...
Tomcat configuration:
The following instructions configure various parts of the Tomcat server. It is recommended that all configurations are applied.
The first task is to be sure tomcat is run with the permissions of the tomcat user. This is far more secure than running tomcat as root and will quickly point out any misconfigurations that will certainly be found when your applications are deployed to a production environment. In order to complete the following configuration steps System configuration, Java installation/update and Tomcat installation/update need to be completed and you should have opened a new shell or logged in again to refresh your profile.
...
- Following are some reasonable defaults to run Tomcat under. They include setting memory constraints, modest increase of PermGen so redeploying applications does not cause OutOfPermGenMemory errorsOutOfMemoryError PermGen space errors, Java7 GC and JMX file settings. We encourage use of JMX because it is a standard we increasingly use for runtime monitoring and configuration and many applications now depend on JMX to run correctly. Some of the settings will require editing to reflect your environment (e.g. ...jmx.rmi.server.hostname=192.168.1.xxx).
- The following settings also define paths for "endorsed" lib and bin directories. If you are unsure what these are for you probably don't need them but they should be configured in case they are needed.
- If your current $CATALINA_HOME/bin/setenv.sh does not have setenv.sh then you will need to create it - sudo vi $CATALINA_HOME/bin/setenv.sh This file is read by catalina.sh if it exists. Copy/save into this file the following lines changing those configuration items that are different for your system (e.g. 192.168.1.xxx).
...
JMX
JMX is a service we use to monitor the health of Tomcat while it is running as well as runtime updates to runtime configuration updates. Changes need to be made to $CATALINA_HOME/conf/server.xml and $CATALINA_HOME/bin/setenv.sh. Please see tomcat server - reasonable defaults for setenv.sh changes.
- The following directive needs to be added to server.xml - place it with the other listeners.
<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
rmiRegistryPortPlatform="9090" rmiServerPortPlatform="9091" /> - This will start the JMX server on port 9090 and the listenback on 9091 (change if needed).
- An additional library, catalina-jmx-remote.jar, needs to be downloaded from the Apache Tomcat Download Extras site (e.g. http://tomcat.apache.org/download-70.cgi) and placed in $CATALINA_HOME/lib
- Once these steps are completed and thos
- The following directive needs to be added to server.xml - place it with the other listeners.
4) Make sure all directories and files in $CATALINA_HOME are owned by tomcat:tomcat
7) JMX is a service we use to monitor the health of Tomcat while it is running. Changes need to be made to
$CATALINA_HOME/conf/server.xml and $CATALINA_HOME/conf/setenv.sh.
The following directive needs to be added to server.xml - it can be placed with the other listeners.
<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
rmiRegistryPortPlatform="9090" rmiServerPortPlatform="9091" />
This will start the JMX server on port 9090 and the listenback on 9091. In order for this to work an additional library needs to be installed in $CATALINA_HOME/lib , catalina-jmx-remote.jar. Either make a
copy of the one in this TC or download the approprate version from Tomcat downloads /extras from Apache.
...
- those setenv.sh JMX will be enabled
- In order to use JMX two files need to be created in $CATALINA_HOME/conf They are jmxremote.access and jmxremote.password. Click on the attached files to copy the contents to the appropriate file contents to the respective file you create in $CATALINA_HOME/conf (e.g. sudo vi $CATALINA_HOME/conf/jmxremote.
...
- access ). Change the values in the files as appropriate.
- access ). Change the values in the files as appropriate.
External configuration and shared jars - shared/classes , shared/lib
External configuration files and shared jars are kept in $CATALINA_HOME/shared/classes and ...
...
lib respectively. These directories need to be
...
created and configured to be used by
the Tomcat common classloader.
...
- First create the directories - sudo mkdir -p $CATALINA_HOME/shared/classes - sudo mkdir $CATALINA_HOME/shared/lib
- Now configure the class loader by appending the following code to the
...
- line beginning with common.loader... in $CATALINA_HOME/conf/catalina.
...
- properties
,${catalina.home}/shared/classes,${catalina.home}/shared/lib/*.jar,${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar
- properties
...
- Once completed properties files, resource bundles, SpringConfigurator.xml files and shared libraries (e.g. Junit.jar, mysql-connector-java-5.x.xxx.jar) can be found on the classpath by any application.
LOG4J
In order to use log4j as the catalina logger instead of the default, java.util.logging, the log4j jar needs to be included in $CATALINA_HOME/lib
...
with a log4j.properties
...
file. Additionally, from the Apache Tomcat Extras files, tomcat-juli.jar and tomcat-juli-adapters.jar
...
, need to be downloaded and installed.
- Download log4j v.1.2 or greater. (e.g. wget http://archive.apache.org/dist/logging/log4j/1.2.17/log4j-1.2.17-javadoc.jar ) be sure to check the md5 signature ( http://archive.apache.org/dist/logging/log4j/1.2.17/log4j-1.2.17-javadoc.jar.md5 )
- Install the log4j jar into $CATALINA_HOME/lib
- Create a log4j.xml file and put it in $CATALINA_HOME/
...
- lib ( sudo vi $CATALINA_HOME/lib
...
- /log4j.xml ).
- Download tomcat-juli.jar from Apache Tomcat Extras (wget http://mirror.reverse.net/pub/apache/tomcat/tomcat-7/v7.0.55/bin/extras/tomcat-juli.jar ) and install it in $CATALINA_HOME/bin where it will replace the existing file of the same name.
- Download tomcat-juli.jar from Apache Tomcat Extras (wget http://mirror.reverse.net/pub/apache/tomcat/tomcat-7/v7.0.55/bin/extras/tomcat-juli-adapters.jar ) and install it in $CATALINA_HOME/lib
- Starting/restarting Tomcat will use log4j for logging.
FINAL STEPS - REALLY IMPORTANT
Finally cd to $CATALINA_HOME and execute the following command - sudo chown -R tomcat:nobody
This will make the tomcat user for all files allowing for read/write access - otherwise the server will not start because it cannot log or read certain files.
Remember - have fun!