English • 中文
This is to help people setup and install Apache Tomcat 5. Jakarta Tomcat, a Java servlet container, is now part of the Apache family under the name of Apache Tomcat. It can be installed in Ubuntu 6.06 (Dapper Drake) following the steps below.
- 1 安装
- 2 Configuration
Java virtual machine Follow this link paying attention to download the JDK and not the JRE. Enable the universe and multiverse repositories
In Ubuntu 6.06, do:
sudo apt-get install sun-java5-jdk
Set Java environment variables
$ export JAVA_HOME="path of your java home" $ export PATH=$PATH:$JAVA_HOME/bin
In Ubuntu 6.06,do:
You may have to change the numbers for updated versions.
Installing Apache Tomcat 5
$ sudo aptitude install tomcat5 tomcat5-admin tomcat5-webapps
tomcat5-webapps just contains some example applications. It is interesting for developers, but you should omit it on production servers.) Depending on your JDK version, you must set (or not) the
JAVA_HOME variable in
/etc/default/tomcat5. The start script tests for a couple of JDKs, but only finds older versions. Probably you must set (the already existing)
JAVA_HOME variable as follows:
Run, Stop, And Restart Apache Tomcat
Use the following command to run Apache Tomcat:
$ sudo /etc/init.d/tomcat5 start
To stop it, use :
$ sudo /etc/init.d/tomcat5 stop
Finally, to restart it, run :
$ sudo /etc/init.d/tomcat5 restart
You can find tomcat up and running (if you have followed the previous steps) at the following ip:
If you have installed also the admin package as listed before you will be able to enter in the administation window only if you edit the file
and add the following lines for creating new users with admin and manager privilegies as described in Tomcat's main page
<role rolename="manager"/> <role rolename="admin"/> <user username="YOUR USERNAME " password="YOUR PASSWORD" roles="admin,manager"/>
Obviously if you want only one kind of role you've to delete the one you are not interested in. Example only admin
<role rolename="admin"/> <user username="YOUR USERNAME " password="YOUR PASSWORD" roles="admin"/>
Installing new servlet or jsp pages in Tomcat5
Using the Tomcat manager included in the installed packages you'll be able to to control your servlet/jsp properly. 1.Enter in your server (by default 127.0.0.1:8180). 2.Enter in the Tomcat manager page (you find the link on the left) typing username and password chosen in the previous step. 3.Search the section Deploy and in the field WAR or Directory URL type:
file://YOUR SERVLET or JSP PAGE DIRECTORY
Usually servlet/jsp pages are located in the directory /usr/share/tomcat5/webapps.
Tomcat on port 80
If you run Tomcat without a separate web server, but you want it to listen on port 80, then you should redirect port 80 to 8180 with iptables. For this you should create two files: /etc/network/if-pre-up.d/tomcat5-port80
#!/bin/sh [ "$IFACE" == "eth0" ] || exit 0; iptables -t nat -A PREROUTING -i eth0 -p tcp --dport http -j REDIRECT --to-ports 8180
#!/bin/sh [ "$IFACE" == "eth0" ] || exit 0; iptables -t nat -D PREROUTING -i eth0 -p tcp --dport http -j REDIRECT --to-ports 8180
They must be executable, but only root should be able to modify them (e.g. use
chmod 744). Please do also adjust your network interface as needed. After restarting the server, you can access Tomcat on port 80 and 8180.
There are a couple of other possibilities to achieve this goal (see the sections in Securing tomcat and Configuring & Using Apache Tomcat 6). For most situations the given solution should be appropriate. But please pay attention to avoid running Tomcat as root!
Turn of directory listings
For security reasons and to not disturbe guests you might want to turn of directory listings in case of non-existing welcome pages (e.g. if index.html is missing). To do this modify the listings parameter in
<init-param> <param-name>listings</param-name> <param-value>false</param-value> </init-param>
User friendly error pages in case of a Java exception
Tomcat shows a stack trace per default, if an uncaught Java exception occurs. It is the task of the web application to adjust the response. The Tomcat FAQ gives a hint.
When omiting the webapps-package and creating reasonable user accounts, Tomcat is already rather secure as shipped in Ubuntu (most important: it does not run as root) . For further improvements the Open Web Application Security Project (OWASP) has a good howto to secure your Tomcat installation.