CentOS is great substitute for Red Hat Enterprise Linux but is missing some useful packages like Apache Tomcat 6. Installing Apache Tomcat 6 on CentOS 5 from gzip-package is fairly easy. The following guide is at least for CentOS 5.4.
Pre-Requirements
First you need to install Sun JDK and you can follow the instructions given in Installing Sun JDK 1.6 on CentOS
After Java is on place it’s time to get ready for Tomcat.
Download Apache Ant and Tomcat
- Download apache-ant and apache-tomcat -packages.
- Extract those packages to
/opt/
- Create a symbolic link for Ant
Create start script
- Create a tomcat user so that we don’t need root privileges for Tomcat
- Create start script to /etc/init.d for starting and stopping Tomcat
- The script is (via Build a safe cage for Tomcat)
-
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
| #!/bin/bash
#
# tomcat Starts Tomcat Java server.
#
#
# chkconfig: 345 88 12
# description: Tomcat is the server for
# Java servlet applications.
### BEGIN INIT INFO
# Provides: $tomcat
### END INIT INFO
JAVA_HOME=/usr/java/jdk1.6.0_18
export JAVA_HOME
TOMCAT_HOME=/opt/apache-tomcat-6.0.26/bin
START_TOMCAT=/opt/apache-tomcat-6.0.26/bin/startup.sh
STOP_TOMCAT=/opt/apache-tomcat-6.0.26/bin/shutdown.sh
# Source function library.
. /etc/init.d/functions
[ -f $START_TOMCAT ] || exit 0
[ -f $STOP_TOMCAT ] || exit 0
RETVAL=0
umask 077
start() {
echo -n $"Starting Tomcat Java server: "
daemon su -c $START_TOMCAT tomcat
echo
return $RETVAL
}
stop() {
echo -n $"Shutting down Tomcat Java server: "
daemon su -c $STOP_TOMCAT tomcat
echo
return $RETVAL
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
restart
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
esac
exit $? |
- Give executable rights for that script
- Add the script to CentOS services
- Check the changes
- You should see that the service uses levels 2, 3 and 4
- Test that the script is working and it gives no errors
- Everythings ready
CentOS doesn’t have a package for Sun JDK so it has to installed manually. It’s fairly easy but there are some steps to do that. This guide has been tested on CentOS 5.4 x64_86.
Step 1. Initial setup for building RPM
-!- Do this with a non-root user
- Create ~/.rpmmacros
- Create needed folders:
-
$ mkdir -p ~/rpmbuild/{SOURCES,SRPMS,SPECS,RPMS,tmp,BUILD}
- Build environment needs to be complete. Some needed packages are:
Step 2. Installing your favorite JDK
- Download Sun JDK 1.6 update 14 from Sun Java download or the Sun JDK archive.
- Choose the correct platform (for me it’s Linux x64) and download jdk-6u18-linux-x64-rpm.bin
- Give it executable rights:
$ chmod 755 jdk-6u18-linux-x64-rpm.bin
- Run the binary to extract it into RPM form:
$ ./jdk-6u18-linux-x64-rpm.bin
- Install it:
- Log out and in again to make the changes in the paths take effect
- Check the install
- Java is now installed on
/usr/bin/java
Apache Tomcat likes with default settings to listen to requests on 8080 and 8443 ports but it is more enjoyable to use the more common 80 and 443 ports for HTTP and HTTPS traffic. This way the user don’t have to put those pesky port numbers after the address. Of course you could just tell Tomcat to listen to those ports but it has some negative sides: hassle with the startup and running Tomcat as root.
Luckily it is easy to tell the system to redirect the traffic from some port to other. Just define some new xinetd services in /etc/xinetd.d/tomcat.
# vim /etc/xinetd.d/tomcat
# Redirects any requests on port 80 to port 8080 (where Tomcat is listening)
service tomcat-http
{
disable = no
flags = REUSE
wait = no
user = root
socket_type = stream
protocol = tcp
port = 80
redirect = localhost 8080
log_on_success -= PID HOST DURATION EXIT
#per_source = UNLIMITED
#instances = UNLIMITED
}
# Redirects any requests on port 443 to port 8443 (where Tomcat is listening)
service tomcat-https
{
disable = no
flags = REUSE
wait = no
user = root
socket_type = stream
protocol = tcp
port = 443
redirect = localhost 8443
log_on_success -= PID HOST DURATION EXIT
#per_source = UNLIMITED
#instances = UNLIMITED
}
(via Securing Linux for Java services: The port dilemma)
Xinetd puts a connection limit per source IP, by default and this causes the service to become unresponsive when there are dozens of queries a second. You see the following kind of line in your messages log file: “xinetd[2049]: FAIL: tomcat-https per_source_limit from=123.456.789.123″. To correct this, uncomment the per_source and instances lines in your xinet.d file and restart it.
Also add those xinetd services to /etc/services.
# vim /etc/services
http 80/tcp www www-http tomcat-http # WorldWideWeb http
http 80/udp www www-http tomcat-http # WorldWideWeb HTTP
http 443/tcp tomcat-https # WorldWideWeb HTTPS
http 443/udp tomcat-https # WorldWideWeb HTTPS
And now just restart the xinetd and admire how your traffic is redirected to Tomcat’s ports.
# service xinetd restart
Force everything to transmit through HTTPS
If you also want to redirect all HTTP traffic to HTTPS you can add the following section to you Tomcat web.xml:
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!-- auth-constraint goes here if you requre authentication -->
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>If you are using this redirection of all traffic to HTTPS with JIRA and want to attachments working also with Internet Explorer then you must add the following to your jira.xml (f. ex. /opt/tomcat/conf/Catalina/localhost/jira.xml). This is a Internet Explorer bug, for more information see http://jira.atlassian.com/browse/JRA-8179.
<Context ...>
...
<!-- for IE bug, see http://jira.atlassian.com/browse/JRA-8179-->
<Valve className="org.apache.catalina.authenticator.NonLoginAuthenticator"
disableProxyCaching="false" />
...
</Context>