“UbuntuHelp:ApacheTomcat5”的版本间的差异
来自Ubuntu中文
小 |
小 |
||
| 第28行: | 第28行: | ||
$ sudo aptitude install tomcat5 tomcat5-admin tomcat5-webapps | $ sudo aptitude install tomcat5 tomcat5-admin tomcat5-webapps | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | (The package < | + | (The package <pre><nowiki>tomcat5-webapps</nowiki></pre> just contains some example applications. It is interesting for developers, but you should omit it on production servers.) |
| − | Depending on your JDK version, you must set (or not) the < | + | Depending on your JDK version, you must set (or not) the <pre><nowiki>JAVA_HOME</nowiki></pre> variable in <pre><nowiki>/etc/default/tomcat5</nowiki></pre>. The start script tests for a couple of JDKs, but only finds older versions. Probably you must set (the already existing) <pre><nowiki>JAVA_HOME</nowiki></pre> variable as follows: |
<pre><nowiki> | <pre><nowiki> | ||
JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun | JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun | ||
| 第59行: | 第59行: | ||
and add the following lines for creating new users with admin and manager privilegies as described in Tomcat's main page | and add the following lines for creating new users with admin and manager privilegies as described in Tomcat's main page | ||
<pre><nowiki> | <pre><nowiki> | ||
| − | <role rolename="manager"/> | + | <role rolename="manager"/> |
| − | <role rolename="admin"/> | + | <role rolename="admin"/> |
| − | <user username="YOUR USERNAME " password="YOUR PASSWORD" roles="admin,manager"/> | + | <user username="YOUR USERNAME " password="YOUR PASSWORD" roles="admin,manager"/> |
</nowiki></pre> | </nowiki></pre> | ||
Obviously if you want only one kind of role you've to delete the one you are not interested in. Example only admin | Obviously if you want only one kind of role you've to delete the one you are not interested in. Example only admin | ||
<pre><nowiki> | <pre><nowiki> | ||
| − | <role rolename="admin"/> | + | <role rolename="admin"/> |
| − | <user username="YOUR USERNAME " password="YOUR PASSWORD" roles="admin"/> | + | <user username="YOUR USERNAME " password="YOUR PASSWORD" roles="admin"/> |
</nowiki></pre> | </nowiki></pre> | ||
==== Installing new servlet or jsp pages in Tomcat5 ==== | ==== Installing new servlet or jsp pages in Tomcat5 ==== | ||
| 第75行: | 第75行: | ||
type: | type: | ||
<pre><nowiki> | <pre><nowiki> | ||
| − | file://YOUR SERVLET or JSP PAGE DIRECTORY | + | file://YOUR SERVLET or JSP PAGE DIRECTORY |
</nowiki></pre> | </nowiki></pre> | ||
Usually servlet/jsp pages are located in the directory ''/usr/share/tomcat5/webapps''. | Usually servlet/jsp pages are located in the directory ''/usr/share/tomcat5/webapps''. | ||
| 第92行: | 第92行: | ||
iptables -t nat -D PREROUTING -i eth0 -p tcp --dport http -j REDIRECT --to-ports 8180 | iptables -t nat -D PREROUTING -i eth0 -p tcp --dport http -j REDIRECT --to-ports 8180 | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | They must be executable, but only root should be able to modify them (e.g. use < | + | They must be executable, but only root should be able to modify them (e.g. use <pre><nowiki>chmod 744</nowiki></pre>). Please do also adjust your network interface as needed. After restarting the server, you can access Tomcat on port 80 and 8180. |
There are a couple of other possibilities to achieve this goal (see the sections in [http://www.owasp.org/index.php/Securing_tomcat#Using_Port_80 Securing tomcat] and [http://www.coreservlets.com/Apache-Tomcat-Tutorial/#Change-Port Configuring & Using Apache Tomcat 6]). For most situations the given solution should be appropriate. But please pay attention to avoid running Tomcat as root! | There are a couple of other possibilities to achieve this goal (see the sections in [http://www.owasp.org/index.php/Securing_tomcat#Using_Port_80 Securing tomcat] and [http://www.coreservlets.com/Apache-Tomcat-Tutorial/#Change-Port Configuring & Using Apache Tomcat 6]). For most situations the given solution should be appropriate. But please pay attention to avoid running Tomcat as root! | ||
==== Turn of directory listings ==== | ==== Turn of directory listings ==== | ||
| − | For security reasons and to not disturbe guests you might want to turn of directory listings in case of non-existing welcome pages (e.g. if index.html is missing). To do this modify the ''listings'' parameter in < | + | For security reasons and to not disturbe guests you might want to turn of directory listings in case of non-existing welcome pages (e.g. if index.html is missing). To do this modify the ''listings'' parameter in <pre><nowiki>conf/web.xml</nowiki></pre>: |
<pre><nowiki> | <pre><nowiki> | ||
| − | <init-param> | + | <init-param> |
| − | <param-name>listings</param-name> | + | <param-name>listings</param-name> |
| − | <param-value>false</param-value> | + | <param-value>false</param-value> |
| − | </init-param> | + | </init-param> |
</nowiki></pre> | </nowiki></pre> | ||
==== User friendly error pages in case of a Java exception ==== | ==== User friendly error pages in case of a Java exception ==== | ||
2007年12月6日 (四) 10:03的版本
This is to help people setup and install Apache Tomcat 5.
Jakarta Tomcat, a Java servlet container, is now part of the Apache family under the name of Apache Tomcat. It can be installed in Ubuntu 6.06 (Dapper Drake) following the steps below.
Installation
Needed before installing Apache Tomcat
Java virtual machine Follow this link paying attention to download the JDK and not the JRE. Enable the universe and multiverse repositories
In Ubuntu 6.06, do:
sudo apt-get install sun-java5-jdk
Set Java environment variables
$ export JAVA_HOME="path of your java home" $ export PATH=$PATH:$JAVA_HOME/bin
In Ubuntu 6.06,do:
export JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun-1.5.0.06
You may have to change the numbers for updated versions.
Installing Apache Tomcat 5
$ sudo aptitude install tomcat5 tomcat5-admin tomcat5-webapps(The package
tomcat5-webappsjust contains some example applications. It is interesting for developers, but you should omit it on production servers.) Depending on your JDK version, you must set (or not) the
JAVA_HOMEvariable in
/etc/default/tomcat5. The start script tests for a couple of JDKs, but only finds older versions. Probably you must set (the already existing)
JAVA_HOMEvariable as follows:
JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun
Run, Stop, And Restart Apache Tomcat
Use the following command to run Apache Tomcat:
$ sudo /etc/init.d/tomcat5 start
To stop it, use :
$ sudo /etc/init.d/tomcat5 stop
Finally, to restart it, run :
$ sudo /etc/init.d/tomcat5 restart
Using Tomcat5
You can find tomcat up and running (if you have followed the previous steps) at the following ip:
127.0.0.1:8180
Configuration
Configuring & Using Apache Tomcat 6 and Securing tomcat are good external resources about this topic.
Administering Tomcat5
If you have installed also the admin package as listed before you will be able to enter in the administation window only if you edit the file
$ /usr/share/tomcat5/conf/tomcat-users.xml
and add the following lines for creating new users with admin and manager privilegies as described in Tomcat's main page
<role rolename="manager"/> <role rolename="admin"/> <user username="YOUR USERNAME " password="YOUR PASSWORD" roles="admin,manager"/>
Obviously if you want only one kind of role you've to delete the one you are not interested in. Example only admin
<role rolename="admin"/> <user username="YOUR USERNAME " password="YOUR PASSWORD" roles="admin"/>
Installing new servlet or jsp pages in Tomcat5
Using the Tomcat manager included in the installed packages you'll be able to to control your servlet/jsp properly. 1.Enter in your server (by default 127.0.0.1:8180). 2.Enter in the Tomcat manager page (you find the link on the left) typing username and password chosen in the previous step. 3.Search the section Deploy and in the field WAR or Directory URL type:
file://YOUR SERVLET or JSP PAGE DIRECTORY
Usually servlet/jsp pages are located in the directory /usr/share/tomcat5/webapps.
Tomcat on port 80
If you run Tomcat without a separate web server, but you want it to listen on port 80, then you should redirect port 80 to 8180 with iptables. For this you should create two files: /etc/network/if-pre-up.d/tomcat5-port80
#!/bin/sh [ "$IFACE" == "eth0" ] || exit 0; iptables -t nat -A PREROUTING -i eth0 -p tcp --dport http -j REDIRECT --to-ports 8180
/etc/network/if-post-down.d/tomcat5-port80
#!/bin/sh [ "$IFACE" == "eth0" ] || exit 0; iptables -t nat -D PREROUTING -i eth0 -p tcp --dport http -j REDIRECT --to-ports 8180They must be executable, but only root should be able to modify them (e.g. use
chmod 744). Please do also adjust your network interface as needed. After restarting the server, you can access Tomcat on port 80 and 8180.
There are a couple of other possibilities to achieve this goal (see the sections in Securing tomcat and Configuring & Using Apache Tomcat 6). For most situations the given solution should be appropriate. But please pay attention to avoid running Tomcat as root!
Turn of directory listings
For security reasons and to not disturbe guests you might want to turn of directory listings in case of non-existing welcome pages (e.g. if index.html is missing). To do this modify the listings parameter inconf/web.xml:
<init-param>
<param-name>listings</param-name>
<param-value>false</param-value>
</init-param>
User friendly error pages in case of a Java exception
Tomcat shows a stack trace per default, if an uncaught Java exception occurs. It is the task of the web application to adjust the response. The Tomcat FAQ gives a hint.
Securing Tomcat
When omiting the webapps-package and creating reasonable user accounts, Tomcat is already rather secure as shipped in Ubuntu (most important: it does not run as root) . For further improvements the Open Web Application Security Project (OWASP) has a good howto to secure your Tomcat installation.
