Edit WYSIWYGattachfile Attach PDF Raw View►More Actions▼More Actions


Restore topic to revision: You will be able to review the topic before saving it to a new revision

Copy text and form data to a new topic (no attachments will be copied though).
Name of copy:
You will be able to review the copied topic before saving

Rename/move topic... scans links in all public webs (recommended)
Rename/move topic... scans links in Main web only
Delete topic... scans links in all public webs (recommended)
Delete topic... scans links in Main web only

Revision Date Username Comment
611 Oct 2012 - 22:55NatalyaPortnov 
523 May 2012 - 15:47NatalyaPortnov 
423 May 2012 - 14:09NatalyaPortnov 
307 May 2012 - 15:53NatalyaPortnov 
207 May 2012 - 14:13NatalyaPortnov 
107 May 2012 - 11:28NatalyaPortnov(minor)  

Render style:     Context:


 History: r6 < r5 < r4 < r3 < r2
You are here: UMWiki>Main Web>WikiUsers>NatalyaPortnov>Tomcat7ServerOnUbuntuServer12_04LTS (11 Oct 2012, NatalyaPortnov)

Tomcat Server Setup

  • Ubuntu 12.04 64-bit Server
  • Hardware: 2 CPU, 2048 MB/RAM

Prerequisites

Software Install

  • Install Web Server Software
    sudo apt-get install openjdk-7-jdk apache2 libapache2-mod-jk tomcat7 tomcat7-admin groovy
    sudo apt-get install libjtds-java libmysql-java libpg-java ufw libtcnative-1
  • Remove Java 6
     
    sudo apt-get purge openjdk-6-jre-headless icedtea-6-jre-cacao openjdk-6-jre-lib icedtea-6-jre-jamvm
  • Tweak the Java and Tomcat configurations
    sudo sed -i -e 's/tomcat6/tomcat7/g' /etc/libapache2-mod-jk/workers.properties
    sudo sed -i -e 's/default-java/java-7-openjdk-amd64/g' /etc/libapache2-mod-jk/workers.properties
  • Install some fonts so that Jasper Reports works
    sudo apt-get install --no-install-recommends ttf-freefont ttf-indic-fonts-core ttf-mscorefonts-installer fontconfig

Tomcat Configuration

Disable mod_jk (temporarily
  • sudo a2dismod jk
Uncomment the following line in /etc/tomcat7/server.xml
  • tip Note that redirectPort was changed to 443
    <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
  • IDEA! IF YOU ARE USING Shibboleth, Set tomcatAuthentication to false.
    • This will tell tomcat to trust the authentication mechanisms passed by Apache. For Example:
      <Connector port="8009" protocol="AJP/1.3" redirectPort="443" tomcatAuthentication="false" />
  • IDEA! Add the following to /etc/apache2/mods-available/jk.conf if you are using Shibboleth
    ### Default Shibboleth Environment Variables ##
    JkEnvVar Shib-Application-ID
    JkEnvVar Shib-Authentication-Instant
    JkEnvVar Shib-Session-Index
    JkEnvVar Shib-Authentication-Method
    JkEnvVar Shib-Identity-Provider
    JkEnvVar Shib-AuthnContext-Class
    JkEnvVar Shib-Session-ID
    JkEnvVar REMOTE_USER
    JkEnvVar AUTH_TYPE
    ### Add Custom Shibboleth Attributes Here. ###
    ### These should match what you put in your /etc/shibboleth/attribute-map.xml. ###
    JkEnvVar eppn
    JkEnvVar uid
    JkEnvVar isGuest
    JkEnvVar givenName
    JkEnvVar initials
    JkEnvVar surname
  • Create the file /etc/apache2/sites-available/tomcat7-ssl , and paste in the following contents.
    • IDEA! You'll have to change all references to dept.umn.edu to match your department, and webapp.dept.umn.edu server's name
      ServerName webapp.dept.umn.edu
      
      <VirtualHost _default_:80>
        ServerAdmin webmaster@dept.umn.edu
        Redirect permanent / https://webapp.dept.umn.edu/
      </VirtualHost>
      
      <VirtualHost _default_:443>
        ServerAdmin webmaster@dept.umn.edu
      
        DocumentRoot /var/www
        <Directory />
          Options FollowSymLinks
          AllowOverride None
        </Directory>
        <Directory /var/www/>
          Options Indexes FollowSymLinks MultiViews
          AllowOverride None
          Order allow,deny
          allow from all
        </Directory>
      
        # Assign specific URLs to Tomcat. In general the structure of a 
        # JkMount directive is: JkMount [URL prefix] [Worker name]
      
        # send all requests ajp13_worker
        JkMount /* ajp13_worker
      
        ErrorLog /var/log/apache2/error.log
      
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
      
        CustomLog /var/log/apache2/ssl_access.log combined
      
        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine On
      
        SSLCertificateFile      /etc/ssl/certs/webapp.dept.umn.edu.crt
        SSLCertificateChainFile      /etc/ssl/certs/webapp.dept.umn.edu-interm.crt
        SSLCertificateKeyFile   /etc/ssl/private/webapp.dept.umn.edu.key
      
        # MSIE Fixes
        BrowserMatch "MSIE [2-6]" \
          nokeepalive ssl-unclean-shutdown \
          downgrade-1.0 force-response-1.0
        # MSIE 7 and newer should be able to use keepalive
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
      
      </VirtualHost>
      If you are using the Shibboleth SP, add the following directives within the VirtualHost tag
              Alias /shibboleth-sp/logo.jpg /usr/share/shibboleth/logo.jpg
              Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css
              JkUnMount /Shibboleth.sso/* ajp13_worker
              JkUnMount /shibboleth-sp/logo.jpg ajp13_worker
              JkUnMount /shibboleth-sp/main.css ajp13_worker
      
              # The following is recommended if you are JkMount-ing the entire site. "/*"
              # Alias /favicon.ico /var/www/favicon.ico
              # JkUnMount /favicon.ico ajp13_worker

Copy the SSL Private key to /etc/ssl/private/ and the SSL Cert to /etc/ssl/certs/ Go to SSLCerts for information on getting the certificates

sudo adduser www-data ssl-cert
sudo chmod 0640 /etc/ssl/private/webapp.dept.umn.edu.key
sudo chgrp ssl-cert /etc/ssl/private/webapp.dept.umn.edu.key
sudo a2enmod ssl
sudo a2enmod jk
sudo a2dissite 000-default
sudo a2ensite tomcat7-ssl

Firewall Settings

sudo ufw allow proto tcp from any to any port 80
sudo ufw allow proto tcp from any to any port 443
sudo ufw enable

Tomcat Configuration

In /etc/default/tomcat7 set the following option

TOMCAT7_SECURITY=no
JAVA_OPTS="-Djava.awt.headless=true -Xms2048m -Xmx2048m -XX:PermSize=1024m -XX:MaxPermSize=1024m"
# change the default garbage collector
JAVA_OPTS="$JAVA_OPTS -XX:+UseConcMarkSweepGC"
# JMX Monitoring Options
# JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote"
# JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.port=9010"
# JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.ssl=false"
# JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.authenticate=true"
# JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.access.file=/etc/tomcat7/jmxremote.access"
# JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.password.file=/etc/tomcat7/jmxremote.password"

Change /etc/hosts to contain the actual IP of the server, not 127.0.1.1

Tomcat Administrators /etc/tomcat7/tomcat-users.xml

<tomcat-users>
  <role rolename="admin"/>
  <role rolename="manager"/>
  <user username="ajz" password="SecretPassword" roles="admin,manager"/>
</tomcat-users>

  • Restart the services
    sudo service tomcat7 restart
    sudo service apache2 restart

-- NatalyaPortnov - 07 May 2012

Topic revision: r6 - 11 Oct 2012 - 22:55:12 - NatalyaPortnov
UMWiki is the University of Minnesota's Collaborative Wiki.

email: wiki@umn.edu

List of All Webs


A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

 
UMWiki UMWiki
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding UMWiki? Send feedback