Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:server-install-components [2019/01/27 08:02]
mpospisek [Tomcat]
— (current)
Line 1: Line 1:
-====== Software Components ====== 
  
-===== PostgreSQL ===== 
- 
-==== Software Installation ==== 
- 
-Configure repository: On CentOS: /​etc/​yum.repos.d/​CentOS-Base.repo,​ [base] and [updates] sections 
-<sxh bash> 
-exclude=postgresql* 
-</​sxh>​ 
- 
-<codedoc code:​bash>​ 
-yum install ~~codedoc:​clean:​https://​download.postgresql.org/​pub/​repos/​yum/​9.6/​redhat/​rhel-7-x86_64/​pgdg-redhat96-9.6-3.noarch.rpm~~ 
- 
-yum install postgresql96 postgresql96-server postgresql96-devel postgresql-jdbc 
-# 
-/​usr/​pgsql-9.6/​bin/​postgresql96-setup initdb 
-systemctl enable postgresql-9.6.service 
-systemctl start postgresql-9.6.service 
-</​codedoc>​ 
- 
-==== DB configuration ==== 
-Roles after installation 
-<codedoc code:​bash>​ 
-su - postgres 
-createuser -l -s root 
-vi /​var/​lib/​pgsql/​9.6/​data/​pg_hba.conf 
-</​codedoc>​ 
- 
-<sxh bash> 
-# IPv4 local connections:​ 
-host    all             ​all ​            ​10.0.0.0/​8 ​             md5 
-host    all             ​all ​            ​127.0.0.1/​32 ​           trust 
-</​sxh>​ 
- 
-<codedoc code:​bash>​ 
-logout 
-</​codedoc>​ 
- 
- 
-===== Java ===== 
-==== Software Installation ==== 
-**Experimentally you can omit this part** 
- 
-//Oracle distribution policy has changed// 
- 
-Java 1.8.0_151 
- 
-GET JAVA 1.8.0_151 JRE RPM from Oracle at \\ 
-http://​www.oracle.com/​technetwork/​java/​javase/​downloads/​java-archive-javase8-2177648.html \\ 
-or \\ 
-http://​download.oracle.com/​otn/​java/​jdk/​8u151-b12/​e758a0de34e24606bca991d704f6dcbf/​jre-8u151-linux-x64.rpm 
- 
-Newer versions of 1.8 will probably work, too. 
- 
-<sxh bash> 
-yum localinstall jre-8u151-linux-x64.rpm 
- 
-==== Software Configuration ==== 
-  
-alternatives --install /​usr/​bin/​java java /​usr/​java/​default/​bin/​java 180151 \ 
- ​--slave /​usr/​bin/​keytool keytool /​usr/​java/​default/​bin/​keytool ​            \ 
- ​--slave /​usr/​bin/​orbd orbd /​usr/​java/​default/​bin/​orbd ​                     \ 
- ​--slave /​usr/​bin/​pack200 pack200 /​usr/​java/​default/​bin/​pack200 ​            \ 
- ​--slave /​usr/​bin/​rmid rmid /​usr/​java/​default/​bin/​rmid ​                     \ 
- ​--slave /​usr/​bin/​rmiregistry rmiregistry /​usr/​java/​default/​bin/​rmiregistry \ 
- ​--slave /​usr/​bin/​servertool servertool /​usr/​java/​default/​bin/​servertool ​   \ 
- ​--slave /​usr/​bin/​tnameserv tnameserv /​usr/​java/​default/​bin/​tnameserv ​      \ 
- ​--slave /​usr/​bin/​unpack200 unpack200 /​usr/​java/​default/​bin/​unpack200 ​      \ 
- ​--slave /​usr/​lib/​jvm/​jre jre /​usr/​java/​default 
-  
-alternatives --config java 
-# select /​usr/​java/​default/​bin/​java 
-</​sxh>​ 
- 
-===== Tomcat ===== 
- 
-Tomcat 9.0.6 installation bash commands: 
-<sxh bash> 
-# A | installation 
-cd ~ 
-mkdir development 
-cd development 
-wget https://​archive.apache.org/​dist/​tomcat/​tomcat-9/​v9.0.6/​bin/​apache-tomcat-9.0.6.tar.gz 
- 
-# install tomcat to the /opt/tomcat directory 
-mkdir /​opt/​apache-tomcat-9.0.6 
-tar xvf apache-tomcat-9*tar.gz -C /​opt/​apache-tomcat-9.0.6 --strip-components=1 
-# symlink /opt/tomcat to /​opt/​apache-tomcat-9.0.6 
-ln -s /​opt/​apache-tomcat-9.0.6 /opt/tomcat 
-  
-# B | create tomcat user :: should be run as an unprivileged user 
-# 1. create a new tomcat group 
-groupadd tomcat 
-  
-# 2. create a tomcat user :: 
-# member of the tomcat group, home directory of /opt/tomcat (install), shell of /bin/false (nobody login) 
-useradd -M -s /​sbin/​nologin -g tomcat -d /opt/tomcat tomcat 
-  
-# C | update permissions :: proper access to the tomcat installation 
-cd /opt/tomcat 
-  
-# tomcat group ownership over the entire installation directory 
-chgrp -R tomcat /opt/tomcat 
-  
-# tomcat group read access to the conf directory, and execute access to the directory 
-chmod -R g+r conf 
-chmod g+x conf 
-  
-# make the tomcat user the owner of the directories 
-chown -R tomcat webapps/ work/ temp/ logs/ 
-chown -R tomcat /opt/tomcat 
-chown -R tomcat /​opt/​apache-tomcat-9.0.6 
-  
-# D | install systemd unit file 
-# create and open unit file service 
-#vi /​usr/​lib/​systemd/​system/​tomcat9.service 
-echo \ 
-"​[Unit] 
-Description=Apache Tomcat 9.0.x Servlet Container 
-After=syslog.target network.target 
-  
-[Service] 
-User=tomcat 
-Group=tomcat 
-Type=forking 
-Environment=JAVA_HOME=/​usr/​java/​default 
-#​Environment=JAVA_HOME=/​usr/​lib/​jvm/​jre 
-Environment=CATALINA_PID=/​opt/​tomcat/​tomcat.pid 
-Environment=CATALINA_HOME=/​opt/​tomcat 
-Environment=CATALINA_BASE=/​opt/​tomcat 
-ExecStart=/​opt/​tomcat/​bin/​tomcat-startup.sh 
-ExecStop=/​opt/​tomcat/​bin/​tomcat-shutdown.sh 
-  
-[Install] 
-WantedBy=multi-user.target"​ >/​usr/​lib/​systemd/​system/​tomcat9.service 
- 
-# Prepare config files 
-# /​opt/​tomcat/​bin/​tomcat-startup.sh 
-echo \ 
-"#​!/​bin/​bash -x 
-cd $CATALINA_BASE 
-./​bin/​startup.sh"​ >/​opt/​tomcat/​bin/​tomcat-startup.sh 
-  
-# /​opt/​tomcat/​bin/​tomcat-shutdown.sh 
-echo \ 
-"#​!/​bin/​bash -x 
-cd $CATALINA_BASE 
-./​bin/​shutdown.sh"​ >/​opt/​tomcat/​bin/​tomcat-shutdown.sh 
-  
-# /​opt/​tomcat/​bin/​setenv.sh 
-# The Dcom.sun.management lines are just voluntarily,​ in case you want monitor Tomcat 
-# *** Check validity of Xms-Xmx settings in your environment *** 
-echo \ 
-"​CATALINA_OPTS="​-server \ 
- ​-Dcom.sun.management.jmxremote.port=8086 \ 
- ​-Dcom.sun.management.jmxremote.ssl=false \ 
- ​-Dcom.sun.management.jmxremote.authenticate=false \ 
- ​-Djava.security.egd=file:/​dev/​./​urandom -Djava.awt.headless=true \ 
- ​-Xms2g -Xmx2g \ 
- ​-XX:​+UseG1GC \ 
- ​-XX:​+UseStringDeduplication \ 
- ​-XX:​MaxGCPauseMillis=100 \ 
- "​ >/​opt/​tomcat/​bin/​setenv.sh 
- 
-# make the scripts executable 
-chmod +x /​opt/​tomcat/​bin/​*.sh 
-</​sxh> ​ 
- 
-Add ${catalina.home}/​conf to the common.loader values in the catalina.properties file and modify last two lines of the file to somewhat speed Tomcat startup 
-  
-<​codedoc> ​ 
-vi /​opt/​tomcat/​conf/​catalina.properties 
-</​codedoc>​ 
- 
-<sxh bash> ​ 
-common.loader="​${catalina.base}/​lib","​${catalina.base}/​lib/​*.jar","​${catalina.home}/​lib","​${catalina.home}/​lib/​*.jar","​${catalina.home}/​conf"​ 
-# ...  
-tomcat.util.scan.StandardJarScanFilter.jarsToSkip=*.jar 
-tomcat.util.scan.StandardJarScanFilter.jarsToScan=jstl-*.jar,​spring-webmvc-*.jar,​web_platform-*.jar 
-</​sxh> ​ 
-  
-reload Systemd to load the tomcat9 unit file 
- 
-<codedoc code:​bash>​ 
-systemctl daemon-reload 
-systemctl enable tomcat9.service 
-</​codedoc>​ 
-Start tomcat9 service. This is only to check, if everything goes well 
-<codedoc code:​bash>​ 
-systemctl start tomcat9.service 
-systemctl -l status tomcat9.service 
-</​codedoc>​ 
-Delete all default webapps 
-<codedoc code:​bash>​ 
-systemctl stop tomcat9.service 
-cd /​opt/​tomcat/​webapps 
-rm -rf * 
-</​codedoc>​ 
-  
-Optional: ​ 
-  * change the port of tomcat webserver in case of conflicts 
-  * search for <​Connector port="​8080"​ ... 
-  
-# NOT used in this release 
-<codedoc code:​bash>​ 
-vi /​opt/​tomcat/​conf/​server.xml 
-  
-    <!-- ADUCID AJP options --> 
-    <​Connector port="​8009"​ protocol="​AJP/​1.3"​ enableLookups="​false"​ 
-      acceptCount="​300"​ redirectPort="​8443"​ 
-      keepAliveTimeout="​7000"​ connectionTimeout="​10000"​ URIEncoding="​UTF-8"​ /> 
-  ​ 
-</​codedoc>​ 
- 
-===== Apache ===== 
-==== Software Installation ==== 
-CodeIT Apache 2.4 and related modules 
- 
-Download CodeIT Apache 2.4.25 (NOT NEWER) RPMs from %%https://​repo.codeit.guru/​packages/​centos/​7/​x86_64/​%%. Put them into selected directory (/​root/​apache/​CodeIT) and from it yum localinstall one module after another, to prevent installation from external repositories. 
- 
-Except for modules libnghttp2 and apr-util. They will be downloaded from the epel-release repository. 
- 
-<codedoc code:​bash>​ 
-cd ~ 
-mkdir -p apache/​CodeIT 
-cd apache/​CodeIT 
- 
-wget ~~codedoc:​clean:​https:​~~//​repo.codeit.guru/​packages/​centos/​7/​x86_64/​apr-1.5.2-1.el7.codeit.x86_64.rpm 
-wget ~~codedoc:​clean:​https:​~~//​repo.codeit.guru/​packages/​centos/​7/​x86_64/​httpd-2.4.25-3.el7.codeit.x86_64.rpm 
-wget ~~codedoc:​clean:​https:​~~//​repo.codeit.guru/​packages/​centos/​7/​x86_64/​httpd-filesystem-2.4.25-3.el7.codeit.noarch.rpm 
-wget ~~codedoc:​clean:​https:​~~//​repo.codeit.guru/​packages/​centos/​7/​x86_64/​httpd-tools-2.4.25-3.el7.codeit.x86_64.rpm 
-wget ~~codedoc:​clean:​https:​~~//​repo.codeit.guru/​packages/​centos/​7/​x86_64/​mod_ssl-2.4.25-3.el7.codeit.x86_64.rpm 
-  
-yum -y localinstall apr-1.5.2-1.el7.codeit.x86_64.rpm 
-yum -y localinstall httpd-filesystem-2.4.25-3.el7.codeit.noarch.rpm 
-yum -y localinstall httpd-tools-2.4.25-3.el7.codeit.x86_64.rpm 
-yum -y localinstall httpd-2.4.25-3.el7.codeit.x86_64.rpm 
-yum -y localinstall mod_ssl-2.4.25-3.el7.codeit.x86_64.rpm 
-  
-rpm -qa | grep codeit 
-# you should see this: 
-httpd-tools-2.4.25-3.el7.codeit.x86_64 
-apr-1.5.2-1.el7.codeit.x86_64 
-mod_ssl-2.4.25-3.el7.codeit.x86_64 
-httpd-filesystem-2.4.25-3.el7.codeit.noarch 
-httpd-2.4.25-3.el7.codeit.x86_64 
-  
-rpm -qa | grep http2 
-# you should see this: 
-libnghttp2-1.31.1-1.el7.x86_64 
-</​codedoc>​ 
- 
-==== System variables setting ==== 
-  
-<codedoc code:​bash>​ 
-vi /​usr/​lib/​systemd/​system/​httpd.service 
-</​codedoc>​ 
- 
-Modify file commenting out the Environment line and add the next one: 
-<sxh bash; highlight: [7,​8]> ​ 
-[Unit] 
-Description=The Apache HTTP Server 
-After=network.target remote-fs.target nss-lookup.target 
- 
-[Service] 
-Type=notify 
-#​Environment=LANG=C 
-EnvironmentFile=/​etc/​sysconfig/​httpd 
- 
-ExecStart=/​usr/​sbin/​httpd $OPTIONS -DFOREGROUND 
-ExecReload=/​usr/​sbin/​httpd $OPTIONS -k graceful 
-# Send SIGWINCH for graceful stop 
-KillSignal=SIGWINCH 
-KillMode=mixed 
-PrivateTmp=true 
- 
-[Install] 
-WantedBy=multi-user.target 
-</​sxh> ​ 
- 
-Modify /​etc/​sysconfig/​httpd 
-    
-<sxh bash> 
-echo '​LANG=C'​ >>/​etc/​sysconfig/​httpd 
-echo '​OPENAAA_PROTOCOL="​aaa"'​ >>/​etc/​sysconfig/​httpd 
-echo '​OPENAAA_HANDLER="/​usr/​local/​bin/​aducid"'​ >>/​etc/​sysconfig/​httpd 
-echo OPENAAA_AUTHORITY=\"​`hostname`\"​ >>/​etc/​sysconfig/​httpd 
-tail -3 /​etc/​sysconfig/​httpd ​ 
-</​sxh> ​ 
- 
- 
-==== Config files settings ====  
- 
-They are in /etc/httpd. 
- 
-<codedoc code:​bash>​ 
-vi /​etc/​httpd/​conf/​httpd.conf 
-</​codedoc>​ 
- 
-<sxh bash; highlight: [4,​9,​17,​20,​21,​22,​23]> ​ 
-### Keep the Include conf.modules.d/​*.conf setting in the file, 
-### but append one line in front of it, so the result will be: 
-# ... 
-Loadfile "/​usr/​lib64/​libssl.so.10"​ 
-Include conf.modules.d/​*.conf 
-# ... 
-  
-### Fill in your DNS server name 
-ServerName your.server.dnsname:​80 
-  
-### Choose desired log level    
-LogLevel info 
- 
-# Supplemental configuration is commented out 
-# 
-# Load config files in the "/​etc/​httpd/​conf.d"​ directory, if any. 
-#​IncludeOptional conf.d/​*.conf 
- 
-# Place these three lines at the end of file 
-TraceEnable Off 
-Include /​opt/​aaa/​conf/​aducid-aaa.conf 
-Include /​opt/​aaa/​conf/​aducid-aim.conf 
-Include /​opt/​aaa/​conf/​aducid-error-pages.conf 
-</​sxh>​ 
-Modules from directory conf.d are **NOT USED**. 
- 
-Modules from directory conf.modules.d:​ some were left intact, some put away, some changed. 
- 
-<codedoc code:​bash>​ 
-cd /​etc/​httpd/​conf.modules.d/​ 
-mv 00-optional.conf 00-optional.conf.xxx 
-mv 00-lua.conf 00-lua.conf.xxx 
-mv 00-dav.conf 00-dav.conf.xxx 
-</​codedoc>​ 
-  
-<sxh bash> ​ 
-cat 00-mpm.conf | grep prefork 
-LoadModule mpm_prefork_module modules/​mod_mpm_prefork.so 
-</​sxh> ​ 
-  
-<sxh bash> 
-echo \ 
-"# This file configures all the proxy modules: 
-LoadModule proxy_module modules/​mod_proxy.so 
-#LoadModule lbmethod_bybusyness_module modules/​mod_lbmethod_bybusyness.so 
-#LoadModule lbmethod_byrequests_module modules/​mod_lbmethod_byrequests.so 
-#LoadModule lbmethod_bytraffic_module modules/​mod_lbmethod_bytraffic.so 
-#LoadModule lbmethod_heartbeat_module modules/​mod_lbmethod_heartbeat.so 
-LoadModule proxy_ajp_module modules/​mod_proxy_ajp.so 
-#LoadModule proxy_balancer_module modules/​mod_proxy_balancer.so 
-#LoadModule proxy_connect_module modules/​mod_proxy_connect.so 
-#LoadModule proxy_express_module modules/​mod_proxy_express.so 
-#LoadModule proxy_fcgi_module modules/​mod_proxy_fcgi.so 
-#LoadModule proxy_fdpass_module modules/​mod_proxy_fdpass.so 
-#LoadModule proxy_ftp_module modules/​mod_proxy_ftp.so 
-LoadModule proxy_http_module modules/​mod_proxy_http.so 
-#LoadModule proxy_hcheck_module modules/​mod_proxy_hcheck.so 
-#LoadModule proxy_scgi_module modules/​mod_proxy_scgi.so 
-#LoadModule proxy_wstunnel_module modules/​mod_proxy_wstunnel.so"​ > 00-proxy.conf ​ 
-</​sxh> ​ 
-  
-<codedoc code:​bash>​ 
-vi 00-base.conf 
-</​codedoc>​ 
- 
-<sxh bash; highlight: [9]> ​ 
-echo \ 
-"# 
-# This file loads most of the modules included with the Apache HTTP 
-# Server itself. 
-# 
-  
-# This module is substantional 
-# as it communicates with other ADUCID non-Apache components 
-  
-LoadModule authnz_ssl_module /​usr/​lib64/​openaaa/​modules/​mod_authnz_ssl.so 
-  
-# other modules as you like/need 
-LoadModule access_compat_module modules/​mod_access_compat.so 
-#LoadModule actions_module modules/​mod_actions.so 
-LoadModule alias_module modules/​mod_alias.so 
-#LoadModule allowmethods_module modules/​mod_allowmethods.so 
-#LoadModule auth_basic_module modules/​mod_auth_basic.so 
-#LoadModule auth_digest_module modules/​mod_auth_digest.so 
-#LoadModule authn_anon_module modules/​mod_authn_anon.so 
-LoadModule authn_core_module modules/​mod_authn_core.so 
-#LoadModule authn_dbd_module modules/​mod_authn_dbd.so 
-#LoadModule authn_dbm_module modules/​mod_authn_dbm.so 
-#LoadModule authn_file_module modules/​mod_authn_file.so 
-LoadModule authn_socache_module modules/​mod_authn_socache.so 
-LoadModule authz_core_module modules/​mod_authz_core.so 
-#LoadModule authz_dbd_module modules/​mod_authz_dbd.so 
-#LoadModule authz_dbm_module modules/​mod_authz_dbm.so 
-LoadModule authz_groupfile_module modules/​mod_authz_groupfile.so 
-LoadModule authz_host_module modules/​mod_authz_host.so 
-#LoadModule authz_owner_module modules/​mod_authz_owner.so 
-LoadModule authz_user_module modules/​mod_authz_user.so 
-LoadModule autoindex_module modules/​mod_autoindex.so 
-LoadModule cache_module modules/​mod_cache.so 
-#LoadModule cache_disk_module modules/​mod_cache_disk.so 
-LoadModule cache_socache_module modules/​mod_cache_socache.so 
-LoadModule data_module modules/​mod_data.so 
-#LoadModule dbd_module modules/​mod_dbd.so 
-#LoadModule deflate_module modules/​mod_deflate.so 
-LoadModule dir_module modules/​mod_dir.so 
-#LoadModule dumpio_module modules/​mod_dumpio.so 
-#LoadModule echo_module modules/​mod_echo.so 
-LoadModule env_module modules/​mod_env.so 
-#LoadModule expires_module modules/​mod_expires.so 
-#LoadModule ext_filter_module modules/​mod_ext_filter.so 
-LoadModule filter_module modules/​mod_filter.so 
-LoadModule headers_module modules/​mod_headers.so 
-LoadModule http2_module modules/​mod_http2.so 
-LoadModule include_module modules/​mod_include.so 
-LoadModule info_module modules/​mod_info.so 
-LoadModule log_config_module modules/​mod_log_config.so 
-LoadModule logio_module modules/​mod_logio.so 
-#LoadModule macro_module modules/​mod_macro.so 
-#LoadModule mime_magic_module modules/​mod_mime_magic.so 
-LoadModule mime_module modules/​mod_mime.so 
-LoadModule negotiation_module modules/​mod_negotiation.so 
-#LoadModule remoteip_module modules/​mod_remoteip.so 
-LoadModule reqtimeout_module modules/​mod_reqtimeout.so 
-LoadModule request_module modules/​mod_request.so 
-LoadModule rewrite_module modules/​mod_rewrite.so 
-LoadModule setenvif_module modules/​mod_setenvif.so 
-#LoadModule slotmem_plain_module modules/​mod_slotmem_plain.so 
-#LoadModule slotmem_shm_module modules/​mod_slotmem_shm.so 
-#LoadModule socache_dbm_module modules/​mod_socache_dbm.so 
-LoadModule socache_memcache_module modules/​mod_socache_memcache.so 
-LoadModule socache_shmcb_module modules/​mod_socache_shmcb.so 
-LoadModule status_module modules/​mod_status.so 
-LoadModule substitute_module modules/​mod_substitute.so 
-#LoadModule suexec_module modules/​mod_suexec.so 
-#LoadModule unique_id_module modules/​mod_unique_id.so 
-LoadModule unixd_module modules/​mod_unixd.so 
-#LoadModule userdir_module modules/​mod_userdir.so 
-LoadModule version_module modules/​mod_version.so 
-#LoadModule vhost_alias_module modules/​mod_vhost_alias.so 
-#LoadModule watchdog_module modules/​mod_watchdog.so"​ > 00-base.conf 
-</​sxh>​ 
- 
-==== Further steps ==== 
-**Prepare SSL certificates** 
- 
-Certificates for SSL communication (like other parameters of SSL/TLS communication) need to be set in the file /​opt/​aaa/​conf/​aducid-aaa.conf,​ that will be installed during ADUCID software install phase. At this point, just make sure, that you have these certificates ready. 
- 
-Example files: 
- 
-<sxh bash> 
-SSLCertificateFile ​     /​opt/​aaa/​certs/​wild.aducid.com.crt 
-SSLCertificateKeyFile ​  /​opt/​aaa/​certs/​wild.aducid.com.key 
-SSLCertificateChainFile /​opt/​aaa/​certs/​Thawte.CA.Intermediate.SHA256.crt 
-SSLCACertificateFile ​   /​opt/​aaa/​certs/​Thawte.CA.Primary.Root.G3.crt 
-</​sxh>​ 
- 
-**Enable on system startup** 
-<codedoc code:​bash>​ 
-systemctl daemon-reload 
-systemctl enable httpd.service 
-</​codedoc>​ 
  • documentation/server-install-components.1548576158.txt.gz
  • Last modified: 2019/01/27 08:02
  • by mpospisek