Differences

This shows you the differences between two versions of the page.

--- tomcat [2018/01/22 19:08] – created k2patel
+++ tomcat [2020/08/10 02:35] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 ====== Tomcat ======
 ==== Tomcat SSL ====
-Setting up tomcat with HTTP Native library.
+==== Setting up tomcat with HTTP Native library. ===
-<code | server.xml>
+<code xml | server.xml>
 <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" scheme="https" maxThreads="200" secure="true" SSLEnabled="true" SSLCertificateFile="/etc/pki/tls/certs/k2patel.in.crt" SSLCertificateKeyFile="/etc/pki/tls/private/k2patel.in.key" SSLCACertificateFile="/etc/pki/tls/certs/k2patel.in.int.ca" sslEnabledProtocols="TLSv1.1,TLSv1.2" SSLHonorCipherOrder="true" SSLCipherSuite="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"></Connector>
 </code>
-Setting up HSTS with HTTP Native Library.
+==== Setting up HSTS with HTTP Native Library. ====
-<code | web.xml>
+<code xml | web.xml>
     <filter>
         <filter-name>httpHeaderSecurity</filter-name>
@@ Line 31: / Line 32: @@
     </filter-mapping>
 </code>
+==== Setting up redirect ====
+<code xml | web.xml>
+    <security-constraint>
+       <web-resource-collection>
+          <web-resource-name>Entire Application</web-resource-name>
+             <url-pattern>/*</url-pattern>
+       </web-resource-collection>
+       <user-data-constraint>
+          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+       </user-data-constraint>
+    </security-constraint>
+</code>
+==== RHEL 8 / Tomcat 9====
+=== Install Packages ===
+<code bash>
+dnf install java-1.8.0-openjdk-devel tar apr-util-devel apr-util-openssl gcc openssl-devel
+</code>
+=== Create User ===
+<code bash>
+groupadd --system tomcat -g 91 # with group id 91
+useradd -u 91 -d /usr/share/tomcat -r -s /bin/false -g tomcat tomcat  # with user id 91
+</code>
+=== Download Tomcat Package ===
+<code bash>
+export TOM_VERSION="9.0.36"
+wget "https://apache.osuosl.org/tomcat/tomcat-9/v${TOM_VERSION}/bin/apache-tomcat-${TOM_VERSION}.tar.gz"
+</code>
+=== Extract Package ===
+<code bash>
+tar -xvf apache-tomcat-${TOM_VERSION}.tar.gz -C /usr/share/
+ln -s /usr/share/apache-tomcat-${TOM_VERSION} /usr/share/tomcat
+</code>
+=== Set Ownership ===
+<code bash>
+chown -R tomcat:tomcat /usr/share/tomcat
+chown -R tomcat:tomcat /usr/share/apache-tomcat-${TOM_VERSION}
+</code>
+=== Systemd service ===
+<code bash | /etc/systemd/system/tomcat.service>
+[Unit]
+Description=Tomcat Server
+After=syslog.target network.target
+[Service]
+Type=forking
+User=tomcat
+Group=tomcat
+Environment=JAVA_HOME=/usr/lib/jvm/jre
+Environment='JAVA_OPTS=-Djava.awt.headless=true'
+Environment=CATALINA_HOME=/usr/share/tomcat
+Environment=CATALINA_BASE=/usr/share/tomcat
+Environment=CATALINA_PID=/usr/share/tomcat/temp/tomcat.pid
+Environment='CATALINA_OPTS=-Xms512M -Xmx3072M'
+ExecStart=/usr/share/tomcat/bin/catalina.sh start
+ExecStop=/usr/share/tomcat/bin/catalina.sh stop
+[Install]
+WantedBy=multi-user.target
+</code>
+=== Backup / Remove examples ===
+<code bash>
+cp -Rp /usr/share/tomcat/webapps /usr/share/tomcat/webapps.bk
+rm -rf /usr/share/tomcat/webapps/{docs,examples,ROOT}
+</code>
+=== Set User ===
+<code xml | tomcat-users.xml>
+<role rolename="manager-gui"/>
+<role rolename="admin-gui"/>
+<role rolename="admin-script"/>
+<role rolename="manager-script"/>
+<role rolename="manager-jmx"/>
+<user username="admin" password="something" roles="admin-gui,manager-gui,manager-script,manager-jmx,admin-script"/>
+</code>
+=== Tomcat Native ===
+<code bash>
+cd /usr/share/tomcat/bin
+tar -xvf tomcat-native.tar.gz
+cd tomcat-native-1.2.24-src/native
+./configure --with-java-home=/usr/lib/jvm/java-openjdk --with-ssl=yes --prefix=/usr/share/tomcat
+make && make install
+</code>
+<code bash | /usr/share/tomcat/bin/setenv.sh>
+LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$CATALINA_HOME/lib
+export LD_LIBRARY_PATH
+</code>
+:!: Set SSL[[tomcat#tomcat_ssl|tomcat#tomcat_ssl]] \\
+:?: Set Auto redirect if needed [[tomcat#setting_up_redirect|tomcat#setting_up_redirect]]
+=== Start Service ===
+<code bash>
+systemctl daemon-reload
+systemctl enable tomcat
+systemctl start tomcat
+</code>
+=== Firewall ===
+<code bash>
+firewall-cmd --permanent --add-port=8080/tcp
+firewall-cmd --permanent --add-port=8443/tcp
+firewall-cmd --reload
+</code>