特殊:Badtitle/NS100:ApacheTomcat5:修订间差异

来自Ubuntu中文
跳到导航跳到搜索
Wikibot留言 | 贡献
无编辑摘要
Wikibot留言 | 贡献
无编辑摘要
 
(未显示3个用户的11个中间版本)
第1行: 第1行:
{{From|https://help.ubuntu.com/community/ApacheTomcat5}}
{{From|https://help.ubuntu.com/community/ApacheTomcat5}}
{{Languages|UbuntuHelp:ApacheTomcat5}}
{{Languages|UbuntuHelp:ApacheTomcat5}}
 
'''Please do not make any edits to this article.  Its contents are currently under review and being merged with the ''Ubuntu Server Guide''.  To find the Ubuntu Server Guide related to your specific version, please go to:'''
'''https://help.ubuntu.com/ and click on ''Ubuntu Server Guide'''''
This is to help people setup and install Apache Tomcat 5.
This is to help people setup and install Apache Tomcat 5.
Jakarta Tomcat, a Java servlet container, is now part of the Apache family under the name of Apache Tomcat. It can be installed in Ubuntu 6.06 (Dapper Drake) following the steps below.
Jakarta Tomcat, a Java servlet container, is now part of the Apache family under the name of Apache Tomcat. It can be installed in Ubuntu 6.06 (Dapper Drake) following the steps below.
=== Installation ===
=== Installation ===
==== Needed before installing Apache Tomcat ====
==== Needed before installing Apache Tomcat ====
'''Java virtual machine'''
'''Java virtual machine'''
Follow this [[UbuntuHelp:Java|link]] paying attention to download the JDK and not the JRE.
Follow this [[UbuntuHelp:Java|link]] paying attention to download the JDK and not the JRE.
Enable the universe and multiverse repositories
Enable the universe and multiverse repositories
* [[UbuntuHelp:Repositories/CommandLine| I am using Ubuntu server (command line)]]
* [[UbuntuHelp:Repositories/CommandLine| I am using Ubuntu server (command line)]]
* [[UbuntuHelp:AddingRepositoriesHowto| I am using a desktop]]
* [[UbuntuHelp:AddingRepositoriesHowto| I am using a desktop]]
In Ubuntu 6.06, do:
In Ubuntu 6.06, do:
<pre><nowiki>
<pre><nowiki>
sudo apt-get install sun-java5-jdk
sudo apt-get install sun-java5-jdk
</nowiki></pre>
</nowiki></pre>
'''Set Java environment variables'''
'''Set Java environment variables'''
<pre><nowiki>
<pre><nowiki>
第30行: 第21行:
$ export PATH=$PATH:$JAVA_HOME/bin
$ export PATH=$PATH:$JAVA_HOME/bin
</nowiki></pre>
</nowiki></pre>
In Ubuntu 6.06,do:
In Ubuntu 6.06,do:
<pre><nowiki>
<pre><nowiki>
export JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun-1.5.0.06
export JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun-1.5.0.06
</nowiki></pre>
</nowiki></pre>
You may have to change the numbers for updated versions.
You may have to change the numbers for updated versions.
==== Installing Apache Tomcat 5 ====
==== Installing Apache Tomcat 5 ====
<pre><nowiki>
<pre><nowiki>
$ sudo aptitude install tomcat5 tomcat5-admin tomcat5-webapps
$ sudo aptitude install tomcat5 tomcat5-admin tomcat5-webapps
</nowiki></pre>
</nowiki></pre>
(The package <code><nowiki>tomcat5-webapps</nowiki></code> just contains some example applications. It is interesting for developers, but you should omit it on production servers.)
(The package <code><nowiki>tomcat5-webapps</nowiki></code> just contains some example applications. It is interesting for developers, but you should omit it on production servers.)
Depending on your JDK version, you must set (or not) the <code><nowiki>JAVA_HOME</nowiki></code> variable in <code><nowiki>/etc/default/tomcat5</nowiki></code>. The start script tests for a couple of JDKs, but only finds older versions. Probably you must set (the already existing) <code><nowiki>JAVA_HOME</nowiki></code> variable as follows:
Depending on your JDK version, you must set (or not) the <code><nowiki>JAVA_HOME</nowiki></code> variable in <code><nowiki>/etc/default/tomcat5</nowiki></code>. The start script tests for a couple of JDKs, but only finds older versions. Probably you must set (the already existing) <code><nowiki>JAVA_HOME</nowiki></code> variable as follows:
<pre><nowiki>
<pre><nowiki>
JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun
JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun
</nowiki></pre>
</nowiki></pre>
==== Run, Stop, And Restart Apache Tomcat ====
==== Run, Stop, And Restart Apache Tomcat ====
Use the following command to run Apache Tomcat:
Use the following command to run Apache Tomcat:
第63行: 第48行:
$ sudo /etc/init.d/tomcat5 restart
$ sudo /etc/init.d/tomcat5 restart
</nowiki></pre>
</nowiki></pre>
==== Using Tomcat5 ====
==== Using Tomcat5 ====
You can find tomcat up and running (if you have followed the previous steps) at the following ip:
You can find tomcat up and running (if you have followed the previous steps) at the following ip:
<pre><nowiki> 127.0.0.1:8180
<pre><nowiki>
127.0.0.1:8180
</nowiki></pre>
</nowiki></pre>
=== Configuration ===
=== Configuration ===
 
[http://www.coreservlets.com/Apache-Tomcat-Tutorial/#Directory-Listings Configuring & Using Apache Tomcat 6] and [http://www.owasp.org/index.php/Securing_tomcat Securing tomcat] are good external resources about this topic.
[http://www.coreservlets.com/Apache-Tomcat-Tutorial/#Directory-Listings Configuring & Using Apache Tomcat 6] and [http://www.owasp.org/index.php/Securing_tomcat Securing tomcat] are good external resources about this topic.
 
==== Administering Tomcat5 ====
==== Administering Tomcat5 ====
If you have installed also the admin package as listed before you will be able to enter in the administation window only if you edit the file
If you have installed also the admin package as listed before you will be able to enter in the administation window only if you edit the file
第80行: 第60行:
$ /usr/share/tomcat5/conf/tomcat-users.xml
$ /usr/share/tomcat5/conf/tomcat-users.xml
</nowiki></pre>
</nowiki></pre>
and add the following lines for creating new users with admin and manager privilegies as described in Tomcat's main page
and add the following lines for creating new users with admin and manager privilegies as described in Tomcat's main page
<pre><nowiki>
<pre><nowiki>
<role rolename="manager"/>
  <role rolename="manager"/>
<role rolename="admin"/>
  <role rolename="admin"/>
<user username="YOUR USERNAME " password="YOUR PASSWORD" roles="admin,manager"/>
  <user username="YOUR USERNAME " password="YOUR PASSWORD" roles="admin,manager"/>
</nowiki></pre>
</nowiki></pre>
Obviously if you want only one kind of role you've to delete the one you are not interested in. Example only admin
Obviously if you want only one kind of role you've to delete the one you are not interested in. Example only admin
<pre><nowiki>
<pre><nowiki>
<role rolename="admin"/>
  <role rolename="admin"/>
<user username="YOUR USERNAME " password="YOUR PASSWORD" roles="admin"/>
  <user username="YOUR USERNAME " password="YOUR PASSWORD" roles="admin"/>
</nowiki></pre>
</nowiki></pre>
==== Installing new servlet or jsp pages in Tomcat5 ====
==== Installing new servlet or jsp pages in Tomcat5 ====
Using the Tomcat manager included in the installed packages you'll be able to to control your servlet/jsp properly.
Using the Tomcat manager included in the installed packages you'll be able to to control your servlet/jsp properly.
1.Enter in your server (by default 127.0.0.1:8180).
1.Enter in your server (by default 127.0.0.1:8180).
2.Enter in the Tomcat manager page (you find the link on the left) typing username and password chosen in the previous step.
2.Enter in the Tomcat manager page (you find the link on the left) typing username and password chosen in the previous step.
3.Search the section ''Deploy'' and in the field ''WAR or Directory URL''
3.Search the section ''Deploy'' and in the field ''WAR or Directory URL''
type:
type:
<pre><nowiki>
<pre><nowiki>
file://YOUR SERVLET or JSP PAGE DIRECTORY
  file://YOUR SERVLET or JSP PAGE DIRECTORY
</nowiki></pre>
</nowiki></pre>
Usually servlet/jsp pages are located in the directory ''/usr/share/tomcat5/webapps''.
Usually servlet/jsp pages are located in the directory ''/usr/share/tomcat5/webapps''.
==== Tomcat on port 80 ====
==== Tomcat on port 80 ====
If you run Tomcat without a separate web server, but you want it to listen on port 80, then you should redirect port 80 to 8180 with iptables. For this you should create two files:
If you run Tomcat without a separate web server, but you want it to listen on port 80, then you should redirect port 80 to 8180 with iptables. For this you should create two files:
''/etc/network/if-pre-up.d/tomcat5-port80''
''/etc/network/if-pre-up.d/tomcat5-port80''
<pre><nowiki>
<pre><nowiki>
第118行: 第89行:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport http -j REDIRECT --to-ports 8180
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport http -j REDIRECT --to-ports 8180
</nowiki></pre>
</nowiki></pre>
''/etc/network/if-post-down.d/tomcat5-port80''
''/etc/network/if-post-down.d/tomcat5-port80''
<pre><nowiki>
<pre><nowiki>
第125行: 第95行:
iptables -t nat -D PREROUTING -i eth0 -p tcp --dport http -j REDIRECT --to-ports 8180
iptables -t nat -D PREROUTING -i eth0 -p tcp --dport http -j REDIRECT --to-ports 8180
</nowiki></pre>
</nowiki></pre>
They must be executable, but only root should be able to modify them (e.g. use <code><nowiki>chmod 744</nowiki></code>). Please do also adjust your network interface as needed. After restarting the server, you can access Tomcat on port 80 and 8180.
They must be executable, but only root should be able to modify them (e.g. use <code><nowiki>chmod 744</nowiki></code>). Please do also adjust your network interface as needed. After restarting the server, you can access Tomcat on port 80 and 8180.
There are a couple of other possibilities to achieve this goal (see the sections in [http://www.owasp.org/index.php/Securing_tomcat#Using_Port_80 Securing tomcat] and [http://www.coreservlets.com/Apache-Tomcat-Tutorial/#Change-Port Configuring & Using Apache Tomcat 6]). For most situations the given solution should be appropriate. But please pay attention to avoid running Tomcat as root!
There are a couple of other possibilities to achieve this goal (see the sections in [http://www.owasp.org/index.php/Securing_tomcat#Using_Port_80 Securing tomcat] and [http://www.coreservlets.com/Apache-Tomcat-Tutorial/#Change-Port Configuring & Using Apache Tomcat 6]). For most situations the given solution should be appropriate. But please pay attention to avoid running Tomcat as root!
==== Turn of directory listings ====
==== Turn of directory listings ====
For security reasons and to not disturbe guests you might want to turn of directory listings in case of non-existing welcome pages (e.g. if index.html is missing). To do this modify the ''listings'' parameter in <code><nowiki>conf/web.xml</nowiki></code>:
For security reasons and to not disturbe guests you might want to turn of directory listings in case of non-existing welcome pages (e.g. if index.html is missing). To do this modify the ''listings'' parameter in <code><nowiki>conf/web.xml</nowiki></code>:
<pre><nowiki>
<pre><nowiki>
<init-param>
        <init-param>
<param-name>listings</param-name>
            <param-name>listings</param-name>
<param-value>false</param-value>
            <param-value>false</param-value>
</init-param>
        </init-param>
</nowiki></pre>
</nowiki></pre>
 
==== Multiple Instances (JVMs) of Tomcat ====
 
Brian Pontarelli has suggested a very good way to creating and managing multiple instances of tomcat in his blog : http://brian.pontarelli.com/2007/09/17/multiple-tomcat-instances-on-ubuntu/
 
He also has scripts in a googlecode project at: http://code.google.com/p/debian-tomcat-scripts/
They are meant to be for debian, but they should work for Ubuntu also.
==== User friendly error pages in case of a Java exception ====
==== User friendly error pages in case of a Java exception ====
Tomcat shows a stack trace per default, if an uncaught Java exception occurs. It is the task of the web application to adjust the response. The [http://tomcat.apache.org/faq/misc.html#error Tomcat FAQ] gives a hint.
Tomcat shows a stack trace per default, if an uncaught Java exception occurs. It is the task of the web application to adjust the response. The [http://tomcat.apache.org/faq/misc.html#error Tomcat FAQ] gives a hint.
==== Securing Tomcat ====
==== Securing Tomcat ====
When omiting the webapps-package and creating reasonable user accounts, Tomcat is already rather secure as shipped in Ubuntu (most important: it does not run as root) . For further improvements the Open Web Application Security Project (OWASP) has a good [http://www.owasp.org/index.php/Securing_tomcat howto] to secure your Tomcat installation.
When omiting the webapps-package and creating reasonable user accounts, Tomcat is already rather secure as shipped in Ubuntu (most important: it does not run as root) . For further improvements the Open Web Application Security Project (OWASP) has a good [http://www.owasp.org/index.php/Securing_tomcat howto] to secure your Tomcat installation.


[[category:UbuntuHelp]]
[[category:UbuntuHelp]]

2010年5月19日 (三) 17:27的最新版本

{{#ifexist: :ApacheTomcat5/zh | | {{#ifexist: ApacheTomcat5/zh | | {{#ifeq: {{#titleparts:ApacheTomcat5|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:ApacheTomcat5|1|-1|}} | zh | | }}

Please do not make any edits to this article. Its contents are currently under review and being merged with the Ubuntu Server Guide. To find the Ubuntu Server Guide related to your specific version, please go to: https://help.ubuntu.com/ and click on Ubuntu Server Guide This is to help people setup and install Apache Tomcat 5. Jakarta Tomcat, a Java servlet container, is now part of the Apache family under the name of Apache Tomcat. It can be installed in Ubuntu 6.06 (Dapper Drake) following the steps below.

Installation

Needed before installing Apache Tomcat

Java virtual machine Follow this link paying attention to download the JDK and not the JRE. Enable the universe and multiverse repositories

In Ubuntu 6.06, do:

sudo apt-get install sun-java5-jdk

Set Java environment variables

$ export JAVA_HOME="path of your java home"
$ export PATH=$PATH:$JAVA_HOME/bin

In Ubuntu 6.06,do:

export JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun-1.5.0.06

You may have to change the numbers for updated versions.

Installing Apache Tomcat 5

$ sudo aptitude install tomcat5 tomcat5-admin tomcat5-webapps

(The package tomcat5-webapps just contains some example applications. It is interesting for developers, but you should omit it on production servers.) Depending on your JDK version, you must set (or not) the JAVA_HOME variable in /etc/default/tomcat5. The start script tests for a couple of JDKs, but only finds older versions. Probably you must set (the already existing) JAVA_HOME variable as follows:

JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun

Run, Stop, And Restart Apache Tomcat

Use the following command to run Apache Tomcat:

$ sudo /etc/init.d/tomcat5 start

To stop it, use :

$ sudo /etc/init.d/tomcat5 stop

Finally, to restart it, run :

$ sudo /etc/init.d/tomcat5 restart

Using Tomcat5

You can find tomcat up and running (if you have followed the previous steps) at the following ip:

 127.0.0.1:8180

Configuration

Configuring & Using Apache Tomcat 6 and Securing tomcat are good external resources about this topic.

Administering Tomcat5

If you have installed also the admin package as listed before you will be able to enter in the administation window only if you edit the file

$ /usr/share/tomcat5/conf/tomcat-users.xml

and add the following lines for creating new users with admin and manager privilegies as described in Tomcat's main page

  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="YOUR USERNAME " password="YOUR PASSWORD" roles="admin,manager"/>

Obviously if you want only one kind of role you've to delete the one you are not interested in. Example only admin

  <role rolename="admin"/>
  <user username="YOUR USERNAME " password="YOUR PASSWORD" roles="admin"/>

Installing new servlet or jsp pages in Tomcat5

Using the Tomcat manager included in the installed packages you'll be able to to control your servlet/jsp properly. 1.Enter in your server (by default 127.0.0.1:8180). 2.Enter in the Tomcat manager page (you find the link on the left) typing username and password chosen in the previous step. 3.Search the section Deploy and in the field WAR or Directory URL type:

   file://YOUR SERVLET or JSP PAGE DIRECTORY

Usually servlet/jsp pages are located in the directory /usr/share/tomcat5/webapps.

Tomcat on port 80

If you run Tomcat without a separate web server, but you want it to listen on port 80, then you should redirect port 80 to 8180 with iptables. For this you should create two files: /etc/network/if-pre-up.d/tomcat5-port80

#!/bin/sh
[ "$IFACE" == "eth0" ] || exit 0;
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport http -j REDIRECT --to-ports 8180

/etc/network/if-post-down.d/tomcat5-port80

#!/bin/sh
[ "$IFACE" == "eth0" ] || exit 0;
iptables -t nat -D PREROUTING -i eth0 -p tcp --dport http -j REDIRECT --to-ports 8180

They must be executable, but only root should be able to modify them (e.g. use chmod 744). Please do also adjust your network interface as needed. After restarting the server, you can access Tomcat on port 80 and 8180. There are a couple of other possibilities to achieve this goal (see the sections in Securing tomcat and Configuring & Using Apache Tomcat 6). For most situations the given solution should be appropriate. But please pay attention to avoid running Tomcat as root!

Turn of directory listings

For security reasons and to not disturbe guests you might want to turn of directory listings in case of non-existing welcome pages (e.g. if index.html is missing). To do this modify the listings parameter in conf/web.xml:

        <init-param>
            <param-name>listings</param-name>
            <param-value>false</param-value>
        </init-param>

Multiple Instances (JVMs) of Tomcat

Brian Pontarelli has suggested a very good way to creating and managing multiple instances of tomcat in his blog : http://brian.pontarelli.com/2007/09/17/multiple-tomcat-instances-on-ubuntu/ He also has scripts in a googlecode project at: http://code.google.com/p/debian-tomcat-scripts/ They are meant to be for debian, but they should work for Ubuntu also.

User friendly error pages in case of a Java exception

Tomcat shows a stack trace per default, if an uncaught Java exception occurs. It is the task of the web application to adjust the response. The Tomcat FAQ gives a hint.

Securing Tomcat

When omiting the webapps-package and creating reasonable user accounts, Tomcat is already rather secure as shipped in Ubuntu (most important: it does not run as root) . For further improvements the Open Web Application Security Project (OWASP) has a good howto to secure your Tomcat installation.