Installing Sun Java 6

Ensure the non-free section is enabled for the APT repository configuration in /etc/apt/sources.list, e.g. “deb http://ftp.de.debian.org/debian testing main contrib non-free”

apt-get update
apt-get install sun-java6-jdk
echo 'JAVA_HOME="/usr/lib/jvm/java-6-sun"' >> /etc/environment
echo 'JRE_HOME="/usr/lib/jvm/java-6-sun/jre"' >> /etc/environment

Installing Tomcat 6

apt-get install tomcat6 tomcat6-admin
/etc/init.d/tomcat6 stop

Creating standard Tomcat directory layout

mkdir /opt/tomcat
cd /opt/tomcat
ln -s /etc/tomcat6/ conf
ln -s /usr/share/tomcat6/bin/ bin
ln -s /usr/share/tomcat6/lib/ lib
ln -s /var/lib/tomcat6/webapps webapps
ln -s /var/log/tomcat6/ logs

Creating a Tomcat admin user

In /opt/tomcat/conf/tomcat-users.xml add an entry like:

<user name="ADMIN_USERNAME" password="ADMIN_PASSWORD" roles="admin,manager" />

Setting up virtual hosts

For each virtual host execute the following command. Replace “mydomain.com” with the desired virtual host name, but omit the “www.” part.

mkdir -p /opt/tomcat/webapps.mydomain.com/ROOT

In the <Engine> tag of “/opt/tomcat/conf/server.xml” add one host entry for each virtual host.

<Host name="mydomain.com" appBase="/opt/tomcat/webapps.mydomain.com">
    <Alias>www.mydomain.com>/Alias>
    <Valve className="org.apache.catalina.valves.AccessLogValve" prefix="mydomain_access_log." suffix=".txt" pattern="common"/>
</Host>

The <Alias> tag tells Tomcat to redirect from www.mydomain.com to mydomain.com.
The <Valve> tag enables access logging in the standard logging format.

Using xinetd to configure port 80 for Tomcat

Binding a service on port 80 requires root permissions. Thus we use port forwarding to “bind” Tomcat to port 80. My VPS does not support the use of “iptables -j REDIRECT” therefore I am using xinetd as a web proxy.
Ensure that no other service is listening on port 80/443:

netstat -pan | grep ":80\|:443"

Register the required xinetd services:

echo echo "
service www
{
        socket_type     = stream
        protocol        = tcp
        user            = root
        wait            = no
        bind            = 88.80.198.181
        port            = 80
        redirect        = localhost 8080
        disable         = no
        flags           = REUSE
        log_type        = FILE /var/log/wwwaccess.log
        log_on_success  -= PID HOST DURATION EXIT

        per_source      = UNLIMITED
        instances       = UNLIMITED
}

service https
{
        socket_type     = stream
        protocol        = tcp
        user            = root
        wait            = no
        bind            = 88.80.198.181
        port            = 443
        redirect        = localhost 8443
        disable         = no
        flags           = REUSE
        log_type        = FILE /var/log/httpsaccess.log
        log_on_success  -= PID HOST DURATION EXIT

        per_source      = UNLIMITED
        instances       = UNLIMITED
}
" > /etc/init.d/tomcat
/etc/init.d/xinetd restart

If you want to use a different service name, e.g. “tomcat” instead of “www” you must add this service to /var/services, e.g. “tomcat 80/tcp”
In /opt/tomcat/conf/server.xml modify the <Connector> as follows:

<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" proxyPort="80" address="127.0.0.1" />

This binds Tomcat to localhost. It also tells Tomcat that port 80 is the proxy port which is necessary for correct URL generation.
From now on the Tomcat admin applications are only accessible via localhost. You can use SSH port forwarding to still access the applications from your workstation’s web browser. E.g. if you are using PuTTY you can use this command line option “-L 8080:localhost:8080″ to forward the server’s local 8080 port to your workstation’s local 8080 port. On your workstation’s browser you then simply enter http://localhost:8080/manager/html and are connected to the server’s Tomcat admin application.

Enabling PHP support (optional)

Download Quercus.

mkdir -p /opt/downloads
wget -o /opt/downloads/quercus-4.0.3.war http://caucho.com/download/quercus-4.0.3.war

Install Quercus as a shared library.

unzip -j /opt/downloads/quercus-4.0.3.war \*.jar -d /opt/tomcat/lib

Enable PHP support for the virtual hosts by installing the quercus web.xml. For each virtual host execute:

unzip /opt/downloads/quercus-4.0.3.war *web.xml -d /opt/tomcat/webapps.mydomain.com/ROOT

Starting Tomcat

/etc/init.d/tomcat start

References

• Securing Linux for Java services: The port dilemma
• Redirect HTTP and HTTPS traffic to Tomcat’s ports
• Tomcat 6: Virtual Hosting How To
• Tomcat 6: Classloader How To
• Virtual Hosting with Tomcat
• Quercus: Tomcat
• How to install Tomcat 6 on Ubuntu 9.04 (Jaunty)

© sebthom for sebthom.de, 2010. | Permalink | No comment | Add to del.icio.us
Post tags: Java, PHP, port 80, port forwarding, quercus, tomcat, vhost, virtual servers, VPS, xinetd

Feed enhanced by Better Feed from Ozh

For anyone who is interested, that is what we came up to put the initial user id into a variable named ${LOGIN_USER}

LOGIN_USER=`who -m`; LOGIN_USER=${LOGIN_USER%% *}

or alternatively

LOGIN_USER=`who -m | cut -d' ' -f1`

© sebthom for sebthom.de, 2009. | Permalink | No comment | Add to del.icio.us
Post tags: bash, Linux, username

Feed enhanced by Better Feed from Ozh