편리한 호스팅 미소IDC

   
 
 
 

      1차 네임서버 :
      ns1.misoidc.com
      101.79.73.101

      2차 네임서버 :
      ns2.misoidc.com
      101.79.73.105

      어제 : 229 ,오늘 : 145
      전체 : 1,091,289


     

 

 
작성일 : 11-11-15 17:08
Install Tomcat 7 on CentOS, RHEL, or Fedora
 글쓴이 : 싼웹호스팅
조회 : 54,310  

This post will cover installing and basic configuration of Tomcat 7 on CentOS 5.x. or 6.x

Tomcat 7 implements the JavaServer Pages 2.2 and Servlet 3.0 specifications and a number of new features. The Manager application also has a new look and finer-grain roles and access than 6.x

In this post, we'll install Tomcat 7, the new JDK 7, configure Tomcat as a service, create a start/stop script, and (optionally) configure Tomcat to run under a non-root user. We will also configure basic access to Tomcat Manager and take a quick look at memory management using JAVA_OPTS

For this installation, we'll use Tomcat 7.0.21, the current stable release of Tomcat 7.

To begin, we'll need to install the Java Development Kit (JDK) 7

JDK 1.6 is the minimum JDK version for Tomcat 7.


Step 1: Install JDK 1.7.0



You can download the latest JDK here: http://www.oracle.com/technetwork/java/javase/downloads/index.html

We'll install the latest JDK, which is JDK 7, Update 1. The JDK is specific to 32 and 64 bit versions.

My CentOS box is 64 bit, so I'll need: jdk-7u1-linux-x64.tar.gz.

If you are on 32 bit, you'll need: jdk-7u1-linux-i586.tar.gz

Download the appropriate JDK and save it to a directory. I'm saving it to /root.


Create a new directory /usr/java.
  1. [root@srv6 ~]# mkdir /usr/java

Change to the /usr/java directory we created

  1. [root@srv6 ~]# cd /usr/java
  2. [root@srv6 java ]#


Move or copy jdk-7u1-linux-x64.tar.gz to the /usr/java directory:

  1. [root@srv6 java]# mv jdk-7u1-linux-x64.tar.gz /usr/java/jdk-7u1-linux-x64.tar.gz

Unpack jdk-7u1-linux-x64.tar.gz in the /usr/java file using tar -xzf:
  1. [root@srv6 java]# tar -xzf jdk-7u1-linux-x64.tar.gz
This will create the directory /usr/java/jdk1.7.0
  1. [root@srv6 ~]# cd /usr/java
  2. [root@srv6 java]# sh /opt/jdk-7-linux-x64.tar.gz

Set the JAVA_HOME path. This is where we installed our JDK above.

To set it for your current session, you can issue the following from the CLI:
  1. [root@srv6 java]# JAVA_HOME=/usr/java/jdk1.7.0_01
  2. [root@srv6 java]# export JAVA_HOME
  3. [root@srv6 java]# PATH=$JAVA_HOME/bin:$PATH
  4. [root@srv6 java]# export PATH

To set the JAVA_HOME permanently, we add below to either the ~/.bashrc or ~/.bash_profile of the user (in this case, root).
We can also add it /etc/profile and then source it to give to all users.
  1. JAVA_HOME=/usr/java/jdk1.7.0_01
  2. export JAVA_HOME
  3. PATH=$JAVA_HOME/bin:$PATH
  4. export PATH
Once you have added the above to ~/.bash_profile or ~/.bashrc, you should log out, then log back in and check that the JAVA_HOME is set correctly.

  1. [root@srv6 ~]# echo $JAVA_HOME
  2. /usr/java/jdk1.7.0_01


Step 2: Download and Unpack Tomcat 7.0.21



Download apache-tomcat-7.0.21.tar.gz here

Save the file to a directory. I'm saving it to /root/apache-tomcat-7.0.21.tar.gz

Before proceeding, you should verify the MD5 Checksum for your Tomcat download (or any other download).

Since we saved the Tomcat download to /root/apache-tomcat-7.0.21.tar.gz, we'll go to the /root directory and use the md5sum command.

  1. [root@srv6 ~]# md5sum apache-tomcat-7.0.21.tar.gz
  2. 1fcbf1fcaa40c9b27a81379be1e861f7 *apache-tomcat-7.0.21.tar.gz
Compare the output above to the MD5 Checksum provided by here the Apache Tomcat MD5 page and insure that they match exactly.

Now, move (mv) or copy (cp) the file to the /usr/share directory:

  1. [root@srv6 ~]# mv apache-tomcat-7.0.21.tar.gz /usr/share/apache-tomcat-7.0.21.tar.gz
Change to the /usr/share directory and unpack the file using tar -xzf:

  1. [root@srv6 ~]# cd /usr/share
  2. [root@srv6 share ]# tar -xzf apache-tomcat-7.0.21.tar.gz
This will create the directory /usr/share/apache-tomcat-7.0.21


Step 3: Configure Tomcat to Run as a Service.



We will now see how to run Tomcat as a service and create a simple Start/Stop/Restart script, as well as to start Tomcat at boot.

Change to the /etc/init.d directory and create a script called 'tomcat' as shown below.

  1. [root@srv6 share]# cd /etc/init.d
  2. [root@srv6 init.d]# vi tomcat
And here is the script we will use.

  1. #!/bin/bash
  2. # description: Tomcat Start Stop Restart
  3. # processname: tomcat
  4. # chkconfig: 234 20 80
  5. JAVA_HOME=/usr/java/jdk1.7.0_01
  6. export JAVA_HOME
  7. PATH=$JAVA_HOME/bin:$PATH
  8. export PATH
  9. CATALINA_HOME=/usr/share/apache-tomcat-7.0.21
  10. case $1 in
  11. start)
  12. sh $CATALINA_HOME/bin/startup.sh
  13. ;;
  14. stop)
  15. sh $CATALINA_HOME/bin/shutdown.sh
  16. ;;
  17. restart)
  18. sh $CATALINA_HOME/bin/shutdown.sh
  19. sh $CATALINA_HOME/bin/startup.sh
  20. ;;
  21. esac
  22. exit 0
The above script is simple and contains all of the basic elements you will need to get going.

As you can see, we are simply calling the startup.sh and shutdown.sh scripts located in the Tomcat bin directory (/usr/share/apache-tomcat-7.0.21/bin).

You can adjust your script according to your needs and, in subsequent posts, we'll look at additional examples.

CATALINA_HOME is the Tomcat home directory (/usr/share/apache-tomcat-7.0.21)

Now, set the permissions for your script to make it executable:

  1. [root@srv6 init.d]# chmod 755 tomcat
We now use the chkconfig utility to have Tomcat start at boot time. In my script above, I am using chkconfig: 234 20 80. 2345 are the run levels and 20 and 80 are the stop and start priorities respectively. You can adjust as needed.

  1. [root@srv6 init.d]# chkconfig --add tomcat
  2. [root@srv6 init.d]# chkconfig --level 234 tomcat on
Verify it:

  1. [root@srv6 init.d]# chkconfig --list tomcat
  2. tomcat 0:off 1:off 2:on 3:on 4:on 5:off 6:off
Now, let's test our script.

Start Tomcat:
  1. [root@srv6 ~]# service tomcat start
  2. Using CATALINA_BASE: /usr/share/apache-tomcat-7.0.21
  3. Using CATALINA_HOME: /usr/share/apache-tomcat-7.0.21
  4. Using CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.21/temp
  5. Using JRE_HOME: /usr/java/jdk1.7.0_01
  6. Using CLASSPATH: /usr/share/apache-tomcat-7.0.21/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.21/bin/tomcat-juli.jar
Stop Tomcat:

  1. [root@srv6 ~]# service tomcat stop
  2. Using CATALINA_BASE: /usr/share/apache-tomcat-7.0.21
  3. Using CATALINA_HOME: /usr/share/apache-tomcat-7.0.21
  4. Using CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.21/temp
  5. Using JRE_HOME: /usr/java/jdk1.7.0_01
  6. Using CLASSPATH: /usr/share/apache-tomcat-7.0.21/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.21/bin/tomcat-juli.jar
Restarting Tomcat (Must be started first):

  1. [root@srv6 ~]# service tomcat restart
  2. Using CATALINA_BASE: /usr/share/apache-tomcat-7.0.21
  3. Using CATALINA_HOME: /usr/share/apache-tomcat-7.0.21
  4. Using CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.21/temp
  5. Using JRE_HOME: /usr/java/jdk1.7.0_01
  6. Using CLASSPATH: /usr/share/apache-tomcat-7.0.21/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.21/bin/tomcat-juli.jar
  7. Using CATALINA_BASE: /usr/share/apache-tomcat-7.0.21
  8. Using CATALINA_HOME: /usr/share/apache-tomcat-7.0.21
  9. Using CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.21/temp
  10. Using JRE_HOME: /usr/java/jdk1.7.0_01
  11. Using CLASSPATH: /usr/share/apache-tomcat-7.0.21/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.21/bin/tomcat-juli.jar
We should review the Catalina.out log located at /usr/share/apache-tomcat-7.0.21/logs/catalina.out and check for any errors.

  1. [root@srv6 init.d]# more /usr/share/apache-tomcat-7.0.21/logs/catalina.out
We can now access the Tomcat Manager page at:

http://yourdomain.com:8080 or http://yourIPaddress:8080 and we should see the Tomcat home page.


Step 4: Configuring Tomcat Manager Access.



Tomcat 7 contains a number of changes that offer finer-grain roles.

For security reasons, no users or passwords are created for the Tomcat manager roles by default. In a production deployment, it is always best to remove the Manager application.

To set roles, user name(s) and password(s), we need to configure the tomcat-users.xml file located at $CATALINA_HOME/conf/tomcat-users.xml.

In the case of our installation, $CATALINA_HOME is located at /usr/share/apache-tomcat-7.0.21.

By default the Tomcat 7 tomcat-users.xml file will have the elements between the and tags commented-out. .

New roles for Tomcat 7 offer finer-grained access and The following roles are now available:

manager-gui
manager-status
manager-jmx
manager-script
admin-gu
admin-script.

We can set the manager-gui role, for example as below

:
  1. <tomcat-users>
  2. <role rolename="manager-gui"/>
  3. <user username="tomcat" password="secret" roles="manager-gui"/>
  4. </tomcat-users>


Caution should be exercised in granting multiple roles so as not to under-mind security.


Step 5 (Oprtional): Manage Memory Usage Using JAVA_OPTS.



Getting the right heap memory settings for your installation will depend on a number of factors.

For simplicity, we will set our inital heap size, Xms, and our maximum heap size, Xmx, to the same value of 128 Mb

Simliarly, there are several approaches you can take as to where and how you set your JAVA_OPTS

Again, for simplicity, we will add our JAVA_OPTS memory parameters in our Catalina.sh file.

So, open the Catalina.sh file located under /usr/share/apache-tomcat-7.0.21/bin with a text editor or vi.

Since we are using 128 Mb for both initial and maximum heap size, add the following line to Catalina.sh

  1. JAVA_OPTS="-Xms128m -Xmx128m"


I usually just add this in the second line of the file so it looks as so:

  1. #!/bin/sh
  2. JAVA_OPTS="-Xms128m -Xmx128m"
  3. # Licensed to the Apache Software Foundation (ASF) under one or more
  4. # contributor license agreements. See the NOTICE file distributed with
  5. # this work for additional information regarding copyright ownership.
  6. # The ASF licenses this file to You under the Apache License, Version 2.0
  7. # (the "License"); you may not use this file except in compliance with
  8. # the License. You may obtain a copy of the License at



Step 6 (Optional): How to Run Tomcat using Minimally Privileged (non-root) User.



In our Tomcat configuration above, we are running Tomcat as Root.

For security reasons, it is always best to run services with the only those privileges that are necessary.

There are some who make a strong case that this is not required, but it's always best to err on the side of caution.

To run Tomcat as non-root user, we need to do the following:

1. Create the group 'tomcat':

  1. [root@srv6 ~]# groupadd tomcat
2. Create the user 'tomcat' and add this user to the tomcat group we created above.

  1. [root@srv6 ~]# useradd -s /bin/bash -g tomcat tomcat
The above will create a home directory for the user tomcat in the default user home as /home/tomcat

If we want the home directory to be elsewhere, we simply specify so using the -d switch.

  1. [root@srv6 ~]# useradd -g tomcat -d /usr/share/apache-tomcat-7.0.21/tomcat tomcat
The above will create the user tomcat's home directory as /usr/share/apache-tomcat-7.0.21/tomcat

3. Change ownership of the tomcat files to the user tomcat we created above:

  1. [root@srv6 ~]# chown -Rf tomcat.tomcat /usr/share/apache-tomcat-7.0.21/
Note: it is possible to enhance our security still further by making certain files and directories read-only. This will not be covered in this post and care should be used when setting such permissions.

4. Adjust the start/stop service script we created above. In our new script, we need to su to the user tomcat:

  1. #!/bin/bash
  2. # description: Tomcat Start Stop Restart
  3. # processname: tomcat
  4. # chkconfig: 234 20 80
  5. JAVA_HOME=/usr/java/jdk1.7.0_01
  6. export JAVA_HOME
  7. PATH=$JAVA_HOME/bin:$PATH
  8. export PATH
  9. TOMCAT_HOME=/usr/share/apache-tomcat-7.0.21/bin
  10. case $1 in
  11. start)
  12. /bin/su tomcat $TOMCAT_HOME/startup.sh
  13. ;;
  14. stop)
  15. /bin/su tomcat $TOMCAT_HOME/shutdown.sh
  16. ;;
  17. restart)
  18. /bin/su tomcat $TOMCAT_HOME/shutdown.sh
  19. /bin/su tomcat $TOMCAT_HOME/startup.sh
  20. ;;
  21. esac
  22. exit 0



Step 7 (Optional): How to Run Tomcat on Port 80 as Non-Root User.



Note: the following applies when you are running Tomcat in "stand alone" mode with Tomcat running under the minimally privileged user Tomcat we created in the previous step.

To run services below port 1024 as a user other than root, you can add the following to your IP tables:

  1. [root@srv6 ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
  2. [root@srv6 ~]# iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080


Be sure to save and restart your IP Tables.

Related Tomcat Posts

Learn More About Apache Tomcat 7 Apache Tomcat Foundation Tomcat 7


 
 

Total 78
번호 제   목 글쓴이 날짜 조회
63 backuppc 소스설치 하기 (1) 싼웹호스팅 06-11 60668
62 [CREATE DATABASE] 오라클 DB 수동생성 ( CREATE DATABASE 이용) 싼웹호스팅 07-07 60175
61 리눅스에서 소스컴파일을 이용한 Trac, Subversion 설치 완벽 가… (1) 싼웹호스팅 05-10 60007
60 wowza live 스트리밍 싼웹호스팅 10-11 59433
59 Install Tomcat 7 on CentOS, RHEL, or Fedora 싼웹호스팅 11-15 54311
58 rsyslog + LogAnalyzer 싼웹호스팅 05-21 53756
57 윈도우에서 오라클 InstantClient 설치 후 Toad 연결법 싼웹호스팅 07-07 53488
56 Wowza 설치 및 튜닝 싼웹호스팅 10-11 50150
55 HP ProLiant 서버에 RAID 1으로 Ubuntu 10.4 LTS , HP Sotware … 싼웹호스팅 02-22 49355
54 아파치1 톰캣5 싼웹호스팅 11-16 48481
53 PHP Session 공유 (memcached 이용) 싼웹호스팅 11-01 48122
52 리눅스용 백신 - f-prot 설치 및 사용법 싼웹호스팅 05-24 47168
51 CentOS 4.x 버젼에 php5, mysql5 를 yum 으로 설치 가능하게하기 싼웹호스팅 06-29 44372
50 레이어 팝업 - 닫기&오늘 하루 열지 않기 싼웹호스팅 06-12 43382
49 [MS-SQL]SQL Server 2005 연결오류 진단방법 싼웹호스팅 04-04 41258
 1  2  3  4  5  6