|
|
Apache+Tomcat 4.0b5 binary install on RH7.1
This is a log of my installation of precompiled Apache DSO
with SSL, MM, and Tomcat 4.0beta5 on RedHat Linux 7.1,
Kernel 2.4.2-2, with updates up to 2001.05.20.
In this case, I am using the Apache server which came with original
RedHat 7.1 Linux distribution rather than compiling Apache from source.
This memo was originally written around Jun 5, 2001
Few terms:
Apache -- the Web Server
DSO -- Dynamic Shared Object (additional modules can be added/updated
to Apache without the need to recompile the whole thing, similar
to shared libraries, but DSO modules are not only called, but
can also call routines within Apache)
MM -- memory management or something like that - an add-on to Apache
and its modules to communicate via shared memory rather than files
(faster).
SSL -- Secure Socket Layer - the encryption and certificate package which
works with Apache
Tomcat -- the Java Server Pages (JSP) and Servlet container which uses the
Java Servlets spec 2.2, and the JSP spec 1.1.
It is still being actively developed and has some "features",
but is quite stable. People complain about mod_jk and
ajp13 occassionally.
You may want to read my FAQ on Tomcat 3.1 beta 1. since it will be
easier to follow this installation log. It is available at:
http://www.ccl.net/cca/software/UNIX/apache/tomcat3.1b1-faq.html
I assume that you will use this document simply by grabbing the UNIX
commands from the browser window, and pasting them into your xterm
or whatever. The Unix commands are in italic.
I assume that you have moderately latest GNU tools (gmake, gzip, etc...)
installed and you also have a recent version of perl installed
( http://www.cpan.org/src/index.html ). These should have come with your RH Linux
distribution.
You can also get the wget utility from
ftp://ftp.gnu.org/pub/gnu/wget/
and install it (it is at ver 1.6 now):
get wget-1.6.tar.gz and move it to directory /usr/local/uploads or
the one you like the most, e.g.; /tmp.
gtar zxvf wget-1.6.tar.gz
cd wget-1.6
./configure
make
make install
and make sure it is in your PATH variable. It is usually installed in
/usr/local/bin by default. But check... Type wget alone on the
command line, and if it tells you that your URL is missing, you are OK.
Be a root... Run ksh or other sh (e.g., bash), but not C-shell.
Install all the updates available for the Linux (e.g., go to
the site: http://rpmfind.net.
When you are installing RH7.1, or later, make sure you have all the glibc
libraries and development versions, and the compatibility glibc.
You will need to run some software which was made for glibc21.
When you run:
rpm -q -a | grep glibc
You should get:
glibc-common-2.2.2-10
glibc-devel-2.2.2-10
glibc-2.2.2-10
compat-glibc-6.2-2.1.3.2
glibc-profile-2.2.2-10
BTW, You also need to read the RELEASE-NOTES (i.e., mount the CD1 from
RH7.1 distribution) and view the: /mnt/cdrom/RELEASE-NOTES file (you
have a choice of English, French, German, Italian, and Japaneese).
It tells you how to use the software which requires older glibc.
1) Install latest (I mean latest, the previous Java's have problems with 2.4
kernel and new glibc) Java 1.3.1 I did:
a) went to http://www.javasoft.com
b) clicked on Products and API on the left bar
c) clicked on Java 2 platform Standard edition J2SE
d) Java 2 SDK Standard Edition v 1.3
e) Linux x86
f) GNUZIP Tar shell script, one large bundle -> [continue]
g) Yes to license [Accept]
h) j2sdk-1_3_1-linux.bin = 26924751 bytes -> FTP download
i) I placed the file j2sdk-1_3_1-linux-i386.bin in:
/usr/local/uploads
j) cd /usr/local/uploads
chmod 755 j2sdk-1_3_1-linux-i386.bin
./j2sdk-1_3_1-linux-i386.bin
k) this produced directory: /usr/local/uploads/jdk1.3.1
I moved this directory :
mv /usr/local/uploads/jdk1.3.1 /usr/local/j2sdk-1_3_1
and then made a link:
ln -s /usr/local/j2sdk-1_3_1 /usr/local/jdk1.3.1
l) set environment variables:
JAVA_HOME=/usr/local/jdk1.3.1
export JAVA_HOME
PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH}
export PATH
CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
export CLASSPATH
3) Installed JCE 1.2.1 Java Cryptography Extension 1.2.1
Go to: http://www.javasoft.com/products/jce/
I did not use J2SE 1.4 beta, so I have to use the JCE separately.
Click on: Download JCE 1.2.1 Software, policy files, and docs
This will get you: jce-1_2_1.zip
mkdir /usr/local/JCE
cd /usr/local/JCE
cp ..../jce-1_2_1.zip .
unzip jce-1_2_1.zip
Then added the security provider to Java:
a) copied JCE jars to lib/ext
cp /usr/local/JCE/jce1.2.1/lib/*.jar /usr/local/jdk1.3.1/jre/lib/ext
CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jce1_2_1.jar
export CLASSPATH
b) edited /usr/local/jdk1.3.1/jre/lib/security/java.security and added
line:
security.provider.3=com.sun.crypto.provider.SunJCE
4) Installed JSSE (JavaTM Secure Socket Extension (JSSE) 1.0.2)
available from http://java.sun.com/products/jsse/
Again, it is integrated with J2SE 1.4 beta, but I am using 1.3.1.
mkdir /usr/local/jsse
with a browser go to: http://java.sun.com/products/jsse/
Click on domestic distribution
Logged in, accepted, continue, answered Yes, Continue,
downloaded jsse-1_0_2-do.zip
cd /usr/local/jsse
cp ..../jsse-1_0_2-do.zip .
unzip jsse-1_0_2-do.zip
I installed the JSSE as "installed extension" for jdk1.3.1 and
copied them to /usr/local/jdk1.3.1/jre/lib/ext directory
($JAVA_HOME/jre/lib/ext):
cp -p /usr/local/jsse/jsse1.0.2/lib/*jar $JAVA_HOME/jre/lib/ext
CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jcert.jar
CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jnet.jar
CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jsse.jar
export CLASSPATH
Then, I registered the provider in $JAVA_HOME/jre/lib/security/java.security
by adding a line:
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
5) If you have apache installed by default from the RH7.1 CD, or if you
installed RH7.1 apache, you can skip the apache installation.
If you installed some other Apache distribution or RPMs, you are on
your own, since IT can be anything anywhere.
My installed packages were:
rpm -q -a | grep apache
apache-devel-1.3.19-5
apache-1.3.19-5
apache-manual-1.3.19-5
apacheconf-0.7-2
rpm -q -a | grep mod_ssl
mod_ssl-2.8.1-5
rpm -q -a | grep mod_perl
mod_perl-1.24_01-2
rpm -q -a | grep openssl
openssl-python-0.9.6-3
openssl-0.9.6-3
openssl-perl-0.9.6-3
openssl095a-0.9.5a-1
openssl-devel-0.9.6-3
If you do not have them, try installing them as:
Put RH7.1 CD Nr 1 to CD DRIVE
mount /mnt/cdrom
cd /mnt/cdrom/RedHat/RPMS
rpm -Uhv apache*
rpm -Uhv mod_ssl* mod_perl* openssl*
If it tells you that some package is already installed, remove it from
the line and try again (e.g., openssl will most likely be installed).
If it tells you that it needs a package (unsolved dependancies), add
the package to the command line and try again.
The RH Apache distribution places the important files in:
/usr/lib/apache -- shared modules
/usr/include/apache -- include files needed for compiling modules
/etc/httpd -- config and authorization files
/usr/sbin/httpd -- executable of httpd
/usr/sbin/apxs -- executable of apxs
/usr/bin/dbmmanage -- to manage database of authorized users
/var/log/httpd -- apache log files
/var/www/icons -- GIFs needed by Apache
/var/www/html -- document root
/var/www/cgi-bin -- cgi bin directory
/usr/share/ssl -- SSL files needed to produce certificates
6) While RH apache comes with the test certificate installed in the
/etc/httpd/conf, you need to produce a new set of self-signed
certificates/keys which have your machine name as "Common Name". Otherwise
the browsers will complain that your certificate name does not match
the actual name of the machine.
My log from Certificate creation is here. What I did was:
cd /etc/httpd/conf
mkdir old-keys
mv ssl* old-keys
mkdir ssl.key
mkdir ssl.csr
mkdir ssl.crt
make genkey
# Then, you will need to "unpassword" the keys
# or you would have problems to start apache at boot time (it would
# ask for the password)
openssl rsa -in ssl.key/server.key -out ssl.key/server.key.unsecure
cp ssl.key/server.key.unsecure ssl.key/server.key
make certreq
make testcert
One thing to remember, is to enter the fully qualified domain name of the
host on which this Apache Web server runs (in my case:
my.server.machine.com) as
the "Common Name".
I then tarred my certificates/keys into a file:
cd /etc/httpd/conf
tar zcvf /usr/local/apache-certificates.tgz ssl*
chmod 600 /usr/local/apache-certificates.tgz
just in case, if I lost them, I can restore original certificates,
without forcing users to go through the Certificate registration
process in their browser.
You can also copy them on the diskette and keep them safely. In my case:
fdformat /dev/fd0H1440
mkfs -t msdos /dev/fd0H1440
and, assuming that you have a line:
/dev/fd0 /mnt/floppy auto noauto,owner 0 0
in your /etc/fstab file, and that the directory /mnt/floppy exists,
you mount it as:
mount /mnt/floppy
then copy your certificates:
cp /usr/local/apache-certificates.tgz /mnt/floppy
Unmount your diskette:
umount /mnt/floppy
and put the diskette in the safe place.
Of course, you could also to it with Mutils, if you have them installed:
mformat -f 1440 a:
mcopy /usr/local/apache-server1-certificates.tgz a:
mdir a:
6) You start Apache with a script which comes with the RPM:
/etc/rc.d/init.d/httpd start
and stop it by:
/etc/rc.d/init.d/httpd stop
To make apache start automatically at boot time:
cd /etc/rc.d/init.d
chkconfig --add httpd
and check if the links for the rc.d* directories were added:
chkconfig --list httpd
which should give:
httpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
Stop apache, since you are not finshed yet.
/etc/rc.d/init.d/httpd stop
Installing binary distribution of Tomcat
========================================
7) Create directory for Tomcat and set JAKARTA_HOME variable:
mkdir /usr/local/jakarta4.0
cd /usr/local/jakarta4.0
JAKARTA_HOME=/usr/local/jakarta4.0
export JAKARTA_HOME
Go to Jakarta site and download binary tar balls to ${JAKARTA_HOME}
wget http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0-b5/jakarta-servletapi-4.0-b5.tar.gz
wget http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0-b5/jakarta-tomcat-4.0-b5.tar.gz
I am including the local copies here:
jakarta-servletapi-4.0-b5.tar.gz"
jakarta-tomcat-4.0-b5.tar.gz
Then, I "ungnunzip-untarred" (:-)} the tar balls:
tar zxvf jakarta-servletapi-4.0-b5.tar.gz
tar zxvf jakarta-tomcat-4.0-b5.tar.gz
8) At this point it is probably prudent to log out and log in again as root
and reset your environment variables by doing:
JAVA_HOME=/usr/local/jdk1.3.1
export JAVA_HOME
PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH}
export PATH
CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
export CLASSPATH
JAKARTA_HOME=/usr/local/jakarta4.0
export JAKARTA_HOME
TOMCAT_HOME=${JAKARTA_HOME}/jakarta-tomcat-4.0-b5
export TOMCAT_HOME
9) At this point it is good to create a simple shell script
which will set your environmental variables, so when you come back
after logout, you do not have to type all this stuff. I placed the
setmyenv in my /root directory
and did:
. /root/setmyenv
as the first thing after log in (of course, I could put this stuff
in the .bashrc, but I like to start with clean root environment, so
I know what is happening).
went to http://apr.apache.org/
clicked on
Download a tarball of the latest code snapshot. (wanted to log into CVS
as described in: http://apr.apache.org/anoncvs.txt but
instructions given at "Getting the source code." do not work).
took latest apr-util_20010606050050.tar.gz from
http://apr.apache.org/from-cvs/apr-util/
and latest apr_20010606045925.tar.gz from
http://apr.apache.org/from-cvs/apr/
copied them to /usr/local/apr and unpacked in this dir:
tar zxvf apr_20010606045925.tar.gz
tar zxvf apr-util_20010606050050.tar.gz
which created 2 subdirectories: apr and apr-util.
cd /usr/local/apr/apr
./buildconf
./configure --prefix=/usr/local/apr --enable-static --disable-shared
make
make install
It told me:
Libraries have been installed in:
/usr/local/apr/lib
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,--rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
I did some links, since the default RH7.1 install of apache is
different that the default one which would have been build by installing
Apache from source.
cd /etc/httpd
ln -s ../../usr/lib/apache libexec
ln -s ../../var/www/cgi-bin cgi-bin
ln -s ../../var/www/html htdocs
ln -s ../../var/www/icons icons
ln -s ../../usr/include/apache include
cd ${TOMCAT_HOME}/src/connectors
chmod 755 ./buildconf.sh
./buildconf.sh
./configure --with-apr=/usr/local/apr --with-apxs=/etc/httpd
make
it build the mod_webapp.so in
/usr/local/jakarta4.0/jakarta-tomcat-4.0-b5/src/connectors/apache-1.3
cd /usr/local/jakarta4.0/jakarta-tomcat-4.0-b5/src/connectors/apache-1.3
cp mod_webapp.so /etc/httpd/modules
Then, I edited the /etc/httpd/conf/httpd.conf file and added:
LoadModule webapp_module modules/mod_webapp.so
before the line:
LoadModule rewrite_module modules/mod_rewrite.so
and
AddModule webapp_module.c
before AddModule mod_rewrite.c
[][][][][][
14) To use Tomcat with Apache, you need mod_jk or mod_jserv.
Those are modules for Apache which allow Apache to talk to Tomcat
servlet container via TCP socket. In this scenario, the Apache
is handling communication with outside world (takes the HTTP requests).
When request is for JSP page or a servlet, it passes it to Tomcat.
To do that Apache needs a module which knows how to talk to Tomcat,
and Tomcat has to listen to Apache on some port. Moreover, they need
to agree, how they will talk to each other (the protocol: there are two
of them at this moment: ajp12 and ajp13), and which TCP ports they will use
to communicate (i.e., Apache has to know where Tomcat will be listening -
note, tomcat does not have to be on the same machine, and there may be
many tomcats listening to the same Apache, or many Apaches taking to the
same Tomcat -- but this is outside the primer given here).
I will not talk about the mod_jserv. While it is an excellent piece
of work, it also is getting old and is now considered a legacy. It
was originally developed for JSERV, the server engine for Servlet 2.0
spec, which is passe (it is 2 years old, i.e., ancient and obsolete)
but, on the other hand, it is well debugged and used for production,
as opposed to mod_jk, but again, I like bleeding edge, but do not call
911 yet...). So again. mod_jk is the module which plugs into Apache.
Tomcat is a TCP server (i.e., opens a TCP port and listens to clients
who come and want to talk to it), and Apache is a TCP client for Tomcat,
i.e., it starts talking. The small problem for non programmers is that
you do not get a binary mod_jk with Tomcat. You only get the source.
You need to compile the mod_jk. It is not a big deal:
cd ${JAKARTA_HOME}
wget http://jakarta.apache.org/builds/tomcat/release/v3.2.1/src/jakarta-tomcat-4.0-b5-src.tar.gz
tar zxvf jakarta-tomcat-4.0-b5-src.tar.gz
cd ${JAKARTA_HOME}/jakarta-tomcat-4.0-b5-src/src/native
cd apache1.3
/usr/sbin/apxs -o mod_jk.so \
-I${JAVA_HOME}/include/linux \
-I../jk -I${JAVA_HOME}/include \
-c *.c ../jk/*.c
cp mod_jk.so /usr/lib/apache
While I provide the binary of mod_jk.so
here (save it as: RightClick/SaveLinkAs)
you should really compile it on your own machine.
15)Test tomcat standalone:
Since there are a lot of files in the $TOMCAT_HOME/conf, I decided
to move all files which are there to a separate directory, and then
copy what I need back:
cd $TOMCAT_HOME/conf
mkdir original-conf
mv * original-conf
cd original-conf
cp server.xml ..
cp web.xml ..
cp workers.properties ..
cp tomcat-users.xml ..
I looked at my ${TOMCAT_HOME}/conf/server.xml
and added connector for protocol ajp13 at port 8006
(you have to keep ajp12 connector, even if you do not use it, to be
able to shut down Tomcat). I also changed all the docBases in
Context tags to full paths, e.g.:
docBase="webapps/examples" -->
docBase="/usr/local/jakarta4.0/jakarta-tomcat-4.0-b5/webapps/examples
I also created directory (for testing) below Apache DocumentRoot
mkdir /var/www/html/examples-test
and unpacked there an examples.war file so I can do testing of new
Context, which is not in a default location: ${TOMCAT_HOME}/webapps.
cd /var/www/html/examples-test
jar xvf ${TOMCAT_HOME}/webapps/examples.war
I then mounted examples-test directory in ${TOMCAT_HOME}/conf/server.xml .
My initial server.xml file is here.
Note that server.xml is the file which is read in by Tomcat to
configure itself. Tomcat does not use any information from
workers.properties or mod_jk.conf for itself. These are meant for
apache or other Web severs for which Tomcat works.
There may be some confusion here, since Tomcat actually produces
prototype configuration files for various Web servers. These files
have the *.auto extension. The following files were produce on
runing startup.sh: iis_redirect.reg-auto and uriworkermap.properties-auto
(for MS IIS), mod_jk.conf-auto (for mod_jk module of Apache),
obj.conf-auto (for Netescape or whoever/whatever server, if you know
what I mean), and tomcat-apache.conf (for Apache mod_jserv module which
we do not use here). These are prototype files, which are essentially
ready to go for simple configurations. The files like tomcat-apache.conf,
tomcat.properties, tomcat.conf are used when tomcat was working with
mod_jserv module. We are using here mod_jk module, and these files can
be ignored. The files for mod_jk module of Apache are mod_jk.conf
and workers.properties. For the time being, I tested if Tomcat works
alone by starting it as:
cd ${TOMCAT_HOME}/bin
./startup.sh
You should get something like here
Then, try to see Tomcat in your browser:
http://your.machine:8080/
Try some examples, (http://your.machine:8080/examples/jsp), etc.
If you think that have problems shut it down as:
cd ${TOMCAT_HOME}/bin
./shutdown.sh
and see if ports 8080 and 8007 are not booked by something else. List
ports as:
netstat -a -n | grep -i listen
Before we worke on config files, it may be good to shutdown the
Tomcat:
./shutdown.sh
16) After testing Tomcat, it created automatically a config file for
mod_jk for Apache as $TOMCAT_HOME/conf/mod_jk.conf-auto.
I saved this file as mod_jk.conf and edited it:
cd $TOMCAT_HOME/conf
mv mod_jk.conf-auto mod_jk.conf
I edited the Apache config file, /etc/httpd/conf/httpd.conf, to include
the mod_jk.conf at the very end (more needs to be done for sensible
install, though). I added a line at the end of httpd.conf
Include /usr/local/jakarta4.0/jakarta-tomcat-4.0-b5/conf/mod_jk.conf
The actual initial httpd.conf is here.
In mod_jk.conf I replaced all occurances of ajp12 with ajp13 and made few
other changes. You can find the copy of it here.
I also made several changes to workers.properties. Namely:
changed workers.tomcat_home, workers.java_home, ps, and
worker.ajp13.port port to 8006. Also commented out all inprocess
definitions (tomcat does not run inprocess within apache).
You can look them up here.
Note, my ajp12 port is 8007 and ajp13 is 8006.
17) Heavily edited the $TOMCAT_HOME/bin/startup.sh,
$TOMCAT_HOME/bin/startup.sh and $TOMCAT_HOME/bin/jspc.sh and
also tomcat.sh (made it write a pid file in $TOMCAT_HOME/logs/tomcat.pid
so it can be used by boot up start-up script described later).
to include necessary environment variables.
These files can be found here:
startup.sh
shutdown.sh
jspc.sh
tomcat.sh
Started tomat
cd $TOMCAT_HOME/bin
./startup.sh
What worried me was the number of threads the Tomcat opened, namely
ps auwx | grep java | wc -l
gave over 40. But maybe this is not a problem, since these are
lightweight threads which Linux now reports.
18) Started Apache
/etc/rc.d/init.d/httpd start
It complained about missing link:
Cannot load /etc/httpd/libexec/mod_jk.so into server:
/etc/httpd/libexec/mod_jk.so: cannot open shared object file:
No such file or directory
Obviously, the httpd was not compiled tidely. I added a link:
cd /etc/httpd
ln -s ../../usr/lib/apache libexec
And started Apache again:
/etc/rc.d/init.d/httpd start
This time, it did not bark.
Then I tried:
http://pse.ccl.net/examples/jsp/
https://pse.ccl.net/examples/jsp/
http://pse.ccl.net/examples-test/jsp/
https://pse.ccl.net/examples-test/servlets/
and I was clicking on examples and it all worked... (I think... {:-)}).
You will see major delays when you click on the JSP for the first time,
but then, they load fast.
19) Stopped Apache
/etc/rc.d/init.d/httpd stop
20) Stopped Tomcat
cd $TOMCAT_HOME/bin
./shutdown.sh
21) After 19) and 20) the Apache and Tomcat should be cleanly shut down.
But it is good to check if zombies are not left:
ps auwx | egrep 'httpd|java'
and I was fine. If you are not, you need to kill those @!%#*^s and
ask yourself: What did I do wrong? (since you obviously did -- it
worked for me I swear (:-) -- BTW, is your apj12 protocol unabled in
server.xml?).
22) Reconfigured Tomcat and Apache to do things I want them to do.
a) In /etc/httpd/conf/httpd.conf made sure mod_jk is before mod_rewrite
LoadModule jk_module libexec/mod_jk.so
LoadModule rewrite_module libexec/mod_rewrite.so
and
AddModule mod_jk.c
AddModule mod_rewrite.c
and commented out the line
# LoadModule jk_module libexec/mod_jserv.so
in $TOMCAT_HOME/conf/mod_jk.conf
23) Created new users, in my case webinst, and webrun, and groups for
them, home directories, and regular login environment.
adduser webinst
passwd webinst
adduser webrun
passwd webrun
In the /etc/passwd, I assigned /bin/bash for webrun, while webinst had
/bin/tcsh as a primary shell (yes, I know that t/csh is brain dead, but
people want it, and people will have it -- it sucks, e.g., with its
limitations: "Word too long" when your environment variable is longer
than 1024 -- it happens to me all the time with longer CLASSPATHs).
Note that when you execute the script as
su - uid -c script
the script will be executed with the default shell (i.e., the shell
which is assigned to the user in /etc/passwd), and it does not
matter what you put in #!/bin/someshell on the top of your script.
While under Linux (but not under all Unices), you can change the shell
with a "-s" option to su, I wanted to keep things simple.
The script is sourced with default shell, not forked with a new shell.
The webinst will own most of the files in the web site, while the
webrun will be the user who runs the Apache server and the tomcat.
It will own log files and other files which the apache/tomcat/ needs
to write. In /etc/httpd/conf/httpd.conf I changed apache to webrun:
User webrun
Group webrun
I also changed names of the log files and pid files. To learn what
I did, just run diff and see the differences between the default file
which came with Apache distribution, and my incarnation.
My httpd.conf file after few changes looked like:
httpd.conf
Also chown_ed to webrun the log directories:
chown -R webrun.webrun /var/log/httpd
And for tomcat:
chown -R webrun.webrun $TOMCAT_HOME/conf
chown -R webrun.webrun $TOMCAT_HOME/logs
chown -R webrun.webrun $TOMCAT_HOME/work
24) Now, I had to make a script which would start Tomcat/Apache on boot-up
in unison. My understanding is that since Tomcat is a TCP server with
respect to Apache, it should be started before Apache. Supposedly it does
not matter much, but who knows. I derived the startup script
from the original /etc/rc.d/init.d/httpd and saved it as:
/etc/rc.d/init.d/httpd.jkl. I made sure that its exec permissions are on:
chmod 755 /etc/rc.d/init.d/httpd.jkl
The copy of the script is here:
httpd.jkl
25) Started the apache/tomcat as:
/etc/rc.d/init.d/httpd.jkl start
and checked if http://pse.ccl.net/examples and
https://pse.ccl.net/examples worked. Of course, you check
www.yourmachine.com, not the pse.ccl.net.
The examples worked, so I killed the server with:
/etc/rc.d/init.d/httpd.jkl stop
I also disabled the default RH7.1 Apache httpd which comes with the
standard installation by executing:
chkconfig --del httpd
and then checked with:
chkconfig --list httpd
which showed rightly that httpd will not be invoked on boot:
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Then, I made sure that the new httpd.jkl is used to start Apache/Tomcat
at boot up:
chkconfig --add httpd.jkl
chkconfig --list httpd.jkl
with list giving me OK:
httpd.jkl 0:off 1:off 2:off 3:on 4:on 5:on 6:off
26)Since starting/stopping apache+tomcat in this environment requires
one to be a root, I created C wrappers to start and stop the whole zoo.
apache_start.c.
This is important when people who do not have root access do development.
I compiled it with
gcc -o apache_start apache_start.c
as a root, and then added suid/sgid permissions to the resulting
apache_start executable file as:
chmod ug+s apache_start
I put the file in /usr/local/bin directory, so it is usually in the
user's PATH. Of course, you can check in these C wrappers if user is
authorized to use it. I am checking if invoking user is webinst.
I did exactly the same with apache_stop.c
gcc -o apache_stop apache_stop.c
chmod ug+s apache_stop
apache_stop.c
Now, people do not have to have root access to start/stop Web Server/Tomcat.
They can just type:
apache_stop
apache_start
to restart Apache/Tomcat combo.
I also added a C program killme.c which kills the processes which are
running by user webrun. It is intended to be used after "apache_stop"
to kill some runaway processes started by apache, Tomcat, or JServ.
After compiling the program:
gcc -o killme killme.c
changed its user and group ownership to webrun and added
SETUID permission bits
chown webrun killme
chgrp webrun killme
chmod ug+s killme
To learn which processes need to be killed, the user does
ps auwx | grep webrun | grep -v grep
(I actually saved this line as a shell script "killwhich" so they can
just type: killwhich).
and the user can kill the processes listed by previous command as:
killme pid1 pid2 ....
where pidn is the process id number in the second column.
|
