Differences

This shows you the differences between two versions of the page.

--- tomcat [2020/06/11 21:41]
k2patel
+++ tomcat [2020/08/10 02:35]
@@ Line 1: / Line 1: @@
-====== Tomcat ======
-==== Tomcat SSL ====
-==== Setting up tomcat with HTTP Native library. ===
-<code xml | server.xml>
-<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" scheme="https" maxThreads="200" secure="true" SSLEnabled="true" SSLCertificateFile="/etc/pki/tls/certs/k2patel.in.crt" SSLCertificateKeyFile="/etc/pki/tls/private/k2patel.in.key" SSLCACertificateFile="/etc/pki/tls/certs/k2patel.in.int.ca" sslEnabledProtocols="TLSv1.1,TLSv1.2" SSLHonorCipherOrder="true" SSLCipherSuite="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"></Connector>
-</code>
-==== Setting up HSTS with HTTP Native Library. ====
-<code xml | web.xml>
-    <filter>
-        <filter-name>httpHeaderSecurity</filter-name>
-        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
-        <init-param>
-           <param-name>hstsMaxAgeSeconds</param-name>
-           <param-value>31536000</param-value>
-        </init-param>
-        <init-param>
-           <param-name>antiClickJackingEnabled</param-name>
-           <param-value>false</param-value>
-        </init-param>
-        <init-param>
-           <param-name>hstsIncludeSubDomains</param-name>
-           <param-value>true</param-value>
-        </init-param>
-        <async-supported>true</async-supported>
-    </filter>
-    <filter-mapping>
-        <filter-name>httpHeaderSecurity</filter-name>
-        <url-pattern>/*</url-pattern>
-    </filter-mapping>
-</code>
-==== Setting up redirect ====
-<code xml | web.xml>
-    <security-constraint>
-       <web-resource-collection>
-          <web-resource-name>Entire Application</web-resource-name>
-             <url-pattern>/*</url-pattern>
-       </web-resource-collection>
-       <user-data-constraint>
-          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
-       </user-data-constraint>
-    </security-constraint>
-</code>
-==== RHEL 8 / Tomcat 9====
-=== Install Packages ===
-<code bash>
-dnf install java-1.8.0-openjdk-devel tar apr-util-devel apr-util-openssl gcc openssl-devel
-</code>
-=== Create User ===
-<code bash>
-groupadd --system tomcat -g 91 // with group id 91
-useradd -u 91 -d /usr/share/tomcat -r -s /bin/false -g tomcat tomcat  // with user id 91
-</code>
-=== Download Tomcat Package ===
-<code bash>
-export TOM_VERSION="9.0.36"
-wget "https://apache.osuosl.org/tomcat/tomcat-9/v${TOM_VERSION}/bin/apache-tomcat-${TOM_VERSION}.tar.gz"
-</code>
-=== Extract Package ===
-<code bash>
-tar -xvf apache-tomcat-${TOM_VERSION}.tar.gz -C /usr/share/
-ln -s /usr/share/apache-tomcat-${TOM_VERSION} /usr/share/tomcat
-</code>
-=== Set Ownership ===
-<code bash>
-chown -R tomcat:tomcat /usr/share/tomcat
-chown -R tomcat:tomcat /usr/share/apache-tomcat-${TOM_VERSION}
-</code>
-=== Systemd service ===
-<code bash | /etc/systemd/system/tomcat.service>
-[Unit]
-Description=Tomcat Server
-After=syslog.target network.target
-[Service]
-Type=forking
-User=tomcat
-Group=tomcat
-Environment=JAVA_HOME=/usr/lib/jvm/jre
-Environment='JAVA_OPTS=-Djava.awt.headless=true'
-Environment=CATALINA_HOME=/usr/share/tomcat
-Environment=CATALINA_BASE=/usr/share/tomcat
-Environment=CATALINA_PID=/usr/share/tomcat/temp/tomcat.pid
-Environment='CATALINA_OPTS=-Xms512M -Xmx3072M'
-ExecStart=/usr/share/tomcat/bin/catalina.sh start
-ExecStop=/usr/share/tomcat/bin/catalina.sh stop
-[Install]
-WantedBy=multi-user.target
-</code>
-=== Backup / Remove examples ===
-<code bash>
-cp -Rp /usr/share/tomcat/webapps /usr/share/tomcat/webapps.bk
-rm -rf /usr/share/tomcat/webapps/{docs,examples,ROOT}
-</code>
-=== Set User ===
-<code xml | tomcat-users.xml>
-<role rolename="manager-gui"/>
-<role rolename="admin-gui"/>
-<role rolename="admin-script"/>
-<role rolename="manager-script"/>
-<role rolename="manager-jmx"/>
-<user username="admin" password="something" roles="admin-gui,manager-gui,manager-script,manager-jmx,admin-script"/>
-</code>
-=== Tomcat Native ===
-<code bash>
-cd /usr/share/tomcat/bin
-tar -xvf tomcat-native.tar.gz
-cd tomcat-native-1.2.24-src/native
-./configure --with-java-home=/usr/lib/jvm/java-openjdk --with-ssl=yes --prefix=/usr/share/tomcat
-make && make install
-</code>
-<code bash | /usr/share/tomcat/bin/setenv.sh>
-LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$CATALINA_HOME/lib
-export LD_LIBRARY_PATH
-</code>
-:!: Set SSL[[tomcat#tomcat_ssl|tomcat#tomcat_ssl]] \\
-:?: Set Auto redirect if needed [[tomcat#setting_up_redirect|tomcat#setting_up_redirect]]
-=== Start Service ===
-<code bash>
-systemctl daemon-reload
-systemctl enable tomcat
-systemctl start tomcat
-</code>
-=== Firewall ===
-<code bash>
-firewall-cmd --permanent --add-port=8080/tcp
-firewall-cmd --permanent --add-port=8443/tcp
-firewall-cmd --reload
-</code>

Daily *Nix

User Tools

Site Tools

Differences

Page Tools