|
|
----------------
UPDATES:
==============================================
Date: Wed, 8 Nov 2000 14:38:12 +1000
From: "Jansen, Rene" <ReneJ@ptm.com.au>
To: "'jkl@ccl.net'" <jkl@ccl.net>
Subject: Tomcat 3.2beta5 page
....
Came a long a few examples where I think some type errors might have
ocurred. In the latest server.xml the Normal HTTP Connector ( 5080 ) is
still there, shouldn't this be left out, further first ajp12 is changed to
ajp13 and later without reason it's being back to ajp12 (mod_jk.conf) also
port numbers have swapped between these.
----------------
Rene,
First thanks for noticing it...
Yes... I messed up a little... The reason is that I tried the latest
and greatest ajp13, but mod_jk has problems with it when one does
basic authentication and uses SSL in Apache. So I changed back
to ajp12. The examples reflect the situation after reverting to ajp12, but
the installation log below did not talk about my ordeal with the ajp13 bug.
Therefore I decided now to include both versions of files there:
with ajp12 as JSP/servlet connector, and one as ajp13 as JSP/servlet connector.
Note, the connector ajp12 has allways be present for TOMCAT to
be shut down, even if you use ajp13 to serve JSP/servlets.
The 39) in:
http://search.ccl.net/cca/software/UNIX/apache/solaris-t3.2b5/README.shtml
was changed accordingly.
======================================
This is a log of my installation/Compilation of Apache DSO
with SSL, MM, and Tomcat 3.2beta5 (source distribution)
on SunOS heechee 5.7 Generic_106541-10 sun4u sparc SUNW,Ultra-250
YES, I TRIED BETA 6, but watchdog gives a lot of errors. I need to
further explore this issue...
Apache -- the Web Server
DSO -- Dynamic Shared Object (additional modules can be added/updated
to Apache without the need to recompile the whole thing, similar
to shared libraries, but but DSO modules are not only called, but
can call routines withing Apache)
MM -- memory management or something like that - and add on to Apache
and its modules to communicate via shared memory rather than files
(faster).
SSL -- Secure Socket Layer - the encryption and certificate package which
works with Apache
Tomcat -- the Java Server Pages (JSP) and Servlet container which uses the
latest Java Servlets spec 2.2, and the latest JSP spec 1.1.
It is still being actively developed and has some "features".
You may want to read my FAQ on Tomcat 3.1 beta 1. since it will be
easier to follow this installation log. It is available at:
http://www.ccl.net/cca/software/UNIX/apache/tomcat3.1b1-faq.html
I use GNU tar. It may be called gtar on your machine. If you do not have it,
try to do:
gunzup some.tar.gz
tar xvf some.tar
rather than
tar zxvf some.tar.gz
I assume you have moderately latest GNU tools (gmake, gzip, etc...) installed
and you also have a recent version of perl installed
(http://www.cpan.org/src/index.html).
1) Be a root... Run ksh or other sh, but not C-shell.
2) Installed Java 1.3 under Solaris
a) went to www.javasoft.com
b) clicked on Products and API on the left bar
c) at the middle of the page under COMPLETE PRODUCT LIST
retrieved JDK at "JavaTM 2 SDK, Standard Edition, v 1.3"
d) saved files in /tmp:
j2sdk1_3_0-solsparc.bin
j2sdk1_3_0-doc-solsparc.tar.Z
1.3_Developer-Guide.ps
1.3_Release-Notes.ps
did not do any patches
e) unpacked archive
chmod 755 j2sdk1_3_0-solsparc.bin
mkdir /usr/local/java3
cd /usr/local/java3
/tmp/j2sdk1_3_0-solsparc.bin
f) this created directory /usr/local/java3/j2sdk1_3_0
mv /usr/local/java3/j2sdk1_3_0 /usr/local/j2sdk1_3_0
cd /usr/local
ln -s /usr/local/j2sdk1_3_0 jdk1.3
3) Set your environment variables for Java (I am assuming you use
some Bourne shell lookalike -- ksh or sh.
JAVA_HOME=/usr/local/jdk1.3
export JAVA_HOME
PATH=/usr/local/bin:${JAVA_HOME}/bin:/${PATH}
export PATH
CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
export CLASSPATH
4) Create directory /usr/local/openssl and retrieve latest release of openssl
mkdir /usr/local/openssl
cd /usr/local/openssl
wget http://www.openssl.org/source/openssl-0.9.6.tar.gz
5) Compiled the openssl [if you are in Europe, you need to
check the mod_ssl INSTALL for the no-idea option. Note RSA released RSAREF
to public domain, so I do not have to use RSAREF in US (I believe --
I may be wrong).
cd /usr/local/openssl
gtar zxvf openssl-0.9.6.tar.gz
cd openssl-0.9.6
./config -fPIC shared \
--prefix=/usr/local/openssl \
--openssldir=/usr/local/openssl
make
make test
make install
cp -p /usr/local/openssl/openssl-0.9.6/lib*.a /usr/local/openssl/lib
Since the cp above created 3 identical copies of each library, I deleted
2 copies, and made appropriate links:
cd /usr/local/openssl/lib
rm libcrypto.so
rm libcrypto.so.0
rm libssl.so
rm libssl.so.0
ln -s libcrypto.so.0.9.6 libcrypto.so
ln -s libcrypto.so.0.9.6 libcrypto.so.0
ln -s libssl.so.0.9.6 libssl.so
ln -s libssl.so.0.9.6 libssl.so.0
6) Make top directory for Apache 1.3.12 installation. I did
/usr/local/apache_1.3.14
mkdir /usr/local/apache_1.3.14
I also made a subdirectory "sources" to have all needed sources in one
place:
mkdir /usr/local/apache_1.3.14/sources
cd /usr/local/apache_1.3.14/sources
Put there the tar files:
wget http://www.apache.org/dist/apache_1.3.14.tar.gz
wget http://www.modssl.org/source/mod_ssl-2.7.1-1.3.14.tar.gz
wget http://www.engelschall.com/sw/mm/mm-1.1.3.tar.gz
I also serve here local copies of some files (those which are not "munition"
according to US export laws which are quite far from present reality).
apache_1.3.14.tar.gz
mm-1.1.3.tar.gz
7) Unpack sources to buld DSO Apache with mod_ssl and mm:
cd /usr/local/apache_1.3.14
cd sources
gtar zxvf apache_1.3.14.tar.gz
gtar zxvf mod_ssl-2.7.1-1.3.14.tar.gz
gtar zxvf mm-1.1.3.tar.gz
8) Compiled MM shared memory library
cd /usr/local/apache_1.3.14/sources/mm-1.1.3
./configure --disable-shared
make
9) Configured mod_ssl
cd /usr/local/apache_1.3.14/sources/mod_ssl-2.7.1-1.3.14
EAPI_MM=../mm-1.1.3
./configure \
--with-apache=/usr/local/apache_1.3.14/sources/apache_1.3.14
10) Configure and make and install Apache with DSO support:
cd /usr/local/apache_1.3.14/sources/apache_1.3.14
SSL_BASE=/usr/local/openssl/openssl-0.9.6 \
EAPI_MM=/usr/local/apache_1.3.14/sources/mm-1.1.3 \
./configure --prefix=/usr/local/apache_1.3.14 \
--enable-module=so \
--enable-rule=SHARED_CORE \
--enable-module=most \
--enable-shared=max \
--enable-module=ssl \
--enable-shared=ssl
make
make certificate TYPE=custom
make install
My entries for certificates with
make certificate TYPE=custom
were defaults, no passwords/passphrases, etc. and:
STEP 0: R
STEP 2:
1. Country Name [XY]:US
2. State or Province Name [Snake Desert]:Ohio
3. Locality Name [Snake Town]:Columbus
4. Organization Name [Snake Oil, Ltd]:OSC
5. Organizational Unit Name [Cer..Authority]:Gateway
6. Common Name [Snake Oil CA]:heechee.ccl.net
7. Email Address [ca@snakeoil.dom]:jkl@ccl.net
8. Certificate Validity [365]:1000
STEP 3: 3
STEP 5:
1. Country Name [XY]:US
2. State or Province Name [Snake Desert]:Ohio
3. Locality Name [Snake Town]:Columbus
4. Organization Name [Snake Oil, Ltd]:OSC
5. Organizational Unit Name [Webserver Team]:PSE
6. Common Name [www.snakeoil.dom]:heechee.ccl.net
7. Email Address [www@snakeoil.dom]:jkl@ccl.net
8. Certificate Validity [365]:1001
STEP 6: 3
STEP 7:n
STEP 8:n
In fact, in my real case, after I did "make install", I overwrote
the certificates created here with the real ones. I created "real"
certificates a few months ago.
11) Set the environment:
APACHE_HOME=/usr/local/apache_1.3.14
export APACHE_HOME
12) edited a file in $APACHE_HOME/conf/httpd.conf (in my case:
/usr/local/apache_1.3.14/conf/httpd.conf) and
added (actually uncommented):
ServerName heechee.ccl.net
Then changed ports not to confilct with other servers I am running.
Port 80 --> Port 5180
Listen 80 --> Listen 5180
Listen 443 --> Listen 5143
<VirtualHost _default_:443> --> <VirtualHost _default_:5143>
13) Testing if Apache works:
a) make sure other installation of apache is not running,
or if it runs, it does not use port 5180 and port 5143.
(do: ps -ef | grep httpd), and if httpd runs, kill it either
with its own apachectl script, or if you do not know what it is
just find the PID of the httpd process which is owned by root:
ps -ef | grep root | grep httpd
(PID is in the second column of the output from ps). Kill it first with
kill PID
and then find all other apaches:
ps -ef | grep httpd
and kill them one by one.
b) start apache with:
/usr/local/apache_1.3.14/bin/apachectl startssl
If you have warning, you have a problem, and try to
do "exactly what I say" next time {:-)}.
c) Use your browser (preferable on some other machine)
and check if http: and https: work
In my case, I tried URLs:
http://heechee.ccl.net:5180/
and
https://heechee.ccl.net:5143/
In the https case you should get a lot of windows
which ask you for accepting the certificate if you did not have
https protocol from this site before, or with different certificates.
Just click Next to the series of questions, and also mark
"Keep this certificate forever" on one of the boxes.
d) Stop apache, since you are not finshed yet.
/usr/local/apache_1.3.14/bin/apachectl stop
Building and installing tomcat
==============================
At the time of this writing I was playing with 2 releases
3.2beta5 (Sept 23, 2000) and 3,2beta6 (Oct 12, 2000).
I decided to go with patched 3.2beta5 since it passed watchdog tests.
14) You need to get JAXP (Sun API and XML parsing in Java):
http://java.sun.com/xml/
click on Download JAXP reference implementation
to get to: http://java.sun.com/xml/download.html
Click on "ZIP (all platforms)" and after legal mambo-jumbo
get the jaxp-1_0_1.zip (857807 bytes)
unzip jaxp-1_0_1.zip
mv jaxp1.0.1 /usr/local
Place the jaxp.jar and parser.jar in your classpath
CLASSPATH=${CLASSPATH}:/usr/local/jaxp1.0.1/jaxp.jar
CLASSPATH=${CLASSPATH}:/usr/local/jaxp1.0.1/parser.jar
export CLASSPATH
15) Create directory /usr/local/tomcat_3.2b5
mkdir /usr/local/tomcat_3.2b5
and put there the source release 3.2 beta 5 of tomcat:
cd /usr/local/tomcat_3.2b5
wget http://jakarta.apache.org/builds/tomcat/release/v3.2-beta-5/src/jakarta-ant.tar.gz
wget http://jakarta.apache.org/builds/tomcat/release/v3.2-beta-5/src/jakarta-servletapi.tar.gz
wget http://jakarta.apache.org/builds/tomcat/release/v3.2-beta-5/src/jakarta-tomcat.tar.gz
wget http://jakarta.apache.org/builds/tomcat/release/v3.2-beta-5/src/jakarta-tools.tar.gz
wget http://jakarta.apache.org/builds/tomcat/release/v3.2-beta-5/src/jakarta-watchdog.tar.gz
I also have them here locally, if you want:
jakarta-ant.tar.gz
jakarta-servletapi.tar.gz
jakarta-tomcat.tar.gz
jakarta-tools.tar.gz
jakarta-watchdog.tar.gz
16) Untar them as:
cd /usr/local/tomcat_3.2b5
gtar zxvf jakarta-ant.tar.gz
gtar zxvf jakarta-tomcat.tar.gz
gtar zxvf jakarta-tools.tar.gz
gtar zxvf jakarta-servletapi.tar.gz
gtar zxvf jakarta-watchdog.tar.gz
While I do not need most of them, just in case, I got them all to
be in sync when I need them. Set the JAKARTA_HOME variable
JAKARTA_HOME=/usr/local/tomcat_3.2b5
export JAKARTA_HOME
17) Installing/building ANT -- the tool needed to build Tomcat
cd $JAKARTA_HOME/jakarta-ant
./bootstrap.sh
ANT_HOME=$JAKARTA_HOME/build/ant
export ANT_HOME
18) Installing/building servlet API
cd $JAKARTA_HOME/jakarta-servletapi
chmod 755 build.sh
./build.sh dist
19) Installing/building tomcat (unpacked)
cd $JAKARTA_HOME/jakarta-tomcat
./build.sh
20) testing Tomcat
cd $JAKARTA_HOME/build/tomcat
TOMCAT_HOME=$JAKARTA_HOME/build/tomcat
export TOMCAT_HOME
My relevant environment (type: env at command line) at this point is:
USERNAME=root
TOMCAT_HOME=/usr/local/tomcat_3.2b5/build/tomcat
CLASSPATH=/usr/local/java1.3/lib/tools.jar:\
/usr/local/java1.3/lib/dt.jar:\
/usr/local/jaxp1.0.1/jaxp.jar:\
/usr/local/jaxp1.0.1/parser.jar
ANT_HOME=/usr/local/tomcat_3.2b5/build/ant
PATH=/usr/local/bin:/usr/local/java1.2/bin:/usr/bin:/bin:\
/usr/bin:/usr/X11R6/bin:/root/bin
SHELL=/bin/bash
JAKARTA_HOME=/usr/local/tomcat_3.2b5
JAVA_HOME=/usr/local/jdk1.3
APACHE_HOME=/usr/local/apache_1.3.14
Since I have other Tomcats running on this machine, I changed
the default ports in $TOMCAT_HOME/conf/server.xml
cd /usr/local/tomcat_3.2b5/build/tomcat/conf
emacs server.xml
Change 8080 --> 5080
Change 8007 --> 5007
While the SSL connector is at this moment commented, I changed the
the port
8443 --> 5443
so I do not forget about it in the future.
Note that server.xml is the file which is read in by Tomcat to
configure itself. Tomcat does not use any information from
workers.properties or mod_jk.conf (may still use them to provide
automatic configuration files for Apache, but I do not think it
uses any information from these file for itself).
The files like tomcat-apache.conf, tomcat.properties, tomcat.conf
are used when tomcat was working with mod_jserv module. We are using
here mod_jk module, and these files can be ignored.
Now, starting tomcat to test:
cd $TOMCAT_HOME/bin
./startup.sh
then checked the stuff at tomcat port
http://heechee.ccl.net:5080/
and looked at test pages. Things worked... Then I shut it down as:
./shutdown.sh
21) At this point it may be prudent to make sure that environment is fine.
I created a file $APACHE_HOME/bin/do_env which was:
---------------------- cut ---------
JAVA_HOME=/usr/local/jdk1.3
export JAVA_HOME
APACHE_HOME=/usr/local/apache_1.3.14
export APACHE_HOME
JAKARTA_HOME=/usr/local/tomcat_3.2b5
export JAKARTA_HOME
ANT_HOME=$JAKARTA_HOME/build/ant
export ANT_HOME
TOMCAT_HOME=$JAKARTA_HOME/build/tomcat
export TOMCAT_HOME
CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
CLASSPATH=${CLASSPATH}:/usr/local/jaxp1.0.1/jaxp.jar
CLASSPATH=${CLASSPATH}:/usr/local/jaxp1.0.1/parser.jar
export CLASSPATH
PATH=/usr/local/bin:${JAVA_HOME}/bin:/${PATH}:${APACHE_HOME}/bin
export PATH
---------------------- cut ---------
then I did:
chmod 775 $APACHE_HOME/bin/do_env
and whenever I wanted to reset my environment, I did:
APACHE_HOME=/usr/local/apache_1.3.14
. $APACHE_HOME/bin/do_env
22) Now, let us create the mod_jk module. This is a DSO object
which you load into Apache. It is called "server plug-in"
sometimes. What it does, it allows Apache to talk to Tomcat.
Note that in this communication Apache (The web server) is a
client of Tomcat. Tomcat is started, and it listens for requests
from Apache (usually on port 8007, but since I have several
things running on this machine, I use different port, as you see).
In the beta 5 release there is small bug (reported to
tomcat-dev list by "Mike Bremford" <mikeb@paperx.com>.
It will probably be corrected before I finish this log. So check it
out, before correcting corrected corrections {:-)}:
--------------
The mod_jk build on Solaris (and probably any other Unix) was broken
by the changes for Netware - the addition of native/jk/jk_nwmain.c and
the 1.2.2.1 change to native/jk/jk_global.h
1. To fix jk_nwmain.c, add "#ifdef NETWARE ... #endif" around the ENTIRE
FILE.
2. To fix jk_global.h, move the #include <sys/socket.h> to just BEFORE the
"#ifndef NETWARE" block, rather than just AFTER.
So the block at the top of jk_global.h looks like
.
.
#include <netinet/in.h>
#include <sys/socket.h>
#ifndef NETWARE
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <sys/un.h>
#include <sys/socketvar.h>
#include <sys/select.h>
#endif
#include <sys/time.h>
#include <sys/ioctl.h>
.
.
-------------
cd $JAKARTA_HOME/jakarta-tomcat/src/native/jk
fix the stuff as described above.
cd $JAKARTA_HOME/jakarta-tomcat/src/native
cd apache1.3
$APACHE_HOME/bin/apxs -o mod_jk.so -DSOLARIS \
-I${JAVA_HOME}/include/solaris \
-I../jk -I${JAVA_HOME}/include \
-l posix4 -c *.c ../jk/*.c
cp mod_jk.so ${APACHE_HOME}/libexec
23) When I tested standalone Tomcat in 20),, it created automatically
a config file for mod_jk for Apache which is available as:
$TOMCAT_HOME/conf/mod_jk.conf-auto
I did the following:
cd $TOMCAT_HOME/conf
mv mod_jk.conf mod_jk.conf.original
mv mod_jk.conf-auto mod_jk.conf
i.e., I saved the original and copied the automatic version to
mod_jk.conf.
For the time being, I edited the Apache config file to include
the mod_jk.conf (more needs to be done for sensible install, though).
I edited file $APACHE_HOME/conf/httpd.conf and at the last line I put:
Include /usr/local/tomcat_3.2b5/build/tomcat/conf/mod_jk.conf
The actual initial httpd.conf is here.
Replaced all occurances of ajp12 with ajp13 and made few other changes
You can find the copy of it here.
Made several changes to workers.properties.
You can look up them here.
24) copied jaxp.jar and parser.jar to $TOMCAT_HOME/lib
cd $TOMCAT_HOME/lib
cp /usr/local/jaxp1.0.1/jaxp.jar .
cp /usr/local/jaxp1.0.1/parser.jar .
25) changed the $TOMCAT_HOME/conf/server.xml
to activate the ajp13 connector
<!-- Apache AJP13 support. -->
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
value="org.apache.tomcat.service.connector.Ajp13ConnectionHandler"/>
<Parameter name="port" value="5007"/>
</Connector>
Left ajp12 support since it is needed for shutdown.
Also change ports.
Look here for initial server.xml.
26) Started tomat
cd $TOMCAT_HOME/bin
./startup.sh
(if you have errors, check if it is not running by any chance:
ps -ef | grep tomcat
and kill if needed.
)
27) Started Apache
$APACHE_HOME/bin/apachectl startssl
Things worked on port 5080(http) and 5143(https). I checked
http://heechee.ccl.net:5080/examples and
https://heechee.ccl.net:5143/examples
28) Stopped Tomcat
cd $TOMCAT_HOME/bin
./shutdown.sh
29) Stopped Apache
$APACHE_HOME/bin/apachectl stop
30) Compiled and installed watchdog. Watchdog is a batter of tests for your
installation of Tomcat. It is usefull to look at sources
(in my case under $JAKARTA_HOME/jakarta-watchdog/src/clients,
you have to read $JAKARTA_HOME/jakarta-watchdog/doc/design to navigate
through this maze).
cd $JAKARTA_HOME/jakarta-watchdog
./build.sh dist
cd $JAKARTA_HOME/dist/watchdog/webapps
cp *.war $TOMCAT_HOME/webapps
31) Started Tomcat stand alone and ran watchdog
$TOMCAT_HOME/bin/startup.sh
cd $JAKARTA_HOME/dist/watchdog/bin
./watchdog.sh servlet heechee.ccl.net 5080
# gave me a lot of OK's, so I hope it is OK
./watchdog.sh jsp heechee.ccl.net 5080
# gave me a lot of OK's, so I hope it is OK
32) Reconfigured Tomcat and Apache to do things I want them to do.
a) In $APACHE_HOME/conf/httpd.conf made sure mod_jk is before mod_rewrite
LoadModule jk_module libexec/mod_jk.so
LoadModule rewrite_module libexec/mod_rewrite.so
and
AddModule mod_jk.c
AddModule mod_rewrite.c
and commented out the line
# LoadModule jk_module libexec/mod_jserv.so
# AddModule mod_jk.c
in $TOMCAT_HOME/conf/mod_jk.conf
33) In the $APACHE_HOME/conf/httpd.conf I added some rewrite
rules:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteLog /usr/local/apache_1.3.14/logs/rewrite_log
RewriteLogLevel 2
RewriteRule ^/ROOT/examples /examples [R]
RewriteRule ^/ROOT/test /test [R]
RewriteRule ^/ROOT/admin /admin [R]
RewriteRule ^/ROOT/ROOT /ROOT [R]
RewriteRule ^/tomcat.gif /ROOT/tomcat.gif [R]
RewriteRule ^/examples/servlets$ /examples/servlets/ [R]
RewriteRule ^/examples/jsp$ /examples/jsp/ [R]
RewriteRule ^/examples$ /examples/ [R]
RewriteRule ^/admin$ /admin/ [R]
RewriteRule ^/ROOT$ /ROOT/ [R]
RewriteRule ^/test$ /test/ [R]
</IfModule>
for the HTTP (port 5180) and HTTPS (virtual host at 5143). It was needed
to cure a problem that $TOMCAT_HOME/webapps/ROOT
is a Document Root for Tomcat, but for Apache, the
$APACHE_HOME/htdocs is the Document Root.
34) Created new users, in my case webinst3, and webrun3, and groups for
them, home directories, and regular login environment.
The webrun3 was assigned /bin/ksh and webinst3 had tcsh as primary
shell (yes, I know that t/csh is brain dead, but people want it,
and people will have it -- it sucks primarily with its limitations:
"Word too long" when your environment variable is longer than 1024 --
it happens to me all the time with longer CLASSPATHs).
Note, that when you execute the script as
su - uid -c script
the script will be executed with the default shell (i.e., the shell
the user uid has assigned in /etc/passwd) of the uid user, and it does not
matter what you put in #!/bin/someshell on the top of your script.
The script is sourced with default shell, not forked with a new shell.
The webinst3 will own most of the files in the web site, while the
webrun3 will be the user who runs the Apache server and the tomcat.
It will own log files and other files which the apache/tomcat/ needs
to write. In $APACHE_HOME/conf/httpd.conf I did:
User webrun3
Group webrun3
Final version of httpd.conf is given here.
Also chown_ed to webrun3 the log directories:
chown -R webrun3 $APACHE_HOME/logs
chgrp -R webrun3 $APACHE_HOME/logs
And for tomcat:
chown -R webrun3 $TOMCAT_HOME/conf
chgrp -R webrun3 $TOMCAT_HOME/conf
chown -R webrun3 $TOMCAT_HOME/logs
chgrp -R webrun3 $TOMCAT_HOME/logs
chown -R webrun3 $TOMCAT_HOME/work
chgrp -R webrun3 $TOMCAT_HOME/work
35) In $APACHE_HOME/bin
cp apachectl apache-tomcat
and edited apache-tomcat to have a script to start/stop
tomcat/apache
I had to set inside the:
WAS_BORN_BY_APACHE=true
export WAS_BORN_BY_APACHE
or I would get the output at Apache start-up
jk_post_config NULL
while you should get
jk_post_config true
Why I need to do this, I have no idea... The tomcat is started before
Apache in my case. But the mistery, I am sure, will be someday explained.
$APACHE_HOME/bin/apache-tomcat
chmoded apache-tomcat to be executable :
chmod 755 $APACHE_HOME/bin/apache-tomcat
36) Started the apache/tomcat as:
$APACHE_HOME/bin/apache-tomcat startssl
and checked if http://heechee.ccl.net:5180/examples and
https://heechee.ccl.net:5143/examples worked.
They did, so I killed the server with:
$APACHE_HOME/bin/apache-tomcat stop
37) changed permissions/ownership on the example directories
cd $TOMCAT_HOME/webapps
chown -R webinst3 .
chgrp -R webinst3 .
cd $TOMCAT_HOME/logs
chown -R webrun3 .
38) After all these changes, the ports should be the following:
Orig New Files affected
http(apache) --> 80 --> 5180 conf/httpd.conf
https --> 443 --> 5143 conf/httpd.conf
http(tomcat) --> 8080 --> 5080 tomcat/conf/server.xml
(disabled)
tomcat/ajp13
--> 8009 --> 5007 tomcat/conf/workers.properties
tomcat/conf/server.xml
tomcat/ajp12
--> 8007 --> 5006 tomcat/conf/workers.properties
tomcat/conf/server.xml
39) The final server.xml, mod_jk.conf, and workers_properties, where
the ajp13 is used to serve JSP/servlets to apache are given here:
$TOMCAT_HOME/conf/server.xml
and corresponding mod_jk and workers_properties files looked
$TOMCAT_HOME/conf/mod_jk.conf
$TOMCAT_HOME/conf/workers.properties
Note that ajp12 protocol has to be present even if it is not attached
to any context. This is because it is used to shutdown Tomcat.
However, after using the mod_jk with ajp13 I got stuck on the
authentication when SSL is used on Apache (https:). I had to revert
to ajp12, since mod_jk/ajp13 was messing the headers reported to Tomcat.
The files with the ajp12 as a connector protocol for serving JSP/Tomcat
are given belo
$TOMCAT_HOME/conf/server.xml
and corresponding mod_jk and workers_properties files looked
$TOMCAT_HOME/conf/mod_jk.conf
$TOMCAT_HOME/conf/workers.properties
40) Since starting/stopping apache+tomcat in this environment requires
one to be a root, I created C. wrappers to start and stop the whole zoo.
$APACHE_HOME/bin/apache_start.c
and compiled it with
gcc -o apache_start apache_start.c
as a root, and then added suid permissions to the resulting
apache_start executable file as:
chmod ug+s apache_start
I did exactly the same with apache_stop.c
gcc -o apache_stop apache_stop.c
chmod ug+s apache_stop
$APACHE_HOME/bin/apache_stop.c
Now, people do not have to have root access to start/stop Web Server/Tomcat
I also added a C program killme.c which kills the processes which are
running by user webrun3. It is indentded to be used after "apache_stop"
to kill some runaway processes started by apache, Tomcat, or JServ.
After compiling the program:
gcc -o killme killme.c
changed its user and group ownership to webrun3 and added
SETUID permission bits
chown webrun3 killme
chgrp webrun3 killme
chmod ug+s killme
To learn which processes need to be killed, the user does
ps -ef | grep webrun3 | grep -v grep
(I actually saved this line as a shell script "killwhich" so they can
just type: killwhich).
and the user can kill the processes listed by previous command as:
killme pid1 pid2 ....
where pidn is the process id number in the second column.
$APACHE_HOME/bin/killme.c
41) Since some of the work we do will involve CORBA, and we use the
ORBacus from Object Oriented Concepts (http://www.ooc.com/)
I created /usr/local/orbacus-3.3.1, created there subdirectories:
JOB, JTC, OB, and jidl, and downloaded LICENSES/READMES and tar balls
from ftp.ooc.com: JOB-3.3.1*, JTC-1.0.10*, OB-3.3.1*,
jidl-3.3.1-solaris.tar.gz and diligently unpacked them.
a) cd /usr/local/orbacus-3.3.1/jidl
tar zxvf jidl-3.3.1-solaris.tar.gz
then made links:
cd /usr/local/bin
ln -s ../orbacus-3.3.1/jidl/idlcpp idlcpp
ln -s ../orbacus-3.3.1/jidl/iordump iordump
ln -s ../orbacus-3.3.1/jidl/irdel irdel
ln -s ../orbacus-3.3.1/jidl/irfeed irfeed
ln -s ../orbacus-3.3.1/jidl/irserv irserv
ln -s ../orbacus-3.3.1/jidl/jidl jidl
b) cd /usr/local/orbacus-3.3.1/JOB
tar zxvf JOB-3.3.1.jars.tar.gz
which produced:
OBEvent.jar
OB.jar
OBNaming.jar
OBProperty.jar
OBTest.jar
OBTrading.jar
OBUtil.jar
which will be later added to CLASSPATH
I copied *jar to $TOMCAT_HOME/lib
At this moment, other files were not needed.
42) I installed the old version of XML4J (xml4j_2_0_15) from IBM, since
we have some older servlets to port. The IBM site
http://www.alphaworks.ibm.com/tech/xml4j/
distributes only the newest stuff, and I know of no way to retrieve
the older thing. But I had the old tar in my old instalation. So I did:
mkdir /usr/local/xml4j
cp .../xml4j_2_0_15.tar.gz .
tar zxvf xml4j_2_0_15.tar.gz
I linked doc directories to the Web tree
cd $APACHE_HOME/htdocs
ln -s /usr/local/xml4j/xml4j_2_0_15/apiDocs xml4j-apiDocs
ln -s /usr/local/xml4j/xml4j_2_0_15/docs xml4j-docs
ln -s /usr/local/xml4j/xml4j_2_0_15/TXapiDocs TXapiDocs
Doug Dale-Johnson, found the XML4J_2_0_15 at this site:
http://www.jp.ibm.com/alphaWorks/xml4j/xml4j.htm
Catch it while you can...
43) Installed Xalan-J:
Created directory and unpacked tar, and made links
mkdir /usr/local/Xalan-J
cd /usr/local/Xalan-J
wget http://xml.apache.org/dist/xalan-j/xalan-j_1_2_D02.tar.gz
Unfortunately this tar.gz is strangely packed (does not have top
directory as version) so you need to create directory first:
mkdir xalan-j_1_2_D02
cd xalan-j_1_2_D02
gtar zxvf ../xalan-j_1_2_D02.tar.gz
I made the docs available by creating the link below:
cd $APACHE_HOME/htdocs
ln -s /usr/local/Xalan-J/xalan_j_1_2_D02/docs xalan-docs
44) Installed Xerces-J version 1.1.3 (the one in synch with Xalan above)
mkdir /usr/local/Xerces-J
cd /usr/local/Xerces-J
wget http://xml.apache.org/dist/xerces-j/Xerces-J-bin.1.1.3.tar.gz
tar zxvf Xerces-J-bin.1.1.3.tar.gz
I made the docs available on the Web by:
cd $APACHE_HOME/htdocs
ln -s /usr/local/Xerces-J/xerces-1_1_3/docs xerces-docs
45) Installed JCE 1.2.1 Java Cryptography Extension 1.2.1
Go to: http://www.javasoft.com/products/jce/
Click on: Download JCE 1.2.1 Software
This will get you: jce-1_2_1.zip
mkdir /usr/local/JCE
cd /usr/local/JCE
cp ..../jce-1_2_1.zip .
unzip jce-1_2_1.zip
and linked the docs to the Web Root.
cd $APACHE_HOME/htdocs
ln -s /usr/local/JCE/jce1.2.1/doc jce-docs
Then added the security provider to Java:
a) copied JCE jars to lib/ext
cp /usr/local/JCE/jce1.2.1/lib/*.jar /usr/local/jdk1.3/jre/lib/ext
b) edited /usr/local/jdk1.3/jre/lib/security/java.security and added
line:
security.provider.3=com.sun.crypto.provider.SunJCE
46) I also installed Cocoon from xml.apache.org, but I am exploring
the matter further, since supposedly (but I am not sure at this time)
cocoon uses the older versions of xerces which is
not compatible with the latest one (the one which I installed).
mkdir /usr/local/Cocoon
cd /usr/local/Cocoon
wget http://xml.apache.org/dist/cocoon/Cocoon-1.8.tar.gz
gtar zxvf Cocoon-1.8.tar.gz
and linked the docs to the Web Root.
cd $APACHE_HOME/htdocs
ln -s /usr/local/Cocoon/cocoon-1.8/docs cocoon-docs
47) Installed JSSE (JavaTM Secure Socket Extension (JSSE) 1.0.1)
available from http://java.sun.com/products/jsse/
mkdir /usr/local/jsse
with a netscape browser go to: http://java.sun.com/products/jsse/
Click on domestic distribution
Logged in, accepted, continue, answerer Yes, Continue,
downloaded jsse-1_0_2-do.zip
cd /usr/local/jsse
cp ..../jsse-1_0_2-do.zip .
unzip jsse-1_0_2-do.zip
cd jsse1.0.2
cd doc
cp -p ../*.html .
and linked the docs to the Web Root.
cd $APACHE_HOME/htdocs
ln -s /usr/local/jsse/jsse1.0.2/doc jsse-docs
I installed the JSSE as "installed extension" for jdk1.3 and
copied them to /usr/local/jdk1.3/jre/lib/ext directory
($JAVA_HOME/jre/lib/ext):
cp -p /usr/local/jsse/jsse1.0.2/lib/*jar $JAVA_HOME/jre/lib/ext
I then registered the provider in $JAVA_HOME/jre/lib/security/java.security
by adding a line:
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
I already had 3 providers registered.
48) Installed JAF JavaBeansTM Activation Framework
http://java.sun.com/beans/glasgow/jaf.html.
Click on download, continue, accept, FTP download
get jaf1_0_1.zip
mkdir /usr/local/jaf
cd /usr/local/jaf
cp .../jaf1_0_1.zip .
unzip jaf1_0_1.zip
and linked the docs to the Web Root.
cd $APACHE_HOME/htdocs
ln -s /usr/local/jaf/jaf-1.0.1/doc jaf-docs
49) Installed JavaMail 1.1.3 release:
With your browser go to:
http://www.javasoft.com/products/javamail/index.html
Click on continue, accept, get javamail1_1_3.zip = 1,960,787 bytes.
mkdir /usr/local/JavaMail
cd /usr/local/JavaMail
cp .../javamail1_1_3.zip .
unzip javamail1_1_3.zip
and linked the docs to the Web Root.
cd $APACHE_HOME/htdocs
ln -s /usr/local/JavaMail/javamail-1.1.3/docs JavaMail-docs
50) Installed jdom beta 5 release from www.jdom.org:
mkdir /usr/local/JDOM
cd /usr/local/JDOM
wget http://www.jdom.org/dist/source/jdom-b5.tar.gz
wget http://www.jdom.org/dist/source/jdom-contrib-b5.tar.gz
I also have my own copy:
jdom-b5.tar.gz
jdom-contrib-b5.tar.gz
Then I built it:
cd /usr/local/JDOM
./build.sh compile
./build.sh
./build.sh samples
./build.sh javadoc
and linked the docs to the Web Root.
cd $APACHE_HOME/htdocs
ln -s /usr/local/JDOM/jdom-b5/build/apidocs jdom-docs
51) I copied the jars to the Tomcat lib directory
cd $TOMCAT_HOME/lib
cp /usr/local/orbacus-3.3.1/JOB/*jar .
cp /usr/local/jaf/jaf-1.0.1/activation.jar .
cp $ANT_HOME/lib/ant.jar .
cp /usr/local/Xalan-J/xalan-j_1_2_D02/bsf.jar .
cp /usr/local/Xalan-J/xalan-j_1_2_D02/bsfengines.jar .
cp /usr/local/jaxp1.0.1/jaxp.jar .
cp /usr/local/jaxp1.0.1/parser.jar .
cp /usr/local/JDOM/jdom-b5/build/jdom.jar .
cp /usr/local/jsse/jsse1.0.2/lib/*.jar .
cp /usr/local/JavaMail/javamail-1.1.3/mail.jar .
cp /usr/local/Xalan-J/xalan-j_1_2_D02/xalan.jar .
cp /usr/local/Xerces-J/xerces-1_1_3/xerces.jar .
cp /usr/local/xml4j/xml4j_2_0_15/xml4j.jar .
and then chowned the diretories under $TOMCAT_HOME to webinst3 or webrun3
cd $TOMCAT_HOME
chown -R webinst3 bin classes doc lib src webapps
chgrp -R webinst3 bin classes doc lib src webapps
chown -R webrun3 logs work
chgrp -R webrun3 logs work
51) Basic environment for working with Java on webinst3 account.
Since the assumption is that all content for this Apache server
is owned by user webinst3, beside some files which
are owned by webrun3 (a user/group which runs Web server and
servlet containers).
The webinst3 runs /bin/tcsh as default shell. The .cshrc file
in the HOME directory is:
/home/webinst3/.cshrc
I provided short scripts which allow users to switch from
java1.1 (for applets) to 1.2(latest production release)
to 1.3(lastest beta)
/home/webinst3/bin/cjdk1.1
/home/webinst3/bin/cjdk1.2
/home/webinst3/bin/cjdk1.3
and have put the following aliases into .cshrc
alias jdk1.1 'source /home/webinst3/bin/cjdk1.1'
alias jdk1.2 'source /home/webinst3/bin/cjdk1.2'
alias jdk1.3 'source /home/webinst3/bin/cjdk1.3'
e.g., typing:
jdk1.1
when you are logged in as webinst3 with set your environment
to the Java 1.1 needed for applets compilation, and you can get
back to Java 1.3 by typing
jdk1.3
And if you have problems with JDK1.3, you can always try the J2SE
by typing
jdk1.2
52) I also created the basic running environment for user webrun3.
The webrun3 is running ksh and is not expected to be used often,
though, during development, it may be used occassionally.
The webrun3 user (see point 34 above) is the id which
Apache/Tomcat are using to run. I created the .profile file:
/home/webrun3/.profile
and also the kjdk1.x which allow you to switch the release of JDK..
/home/webrun3/bin/kjdk1.1
/home/webrun3/bin/kjdk1.2
/home/webrun3/bin/kjdk1.3
53) Created a "cs" script to compile servlets and placed it
in /home/webinst3/bin directory. The script is:
/home/webinst3/bin/cs
To run it, you should cd to the directory where you have your servlet
source, and then execute:
cs MyNiceServlet.java
You can also add more options to the the java compiler (javac) but you
need to enclose it in quotes. For example, to have more output you can do:
cs "-verbose MyNiceServlet.java"
54) I created a skeleton of the web application called SciPortal
and mounted it as SciPortal under Apache DocumentRoot. My $APACHE_HOME
is /usr/local/apache_1.3.14. I created directory SciPortal under
$APACHE_HOME/htdocs:
cd $APACHE_HOME/htdocs
mkdir SciPortal
cd SciPortal
mkdir WEB-INF
mkdir WEB-INF/classes
mkdir WEB-INF/lib
55) For doc directories which came with commercial software, and
which are linked in the $APACHE_HOME/htdocs
I placed the .htaccess file. The docs may have some copyright
restrictions and I am too lazy to read the small print..
/usr/local/WebRoot/jkl/.htaccess
56) I edited the startup.sh, jspc.sh, and shutdown.sh script
in $TOMCAT_HOME/bin
to set the proper environment for tomcat, independed of
the user environment which starts them.
The edited versions are found at:
startup.sh
shutdown.sh
jspc.sh
|
