My experience with SGI, Tomcat, and Apache, and IRIX 6.5

Disclaimer
I am Jan Labanowski (jkl@ccl.net) and what follows is my confession,
my deepest and darkest secrets... If you follow my footsteps you may
be doomed forever, so you agree to do it on your own, and do not sue
me, since you were warned.

Help me...
Please help me improve this document, correct errors, and just help.
I do not want you to suffer, like I did, so if you see something wrong,
just let me know. Please... Thanks...

The story...
This is a log of my of installation Apache/Tomcat DSO on some SGI machine
running IRIX:

% uname -a
IRIX64 voyager 6.5 01101245 IP27

which was not a first priority as maintenance is concerned.
I do not know IRIX at all, so your comments/corrections/improvements
to this document would be greatly appreciated. For me, the IRIX simply does not
work like it should (but it is probably my lack of experience) , and it seems
that open software community does not give a damn either, since many
packages just do not compile without a lot of massaging. For this reason,
I was using installation packages as much as I could.

This memo was originally written around Apr 17, 2001

The UNIX commands are in italic. It assumed that you will just grab them
with the mouse and paste them in your xterm...

Few terms:
Apache -- the Web Server
DSO -- Dynamic Shared Object (additional modules can be added/updated
to Apache without the need to recompile the whole thing, similar
to shared libraries, but DSO modules are not only called, but
can also call routines within Apache)

MM -- memory management or something like that - an add-on to Apache
and its modules to communicate via shared memory rather than files
(faster).

SSL -- Secure Socket Layer - the encryption and certificate package which
works with Apache

Tomcat -- the Java Server Pages (JSP) and Servlet container which uses the
Java Servlets spec 2.2, and the JSP spec 1.1.
It is still being actively developed and has some "features".

You may want to read my FAQ on Tomcat 3.1 beta 1. since it will be
easier to follow this installation log. It is available at:
http://www.ccl.net/cca/software/UNIX/apache/tomcat3.1b1-faq.html

Under This Link you will find copies of tardist
and tar.gz files which are retrieved for this installation, unless they
are copyrighted/something/crypto-munition, and I am not allowed to share them
with you. Just right click on them and do "Save As".

Getting Java JDK
The default shell for root was tcsh (again, I am not the sysadmin of this box).
I changed it to sh by typing

sh
.
default path for root was:
/usr/sbin:/usr/bsd:/sbin:/usr/bin:/etc:/usr/etc:/usr/bin/X11:/usr/express/bin/sg6
but there was a lot of strange links in /sbin and /usr/sbin like:
gcc was linked as /usr/sbin/gcc rather than /usr/bin/gcc,
or /usr/sbin/gunzip rather than /usr/bin/gunzip, etc...
The regular development software was linked within /usr/sbin and /sbin
directories for some reason).
I had to rearrange the path. My path was:

PATH=/usr/local/bin:/usr/freeware/bin:/usr/gnu/bin
PATH=${PATH}:/usr/bin:/usr/sbin:/usr/bsd:/sbin:/usr/bin/X11:
PATH=${PATH}:/usr/express/bin/sg6
export PATH

Then, I checked if I need Java:

showprods | grep java

Java 1.2 is fine, you do not have to have 1.3. If you do not have Java
you need to get it from SGI Web site. To get it, you need to register
(unless you already did). To register, you need your SGI box serial
number.

1) My machine was Onyx2. To get serial number, you need to do:

sysinfo -vv | cut -d" " -f2

which prints something like:

K0065abc

2) Go to a page: http://www.sgi.com/products/evaluation/6.x_java2_1.3/
You may need to register to SurfZone (there is a link there).
Click on Install at the bottom. Then you will be sent to another page
Where you will "ACCEPT" terms and conditions. On the next page
you can either save the distribution to install it later swmgr or
inst as I did (I right clicked on Install "java_eoe & java_dev"
and chose "Save link as:" in /tmp/6.x_java2_eoedev_1.3.tardist) or you
can just click with a left mouse button and swmgr will be called
automatically. Since I will be installing the thing on more machines
it is nice to have a tardist file around rather then download it
many times.

3) Install Java as:

mkdir /usr/freeware/java1.3
cd /usr/freeware/java1.3
mv /tmp/6.x_java2_eoedev_1.3.tardist .
tar xvf 6.x_java2_eoedev_1.3.tardist
inst
install *
go
quit

This should put the stuff in /usr/java (BTW, I hate the choice of location).
Of course you can change the location with "inst -r target", but then
your /var/inst is messed up. and does not know about it. It is convenient
to have different versions of Java around, but SGI does not know about it.

4) Install other stuff (SSL and CRYPTO):
I set the environment:

JAVA_HOME=/usr/java
export JAVA_HOME
PATH=${PATH}:${JAVA_HOME}/bin
export PATH

CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
export CLASSPATH

Got jce-1_2_1.zip from SUN: http://www.javasoft.com/products/jce/
and placed it in /usr/local/JCE

cd /usr/local/JCE
unzip jce-1_2_1.zip
cp -p /usr/local/JCE/jce1.2.1/lib/*.jar ${JAVA_HOME}/jre/lib/ext
CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jce1_2_1.jar
export CLASSPATH

Then edited ${JAVA_HOME}/jre/lib/security/java.security and added a line:

security.provider.3=com.sun.crypto.provider.SunJCE

after similar lines which were there.

Got jsse-1_0_2-do.zip from SUN: http://java.sun.com/products/jsse/
and placed it in /usr/local/jsse.

cd /usr/local/jsse
unzip jsse-1_0_2-do.zip
cp -p /usr/local/jsse/jsse1.0.2/lib/*jar $JAVA_HOME/jre/lib/ext
CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jcert.jar
CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jnet.jar
CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jsse.jar
export CLASSPATH

and edited $JAVA_HOME/jre/lib/security/java.security and added a line:

security.provider.4=com.sun.net.ssl.internal.ssl.Provider

Installing important tools which I cannot live without...

Before you install anything, you check if you have it first, like

showprods | grep something

and if this is not showing anything, maybe it was not installed via
swmgr/inst and you need to check it with a plain:

which something

whereis something

Note... All things below assume that I am running sh, with the above
PATH as a root. If you log out, you need to come back here,
log in as root, type sh, and set the PATH. The PATH in your case may not need
to be so strange, but in my case it has to since otherwise I would be accessing
some old stuff installed on this machine ages ago, which simply does not work.

When I looked into the /usr/gnu/bin, the machine did not have basic
tools installed. i.e., no gmake, no gtar, etc...

I decided to place all the needed packages/executables in /usr/freeware
or in /usr/local/bin (this directory was not present on the machine).

The stuff which is compiled from source, I usually installed in /usr/local/xxx
while the freeware which was installed with "inst" was installed routinely
in /usr/freeware/bin, /usr/freeware/lib, /usr/freeware/include. So remember
look there for goodies. I also did not delete the distribution packages
or tar archives from the disk, since I may need them later, as I will be
installing this on another machine, and it is just easier to scp on local
network rather than download it from remote sites.

Installing wget
I started from downloading the wget from
ftp://ftp.cis.ohio-state.edu/mirror/gnu/wget/ and
then installed it like:

cd /usr/freeware/
mkdir wget
cd wget
ftp ftp.cis.ohio-state.edu
Name: anonymous
Login: jkl
cd mirror/gnu/wget
binary
get wget-1.6.tar.gz
quit

Then, I unpacked it the old fashioned way (there was no gtar on the machine):

cd /usr/freeware/wget
gunzip wget-1.6.tar.gz
tar xvf wget-1.6.tar

Then I built the wget (a command line web retrieval utility) as:

cd /usr/freeware/wget/wget-1.6
./configure
make
make install

which installed wget in /usr/local/bin and also created /usr/local/etc

Installing Gnu Tar
From the ftp://ftp.cis.ohio-state.edu/mirror/gnu/" (but you may
find closer mirror from http://www.gnu.org)
I retrieved tar-1.13.tar.gz. Then I installed it as:

mkdir /usr/freeware/gtar
cd /usr/freeware/gtar
gunzip tar-1.13.tar.gz
tar xvf tar-1.13.tar
cd tar-1.13
./configure
make
make check
make install

which put it in /usr/local/bin.

Installing gmake
Then I installed gmake:

mkdir /usr/freeware/gmake
cd /usr/freeware/gmake
wget ftp://ftp.cis.ohio-state.edu/mirror/gnu/make/make-3.79.1.tar.gz
tar zxvf make-3.79.1.tar.gz # note, the GNU tar is in my path now
cd make-3.79.1
./configure
make
make check
make install

which installed make to /usr/local/bin.

Installing unzip
Then I installed unzip

mkdir /usr/freeware/unzip
cd /usr/freeware/unzip
wget http://freeware.sgi.com/Dist/fw_unzip-5.40.tardist
tar xvf fw_unzip-5.40.tardist
inst -f .
instal *
go
quit

Installing emacs
Then I installed emacs, since this is my editor of choice.
I went to http://freeware.sgi.com/index-by-alpha.html and
retrieved it:

mkdir /usr/freeware/emacs
cd /usr/freeware/emacs
wget http://freeware.sgi.com/Dist/fw_xemacs-21.1.10.tardist
tar xvf fw_xemacs-21.1.10.tardist
inst -f .
go

But it barked at me:

fw_xemacs.xemacs.eoe cannot be installed because of missing prerequisites:
1a. Do not install fw_xemacs.xemacs.eoe (1236615220)
1b. Also install fw_gdbm.sw.lib (1236359920 - 1239999900),
fw_libjpeg.sw.lib (1235274920 - 1239999900), fw_libpng.sw.lib
(1236359820 - 1239999900), fw_libxpm.sw.lib (1235275020 -
1239999900), fw_libz.sw.lib (1235723320 - 1239999900) and
fw_tiff.sw.lib (1235509620 - 1239999900) from an additional
distribution -- insert another CD or specify another software
distribution.

so I installed needed pieces:
gdbm -- gnu UNIX database

mkdir /usr/freeware/gdbm
cd /usr/freeware/gdbm
wget http://freeware.sgi.com/Dist/fw_gdbm-1.8.0.tardist
tar xvf fw_gdbm-1.8.0.tardist
inst -f .
go
quit

libjpeg -- library for JPEGs

mkdir /usr/freeware/libjpeg
cd /usr/freeware/libjpeg
wget http://freeware.sgi.com/Dist/fw_libjpeg-6b.tardist
tar xvf fw_libjpeg-6b.tardist
inst -f .
go
quit

libxpm -- xpm images library

mkdir /usr/freeware/libxpm
cd /usr/freeware/libxpm
wget http://freeware.sgi.com/Dist/fw_libxpm-3.4k.tardist
tar xvf fw_libxpm-3.4k.tardist
inst -f .
go
quit

libz -- compression library

mkdir /usr/freeware/libz
cd /usr/freeware/libz
wget http://freeware.sgi.com/Dist/fw_libz-1.1.3.tardist
tar xvf fw_libz-1.1.3.tardist
inst -f .
go
quit

tiffutils -- TIFF image library

mkdir /usr/freeware/tiffutils
cd /usr/freeware/tiffutils
wget http://freeware.sgi.com/Dist/fw_tiff-v3.4beta037.tardist
tar xvf fw_tiff-v3.4beta037.tardist
inst -f .
go
quit

libpng -- png image library

mkdir /usr/freeware/libpng
cd /usr/freeware/libpng
wget http://freeware.sgi.com/Dist/fw_libpng-1.0.6.tardist
tar xvf fw_libpng-1.0.6.tardist
inst -f .
go
quit

and then tried again to install emacs

cd /usr/freeware/emacs
inst -f .
go
quit
mkdir /usr/freeware/gnu-emacs
cd /usr/freeware/gnu-emacs
wget http://freeware.sgi.com/Dist/fw_gnu-emacs-20.7.tardist
tar xvf fw_gnu-emacs-20.7.tardist
inst -f .
go
quit

Installing SSH -- secure shell
I tried to install binary distribution of OpenSSH from
http://freeware.sgi.com/Dist/fw_openssh-2.3.0p1.tardist
but it needed many libraries... Since this is academic site,
I could use the original ssh (if you are commercial, you cannot use it,
I believe, without paying).

cd /usr/freeware
mkdir ssh
cd /usr/freeware/ssh
wget ftp://ftp.sbs.de/pub/security/ssh/ssh-1.2.31.tar.gz
tar zxvf ssh-1.2.31.tar.gz
cd ssh-1.2.31
./configure
make
make install

It installs the ssh in /usr/local/bin, and sshd in /usr/local/sbin.

Then installed script run-sshd in /etc/init.d to make sshd (SSH demon)
start up at boot. To make it start sshd server daemon on boot, I linked
the script in /etc/rc2.d

cd /etc/init.d
chmod 755 run-sshd
cd /etc/rc2.d
ln -s ../init.d/run-sshd S98run-sshd

Installed latest zlib (compression routines)

mkdir /usr/freeware/zlib
cd /usr/freeware/zlib
wget ftp://ftp.info-zip.org/pub/infozip/zlib/zlib.tar.gz
tar zxvf zlib.tar.gz
cd zlib-1.1.3
./configure
make
make test
make install

It installs libz in /usr/local/lib

Installed newer gcc
Installed new 2.95 gcc, since the current is old (2.8.1)

gcc --version

told me: 2.8.1

mkdir /usr/freeware/gcc
cd /usr/freeware/gcc
wget http://freeware.sgi.com/Dist/fw_gcc-2.95.2-sgipl1.tardist
tar xvf fw_gcc-2.95.2-sgipl1.tardist
inst -f .
go

Installed new openssl
OpenSSL (www.openssl.org) contains all needed routines to do SSL secure
sockets.

mkdir /usr/freeware/openssl
cd /usr/freeware/openssl
wget http://freeware.sgi.com/Dist/fw_openssl-0.9.6.tardist
tar xvf fw_openssl-0.9.6.tardist
inst -f .
go
quit

It installed them in /usr/freeware/lib, /usr/freeware/bin,
/usr/freeware/include/openssl

Upgrading perl
The perl was old (5.004_04) so I got the newer one.

mkdir /usr/freeware/perl
cd /usr/freeware/perl
wget http://freeware.sgi.com/Dist/fw_perl-5.005_03.tardist
tar xvf fw_perl-5.005_03.tardist
inst -f .
go
quit

Installing Apache
I tried to install the latest stable Apache (1.3.19) from sources, but
it did not work. I was getting the error:

gcc -I/usr/freeware/apache-1.3.19/mm-1.1.3 -I./os/unix -I./include \
-DIRIX -DMOD_SSL=208102 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT \
-I./lib/expat-lite -fpic -DSHARED_CORE `./apaci` \
-L/usr/freeware/apache-1.3.19/mm-1.1.3/.libs \
-o libhttpd.ep -DSHARED_CORE_TIESTATIC main/http_main.c \
-L. -lhttpd -lmm
ld32: WARNING 84 : ./libhttpd.so is not used for resolving any symbol.
ld32: ERROR 33 : Unresolved text symbol "ap_main" -- 1st referenced by /var/tmp/ccBRwCce.o.
Use linker option -v to see when and which objects, archives and dsos are loaded.
ld32: ERROR 33 : Unresolved text symbol "ap_validate_password" -- 1st referenced by /var/tmp/ccBRwCce.o.
Use linker option -v to see when and which objects, archives and dsos are loaded.
ld32: ERROR 33 : Unresolved text symbol "XML_ErrorString" -- 1st referenced by /var/tmp/ccBRwCce.o.
Use linker option -v to see when and which objects, archives and dsos are loaded.
ld32: INFO 152: Output file removed because of error.
collect2: ld returned 2 exit status
make[2]: *** [libhttpd.ep] Error 1
make[2]: Leaving directory `/usr/freeware/apache-1.3.19/apache_1.3.19/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/usr/freeware/apache-1.3.19/apache_1.3.19'
make: *** [build] Error 2

I pretty much have an idea what is the problem (the #define for IRIX is
probably missing), but I did not have time to chase this. It seems like
Apache team no longer supports IRIX 6.5, which is probably sensible
in view of latest SGI directions. I removed previous installation of
Apache.

inst
remove fw_apache
go
quit

and then installed 1.3.14 from freeware site:

mkdir /usr/freeware/apache-1.3.14
cd /usr/freeware/apache-1.3.14
wget http://freeware.sgi.com/Dist/fw_apache-1.3.14.tardist
tar xvf fw_apache-1.3.14.tardist
inst -f .
install * # or step and chose all "i" for install)
go
quit

This installed apache to /usr/freeware/apache. The directories are
bin -- auxiliary programs: dbmmanage, htdigest, htpasswd
etc -- config files and SSL certificates
include -- the include files for apache if you want to compile additional
modules
libexec -- where the DSO modules are
sbin -- apache binary, apxs script, and startup script apachectl
share -- the web contents
var -- log, cache files, pid file, etc.

Installing Tomcat 3.2.1

I downloaded needed binaries and sources of tomcat:

mkdir /usr/freeware/jakarta-tomcat
cd /usr/freeware/jakarta-tomcat
wget http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.2.1/bin/jakarta-servletapi-3.2.tar.gz
wget http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.2.1/bin/jakarta-tomcat-3.2.1.tar.gz
tar zxvf jakarta-servletapi-3.2.tar.gz
tar zxvf jakarta-tomcat-3.2.1.tar.gz
wget http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.2.1/src/jakarta-tomcat-3.2.1-src.tar.gz
tar zxvf jakarta-tomcat-3.2.1-src.tar.gz

Then I edited jk_pool.h and added IRIX #define.

cd /usr/freeware/jakarta-tomcat/jakarta-tomcat-3.2.1-src/src/native/jk

edited jk_pool.h and and added around line 92

#elif defined(IRIX)
typedef long long jk_pool_atom_t;

Then I compiled mod_jk module for Apache:

cd /usr/freeware/jakarta-tomcat/jakarta-tomcat-3.2.1-src/src/native/apache1.3
JAVA_HOME=/usr/java
export JAVA_HOME
/usr/freeware/apache/sbin/apxs -o mod_jk.so -DIRIX -I../jk \
-I${JAVA_HOME}/include -I${JAVA_HOME}/include/irix -c *.c ../jk/*.c

cp mod_jk.so /usr/freeware/apache/libexec

cd /usr/freeware/jakarta-tomcat

Created a small file called my_env and made it executable:

chmod 755 my_env

Whenever I wanted to refresh my environment (e.g., after logging out), I ran

. my_env

Then I had to change server.xml for tomcat, since default apache came
with port 8080 and I would have port conflict.

cd $TOMCAT_HOME
cd conf
mkdir orig
cp -p * orig

Edited server.xml and changed port 8080 to 7080 in HTTP connector
Then I started tomcat standalone

cd $TOMCAT_HOME/bin
startup.sh

I checked if the URL:
http://my.machine.edu:7080
works and executed few examples. It worked...
But this is not the way to do it, to execute tomcat as root!!! So I did

cd $TOMCAT_HOME/bin
shutdown.sh

Now... The tomcat should be some innocuous user which cannot do much
harm. But the Tomcat needs a shell, and cannot be a nobody.
I created user tomcat with uid and gid 60002
In /etc/group:

tomcat:*:60002:

and in /etc/passwd

tomcat:x:60002:60002:SVR4 tomcat uid:/usr/people/tomcat:/bin/sh

Then I also added tomcat to /etc/shadow file and set the password with

passwd tomcat

Then, I created home directory for tomcat user:

mkdir /usr/people/tomcat
chown tomcat /usr/people/tomcat
chgrp tomcat /usr/people/tomcat

Then, I changed ownership tomcat stuff to tomcat

cd $TOMCAT_HOME
chown -R tomcat .
chgrp -R tomcat .

and in /usr/people/tomcat I placed the my_env file from above as:
.profile:

cp $JAKARTA_HOME/my_env /usr/people/tomcat/.profile
chown tomcat /usr/people/tomcat/.profile
chgrp tomcat /usr/people/tomcat/.profile

Then, I became tomcat and check if it starts OK under new identity:

su - tomcat
cd $TOMCAT_HOME/bin
./startup.sh

It actually did.

Configuring the Apache/Tomcat ZOO...
Rather than giving you the step by step history of my editing files,
I will just include the final versions of the configuration files.
Before I actually messed with the files, I saved the originals:

cd $TOMCAT_HOME/conf
mkdir orig
cp -p * orig
cd /usr/freeware/apache/etc
tar zxvf ../etc-orig.tgz .

My config files are given here:
$TOMCAT_HOME/conf/mod_jk.conf

$TOMCAT_HOME/conf/workers.properties

$TOMCAT_HOME/conf/server.xml

$TOMCAT_HOME/bin/startup.sh

$TOMCAT_HOME/bin/tomcat.sh

$TOMCAT_HOME/bin/shutdown.sh

$TOMCAT_HOME/bin/jspc.sh

/usr/freeware/apache/etc/httpd.conf

Note that mod_jk.conf has the Tomcat contexts protected by id/password
with Apache Basic Authentication (look up the /examples for example).
To be able to access the servlets/JSPs you need to create two files:
/usr/freeware/apache/etc/htpasswd and /usr/freeware/apache/etc/htgroup
You need to read about it, but for testing you can get away with
files which contain one line:

/usr/freeware/apache/etc/htpasswd contains a line:
guest:abvyhtC1vX8PI

and /usr/freeware/apache/etc/htgroup contains a line:
demo: guest

The abvyhtC1vX8PI is encrypted guest, i.e., to log in you enter guest
for User Id and Password.

I tried if things work by starting first the tomcat (as user tomcat, not
a root!!!), and the apache as user root.

# I am root
su - tomcat
# I am tomcat
$TOMCAT_HOME/bin/startup.sh
exit
# I am root again
/usr/freeware/apache/sbin/apachectl startssl

I tried my URLs

http:/my.machine.edu:8080/examples # tomcat stuff seen via apache HTTP
https:/my.machine.edu/examples # tomcat stuff seen via apache with HTTPS
http:/my.machine.edu:7080/examples # tomcat stuff seen directly HTTP

It worked, so I took the stuff down as:

# I am root
/usr/freeware/apache/sbin/apachectl stop
su - tomcat
# I am tomcat
$TOMCAT_HOME/bin/shutdown.sh
exit
# I am root again

Creating Certificates
To have a real certificate, go to one of the Certificate Authorities,
read their web site, pay them money, and you will have known.
Just to create home made, self signed certificates, I used the following
procedure.

Created a /usr/freeware/apache/etc/Makefile.
It uses openssl and some tricks to create selfsigned certificate for the
Apache Web Server. Then I used the file to create certificates as follows
(if make does not work for you, use gmake):

RANDFILE=/var/adm/SYSLOG
export RANDFILE
cd /usr/freeware/apache/etc
mdkir certificates-01.04.17:20:20
mv ssl* certificates-01.04.17:20:20
mkdir ssl.key
mkdir ssl.csr
mkdir ssl.crt
make genkey # will ask you for password
# Then, you will need to "unpassword" the keys
# or you would have problems to start apache at boot time (it would
# ask for the password)
openssl rsa -in ssl.key/server.key -out ssl.key/server.key.unsecure
cp ssl.key/server.key.unsecure ssl.key/server.key
make certreq # make certificate request
make testcert # make selfsigned test certificate

I have a screen dump here.
For new certificates to take effect you need to restart Apache.

Tools to start/stop apache/tomcat combination
I created the apache-tomcat script which
starts both Apache and Tomcat. It expects that there is user tomcat, and
that the tomcat.sh script (called by the startup.sh script) writes
a file which contains the PID (process Id number) of the tomcat process.
The tomcat.sh script takes it from the $! shell variable and dumps it to
the file. You need to edit the script and modify file locations, etc.
to suit your particular needs. You now can start the Apache Tomcat
combination by logging as root and:

cd /usr/freeware/apache/sbin
./apache-tomcat start

and stop them by:

cd /usr/freeware/apache/sbin
./apache-tomcat stop

Note... The apache-tomact script also redirects all stderr and stdout
to the file $TOMCAT_HOME/logs/t3.2_jk.. This is where you will see
all your debug output JSP when you do:

System.out.println("myvar value is "+myvar);

System.err.println("myvar value is "+myvar);

in your servlets or JSPs. When something does not work, always look at:

$TOMCAT_HOME/logs/t3.2_jk

which in our case is:

/usr/freeware/jakarta-tomcat/jakarta-tomcat-3.2.1/logs/t3.2_jk

Now, the problem with setup is that you have to be a root to start/stop
apache/tomcat combination. To make it possible to start/stop apache/tomcat
by people without the need for logging as root, I created a setuid wrappers
for the apache-tomcat script, apache_start.c and apache_stop.c,
respectively. You need to compile them:

gcc -o apache_start apache_start.c
gcc -o apache_stop apache_stop.c

which will result in two executables: apache_start and apache_stop to
be created. Now, typing:

./apache_start

to start apache/tomcat is equivalent to typing:

./apache-tomcat start

Similarly, entering

./apache_stop

will stop apache/tomcat the same way the:

./apache-tomcat stop

does. You still need to be a root to execute these wrapper commands.
But you can make them to execute as root by changing their ownership to root
and setting their SUID bit even when they were executed by a regular user.

chown root apache_start apache_stop
chgrp root apache_start apache_stop
chmod ug+s apache_start apache_stop

Now, any mortal (i.e., anyone who can log in to the machine, i.e., the
"regular user") can start or stop the apache/tomcat combination by
executing /usr/freeware/apache/sbin/apache_start and
/usr/freeware/apache/sbin/apache_stop commands, respectively.
But maybe you do not want it? Maybe you want only a select group of
people to execute these commands? There are many ways to do it.
One, would be to modify the wrappers, to check if the user who
starts them belongs to a specific group or is on the list.
I used a simpler way. I put these commands in a special directory, which
is only accessible by root and group "tomcat". I also added the chosen
few to the group tomcat in the file /etc/group. The line there was:

tomcat:*:60002:tomcat,kenf,jkl

i.e., the group consists of users tomcat, kenf, and jkl. Then I made the
following things:

cd /usr/freeware/apache/sbin
mkdir up-down
chown root up-down
chgrp tomcat up-down
chmod 750 up-down
mv apache_start apache_stop up-down

Now, when you are a chosen one, you start apache/tomcat by executing:

/usr/freeware/apache/sbin/up-down/apache_start

and stop apache/tomcat by executing

/usr/freeware/apache/sbin/up-down/apache_stop

Now, to save typing, you can make the links in directories which are
always in the PATH, say:

cd /usr/bin
ln -s /usr/freeware/apache/sbin/up-down/apache_stop apache_stop
ln -s /usr/freeware/apache/sbin/up-down/apache_start apache_start

and then, the authorized people will be able to start and stop apache with:

apache_start
apache_stop

If you are not a member of group tomcat, you will not be allowed to access
anything under the up-down directory and it will bark:

/usr/freeware/apache/sbin/up-down/apache_stop - Permission denied

To make sure that things run hapilly, you can always do:

ps -ef | egrep 'httpd|tomcat'

To make it easier for people, I actually added a status option to
the apache-tomcat. I also created a wrapper around it apache_status.c
and compiled, and moved it to the up-down directory as described above for
the others, with a difference that it does not need to be SUID:

cd /usr/freeware/apache/sbin
gcc -o apache_status apache_status.c
mv apache_status up-down
cd /usr/bin
ln -s /usr/freeware/apache/sbin/up-down/apache_status apache_status

So now to check if Apache and Tomcat is running, you can do:

/usr/freeware/apache/sbin/apache-tomcat status

or, if you are a chosen one among the group tomcat (or a root):

apache_status

Now, you need to make these things start at boot time. This will make it.
case 1)

ls -l /etc/init.d/apache

tells you that there is apache startup/shutdown script in init.d. You do:

cd /etc/init.d
mv apache apache-freeware-original
cp /usr/freeware/apache/sbin/apache-tomcat apache

case 2)
There is no /etc/init.d/apache file. You need to make also links:

cd /etc/init.d
cp /usr/freeware/apache/sbin/apache-tomcat apache
cd /etc/rc2.d
ln -s ../apache S90apache

Now, the appeals to those of you who got to the end. Please help me
keep this useful. Please send comments, and especially bug reports,
or corrections to: jkl@ccl.net . Thanks...