Apache tomcat
Apache tomcat is an open-source implementation of the Java Servlet, JavaServer Pages, Java Expression Language and WebSocket technologies.Tomcat provides a “pure Java” HTTP web server environment in which Java code can run.
Tomcat is developed and maintained by an open community of developers under the auspices of the Apache Software Foundation, released under the Apache License 2.0 license.
Lets Start
Update repositories
root@osradar:~ # pkg update -f
Updating FreeBSD repository catalogue...
Fetching meta.txz: 100% 944 B 0.9kB/s 00:01
Fetching packagesite.txz: 100% 6 MiB 2.2MB/s 00:03
Processing entries: 100%
FreeBSD repository update completed. 31773 packages processed.
All repositories are up to date.
root@osradar:~ #
Lets install Apache Tomcat 9
oot@osradar:~ # pkg install tomcat9
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 29 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
tomcat9: 9.0.29
openjdk8: 8.232.09.1_1
libXtst: 1.2.3_2
libXi: 1.7.10,1
libXfixes: 5.0.3_2
libX11: 1.6.9,1
libxcb: 1.13.1
libXdmcp: 1.1.3
xorgproto: 2019.2
libXau: 1.0.9
libxml2: 2.9.10
libpthread-stubs: 0.4
libXext: 1.3.4,1
libXrender: 0.9.10_2
libXt: 1.2.0,1
libSM: 1.2.3,1
libICE: 1.0.10,1
fontconfig: 2.12.6,1
expat: 2.2.8
freetype2: 2.10.1
dejavu: 2.37_1
mkfontscale: 1.2.1
libfontenc: 1.1.4
javavmwrapper: 2.7.4
java-zoneinfo: 2019.b
giflib: 5.2.1
libinotify: 20180201_1
alsa-lib: 1.1.2_2
apache-commons-daemon: 1.2.2
Number of packages to be installed: 29
The process will require 248 MiB more space.
99 MiB to be downloaded.
Proceed with this action? [y/N]:Configuration
You might want to consider increasing the kern.maxfiles tunable if you plan
to use this library for applications that need to monitor activity of a lot of files.
Message from openjdk8-8.232.09.1_1:
—
This OpenJDK implementation requires fdescfs(5) mounted on /dev/fd and
procfs(5) mounted on /proc.
If you have not done it yet, please do the following:
mount -t fdescfs fdesc /dev/fd
mount -t procfs proc /procTo make it permanent, you need the following lines in /etc/fstab:
fdesc /dev/fd fdescfs rw 0 0
proc /proc procfs rw 0 0
Before starting Tomcat lets manage the users to login with , manager the paswords and roles
vi /usr/local/apache-tomcat-9.0/conf/tomcat-users.xml
Lets Enable and start Tomcat
To enable tomcat9 to be started automcaticaly everytime server is rebootef
service tomcat9 enable
Lets start Tomcat
How to start Tomcat on freeBSd ?
The easy way
service tomcat9 start
Or
root@osradar:~ # cd /usr/local/apache-tomcat-9.0/bin/
root@osradar:/usr/local/apache-tomcat-9.0/bin # ./startup.sh
Using CATALINA_BASE: /usr/local/apache-tomcat-9.0
Using CATALINA_HOME: /usr/local/apache-tomcat-9.0
Using CATALINA_TMPDIR: /usr/local/apache-tomcat-9.0/temp
Using JRE_HOME: /usr/local
Using CLASSPATH: /usr/local/apache-tomcat-9.0/bin/bootstrap.jar:/usr/local/apache-tomcat-9.0/bin/tomcat-juli.jar
Tomcat started.
root@osradar:/usr/local/apache-tomcat-9.0/bin # service tomcat9 status
tomcat9 is not running.
You use other commands like
Stop tomcat
service tomcat9 stop
Restart Tomcat
service tomcat9 restart
Apache tomcat is running per default on port 8080
: Enable Remote Login to Tomcat Manager and Host Manager
For security reasons, access to the Tomcat Manager and Host Manager apps is locked down to the localhost (the server where it is deployed), by default.
However, you can enable remote access from a specific IP address or any host or network to Tomcat Manager and Host Manager apps as explained below.
For the Tomcat Manager app, type:
$ sudo nano /usr/local/apache-tomcat-9.0/webapps/manager/META-INF/context.xml
For the Host Manager app, type:
$ sudo nano /usr/local/apache-tomcat-9.0/webapps/host-manager/META-INF/context.xml
Inside, comment out the IP address restriction to allow access from any network.
<Context antiResourceLocking="false" privileged="true" >
<!--<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />-->
</Context>
Enable remote access from your own IP address 192.168.1.20 or from a network (192.1681.0/24 by adding the IP address to the list.
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.1.20" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.1.*"
Allow Tomcat consoles from everywhere
allow=”*”
Save the files, and restart the Tomcat service to keep our changes into effect.
$ sudo service tomcat9 restart
How to change Tomcat Port
To change TOmcat ports please edit the file /usr/local/apache-tomcat-9.0/conf/server.xml
vi /usr/local/apache-tomcat-9.0/conf/server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
How to Install an SSL/TLS Certificate In Tomcat.
Execute command to create a keystore
root@osradar:~ # keytool -genkey -alias osradar -keyalg RSA -keysize 2048 -keystore osradar.jks
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: osradar.com
What is the name of your organizational unit?
[Unknown]: osradar
What is the name of your organization?
[Unknown]: Osradar
What is the name of your City or Locality?
[Unknown]: Amsterdam
What is the name of your State or Province?
[Unknown]: Amsterdam
What is the two-letter country code for this unit?
[Unknown]: NL
Is CN=osradar.com, OU=osradar, O=Osradar, L=Amsterdam, ST=Amsterdam, C=NL correct?
[no]: yes
Enter key password for <osradar>
(RETURN if same as keystore password):
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore osradar.jks -destkeystore osradar.jks -deststoretype pkcs12".
Next would be to generate a new CSR with the newly created keystore
root@osradar:~ # keytool -certreq -alias osradar -keyalg RSA -file osradar.csr -keystore osradar.jks
Enter keystore password:
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore osradar.jks -destkeystore osradar.jks -deststoretype pkcs12".
root@osradar:~ # ls -altr
total 36
-rw-r--r-- 2 root wheel 470 Nov 1 05:27 .profile
-rw-r--r-- 1 root wheel 392 Nov 1 05:27 .login
-rw-r--r-- 2 root wheel 951 Nov 1 05:27 .cshrc
-rw-r--r-- 1 root wheel 149 Nov 1 05:32 .k5login
drwxr-xr-x 19 root wheel 1024 Jan 28 22:16 ..
-rw------- 1 root wheel 259 Jan 29 00:03 .history
-rw-r--r-- 1 root wheel 2249 Jan 29 05:38 osradar.jks
-rw-r--r-- 1 root wheel 1101 Jan 29 05:40 osradar.csr
drwxr-xr-x 2 root wheel 512 Jan 29 05:40 .
root@osradar:~ #
Ones the CSR created you need to send it to the certificate authority to get it signed.
Once you’ve downloaded both your own Certificate and the Root certificate provided by your CA, import them into your keystore with the following commands, replacing the [placeholders]:
To import the Root Certificate –
keytool -import -alias root -keystore [path/to/your/keystore] -trustcacerts -file [path/to/the/root_certificate]
To import your new Certificate –
keytool -import -alias [youralias] -keystore [path/to/your/keystore] -file [path/to/intermidiate_cert]
After the successful import you need to edit Tomcat configuration file (server.xml). As a rule, it is called server.xml and usually can be found in Home_Directory/conf/ folder.
By default it should look something like this:
<Connector port=”443″ protocol=”HTTP/1.1″
SSLEnabled=”true”
scheme=”https” secure=”true” clientAuth=”false”
sslProtocol=”TLS” keystoreFile=”/your_path/yourkeystore.jks”
keystorePass=”password_for_your_key_store”
Restart Tomcat Apache and Enjoy
Please Lets us know if u have any comments or corrections to add to this Articles
