|
|
------------------
Notes added after posting the original document.
Jan 27, 2001
These notes, like all the other installation logs are just logs...
I am not updating or correcting them for new releases, etc.
This is a snapshot of what I did at some point of time.
But If you see something wrong here, let me know, and I will put it
here. Note... This log refers to the Tomcat release 3.2. This release has
important security problems -- do not use 3.2, use 3.2.1 -- the maintainance
release which fixes these problems. Do not take my local files
for Tomcat, since they are 3.2. Take the good files (3.2.1) from
the http://jakarta.apache.org site.
People also warn me that Cocoon does not work... It probably does
not work due to JAXP. Try to grab the Early Access release of JAXP as
described in another install log, the one for RedHat 7.0 and Tomcat 3.2
available from index page.
------------------------------
=== I added these corrections below !!! jkl ====== Thanks David!!!
Date: Thu, 22 Mar 2001 10:48:22 -0800
From: David Nguyen
To: 'Jan Labanowski'
Subject: RE: Tomcat 3.2.1 with OpenSSL and Apache 1.3.14 on Solaris 5.7
Hi Jan,
I got it worked! I suggest two minor improvements to the documentation you
have on the shtml page
http://www.ccl.net/cca/software/UNIX/apache/solaris-t3.2/README.shtml
9) Configured mod_ssl
cd /usr/local/apache_1.3.14/sources/mod_ssl-2.7.1-1.3.14
EAPI_MM=../mm-1.1.3
./configure \
--with-apache=/usr/local/apache_1.3.14/sources/apache_1.3.14
This section should have a \ after EAPI_MM=../mm-1.1.3
The other suggestion is that the environment variable LD_LIBRARY_PATH might
be set to /usr/local/openssl/lib. I got it worked after a co-worker told
met to set this env variable .
--- Rest Deleted ---
-----------------------------------------------------
This is a log of my installation/Compilation of Apache DSO
with SSL, MM, and Tomcat 3.2 final (source distribution)
on SunOS heechee 5.7 Generic_106541-10 sun4u sparc SUNW,Ultra-250
Apache -- the Web Server
DSO -- Dynamic Shared Object (additional modules can be added/updated
to Apache without the need to recompile the whole thing, similar
to shared libraries, but but DSO modules are not only called, but
can call routines withing Apache)
MM -- memory management or something like that - and add on to Apache
and its modules to communicate via shared memory rather than files
(faster).
SSL -- Secure Socket Layer - the encryption and certificate package which
works with Apache
Tomcat -- the Java Server Pages (JSP) and Servlet container which uses the
latest Java Servlets spec 2.2, and the latest JSP spec 1.1.
It is still being actively developed and has some "features".
You may want to read my FAQ on Tomcat 3.1 beta 1. since it will be
easier to follow this installation log. It is available at:
http://www.ccl.net/cca/software/UNIX/apache/tomcat3.1b1-faq.html
I use GNU tar. It may be called gtar on your machine. If you do not have it,
try to do:
gunzip some.tar.gz
tar xvf some.tar
rather than
tar zxvf some.tar.gz
I assume you have moderately latest GNU tools (gmake, gzip, etc...) installed
and you also have a recent version of perl installed
(http://www.cpan.org/src/index.html).
1) Be a root... Run ksh or other sh, but not C-shell.
2) Installed Java 1.3 under Solaris
a) went to www.javasoft.com
b) clicked on Products and API on the left bar
c) at the middle of the page under COMPLETE PRODUCT LIST
retrieved JDK at "JavaTM 2 SDK, Standard Edition, v 1.3"
d) saved files in /tmp:
j2sdk1_3_0-solsparc.bin
j2sdk1_3_0-doc-solsparc.tar.Z
1.3_Developer-Guide.ps
1.3_Release-Notes.ps
did not do any patches
e) unpacked archive
chmod 755 j2sdk1_3_0-solsparc.bin
mkdir /usr/local/java3
cd /usr/local/java3
/tmp/j2sdk1_3_0-solsparc.bin
f) this created directory /usr/local/java3/j2sdk1_3_0
mv /usr/local/java3/j2sdk1_3_0 /usr/local/j2sdk1_3_0
cd /usr/local
ln -s /usr/local/j2sdk1_3_0 jdk1.3
3) Set your environment variables for Java (I am assuming you use
some Bourne shell lookalike -- ksh or sh.
JAVA_HOME=/usr/local/jdk1.3
export JAVA_HOME
PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH}
export PATH
CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
export CLASSPATH
3a) Installed JCE 1.2.1 Java Cryptography Extension 1.2.1
Go to: http://www.javasoft.com/products/jce/
Click on: Download JCE 1.2.1 Software
This will get you: jce-1_2_1.zip
mkdir /usr/local/JCE
cd /usr/local/JCE
cp ..../jce-1_2_1.zip .
unzip jce-1_2_1.zip
Then added the security provider to Java:
a) copied JCE jars to lib/ext
cp /usr/local/JCE/jce1.2.1/lib/*.jar /usr/local/jdk1.3/jre/lib/ext
CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jce1_2_1.jar
export CLASSPATH
b) edited /usr/local/jdk1.3/jre/lib/security/java.security and added
line:
security.provider.3=com.sun.crypto.provider.SunJCE
3b) Installed JSSE (JavaTM Secure Socket Extension (JSSE) 1.0.1)
available from http://java.sun.com/products/jsse/
mkdir /usr/local/jsse
with a netscape browser go to: http://java.sun.com/products/jsse/
Click on domestic distribution
Logged in, accepted, continue, answerer Yes, Continue,
downloaded jsse-1_0_2-do.zip
cd /usr/local/jsse
cp ..../jsse-1_0_2-do.zip .
unzip jsse-1_0_2-do.zip
I installed the JSSE as "installed extension" for jdk1.3 and
copied them to /usr/local/jdk1.3/jre/lib/ext directory
($JAVA_HOME/jre/lib/ext):
cp -p /usr/local/jsse/jsse1.0.2/lib/*jar $JAVA_HOME/jre/lib/ext
CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jcert.jar
CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jnet.jar
CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jsse.jar
export CLASSPATH
I then registered the provider in $JAVA_HOME/jre/lib/security/java.security
by adding a line:
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
4) Create directory /usr/local/openssl and retrieve latest release of openssl
mkdir /usr/local/openssl
cd /usr/local/openssl
wget http://www.openssl.org/source/openssl-0.9.6.tar.gz
5) Compiled the openssl [if you are in Europe, you need to
check the mod_ssl INSTALL for the no-idea option. Note RSA released RSAREF
to public domain, so I do not have to use RSAREF in US (I believe --
I may be wrong).
cd /usr/local/openssl
gtar zxvf openssl-0.9.6.tar.gz
cd openssl-0.9.6
./config -fPIC shared \
--prefix=/usr/local/openssl \
--openssldir=/usr/local/openssl
make
make test
make install
cp -p /usr/local/openssl/openssl-0.9.6/lib*.a /usr/local/openssl/lib
cd /usr/local/openssl/lib
rm libcrypto.so
rm libcrypto.so.0
rm libssl.so
rm libssl.so.0
ln -s libcrypto.so.0.9.6 libcrypto.so
ln -s libcrypto.so.0.9.6 libcrypto.so.0
ln -s libssl.so.0.9.6 libssl.so
ln -s libssl.so.0.9.6 libssl.so.0
6) Make top directory for Apache 1.3.12 installation. I did
/usr/local/apache_1.3.14
mkdir /usr/local/apache_1.3.14
I also made a subdirectory "sources" to have all needed sources in one
place:
mkdir /usr/local/apache_1.3.14/sources
cd /usr/local/apache_1.3.14/sources
Put there the tar files:
wget http://www.apache.org/dist/apache_1.3.14.tar.gz
wget http://www.modssl.org/source/mod_ssl-2.7.1-1.3.14.tar.gz
wget http://www.engelschall.com/sw/mm/mm-1.1.3.tar.gz
I also serve here local copies of some files (those which are not "munition"
according to US export laws which are quite far from present reality).
apache_1.3.14.tar.gz
mm-1.1.3.tar.gz
7) Unpack sources to buld DSO Apache with mod_ssl and mm:
cd /usr/local/apache_1.3.14
cd sources
gtar zxvf apache_1.3.14.tar.gz
gtar zxvf mod_ssl-2.7.1-1.3.14.tar.gz
gtar zxvf mm-1.1.3.tar.gz
8) Compiled MM shared memory library
cd /usr/local/apache_1.3.14/sources/mm-1.1.3
./configure --disable-shared
make
9) Configured mod_ssl
cd /usr/local/apache_1.3.14/sources/mod_ssl-2.7.1-1.3.14
EAPI_MM=../mm-1.1.3 \
./configure \
--with-apache=/usr/local/apache_1.3.14/sources/apache_1.3.14
10) Configure and make and install Apache with DSO support:
cd /usr/local/apache_1.3.14/sources/apache_1.3.14
LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/openssl/lib
export LD_LIBRARY_PATH
SSL_BASE=/usr/local/openssl/openssl-0.9.6 \
EAPI_MM=/usr/local/apache_1.3.14/sources/mm-1.1.3 \
./configure --prefix=/usr/local/apache_1.3.14 \
--enable-module=so \
--enable-rule=SHARED_CORE \
--enable-module=most \
--enable-shared=max \
--enable-module=ssl \
--enable-shared=ssl
make
make certificate TYPE=custom
make install
My entries for certificates with
make certificate TYPE=custom
were defaults, no passwords/passphrases, etc. and:
STEP 0: R
STEP 2:
1. Country Name [XY]:US
2. State or Province Name [Snake Desert]:Ohio
3. Locality Name [Snake Town]:Columbus
4. Organization Name [Snake Oil, Ltd]:OSC
5. Organizational Unit Name [Cer..Authority]:Gateway
6. Common Name [Snake Oil CA]:heechee.ccl.net
7. Email Address [ca@snakeoil.dom]:jkl@ccl.net
8. Certificate Validity [365]:1000
STEP 3: 3
STEP 5:
1. Country Name [XY]:US
2. State or Province Name [Snake Desert]:Ohio
3. Locality Name [Snake Town]:Columbus
4. Organization Name [Snake Oil, Ltd]:OSC
5. Organizational Unit Name [Webserver Team]:PSE
6. Common Name [www.snakeoil.dom]:heechee.ccl.net
7. Email Address [www@snakeoil.dom]:jkl@ccl.net
8. Certificate Validity [365]:1001
STEP 6: 3
STEP 7:n
STEP 8:n
In fact, in my real case, after I did "make install", I overwrote
the certificates created here with the real ones. I created "real"
certificates a few months ago.
11) Set the environment:
APACHE_HOME=/usr/local/apache_1.3.14
export APACHE_HOME
12) edited a file in $APACHE_HOME/conf/httpd.conf (in my case:
/usr/local/apache_1.3.14/conf/httpd.conf) and
added (actually uncommented):
ServerName heechee.ccl.net
Then changed ports not to confilct with other servers I am running.
Port 80 --> Port 5180
Listen 80 --> Listen 5180
Listen 443 --> Listen 5143
<VirtualHost _default_:443> --> <VirtualHost _default_:5143>
13) Testing if Apache works:
a) make sure other installation of apache is not running,
or if it runs, it does not use port 5180 and port 5143.
(do: ps -ef | grep httpd), and if httpd runs, kill it either
with its own apachectl script, or if you do not know what it is
just find the PID of the httpd process which is owned by root:
ps -ef | grep root | grep httpd
(PID is in the second column of the output from ps). Kill it first with
kill PID
and then find all other apaches:
ps -ef | grep httpd
and kill them one by one.
b) start apache with:
/usr/local/apache_1.3.14/bin/apachectl startssl
If you have warning, you have a problem, and try to
do "exactly what I say" next time {:-)}.
c) Use your browser (preferable on some other machine)
and check if http: and https: work
In my case, I tried URLs:
http://heechee.ccl.net:5180/
and
https://heechee.ccl.net:5143/
In the https case you should get a lot of windows
which ask you for accepting the certificate if you did not have
https protocol from this site before, or with different certificates.
Just click Next to the series of questions, and also mark
"Keep this certificate forever" on one of the boxes.
d) Stop apache, since you are not finshed yet.
/usr/local/apache_1.3.14/bin/apachectl stop
Building and installing tomcat
==============================
14) You need to get JAXP (Sun API and XML parsing in Java):
http://java.sun.com/xml/
click on Download JAXP reference implementation
to get to: http://java.sun.com/xml/download.html
Click on "ZIP (all platforms)" and after legal mambo-jumbo
get the jaxp-1_0_1.zip (857807 bytes)
unzip jaxp-1_0_1.zip
mv jaxp1.0.1 /usr/local
Place the jaxp.jar and parser.jar in your classpath
CLASSPATH=${CLASSPATH}:/usr/local/jaxp1.0.1/jaxp.jar
CLASSPATH=${CLASSPATH}:/usr/local/jaxp1.0.1/parser.jar
export CLASSPATH
15) Create directory /usr/local/tomcat_3.2
mkdir /usr/local/tomcat_3.2
JAKARTA_HOME=/usr/local/tomcat_3.2
export JAKARTA_HOME
and put there the source release 3.2 of tomcat:
cd $JAKARTA_HOME
wget http://jakarta.apache.org/builds/tomcat/release/v3.2/src/jakarta-servletapi-3.2-src.tar.gz
wget http://jakarta.apache.org/builds/tomcat/release/v3.2/src/jakarta-tomcat-3.2-src.tar.gz
wget http://jakarta.apache.org/builds/ant/release/v1.2/src/jakarta-ant-src.tar.gz
I also have them here locally, if you want:
jakarta-ant-src.tar.gz
jakarta-servletapi-3.2-src.tar.gz
jakarta-tomcat-3.2-src.tar.gz
16) Untar them as:
cd $JAKARTA_HOME
mkdir jakarta-ant-src
cd jakarta-ant-src
gtar zxvf ../jakarta-ant-src.tar.gz
cd /usr/local/tomcat_3.2
gtar zxvf jakarta-servletapi-3.2-src.tar.gz
gtar zxvf jakarta-tomcat-3.2-src.tar.gz
17) Installing/building ANT -- the tool needed to build Tomcat
cd $JAKARTA_HOME/jakarta-ant-src
./bootstrap.sh
./build.sh
cd $JAKARTA_HOME/build
mv ant $JAKARTA_HOME/ant-1.2
ANT_HOME=${JAKARTA_HOME}/ant-1.2
export ANT_HOME
CLASSPATH=${CLASSPATH}:${ANT_HOME}/lib/ant.jar
export CLASSPATH
PATH=${PATH}:${ANT_HOME}/bin
export PATH
18) Installing/building servlet API
cd $JAKARTA_HOME/jakarta-servletapi-3.2-src
chmod 755 build.sh
./build.sh dist
cd $JAKARTA_HOME/dist
mv servletapi ${JAKARTA_HOME}/servletapi-3.2
SERVLETAPI_HOME=${JAKARTA_HOME}/servletapi-3.2
export SERVLETAPI_HOME
CLASSPATH=${CLASSPATH}:${SERVLETAPI_HOME}/lib/servlet.jar
export CLASSPATH
At this point my relevant environment variables are:
PATH=/usr/local/bin:/usr/local/jdk1.3/bin:/usr/sbin:\
/usr/bin:/usr/local/bin:/usr/ccs/bin:/usr/ucb:\
/usr/local/sbin:/usr/openwin/bin:\
/usr/local/tomcat_3.2/ant-1.2/bin
SERVLETAPI_HOME=/usr/local/tomcat_3.2/servletapi-3.2
CLASSPATH=/usr/local/jdk1.3/lib/tools.jar:/usr/local/jdk1.3/lib/dt.jar:\
/usr/local/jdk1.3/jre/lib/ext/jce1_2_1.jar:\
/usr/local/jdk1.3/jre/lib/ext/jcert.jar:\
/usr/local/jdk1.3/jre/lib/ext/jnet.jar:\
/usr/local/jdk1.3/jre/lib/ext/jsse.jar:\
/usr/local/jaxp1.0.1/jaxp.jar:\
/usr/local/jaxp1.0.1/parser.jar:\
/usr/local/tomcat_3.2/ant-1.2/lib/ant.jar:\
/usr/local/tomcat_3.2/servletapi-3.2/lib/servlet.jar
APACHE_HOME=/usr/local/apache_1.3.14
JAVA_HOME=/usr/local/jdk1.3
ANT_HOME=/usr/local/tomcat_3.2/ant-1.2
JAKARTA_HOME=/usr/local/tomcat_3.2
19) Installing/building tomcat (unpacked)
cd $JAKARTA_HOME/jakarta-tomcat-3.2-src
./build.sh
I got the error:
/usr/local/tomcat_3.2/jakarta-tomcat-3.2-src/build.xml:
33: /usr/local/tomcat_3.2/jakarta-ant/bin not found.
Rather than chasing some bug in the build.xml, I did:
cd $JAKARTA_HOME
mkdir jakarta-ant
cd jakarta-ant
ln -s ${ANT_HOME}/bin bin
and repeated
cd $JAKARTA_HOME/jakarta-tomcat-3.2-src
./build.sh
./build.sh dist
cd ${JAKARTA_HOME}/dist
mv tomcat ${JAKARTA_HOME}/tomcat-3.2
TOMCAT_HOME=${JAKARTA_HOME}/tomcat-3.2
export TOMCAT_HOME
20) testing Tomcat
Since there are a lot of files in the $TOMCAT_HOME/conf, I decided
to move all files which are there to a separate directory, and then
copy what I need:
cd $TOMCAT_HOME/conf
mkdir original-conf
mv * original-conf
cd original-conf
cp server.xml ..
cp web.xml ..
cp mod_jk.conf ..
cp workers.properties ..
cp tomcat-users.xml ..
Since I have other Tomcats running on this machine, I changed
the default ports in $TOMCAT_HOME/conf/server.xml
cd $TOMCAT_HOME/conf
emacs server.xml
Change 8080 --> 5280
Change 8007 --> 5007
While the SSL connector is at this moment commented, I changed the
the port
Change 8443 --> 5443
so I do not forget about it in the future.
Note that server.xml is the file which is read in by Tomcat to
configure itself. Tomcat does not use any information from
workers.properties or mod_jk.conf (may still use them to provide
automatic configuration files for Apache, but I do not think it
uses any information from these files for itself).
The files like tomcat-apache.conf, tomcat.properties, tomcat.conf
are used when tomcat was working with mod_jserv module. We are using
here mod_jk module, and these files can be ignored.
Now, starting tomcat to test:
cd $TOMCAT_HOME/bin
./startup.sh
then checked the stuff at tomcat port
http://heechee.ccl.net:5280/
and looked at test pages. Things worked... Then I shut it down as:
./shutdown.sh
21) At this point it may be smart to make sure that environment is fine.
I created a file $APACHE_HOME/bin/do_env. It is usefull to have this
file around if you want to recompile things or something.
-------------- cut --------------
APACHE_HOME=/usr/local/apache_1.3.14
export APACHE_HOME
LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/openssl/lib
export LD_LIBRARY_PATH
JAVA_HOME=/usr/local/jdk1.3
export JAVA_HOME
JAKARTA_HOME=/usr/local/tomcat_3.2
export JAKARTA_HOME
TOMCAT_HOME=/usr/local/tomcat_3.2/tomcat-3.2
export TOMCAT_HOME
ANT_HOME=/usr/local/tomcat_3.2/ant-1.2
export ANT_HOME
SERVLETAPI_HOME=/usr/local/tomcat_3.2/servletapi-3.2
export SERVLETAPI_HOME
PATH=/usr/local/bin:${JAVA_HOME}/bin:/usr/sbin:/usr/bin
PATH=${PATH}:/usr/local/bin:/usr/ccs/bin:/usr/ucb:/usr/local/sbin
PATH=${PATH}:/usr/openwin/bin:${ANT_HOME}/bin
export PATH
CLASSPATH=${JAVA_HOME}/lib/tools.jar
CLASSPATH=${CLASSPATH}:${JAVA_HOME}/lib/dt.jar
CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jce1_2_1.jar
CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jcert.jar
CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jnet.jar
CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jsse.jar
CLASSPATH=${CLASSPATH}:/usr/local/jaxp1.0.1/jaxp.jar
CLASSPATH=${CLASSPATH}:/usr/local/jaxp1.0.1/parser.jar
CLASSPATH=${CLASSPATH}:${ANT_HOME}/lib/ant.jar
CLASSPATH=${CLASSPATH}:${SERVLETAPI_HOME}/lib/servlet.jar
----------------- cut -------------
then I did:
chmod 775 $APACHE_HOME/bin/do_env
and whenever I wanted to reset my environment, I did:
APACHE_HOME=/usr/local/apache_1.3.14
. $APACHE_HOME/bin/do_env
22) Now, let us create the mod_jk module. This is a DSO object
which you load into Apache. It is called "server plug-in"
sometimes. What it does, it allows Apache to talk to Tomcat.
Note that in this communication Apache (The web server) is a
client of Tomcat. Tomcat is started, and it listens for requests
from Apache (usually on port 8007, but since I have several
things running on this machine, I use different port, as you see).
Compiling mod_jk:
cd $JAKARTA_HOME/jakarta-tomcat-3.2-src/src/native
cd apache1.3
$APACHE_HOME/bin/apxs -o mod_jk.so -DSOLARIS \
-I${JAVA_HOME}/include/solaris \
-I../jk -I${JAVA_HOME}/include \
-l posix4 -c *.c ../jk/*.c
cp mod_jk.so ${APACHE_HOME}/libexec
While I provide here the binary:
mod_jk.so -- press right mouse button here and choose: Save Link as
which you can just copy to ${APACHE_HOME}/libexec directory I strongly
suggest that you build the one yourself, since there are many options
to apache, and it simply will not work, if your apache is different
than my apache.
23) When I tested standalone Tomcat in 20),, it created automatically
a config file for mod_jk for Apache which is available as:
$TOMCAT_HOME/conf/mod_jk.conf-auto
I did the following:
cd $TOMCAT_HOME/conf
mv mod_jk.conf mod_jk.conf.original
mv mod_jk.conf-auto mod_jk.conf
i.e., I saved the original and copied the automatic version to
mod_jk.conf.
For the time being, I edited the Apache config file to include
the mod_jk.conf (more needs to be done for sensible install,
though). I edited file;
$APACHE_HOME/conf/httpd.conf and at the last line I put:
Include /usr/local/tomcat_3.2/tomcat-3.2/conf/mod_jk.conf
The actual initial httpd.conf is here.
Replaced all occurances of ajp12 with ajp13 and made few other
changes. You can find the copy of it here.
Made several changes to workers.properties. Namely:
changed workers.tomcat_home, workers.java_home, ps, worker.ajp12.port,
worker.ajp13.port,
You can look up them here.
Note, my ajp12 port is 5006 and ajp13 is 5007.
24) changed the $TOMCAT_HOME/conf/server.xml
to activate the ajp13 connector
<!-- Apache AJP13 support. -->
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
value="org.apache.tomcat.service.connector.Ajp13ConnectionHandler"/>
<Parameter name="port" value="5007"/>
</Connector>
Left apj12 support at port 5006 since it is needed for shutdown.
Also changed other ports.
Look here for initial server.xml.
25) Heavily edited the $TOMCAT_HOME/bin/startup.sh,
$TOMCAT_HOME/bin/startup.sh and $TOMCAT_HOME/bin/jspc.sh
to include necessary environmental
variables. These initial files can be found here:
startup.sh
shutdown.sh
jspc.sh
26) Started tomat
cd $TOMCAT_HOME/bin
./startup.sh
(if you have errors, check if tomcat or something else is not running
and using the same TCP ports. Do, for exampl:
ps -ef | grep tomcat
and kill if needed. Also check if any ports from above: 5006, 5007,
5180, 5280, 5143, are used by using:
netstat -a | more
They would be listed in the first column, e.g., *.5143
)
27) Started Apache
$APACHE_HOME/bin/apachectl startssl
Things worked on port 5180(http) and 5143(https). I checked
http://heechee.ccl.net:5180/examples and
https://heechee.ccl.net:5143/examples
28) Stopped Tomcat
cd $TOMCAT_HOME/bin
./shutdown.sh
29) Stopped Apache
$APACHE_HOME/bin/apachectl stop
32) Reconfigured Tomcat and Apache to do things I want them to do.
a) In $APACHE_HOME/conf/httpd.conf made sure mod_jk is before mod_rewrite
LoadModule jk_module libexec/mod_jk.so
LoadModule rewrite_module libexec/mod_rewrite.so
and
AddModule mod_jk.c
AddModule mod_rewrite.c
and commented out the line
# LoadModule jk_module libexec/mod_jserv.so
in $TOMCAT_HOME/conf/mod_jk.conf
33) In the $APACHE_HOME/conf/httpd.conf I added some rewrite
rules:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteLog /usr/local/apache_1.3.14/logs/rewrite_log
RewriteLogLevel 2
RewriteRule ^/ROOT/examples /examples [R]
RewriteRule ^/ROOT/test /test [R]
RewriteRule ^/ROOT/admin /admin [R]
RewriteRule ^/ROOT/ROOT /ROOT [R]
RewriteRule ^/tomcat.gif /ROOT/tomcat.gif [R]
RewriteRule ^/examples/servlets$ /examples/servlets/ [R]
RewriteRule ^/examples/jsp$ /examples/jsp/ [R]
RewriteRule ^/examples$ /examples/ [R]
RewriteRule ^/admin$ /admin/ [R]
RewriteRule ^/ROOT$ /ROOT/ [R]
RewriteRule ^/test$ /test/ [R]
</IfModule>
for the HTTP (port 5180) and HTTPS (virtual host at 5143). It was needed
to cure a problem that $TOMCAT_HOME/webapps/ROOT
is a Document Root for Tomcat, but for Apache, the
$APACHE_HOME/htdocs is the Document Root.
34) Created new users, in my case webinst3, and webrun3, and groups for
them, home directories, and regular login environment.
The webrun3 was assigned /bin/ksh and webinst3 had tcsh as primary
shell (yes, I know that t/csh is brain dead, but people want it,
and people will have it -- it sucks, e.g., with its limitations:
"Word too long" when your environment variable is longer than 1024 --
it happens to me all the time with longer CLASSPATHs).
Note, that when you execute the script as
su - uid -c script
the script will be executed with the default shell (i.e., the shell
the user uid has assigned in /etc/passwd) of the uid user, and it does not
matter what you put in #!/bin/someshell on the top of your script.
The script is sourced with default shell, not forked with a new shell.
The webinst3 will own most of the files in the web site, while the
webrun3 will be the user who runs the Apache server and the tomcat.
It will own log files and other files which the apache/tomcat/ needs
to write. In $APACHE_HOME/conf/httpd.conf I did:
User webrun3
Group webrun3
Final version of httpd.conf is given here.
Also chown_ed to webrun3 the log directories:
chown -R webrun3 $APACHE_HOME/logs
chgrp -R webrun3 $APACHE_HOME/logs
And for tomcat:
chown -R webrun3 $TOMCAT_HOME/conf
chgrp -R webrun3 $TOMCAT_HOME/conf
chown -R webrun3 $TOMCAT_HOME/logs
chgrp -R webrun3 $TOMCAT_HOME/logs
chown -R webrun3 $TOMCAT_HOME/work
chgrp -R webrun3 $TOMCAT_HOME/work
35) In $APACHE_HOME/bin
cp apachectl apache-tomcat
and edited apache-tomcat to have a script to start/stop
tomcat/apache
$APACHE_HOME/bin/apache-tomcat
chmoded apache-tomcat to be executable :
chmod 755 $APACHE_HOME/bin/apache-tomcat
36) Started the apache/tomcat as:
$APACHE_HOME/bin/apache-tomcat startssl
and checked if http://heechee.ccl.net:5180/examples and
https://heechee.ccl.net:5143/examples worked.
They did, so I killed the server with:
$APACHE_HOME/bin/apache-tomcat stop
37) changed permissions/ownership on the example directories
cd $TOMCAT_HOME/webapps
chown -R webinst3 .
chgrp -R webinst3 .
cd $TOMCAT_HOME/logs
chown -R webrun3 .
38) After all these changes, the ports should be the following:
Orig New Files affected
http(apache) --> 80 --> 5180 conf/httpd.conf
https --> 443 --> 5143 conf/httpd.conf
http(tomcat) --> 8080 --> 5280 tomcat/conf/server.xml
(disabled)
tomcat/apj13
--> 8009 --> 5007 tomcat/conf/workers.properties
tomcat/conf/server.xml
tomcat/apj12
--> 8007 --> 5006 tomcat/conf/workers.properties
tomcat/conf/server.xml
40) Since starting/stopping apache+tomcat in this environment requires
one to be a root, I created C. wrappers to start and stop the whole zoo.
$APACHE_HOME/bin/apache_start.c
and compiled it with
gcc -o apache_start apache_start.c
as a root, and then added suid permissions to the resulting
apache_start executable file as:
chmod ug+s apache_start
I did exactly the same with apache_stop.c
gcc -o apache_stop apache_stop.c
chmod ug+s apache_stop
$APACHE_HOME/bin/apache_stop.c
Now, people do not have to have root access to start/stop Web Server/Tomcat
I also added a C program killme.c which kills the processes which are
running by user webrun3. It is indentded to be used after "apache_stop"
to kill some runaway processes started by apache, Tomcat, or JServ.
After compiling the program:
gcc -o killme killme.c
changed its user and group ownership to webrun3 and added
SETUID permission bits
chown webrun3 killme
chgrp webrun3 killme
chmod ug+s killme
To learn which processes need to be killed, the user does
ps -ef | grep webrun3 | grep -v grep
(I actually saved this line as a shell script "killwhich" so they can
just type: killwhich).
and the user can kill the processes listed by previous command as:
killme pid1 pid2 ....
where pidn is the process id number in the second column.
$APACHE_HOME/bin/killme.c
41) Since some of the work we do will involve CORBA, and we use the
ORBacus from Object Oriented Concepts (http://www.ooc.com/)
I created /usr/local/orbacus-3.3.1, created there subdirectories:
JOB, JTC, OB, and jidl, and downloaded LICENSES/READMES and tar balls
from ftp.ooc.com: JOB-3.3.1*, JTC-1.0.10*, OB-3.3.1*,
jidl-3.3.1-solaris.tar.gz and diligently unpacked them.
a) cd /usr/local/orbacus-3.3.1/jidl
tar zxvf jidl-3.3.1-solaris.tar.gz
then made links:
cd /usr/local/bin
ln -s ../orbacus-3.3.1/jidl/idlcpp idlcpp
ln -s ../orbacus-3.3.1/jidl/iordump iordump
ln -s ../orbacus-3.3.1/jidl/irdel irdel
ln -s ../orbacus-3.3.1/jidl/irfeed irfeed
ln -s ../orbacus-3.3.1/jidl/irserv irserv
ln -s ../orbacus-3.3.1/jidl/jidl jidl
b) cd /usr/local/orbacus-3.3.1/JOB
tar zxvf JOB-3.3.1.jars.tar.gz
which produced:
OBEvent.jar
OB.jar
OBNaming.jar
OBProperty.jar
OBTest.jar
OBTrading.jar
OBUtil.jar
which will be later added to CLASSPATH
I copied *jar to $TOMCAT_HOME/lib
At this moment, other files were not needed.
42) I installed the old version of XML4J (xml4j_2_0_15) from IBM, since
we have some older servlets to port. The IBM site
http://www.alphaworks.ibm.com/tech/xml4j/
distributes only the newest stuff, and I know of no way to retrieve
the older thing. But I had the old tar in my old instalation. So I did:
mkdir /usr/local/xml4j
cp .../xml4j_2_0_15.tar.gz .
tar zxvf xml4j_2_0_15.tar.gz
I linked doc directories to the Web tree
cd $APACHE_HOME/htdocs
ln -s /usr/local/xml4j/xml4j_2_0_15/apiDocs xml4j-apiDocs
ln -s /usr/local/xml4j/xml4j_2_0_15/docs xml4j-docs
ln -s /usr/local/xml4j/xml4j_2_0_15/TXapiDocs TXapiDocs
Doug Dale-Johnson, found the XML4J_2_0_15 at this site:
http://www.jp.ibm.com/alphaWorks/xml4j/xml4j.htm
Catch it while you can...
43) Installed Xalan-J:
Created directory and unpacked tar, and made links
mkdir /usr/local/Xalan-J
cd /usr/local/Xalan-J
wget http://xml.apache.org/dist/xalan-j/xalan-j_1_2_D02.tar.gz
Unfortunately this tar.gz is strangely packed (does not have top
directory as version) so you need to create directory first:
mkdir xalan-j_1_2_D02
cd xalan-j_1_2_D02
gtar zxvf ../xalan-j_1_2_D02.tar.gz
I made the docs available by creating the link below:
cd $APACHE_HOME/htdocs
ln -s /usr/local/Xalan-J/xalan_j_1_2_D02/docs xalan-docs
44) Installed Xerces-J version 1.1.3 (the one in synch with Xalan above)
mkdir /usr/local/Xerces-J
cd /usr/local/Xerces-J
wget http://xml.apache.org/dist/xerces-j/Xerces-J-bin.1.1.3.tar.gz
tar zxvf Xerces-J-bin.1.1.3.tar.gz
I made the docs available on the Web by:
cd $APACHE_HOME/htdocs
ln -s /usr/local/Xerces-J/xerces-1_1_3/docs xerces-docs
45) Linked JCE (Java Cryptography Extension) docs to Web tree:
cd $APACHE_HOME/htdocs
ln -s /usr/local/JCE/jce1.2.1/doc jce-docs
46) I also installed Cocoon from xml.apache.org, but I am exploring
the matter further, since supposedly (but I am not sure at this time)
cocoon uses the older versions of xerces which is
not compatible with the latest one (the one which I installed).
mkdir /usr/local/Cocoon
cd /usr/local/Cocoon
wget http://xml.apache.org/dist/cocoon/Cocoon-1.8.tar.gz
gtar zxvf Cocoon-1.8.tar.gz
and linked the docs to the Web Root.
cd $APACHE_HOME/htdocs
ln -s /usr/local/Cocoon/cocoon-1.8/docs cocoon-docs
47) Linked docs from JSSE to the Web documents.
cd /usr/local/jsse
cd jsse1.0.2
cd doc
cp -p ../*.html .
and linked the docs to the Web Root.
cd $APACHE_HOME/htdocs
ln -s /usr/local/jsse/jsse1.0.2/doc jsse-docs
48) Installed JAF JavaBeansTM Activation Framework
http://java.sun.com/beans/glasgow/jaf.html.
Click on download, continue, accept, FTP download
get jaf1_0_1.zip
mkdir /usr/local/jaf
cd /usr/local/jaf
cp .../jaf1_0_1.zip .
unzip jaf1_0_1.zip
and linked the docs to the Web Root.
cd $APACHE_HOME/htdocs
ln -s /usr/local/jaf/jaf-1.0.1/doc jaf-docs
49) Installed JavaMail 1.1.3 release:
With your browser go to:
http://www.javasoft.com/products/javamail/index.html
Click on continue, accept, get javamail1_1_3.zip = 1,960,787 bytes.
mkdir /usr/local/JavaMail
cd /usr/local/JavaMail
cp .../javamail1_1_3.zip .
unzip javamail1_1_3.zip
and linked the docs to the Web Root.
cd $APACHE_HOME/htdocs
ln -s /usr/local/JavaMail/javamail-1.1.3/docs JavaMail-docs
50) Installed jdom beta 5 release from www.jdom.org:
mkdir /usr/local/JDOM
cd /usr/local/JDOM
wget http://www.jdom.org/dist/source/jdom-b5.tar.gz
wget http://www.jdom.org/dist/source/jdom-contrib-b5.tar.gz
I also have my own copy:
jdom-b5.tar.gz
jdom-contrib-b5.tar.gz
Then I built it:
cd /usr/local/JDOM
./build.sh compile
./build.sh
./build.sh samples
./build.sh javadoc
and linked the docs to the Web Root.
cd $APACHE_HOME/htdocs
ln -s /usr/local/JDOM/jdom-b5/build/apidocs jdom-docs
51) I copied the jars to the Tomcat lib directory (yes, I am lazy... ).
cd $TOMCAT_HOME/lib
cp /usr/local/orbacus-3.3.1/JOB/*jar .
cp /usr/local/jaf/jaf-1.0.1/activation.jar .
cp $ANT_HOME/lib/ant.jar .
cp $SERVLETAPI_HOME/lib/servlet.jar .
cp /usr/local/Xalan-J/xalan-j_1_2_D02/bsf.jar .
cp /usr/local/Xalan-J/xalan-j_1_2_D02/bsfengines.jar .
cp /usr/local/jaxp1.0.1/jaxp.jar .
cp /usr/local/jaxp1.0.1/parser.jar .
cp /usr/local/JDOM/jdom-b5/build/jdom.jar .
cp /usr/local/JavaMail/javamail-1.1.3/mail.jar .
cp /usr/local/Xalan-J/xalan-j_1_2_D02/xalan.jar .
cp /usr/local/Xerces-J/xerces-1_1_3/xerces.jar .
cp /usr/local/xml4j/xml4j_2_0_15/xml4j.jar .
and then chowned the directories under $TOMCAT_HOME to webinst3 or webrun3
cd $TOMCAT_HOME
chown -R webinst3 bin classes doc lib src webapps
chgrp -R webinst3 bin classes doc lib src webapps
chown -R webrun3 logs work
chgrp -R webrun3 logs work
52) Basic environment for working with Java on webinst3 account.
The assumption is that all content for this Apache server
is owned by user webinst3, beside some files which
are owned by webrun3 (a user/group which runs Web server and
servlet containers).
The webinst3 runs /bin/tcsh as default shell. The .cshrc file
in the HOME directory is:
/home/webinst3/.cshrc
I provided short scripts which allow users to switch from
java1.1 (for applets) to 1.2(latest production release)
to 1.3(lastest beta)
/home/webinst3/bin/cjdk1.1
/home/webinst3/bin/cjdk1.2
/home/webinst3/bin/cjdk1.3
and have put the following aliases into .cshrc
alias jdk1.1 'source /home/webinst3/bin/cjdk1.1'
alias jdk1.2 'source /home/webinst3/bin/cjdk1.2'
alias jdk1.3 'source /home/webinst3/bin/cjdk1.3'
e.g., typing:
jdk1.1
when you are logged in as webinst3 with set your environment
to the Java 1.1 needed for applets compilation, and you can get
back to Java 1.3 by typing
jdk1.3
And if you have problems with JDK1.3, you can always try the J2SE
by typing
jdk1.2
53) I also created the basic running environment for user webrun3.
The webrun3 is running ksh and is not expected to be used often,
though, during development, it may be used occassionally.
The webrun3 user (see point 34 above) is the id which
Apache/Tomcat are using to run. I created the .profile file:
/home/webrun3/.profile
and also the kjdk1.x which allow you to switch the release of JDK..
/home/webrun3/bin/kjdk1.1
/home/webrun3/bin/kjdk1.2
/home/webrun3/bin/kjdk1.3
To run it, you should cd to the directory where you have your servlet
source, and then execute:
cs MyNiceServlet.java
You can also add more options to the the java compiler (javac) but you
need to enclose it in quotes. For example, to have more output you can do:
cs "-verbose MyNiceServlet.java"
54) I created a skeleton of the web application called SciPortal
and mounted it as SciPortal under Apache DocumentRoot. My $APACHE_HOME
is /usr/local/apache_1.3.14. I created directory SciPortal under
$APACHE_HOME/htdocs:
cd $APACHE_HOME/htdocs
mkdir SciPortal
cd SciPortal
mkdir WEB-INF
mkdir WEB-INF/classes
mkdir WEB-INF/lib
55) For doc directories which came with commercial software, and
which are linked in the $APACHE_HOME/htdocs
I placed the .htaccess file. The docs may have some copyright
restrictions and I am too lazy to read the small print..
/usr/local/WebRoot/jkl/.htaccess
56) I added added application /SciPortal and others to Tomcat. I had to
change again the server.xml and mod_jk.conf. Also copied
default $TOMCAT_HOME/conf/web.xml to ...WEB-INF/web.xml for each
application and edited it as needed. For example:
server.xml
mod_jk.conf
web.xml
|
