servers in non-privileged ports (higher than 1024) as non root user – specially Java web servers.
It is assumed that your web server listens http traffic at port 8080 and port 8443 is used for SSL protected (https) traffic.
This is how you can forward all traffic from external port 80 to port 8080 and all traffic from port 443 to 8443.
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
iptables -t nat -A PREROUTING -p udp -m udp --dport 443 -j REDIRECT --to-ports 8443
Save the script above for example to text file “my_portforward” and load it to iptables by running command:
source my_portforward
You should have now working port forward from port 80 to port 8080 and from port 443 to 8443. If you have web server process running at port 8080 you should see the page with your favorite internet browser by pointing to your web server.
Notice that you do not see nat with command
iptables -L
Easiest way to see that you really successfully loaded redirect is to use command:
iptables-save | grep PREROUTING
Command iptables-save is also the command you need to make your firewall start automatically when you boot your computer.
How to make the firewall start at boot
First make /etc/iptables folder and your current active firewall rule there:
mkdir /etc/iptables
iptables-save > /etc/iptables/firewall
Then make script to load your firewall rules and save it to location
/etc/network/if-up.d/firewall
#!/bin/sh
iptables-restore < /etc/iptables/firewall
And check that script rights allow running it (as root or with sudo)
chmod 700 /etc/network/if-up.d/iptables
Copy from: http://www.2nrds.com/port-forwarding-in-linux
It is not always the best idea to run web server like Apache as root. Also many Java web servers such as Tomcat and application servers like JBoss and Glassfish run as default on port 8080.
I suggest here running various web servers in non-privileged ports (higher than 1024) as non root user – specially Java web servers.
It is assumed that your web server listens http traffic at port 8080 and port 8443 is used for SSL protected (https) traffic.
This is how you can forward all traffic from external port 80 to port 8080 and all traffic from port 443 to 8443.
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
iptables -t nat -A PREROUTING -p udp -m udp --dport 443 -j REDIRECT --to-ports 8443
Save the script above for example to text file “my_portforward” and load it to iptables by running command:
source my_portforward
You should have now working port forward from port 80 to port 8080 and from port 443 to 8443. If you have web server process running at port 8080 you should see the page with your favorite internet browser by pointing to your web server.
Notice that you do not see nat with command
iptables -L
Easiest way to see that you really successfully loaded redirect is to use command:
iptables-save | grep PREROUTING
Command iptables-save is also the command you need to make your firewall start automatically when you boot your computer.
How to make the firewall start at boot
First make /etc/iptables folder and your current active firewall rule there:
mkdir /etc/iptables
iptables-save > /etc/iptables/firewall
Then make script to load your firewall rules and save it to location
/etc/network/if-up.d/firewall
#!/bin/sh
iptables-restore < /etc/iptables/firewall
And check that script rights allow running it (as root or with sudo)
chmod 700 /etc/network/if-up.d/iptables
Copy from: http://www.2nrds.com/port-forwarding-in-linux
Subscribe to:
Posts (Atom)