Tomcat - Linux

tomcat

How can we install Tomcat on Linux from the official binary distribution from Apache Tomcat download site?

  1. Download the desired apache-tomcat-[#].tar.gz file
  2. Extract: tar -xvzf apache-tomcat-[#].tar.gz
  3. Move the extracted folder to a dedicated directory: sudo mv apache-tomcat-[#] /usr/local/apache-tomcat-[#]
  4. Set the JAVA_HOME environment variable if it is not already set. You can do this in your ~/.bashrc file, or in the /etc/profile file, or put it in the startup.sh file
  5. Set the CATALINA_HOME environment variable, which should point to /usr/local/apache-tomcat-[#]
  6. If you define the above environment variables in ~/.bashrc or /etc/profile, log out and log back in for the environment variables to take effect.
  7. Start Tomcat: $CATALINA_HOME/bin/startup.sh
  8. Verify that Tomcat is running: ps -elf | grep java | grep 8080 (Tomcat runs on port 8080 by default)
  9. Access the Tomcat Welcome page: http://localhost:8080/

What are some potential drawbacks of installing the official binary distribution from the Apache Tomcat download site?

  • You have to do some extra leg work to make Tomcat start automatically when Linux boots up

What are the basic steps to get Tomcat to start automatically at boot-up time?

  1. Create a Tomcat-specific user and user group
  2. Adjust ownership for new users and groups
  3. Relay traffic for non-root Tomcat user
  4. Create a custom init script

How can we create Tomcat-specific user and user group?

groupadd tomcat
useradd -s /sbin/nologin -g tomcat -d /path/to/tomcat tomcat
passwd tomcat

How can we adjust ownership for new user and group?

chown -R tomcat.tomcat /path/to/tomcat
chmod 775 /path/to/tomcat/webapps

The first statement gives ownership of the Tomcat directories to the Tomcat user, and the second statement gives the user write access to the webapps directory.

How can we relay traffic for the non-root Tomcat user?

Running Tomcat using a non-root user is more secure, but by default non-root user cannot bind to port 80, which mean that Tomcat must use a port number greater than 1024. Therefore, we must somehow redirect port 80 to the port that Tomcat is using:

iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -I OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080

To preserve these rules through re-boot, save them with the "ip-tables-save" command, and then follow the procedure appropriate for your Linux distribution. For most distributions, this means editing the iptables init script

How can we create a custom init script?

To start Tomcat at Linux boot time, we'll need to create an init script that invoke the startup.sh and shutdown.sh scripts that is included with Tomcat:

vi /etc/init.d/tomcat

#!/bin/bash
#
# Startup script for Tomcat
#
# chkconfig: - 86 15
# description: Tomcat is a JSP server.
# processname: tomcat

JAVA_HOME=/usr/java/default
export JAVA_HOME
tomcat_home=/usr/local/tomcat/current/bin
start_tomcat=/usr/local/tomcat/current/bin/startup.sh
stop_tomcat=/usr/local/tomcat/current/bin/shutdown.sh

start() {
        echo -n "Starting tomcat: "
        cd $tomcat_home
        ${start_tomcat}
        echo "done."
}
stop() {
        echo -n "Shutting down tomcat: "
        cd $tomcat_home
        ${stop_tomcat}
        echo "done."
}

# See how we were called
case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  restart)
        stop
        sleep 10
        start
        ;;
  *)
        echo "Usage: $0 {start|stop|restart}"
esac

exit 0
chmod 755 /etc/init.d/tomcat
chkconfig --add tomcat
chkconfig --level 35 tomcat on
chkconfig --list tomcat
/etc/init.d/tomcat start
/etc/init.d/tomcat stop

What are the differences between startup.sh and catalina.sh?

The two scripts capable of starting Tomcat in this directory are catalina.sh and startup.sh. The catalina.sh is the script that actually responsible for starting Tomcat. The startup.sh script simply invoke catalina.sh with the argument "start".

On Redhat or Fedora platform, after creating the start-up script, how can we configure it to start automatically?

After you create the init script, save your script in /etc/init.d, and configure proper permission settings. The process must belong to the sys group and be owned by root. Both sys and root must be able to read and execute the script. Now, simply link the service to rc3.d:

ln -s /etc/init.d/tomcat[#] /etc/rc3.d/S[#]tomcat
chkconfig --level 2345 /etc/init.d/tomcat[#] on

If we configure Tomcat to start as a non-root user (which we should), and we forward traffic from port 80 to port 8080, and if our application need to generate absolute URLs, it may generate URLs containing port 8080 which is not accessible from the outside. How can we avoid this problem?

We need to update the appropriate Connector element in the server.xml file (use the proxyPort attribute). For example:

<Connector port="8080" protocol="HTTP/1.1" proxyPort="80"
    connectionTimeout="20000"
    redirectPort="8443"
/>

What does it takes to run multiple Tomcat instances on the same machine?

  1. We need to download the binary distribution from the official Tomcat download site.
  2. Install Tomcat into two different directories. For example, /usr/local/tomcat[x]_BIRT, /usr/local/tomcat[x]_SSO.
  3. Create separate system users and groups if necessary
  4. Create separate init scripts
  5. Change the port numbers
  6. Restart Tomcat instances
  7. Test

Because each Tomcat instance now use different ports, we should be able to use the start.sh script and the stop.sh script to start or stop individual Tomcat instance without having to resort to ps and kill. We just have to use the right start.sh or stop.sh script.

How can we install Tomcat as a service on Fedora?

yum install tomcat6-systemv.noarch tomcat6-webapps.noarch tomcat6-admin-webapps.noarch
systemctl enable tomcat6.service
systemctl start tomcat6.service

conf: /etc/tomcat6
logs: /var/log/tomcat6/
temp: /var/cache/tomcat6/temp
webapps: /var/lib/tomcat6/webapps
work: /var/cache/tomcat6/work
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License