Clearing Tomcat logs on startup

Standard

Tomcat logs can become overwhelming to read in a development environment. Usually, you would only need to see the most recent error logs when testing your program. The older errors are irrelevant. This simple shell script solves the problem of error logs piling up.

Navigate to the tomcat/bin folder. Edit the file named “startup.sh”. You will need to be logged in as root to perform these changes. Place the following code at the top of the file, directly after the last comments.

# -----------------------------------------------------------------------------
# Start Script for the CATALINA Server
# -----------------------------------------------------------------------------

echo "DELETING OLD LOG FILES ..."
cd ../logs
rm catalina*
rm local*
rm manager*
rm admin*
rm host*

echo "DELETING OLD WEB APP ..."
cd ../webapps
rm -r YOURAPPNAME

echo "PERFORMING NORMAL STARTUP ..."
cd ../bin

Now when Tomcat starts it will remove all old log files, and the application folder before proceeding.

Using with Netbeans

To deploy with Netbeans navigate to Services -> Servers -> Apache Tomcat (Your server). Right click and select Properties. There will be a tab labeled Startup. Select Use Custom Catalina Script. Finally, browse and select the tomcat startup.sh script that was edited above.

netbean-catalina-script-custom

Tomcat fresh install on Amazon EC2 Redhat Instance

Standard

This tutorial will demonstrate how to install a fresh version of apache tomcat 7.0.53 from source on an Amazon EC2 Redhat based instance. Including the installation of mysql, vsftpd, ssl (forced for the entire tomcat server), and iptables prerouting.

To begin, login to your EC2 instance and do a quick yum update. This will assure that all of your virtual machine’s libraries are up to date.

yum update 

When prompted, type “yes” to install updates. This update process can last several minutes.

The first library to install will be mysql. Run the following commands to install the server.

yum install mysql
yum install mysql-server
yum install mysql-devel 

Once installed turn on mysql to the chkconfig. This command makes it so mysql will automatically start on server reboot.

chkconfig mysqld on

Now you must configure mysql. Begin by starting the service.

service mysqld start 

It will output the following message:

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:

Run the following command to set your new password for root login.

/usr/bin/mysqladmin -u root password 'new-password'

Now login to mysql terminal by typing the following:

mysql -u root -p

It will prompt you for your password that you have just set above. Next step is to set up user permissions. This is accomplished by first creating a user, then assigning them permissions to access a given database.

#Create a new user, with password
CREATE USER 'username'@'%' IDENTIFIED BY 'user_password';

#Set to given database for a user
GRANT ALL PRIVILEGES ON database_name.* TO 'username'@'*' WITH GRANT OPTION;

#List all users and grants
SELECT user,host FROM mysql.user;

Mysql is now ready to use, you now have a user that should have grant permissions to access a given database (if you made one).

The next step is to setup apache tomcat 7.0.52. Navigate to the opt directory of your server. Then download the Tomcat file and extracting it.

cd /opt/
wget http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.53/bin/apache-tomcat-7.0.53.tar.gz
tar -zxvf apache-tomcat-7.0.53.tar.gz
rm apache-tomcat-7.0.53.tar.gz

Tomcat comes loaded will all the files you need. You can test running the server by navigating to the bin directory and running the startup script.

cd /opt/apache-tomcat-7.0.53/bin/
./startup.sh

Note: If tomcat fails to start; check to make sure that java jdk is installed.

java -version
java version "1.7.0_71"
OpenJDK Runtime Environment (rhel-2.5.3.2.el6_6-x86_64 u71-b14)
OpenJDK 64-Bit Server VM (build 24.65-b04, mixed mode)

If no installation of java is found using yum install jdk 1.7

yum install java-1.7.0-openjdk java-1.7.0-openjdk-devel

It would be much nicer if you could start / stop the server like a service ex. “service tomcat start”. If you want tomcat to run as a server read the Tomcat Service Script tutorial.

Now I want tomcat to run on port 80. Port 80 is the standard port for all internet traffic. To direct traffic from port 80 to tomcat please follow my “Running Tomcat port 80” guide.

The next step is to enable SSL for security. In my case I want SSL to be force / required on all requests. Let’s say I have private data being transmitted so this is necessary.

First edit the conf/server.xml file. Note that the tomcat.keystore file should point to the location you placed your keystore file on the webserver. I have placed my in the root of the tomcat server.

<Connector port="8443" enableLookups="false" protocol="HTTP/1.1" proxyPort="443" keystorePass="changeit" keystoreFile="/opt/apache-tomcat-7.0.53/keys/tomcat.keystore" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" Server="My server name" clientAuth="false" sslProtocol="TLS" />

To force SSL on all connections edit the conf/web.xml file. At the end of the file before the closing tag add:

<!-- Require HTTPS for everything except /files and (favicon) and /css. -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>HTTPSOnly</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>HTTPSOrHTTP</web-resource-name>
      <url-pattern>*.ico</url-pattern>
      <url-pattern>/files/*</url-pattern>
      <url-pattern>/css/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

Tomcat will now force SSL on all incoming connections, it is ready for your war file. To upload a war file we need a ftp client. By default this Redhat instance does not come with the libraries configured. I choose to use vsftpd.

yum install vsftpd
yum install ftp

The next step is to configure permissions.

vi /etc/vsftpd/vsftpd.conf

Look for the following lines and uncomment / modify.

anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES

After edits are made, restart the service.

service vsftpd restart

Finally, you need to add a user to the system to login as.

adduser ec2-user
passwd ec2-user

Your server should now accept incoming connections via port 21 (FTP).

Once you login you will only have access to your home directory. Hence, you will not be able / have permissions to upload to the tomcat server directory in the opt folder. To fix this add a symbolic link in your home directory to the webapps directory of the tomcat installation.

ln -s /opt/apache-tomcat-8.0.8/webapps/ /home/ec2-user/webapps

Running tomcat port 80

Standard

The Hypertext Transfer Protocol (HTTP) is the foundation of data communication for the web. By default Tomcat does not use port 80 for communication. Tomcat runs on port 8080 instead. UsingĀ iptables all traffic can be pre-routed from port 80 to port 8080, or all traffic from port 443 (SSL) to port 8443 (tomcat SSL port). This walkthrough shows how to setup port 80 forwarding in Centos 6.x.

To do this modify your iptables file and replace the contents with the following.

vi /etc/sysconfig/iptables

Past in the following:

# Generated by iptables-save v1.4.18 on Mon Aug 19 16:38:51 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8:1088]
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8000 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 21100:21299 -j ACCEPT
COMMIT
# Completed on Mon Aug 19 16:38:51 2013
# Generated by iptables-save v1.4.18 on Mon Aug 19 16:38:51 2013
*nat
:PREROUTING ACCEPT [2:104]
:OUTPUT ACCEPT [7:558]
:POSTROUTING ACCEPT [7:558]
# These lines direct all traffic to tomcat
-A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
-A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443
COMMIT

Finally, restart iptables to apply the changes:

service iptables restart

Tomcat remote debugging Netbeans

Standard

To enable remote debugging on your website edit the catalina.sh file on your tomcat installation. This file is located in the bin folder.

CATALINA_OPTS="-Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n"

Make sure port 8000 is open on your webserver, you should now be able to use the Netbeans remote debugger to attach to the tomcat server.

Tomcat 7 JDBC Connection Pooler Configuration

Standard

Tomcat 7.0.40 has a issue running the standard connection pooler. Following the Apache tutorial can lead to a error

javax.naming.NamingException: Could not create resource factory instance [Root exception is java.lang.ClassNotFoundException: org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory]

The solution is to add a different factory reference to your resource definition.

/META-INF/context.xml


/WEB-INF/web.xml

   Demo Datasource
   jdbc/resourceName
   javax.sql.DataSource
   Container

This should solve the issue with Tomcat selecting the inappropriate factory for connection pooling.