Apache Tomcat Service Install How-To¶
[Windows Tomcat as a Service]¶
Reference: http://tomcat.apache.org/tomcat-6.0-doc/windows-service-howto.html
Install Tomcat Service:
bin> service.bat install tomcat6.1
Remove Tomcat Service:
bin> service.bat remove
Execute Tomcat Monitor:
Option1 -> bin> tomcat6.1w.exe //MS//
Option2 -> bin> tomcat6w.exe //MS//Tomcat6.1
Update Servive Display Name:
bin> tomcat6.exe //US//tomcat6.1 --DisplayName="Apache Tomcat 6.1"
Make sure to add this java options:
-Dfile.encoding=UTF-8
-Xms128m
-Xmx1024m
-XX:PermSize=64m
-XX:MaxPermSize=512m
-Djava.awt.headless=true
Note
64-bit Tomcat Environment
Install Java 64bit for Windows
Install 64bit Apache Tomcat 7.X/8.X link
Set the correct java version inside the Tomcat Monitor
[Windows Tomcat as runnable application]¶
Create a file setenv.bat and put this file into the bin folder
Put the following content inside this file:
set "JAVA_OPTS=-Dfile.encoding=UTF-8 -Xms128m -Xmx1024m -XX:PermSize=64m -XX:MaxPermSize=512m -Djava.awt.headless=true"
exit /b 0
[Linux]¶
Create a file setenv.sh and put this file into the bin folder
Put this content inside this file:
export JAVA_OPTS="-Dfile.encoding=UTF-8 -Xms128m -Xmx1024m -XX:PermSize=64m -XX:MaxPermSize=512m -Djava.awt.headless=true"
Note
64-bit Tomcat Environment
Make sure the java version is 64bit
Change setenv.sh with the desired HeapSize (
-Xmx) as the following (leave PermSize as it is):export JAVA_OPTS="-Dfile.encoding=UTF-8 -d64 -Xms128m -Xmx2g -XX:PermSize=64m -XX:MaxPermSize=512m -Djava.awt.headless=true"
[Extra options]¶
For logging java garbage collector add this java options (CATALINA_BASE have to be set!):
-Xloggc:$CATALINA_BASE/logs/gc.log -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps
[Linux] Apache Tomcat Logging Settings¶
Set logging.properties¶
By default with the default settings in logging.properties, Tomcat will rotate the logs and it will logs lots of stuff
and it will write same log on catalina.out and catalina.log and we do not want this in production.
Replace the logging.properties file inside the conf folder of tomcat with this:
handlers = 1catalina.org.apache.juli.FileHandler
.handlers = 1catalina.org.apache.juli.FileHandler
############################################################
# Handler specific properties.
# Describes specific configuration info for Handlers.
############################################################
1catalina.org.apache.juli.FileHandler.level = FINE
1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
1catalina.org.apache.juli.FileHandler.prefix = catalina
1catalina.org.apache.juli.FileHandler.rotatable = false
############################################################
# Facility specific properties.
# Provides extra control for each logger.
############################################################
Configure a log rotate¶
Create a file into /etc/logrotate.d folder:
# touch /etc/logrotate.d/tomcat
Put this content inside the file:
/var/log/tomcat/*.log {
copytruncate
daily
rotate 7
compress
missingok
size 5M
}
Then create a symbolic link to the catalina.log
(replace the path to the tomcat and change the name catalina.log if you need to):
ln -s /usr/local/tomcat/logs/catalina.log catalina.log
Reload the logrotate deamon:
# /usr/sbin/logrotate /etc/logrotate.conf
More on logrorate:
# man logrotate
Apache Configuration¶
The following configuration should be added to the Apache file
httpd-vhosts.conf or whatever the configuration file is.
Adapt the configuration to your project settings,
replace <PROJECT PATH> and <PROJECT DOMAIN>.
# Add this for Apache 2.2
NameVirtualHost *:80
SetEnvIf Request_URI "^/ext/" dontlog
SetEnvIf Request_URI "/maintenance.html" no-jk
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "<PROJECT PATH>/web"
ServerName <PROJECT DOMAIN>
ErrorLog "logs/garam-error.log"
CustomLog "logs/garam-access.log" common env=!dontlog
DirectoryIndex index.jsp index.html
<Directory "<PROJECT PATH>/web">
Options FollowSymLinks
Order allow,deny
Allow from all
</Directory>
# DENY ACCESS TO WEB-INF
<Location "/WEB-INF/">
Deny from all
</Location>
#jkMount /* balance1
jkMount /*.jsp balance1
jkMount /*.action balance1
jkMount /*/edms/* balance1
jkMount /logout balance1
jkMount /Thumb balance1
jkMount /ws/* balance1
jkMount /FileDownServlet balance1
ErrorDocument 503 /maintenance.html
<Location /maintenance.html>
Order allow,deny
Allow from all
</Location>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}/maintenance.html -f
RewriteCond %{DOCUMENT_ROOT}/maintenance.enable -f
RewriteCond %{SCRIPT_FILENAME} !maintenance.html
RewriteRule ^.*$ /maintenance.html [R=503,L]
</IfModule>
# JK MANAGER
<Location /jkmanager/>
JkMount jkstatus
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from 203.239.21.0/24
</Location>
</VirtualHost>
Important
Make sure the rewrite module is enabled!
... and read this https://httpd.apache.org/docs/2.4/upgrading.html if using Apache 2.4.
SSL Apache Configuration¶
- Upload files necessary for using SSL protocol into the server.
Locate the folder /etc/pki/tls create folder kspmis and put the following files:
- _wildcard_kspmis_com.crt
- Server certificate data file
- rsa-dv.chain-bundle.pem
- Server CA Certificates
- _wildcard_kspmis_com_SHA256WITHRSA.key
- Server private key file
You can find these files on SVN http://125.141.221.126/repo/STND_PMIS_util/etc/20160215-167040-_wildcard_kspmis_com.pfx
- In order to use SSL verify that
mod_sslmodule is enabled.
mod_ssl.soshould be present in modules folder- The following directives should be present somewhere.
Check files inside extra folder (ex. httpd-ssl.conf) and
httpd.conf.:LoadModule ssl_module modules/mod_ssl.so Listen 443
If the module is not present install it with:
# for Centos
yum install mod_ssl
Create a VirtualHost listening on port 80 that will redirect requests from
*.kspmis.comto 443:<VirtualHost *:80> ServerAlias *.kspmis.com #ServerName kamcoybd.kspmis.com #ServerAlias www.kamcoybd.kspmis.com RewriteEngine on ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NE,R,L] </VirtualHost>
Important
Make sure you enabled the mod_rewrite module to make use of the above directives!:
# This module have to be enabled
LoadModule rewrite_module modules/mod_rewrite.so
Modify the VirtualHost listening on port 80 as follow:
<VirtualHost *:443> ... # ============ SSL CERTIFICATE HERE ============= SSLEngine On SSLCertificateFile /etc/pki/tls/kspmis/_wildcard_kspmis_com.crt SSLCertificateKeyFile /etc/pki/tls/kspmis/_wildcard_kspmis_com_SHA256WITHRSA.key SSLCertificateChainFile /etc/pki/tls/kspmis/rsa-dv.chain-bundle.pem # ================================================
Test the apache configuration:
# apachectl -t [Thu Feb 25 16:04:11 2016] [warn] _default_ VirtualHost overlap on port 443, the first has precedence Syntax OK
Note
The warning is due to the file ssl.conf inside the conf.d folder;
the VirtualHost inside that file should be deleted.
Load Balancer How-To¶
Note
Reference: LoadBalancer HowTo
A load balancer is a worker that does not directly communicate with Tomcat. Instead it is responsible for the management of several “real” workers, called members or sub workers of the load balancer.
This management includes:
Instantiating the workers in the web server. Using the worker’s load-balancing factor, perform weighted load balancing (distributing load according to defined strengths of the targets). Keeping requests belonging to the same session executing on the same Tomcat (session stickyness). Identifying failed Tomcat workers, suspending requests to them and instead falling-back on other workers managed by the load balancer. Providing status and load metrics for the load balancer itself and all members via the status worker interface. Allowing to dynamically reconfigure load-balancing via the status worker interface.
Workers managed by the same load balancer worker are load-balanced (based on their configured balancing factors and current request or session load) and also secured against failure by providing failover to other members of the same load balancer. So a single Tomcat process death will not “kill” the entire site.
Some of the features provided by a load balancer are even interesting, when only working with a single member worker (where load balancing is not possible).
# The load balancer worker balance1 will distribute
# load to the members worker1 and worker2
worker.balance1.type=lb
worker.balance1.balance_workers=worker1, worker2
worker.list=balance1
worker.worker1.type=ajp13
worker.worker1.host=myhost1
worker.worker1.port=8009
worker.worker2.type=ajp13
worker.worker2.host=myhost2
worker.worker2.port=8010
Important
The name of the Tomcat needs to be equal to the name of the
corresponding load balancer member. In the above example,
Tomcat on host myhost1 needs jvmRoute="worker1",
Tomcat on host myhost2 needs jvmRoute="worker2".
tomcat1 server.xml
<Engine defaultHost="cicciopanza" jvmRoute="worker1" name="default">
tomcat2 server.xml
<Engine defaultHost="cicciopanza" jvmRoute="worker2" name="default">
Status Worker Manager¶
Add the following code to the workers.properties.
# Add the status worker to the worker list
worker.list=jkstatus
# Define a 'jkstatus' worker using status
worker.jkstatus.type=status
Add the following code to the directive VirtualHost inside the host configuration file.
Apache 2.2
# JK MANAGER
<Location /jkmanager/>
JkMount jkstatus
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
Apache 2.4
# JK MANAGER
<Location /jkmanager/>
JkMount jkstatus
#Require all denied
Require ip 127.0.0.1
</Location>
Note
The Status Manager will be available at the URI <schema>://127.0.0.1/jkmanager/.
If you want to enable other host to access the status manager just add more Allow from directives.
# JK MANAGER 2.2
<Location /jkmanager/>
JkMount jkstatus
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from 200.300.20.0/24
Allow from 192.168.0.10
</Location>
# JK MANAGER 2.4
<Location /jkmanager/>
JkMount jkstatus
Require ip 127.0.0.1
Require ip 200.300.20.0/24
Require ip 192.168.0.10
</Location>