特殊:Badtitle/NS100:ApacheTomcat5

来自Ubuntu中文
Wikibot留言 | 贡献2007年11月30日 (五) 15:22的版本
跳到导航跳到搜索

{{#ifexist: :ApacheTomcat5/zh | | {{#ifexist: ApacheTomcat5/zh | | {{#ifeq: {{#titleparts:ApacheTomcat5|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:ApacheTomcat5|1|-1|}} | zh | | }}

This is to help people setup and install Apache Tomcat 5. Jakarta Tomcat, a Java servlet container, is now part of the Apache family under the name of Apache Tomcat. It can be installed in Ubuntu 6.06 (Dapper Drake) following the steps below.

Installation

Needed before installing Apache Tomcat

Java virtual machine Follow this link paying attention to download the JDK and not the JRE. Enable the universe and multiverse repositories

In Ubuntu 6.06, do:

sudo apt-get install sun-java5-jdk

Set Java environment variables

$ export JAVA_HOME="path of your java home"
$ export PATH=$PATH:$JAVA_HOME/bin

In Ubuntu 6.06,do:

export JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun-1.5.0.06

You may have to change the numbers for updated versions.

Installing Apache Tomcat 5

$ sudo aptitude install tomcat5 tomcat5-admin tomcat5-webapps

(The package tomcat5-webapps just contains some example applications. It is interesting for developers, but you should omit it on production servers.) Depending on your JDK version, you must set (or not) the JAVA_HOME variable in /etc/default/tomcat5. The start script tests for a couple of JDKs, but only finds older versions. Probably you must set (the already existing) JAVA_HOME variable as follows:

JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun

Run, Stop, And Restart Apache Tomcat

Use the following command to run Apache Tomcat:

$ sudo /etc/init.d/tomcat5 start

To stop it, use :

$ sudo /etc/init.d/tomcat5 stop

Finally, to restart it, run :

$ sudo /etc/init.d/tomcat5 restart

Using Tomcat5

You can find tomcat up and running (if you have followed the previous steps) at the following ip:

 127.0.0.1:8180

Configuration

Configuring & Using Apache Tomcat 6 and Securing tomcat are good external resources about this topic.

Administering Tomcat5

If you have installed also the admin package as listed before you will be able to enter in the administation window only if you edit the file

$ /usr/share/tomcat5/conf/tomcat-users.xml

and add the following lines for creating new users with admin and manager privilegies as described in Tomcat's main page

<role rolename="manager"/>
<role rolename="admin"/>
<user username="YOUR USERNAME " password="YOUR PASSWORD" roles="admin,manager"/>

Obviously if you want only one kind of role you've to delete the one you are not interested in. Example only admin

<role rolename="admin"/>
<user username="YOUR USERNAME " password="YOUR PASSWORD" roles="admin"/>

Installing new servlet or jsp pages in Tomcat5

Using the Tomcat manager included in the installed packages you'll be able to to control your servlet/jsp properly. 1.Enter in your server (by default 127.0.0.1:8180). 2.Enter in the Tomcat manager page (you find the link on the left) typing username and password chosen in the previous step. 3.Search the section Deploy and in the field WAR or Directory URL type:

file://YOUR SERVLET or JSP PAGE DIRECTORY

Usually servlet/jsp pages are located in the directory /usr/share/tomcat5/webapps.

Tomcat on port 80

If you run Tomcat without a separate web server, but you want it to listen on port 80, then you should redirect port 80 to 8180 with iptables. For this you should create two files: /etc/network/if-pre-up.d/tomcat5-port80

#!/bin/sh
[ "$IFACE" == "eth0" ] || exit 0;
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport http -j REDIRECT --to-ports 8180

/etc/network/if-post-down.d/tomcat5-port80

#!/bin/sh
[ "$IFACE" == "eth0" ] || exit 0;
iptables -t nat -D PREROUTING -i eth0 -p tcp --dport http -j REDIRECT --to-ports 8180

They must be executable, but only root should be able to modify them (e.g. use chmod 744). Please do also adjust your network interface as needed. After restarting the server, you can access Tomcat on port 80 and 8180. There are a couple of other possibilities to achieve this goal (see the sections in Securing tomcat and Configuring & Using Apache Tomcat 6). For most situations the given solution should be appropriate. But please pay attention to avoid running Tomcat as root!

Turn of directory listings

For security reasons and to not disturbe guests you might want to turn of directory listings in case of non-existing welcome pages (e.g. if index.html is missing). To do this modify the listings parameter in conf/web.xml:

<init-param>
<param-name>listings</param-name>
<param-value>false</param-value>
</init-param>

User friendly error pages in case of a Java exception

Tomcat shows a stack trace per default, if an uncaught Java exception occurs. It is the task of the web application to adjust the response. The Tomcat FAQ gives a hint.

Securing Tomcat

When omiting the webapps-package and creating reasonable user accounts, Tomcat is already rather secure as shipped in Ubuntu (most important: it does not run as root) . For further improvements the Open Web Application Security Project (OWASP) has a good howto to secure your Tomcat installation.