Linux Admin: Tomcat - server.xml

Testing Tool:

curl, wget, telnet

Containers

Tomcat refers to Engine, Host, Context, and Cluster, as container. The highest-level is Engine; while the lowest-level is Context. Certain components, such as Realm and Valve, can be placed in a container.

Engine

A Engine is the highest-level of a container. It can contains one or more Hosts. You could configure a Tomcat server to run on several hostnames, known as virtual host.

<Engine name="Catalina" defaultHost="localhost">

The Catalina Engine receives HTTP requests from the HTTP connector, and direct them to the correct host based on the hostname/IP address in the request header.

Realm

A Realm is a database of user, password, and role for authentication (i.e., access control). You can define Realm for any container, such as Engine, Host, and Context, and Cluster.

<Realm className="org.apache.catalina.realm.LockOutRealm">
  <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>

The default configuration defines a Realm (UserDatabaseRealm) for the Catalina Engine, to perform user authentication for accessing this engine. It uses the JNDI name UserDatabase defined in the GlobalNamingResources.
Besides the UserDatabaseRealm, there are: JDBCRealm (for authenticating users to connect to a relational database via the JDBC driver); DataSourceRealm (to connect to a DataSource via JNDI; JNDIRealm (to connect to an LDAP directory); and MemoryRealm (to load an XML file in memory).

Hosts

A Host defines a virtual host under the Engine, which can in turn support many Contexts (webapps).

<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

The default configuration define one host called localhost. The appBase attribute defines the base directory of all the webapps, in this case, <CATALINA_HOME>\webapps. By default, each webapp's URL is the same as its directory name. For example, the default Tomcat installation provides four webapps: docs, examples, host-manager and manager under the webapps directory. The only exception is ROOT, which is identified by an empty string. That is, its URL is http://localhost:8080/.
The unpackWARs specifies whether WAR-file dropped into the webapps directory shall be unzipped. For unpackWARs="false", Tomcat will run the application from the WAR-file directly, without unpacking, which could mean slower execution.
The autoDeploy attribute specifies whether to deploy application dropped into the webapps directory automatically.

Cluster

Tomcat supports server clustering. It can replicate sessions and context attributes across the clustered server. It can also deploy a WAR-file on all the cluster.

Valve

A Valve can intercept HTTP requests before forwarding them to the applications, for pre-processing the requests. A Valve can be defined for any container, such as Engine, Host, and Context, and Cluster.
In the default configuration, the AccessLogValve intercepts an HTTP request and creates a log entry in the log file, as follows:

<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
       prefix="localhost_access_log." suffix=".txt"
       pattern="%h %l %u %t &quot;%r&quot; %s %b" />

Other valves include:

RemoteAddrValve: which blocks requests from certain IP addresses,
RemoteHostValve: which blocks request based on hostnames,
RequestDumperValve: which logs details of the requests,
SingleSignOn Valve: when placed under a <host>, allows single sign-on to access all the webapp under the host.

Sample of server.xml

<Server port="8006" shutdown="SHUTDOWN" debug="0">
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" debug="0"/>
The GlobalResourcesLifecycleListener enables the global resources, and makes possible the use of JNDI for accessing resources such as databases.
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" debug="0"/>

<GlobalNamingResources>
    
    <Environment name="simpleValue" type="java.lang.Integer" value="30"/>

The <GlobalNamingResources> element defines the JNDI (Java Naming and Directory Interface) resources, that allows Java software clients to discover and look up data and objects via a name.
The default configuration defines a JNDI name called UserDatabase via the <Resource> element, which is a memory-based database for user authentication loaded from "conf/tomcat-users.xml".

    
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml"
       description="User database that can be updated and saved">
    </Resource>
</GlobalNamingResources>

<Service name="portal">
    
    <Connector port="80"
               maxThreads="150"
               minSpareThreads="25"
               maxSpareThreads="75"
               enableLookups="false"
               acceptCount="100"
               debug="0"
               connectionTimeout="2000"
               disableUploadTimeout="true"
               compression="on"
               address="172.16.95.150"/>
     
     <Connector port="443"
                keystoreFile="/root/certificates/fams2012.p12"
                keystorePass="Fortinet0511#"
                keystoreType="PKCS12"
                SSLEnabled="true"
                maxThreads="150"
                minSpareThreads="25"
                enableLookups="false"
                disableUploadTimeout="true"
                scheme="https"
                secure="true"
                connectionTimeout="2000"
                clientAuth="false"
                maxKeepAliveRequests="20"
                sslProtocol="TLS"
                address="172.16.95.150"
                restrictedUserAgents="^.*MS Web Services Client Protocol.*$"/>

     
     <Connector port="443"
                keystoreFile="/root/certificates/fmz1.p12"
                keystorePass="fortinet123"
                keystoreType="PKCS12"
                SSLEnabled="true"
                maxThreads="150"
                minSpareThreads="25"
                enableLookups="false"
                disableUploadTimeout="true"
                scheme="https"
                secure="true"
                connectionTimeout="2000"
                clientAuth="false"
                maxKeepAliveRequests="20"
                sslProtocol="TLS"
                address="172.16.95.155"
                restrictedUserAgents="^.*MS Web Services Client Protocol.*$"/>
    
    <Connector port="8009"
               enableLookups="false"
               redirectPort="443"
               debug="0"
               protocol="AJP/1.3" />
    <Engine name="portal" defaultHost="portal" debug="0">

      
      <Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" timestamp="true"/>
      <Realm className="org.apache.catalina.realm.UserDatabaseRealm" debug="0" resourceName="UserDatabase"/>
      <Host name="portal"
            debug="0"
            appBase="webapps"
            unpackWARs="true"
            autoDeploy="true"
            xmlValidation="false"
            xmlNamespaceAware="false">
        <Logger className="org.apache.catalina.logger.FileLogger" directory="logs" prefix="manager_log." suffix=".txt" timestamp="true"/>
        <Logger className="org.apache.catalina.logger.SystemOutLogger" timestamp="true"/>
        <Context path=""
                 docBase="/usr/local/portal/fams"
                 debug="0"
                 reloadable="true"
                 crossContext="true"
                 allowLinking="true"
                 privileged="true"/>
      </Host>
    </Engine>
</Service>
</Server>

Linux Admin

Pages

Tuesday, 19 March 2013

Tomcat - server.xml