Installation Tomcat Web Server |
Perform the next steps in case of installation or upgrade of the application server:
Required Parts
•[All] Ensure that JDK 8 Update 51 or later is installed, preferably in the same number of bits (32 or 64) what the platform can support a maximum of.
•[All] Ensure that the environment variable JAVA_HOME points to JDK, for example, ‘I:\Program Files\Java\jdk1.8.0_51’. See SVN://tools/Java.
•[All] Ensure that Tomcat 8.0.24 or later is installed within the 8.0 version of Tomcat. See SVN://tools/Apache Tomcat.
•[All] Ensure that the environment variable CATALINA_HOME points to the installation directory of Tomcat, for example, ‘I:\Program Files\Apache Software Foundation\Tomcat 8.0’.
•[All] Install Psi Probe 2.4 or newer in the map webapps of CATALINA_HOME from https://github.com/psi-probe/psi-probe/releases/tag/2.4.0.
•[UNIX/Linux] Edit catalina.sh and add the next lines to the beginning:
umask 007
NLS_LANG="DUTCH_THE NETHERLANDS.AL32UTF8"
export NLS_LANG
•[UNIX/Linux] Edit /etc/init.d/oracle or equivalent and add the next lines to the beginning:
umask 007
NLS_LANG="DUTCH_THE NETHERLANDS.AL32UTF8"
export NLS_LANG
•[Windows] Makes sure that AL32UTF8 is used by putting NLS_LANG on "DUTCH_THE NETHERLANDS.AL32UTF8" in the register.
•[All] Add for memory measurement with Psi Probe ‘-Dcom.sun.management.jmxremote’ to the Java options of Tomcat (Configure in the context menu in the process bar, tab Java, field Java Options).
•[All] Assign at least 25 MB of memory per concurrent user, with a minimum of 512 MB and make sure that the PermGen will be released again at restart of an application by adding the next yellow shaded items:
•[All] The total list extra-Java-opties will be:
-Dcom.sun.management.jmxremote
-Xmx512m
-Djava.awt.headless=true
-XX:MaxPermSize=256m
-XX:+UseConcMarkSweepGC
-XX:+CMSClassUnloadingEnabled
•[UNIX / Linux] Only if you will run Tomcat in the root: change the port in the configuration file server.xml of Tomcat from 8080 to 80
•Put the parameter 'reloadable' on 'false' in production environments to turn of automatic controls on changing programs. You can restart the application with Psi Probe.
Installation Certificate
Perform the following steps to install a pfx certificate:
•If the certificate is not in pfx format:
•Follow the steps for installing a certificate in a Microsoft IIS server as described in Installation Microsoft IIS Tunneling Webservice.
•Export the certificate in pfx format.
•Open server.xml in %TOMCAT_HOME%\conf.
•Remove comments start '<!--' and commens end '-->' around the SSL connector.
•Add the keystore with as end result:
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="i:\program files\apache software foundation\tomcat 6.0\conf\KLANT.pfx"
keystorePass="password"
keystoreType="PKCS12"
clientAuth="false" sslProtocol="TLS" />
•Disable a possible APR listener in the header of Tomcat.
•Restart Tomcat.
•Modify the URL-s in the site.CUSTOMER.ENVIRONMENT.properties to the https: site:
•Adjust the screen settings the field 'Prefix Server (URL)' to the example 'https://...'.
•Adjust the screen Settings the field 'Main Menu (URL)' to an example 'https://.../bubs_main_pjt.do'.
Folder Structure
[All] Create for the environment an environment map ENVIRONMENTDIR (for example ‘d:\invantive\ENVIRONMENT’ of ‘/opt/invantive/ENVIRONMENT’). Installation Frontend
•‘backup’ (for backups).
•‘distribute’ (for Outlook Add-in distribution).
•‘documents’ (for documents).
•‘etl’ (for ETL-programs).
•‘local’ (for local images and style sheets).
•‘log’ (for logging).
•‘recycle bin’ (for deleted documents).
•‘swap’ (for temporary files for large reports).
•‘tmp’ (for temporary files during uploads).
•‘transfer’ (for data exchange).
•‘transfer/bubs/in’ (for input files for example for connections).
•‘transfer/bubs/in/processed’.
•‘transfer/bubs/in/rejected’.
•‘transfer/bubs/out’ (or output files for example for connections).
•‘transfer/bubs/out/processed’.
•‘transfer/bubs/out/rejected’.
•for folders that are approached by other applications: make ‘transfer/CODE/in’ and ‘transfer/CODE/out’.
•‘web’ (for the Apache Tomcat web application).
•‘webservice’ (for Microsoft IIS web service application).
•‘work’ (for work files of shell scripts).
Installation Frontend
•[UNIX/Linux] Execute the next statement to set the permissions correctly:
find ENVIRONMENTDIR -type d -print | xargs chmod -R g+s # Force sticky bit on group.
chmod -R ug+rw ENVIRONMENTDIR
chown -R tomcat:dba ENVIRONMENTDIR # TOMCATRUNNER:ORACLE GROUP
chmod -R o-rwx ENVIRONMENTDIR
•[All] Add a Context for Invantive Estate in the file CATALINA_HOME\conf\server.xml from Apache Tomcat, like:
<!-- Local customizations under SITE/local. -->
<Context path="/abubs/local" docBase="ENVIRONMENTDIR\local" reloadable="true" />
<!-- Optional! Allow access to the documents when coming from the server itself. This is necessary to allow JasperReports to get access to the documents, without first logging on to the application middle-tier.
<Context path="/tbubs/documents" docBase="ENVIRONMENTDIR\tbubs\doc" reloadable="true" >
<Valve className="org.apache.catalina.valves.AccessLogValve" prefix="ENVIRONMENTDIR/log/tbubs-documents-access." suffix=".log"/>
<Logger className="org.apache.catalina.logger.FileLogger" prefix="ENVIRONMENTDIR/log/tbubs-documents." suffix=".log" timestamp="true"/>
<Valve className="org.apache.catalina.valves.RemoteHostValve" allow="192\.168\.172\.xxx|192\.1681\.172\.yyy|127\.0\.0\.1"/>
</Context>
-->
<!-- Core of the application. -->
<Context path="/tbubs" docBase="ENVIRONMENTDIR\web" reloadable="true" />
•[All] The data volume exchanged via the network can be strongly reduced by enabling compression at the expense of the processor capacity. It is strongly recommended when users outside the local network also use the application. Expand the Connector Settings in server.xml as follows:
<Connector port="PORT" ... and then the 4 four lines with compression.
compression="on"
compressionMinSize="32"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/javascript,application/x-javascript,text/css"
/>
•[All] Copy the content of frontend\runtime to the map ENVIRONMENTDIR.
•[All] Create a site.KLANT.OMGEVING.properties file in ENVIRONMENTDIR/web/WEB-INF/.
•[Alle] Adjust the 'logfile' option in the file ‘site.KLANT.OMGEVING.properties’ in WEB-INF so it points to theENVIRONMENTDIR/log.
•[Alle] Adjust the parameter configuration.file in ENVIRONMENTDIR/web/WEB-INF/web.xml so it points to the site.KLANT.OMGEVING.properties bestand.
Give Rigths for Windows Service
To enable a user with limited rights to restart the Tomcat7 service, you need to add his data to the command 'sc'.
First ask for the current rights in the command with:
sc sdshow tomcat8
For example:
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
Then search the registry with HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-... for the SID-s of the users. Then grant the RP, WP and DT rights by expanding the outcome of the sd show with SID-s, for example:
sc sdset tomcat7 D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;RPWPDT;;;S-1-5-21-1417001333-507921405-2147233035-1004)(A;;RPWPDT;;;S-1-5-21-1417001333-507921405-2147233035-1003)(A;;RPWPDT;;;S-1-5-21-1417001333-507921405-2147233035-1004)
To then use the windows icon of the Tomcat GUI in the process bar, you need to change adjust the rights on the following three keys in the registry editor:
•HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tomcat8
•32-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0
•64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow632Node\Apache Software Foundation\Procrun 2.0
•HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Tomcat
Execute the following steps three times, eacht time for a different key:
•Right click on a key like that and choose 'Permissions...'.
•Give the group Full Control.
•Click on 'Advanced'.
•Check "Replace permission entries on all child objects with entries shown here that apply to child objects".
•Select 'OK'.
•Select 'OK'.
Start/stop Script
•[UNIX/Linux] Create a script ‘invantive’ in /etc/init.d with the next content:
#!/bin/bash
#
# Invantive Estate
#
# (C) Copyright 2004-2012 Invantive Software BV, the Netherlands. All rights reserved.
#
### BEGIN INIT INFO
# Provides: invantive
# Required-Start: oracle
# Required-Stop: oracle
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Description: Start up Invantive Estate.
### END INIT INFO
usage()
{
echo "Usage: $0 [start|stop|status]"
}
if [ "$#" -ne "1" ]; then
usage
exit 1
fi
MODE="$1"
#
# Read configuration.
#
. /etc/invantive.conf
echo Invantive Estate settings:
echo Home directory = $INVANTIVE_HOME
if [ "$MODE" = "start" ]; then
echo "Starting Invantive Estate."
echo "Service Tomcat"
su -c $INVANTIVE_USER -c "$TOMCAT_HOME/bin/startup.sh"
elif [ "$MODE" = "stop" ]; then
echo "Stopping Invantive Estate."
echo "Service Tomcat"
su -c $INVANTIVE_USER -c "$TOMCAT_HOME/bin/shutdown.sh"
sleep 1
elif [ "$MODE" = "restart" ]; then
echo "Restarting Invantive Estate."
su -c $INVANTIVE_USER -c "$TOMCAT_HOME/bin/shutdown.sh"
sleep 1
su -c $INVANTIVE_USER -c "$TOMCAT_HOME/bin/startup.sh"
elif [ "$MODE" = "status" ]; then
echo "Status Invantive Estate."
echo "Service Tomcat"
ps -f -u $INVANTIVE_USER
else
usage
exit 1
fi
•[UNIX/Linux] Create a script ‘invantive.conf’ with configuration data with the following content:
#
# Invantive Estate configuration file.
#
# This file is different in each environment.
#
# (C) Copyright 2004-2012 Invantive Software BV, the Netherlands. All rights reserved.
#
INVANTIVE_ESTATE_ENVIRONMENT=estate
export INVANTIVE_ESTATE_ENVIRONMENT
INVANTIVE_ESTATE_USER=estate
export INVANTIVE_ESTATE_USER
INVANTIVE_ESTATE_HOME=/opt/home/$INVANTIVE_ESTATE_USER
export INVANTIVE_ESTATE_HOME
TOMCAT_HOME=/opt/tomcat
export TOMCAT_HOME
JAVA_HOME=/usr/java/j2sdk1.6_XXX
export JAVA_HOME
#
# Include jmx access and sufficient memory.
#
# Reserve at least 25 Mb per concurrent user.
#
JAVA_OPTS="="-Xmx512m -Djava.awt.headless=true -Dcom.sun.management.jmxremote -XX:MaxPermSize=256m -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
export JAVA_OPTS
umask 002
NLS_LANG="DUTCH_THE NETHERLANDS.AL32UTF8"
export NLS_LANG
PATH=$PATH:$HOME/bin
export PATH
echo "********************************************************************"
echo Invantive Estate
echo "********************************************************************"
echo "Environment: $INVANTIVE_ESTATE_ENVIRONMENT"
echo "To start Invantive Estate: invantive start"
echo "To stop Invantive Estate: invantive stop"
echo "To get the status: invantive status"
echo "********************************************************************"
echo "(C) Copyright 2004-2012 Invantive Software BV, the Netherlands. All rights reserved."
echo "********************************************************************"