This is a log of my installation/Compilation of Apache DSO
with SSL, MM, and Tomcat 3.1 stable (source distribution), JSERV 1.1.1
on Solaris SunOS 5.7
Extra, extra!!!
The stuff here gets obsolete quite fast... I am busy with some other
things right now and the tomcat 3.2 has to wait...
Some people offer help. I am adding these comments here as I get them.
I only post the meat here and cut other comments...
Thanks...
==================================================================
Date: Thu, 05 Oct 2000 15:45:24 -0400
From: west suhanic
Reply-To: w@managedata.com
To: jkl@ccl.net
Subject: RE: New Combination that works:
Sir:
I used your instructions to successfully install the following
combination:
1) Linux Red Hat 6.1 (Intel)
2) apache 1.3.12
3) JServ 1.1.2
4) openssl-0.9.6
5) mod_ssl-2.6.6-1.3.12
6) mm-1.1.3
7) rsaref-2.0 (Question with RSA's patent expiring can new code be
used?)
.....
West Suhanic
--- JKL speaking ---
I am not a lawyer, so I should not open my mouth since if you are not
a lawyer, you can go to prison if you give legal advice EVEN when you
admit that you are not a lawyer (nice setup, isn't it? But you cannot
expect anything else when lawyers not only interpret the law but
also make the law and execute it).
The patent for algorithms in RSAREF expired. The RSA Inc., passed
the RSAREF algorithms to PUBLIC DOMAIN, i.e., IMHO, you can reengineer then.
So, I will not use RSAREF anymore... OpenSSL has RSAREF built in.
So... in the openssl compilation, in the US, I will be changing the following
lines when I recompile Apache/SSL
6)
sub e)
Goes away -- we do not use RSAREF anymore
7) Goes away -- we do not use RSAREF anymore
8) Compiled the openssl [if you are in Europe, you need to
check the mod_ssl INSTALL for the no-idea option. Note RSA released RSAREF
to public domain, so I do not have to use RSAREF in US (I believe --
I may be wrong).
cd /usr/local/apache1.1.12_tomcat3.2b4/sources/openssl-0.9.6
sh config -fPIC
make
make test
and in compilation of Apache:
11) Configure and make and install Apache with DSO support:
cd /usr/local/apache1.1.12_tomcat3.2b4/sources/apache_1.3.12
SSL_BASE=/usr/local/apache1.1.12_tomcat3.2b4/sources/openssl-0.9.6 \
EAPI_MM=/usr/local/apache1.1.12_tomcat3.2b4/sources/mm-1.1.3 \
./configure --prefix=/usr/local/apache1.1.12_tomcat3.2b4 \
--enable-module=so \
--enable-rule=SHARED_CORE \
--enable-module=most \
--enable-shared=max \
--enable-module=ssl \
--enable-shared=ssl
---------- end JKL nonlegal nonadvice ----
==================================================================
Date: Tue, 03 Oct 2000 18:21:16 -0700
From: Marcia Perry <mperry@lbl.gov>
To: jkl@ccl.net
Subject: Thanks for helping w/ tomcat build
QUESTION: When building tomcat (v3.1) for apache (v1.3.12) under Solaris 2.7,
I do this (per the Tomcat documentation in the Tomcat distribution package
and from the jakarta.apache.org website):
> cd $TOMCAT_SRC_DIRECTORY/src/native/apache/jserv
> $APACHE_HOME/bin/apxs -c *.c -o mod_jserv.so
I get this output (with a real path listed instead of $APACHE_INSTALL_DIR):
gcc -DSOLARIS2=270 -DUSE_EXPAT -I../lib/expat-lite -DNO_DL_NEEDED \
-I<$APACHE_INSTALL_DIR>/include -c autochange.c
gcc -DSOLARIS2=270 -DUSE_EXPAT -I../lib/expat-lite -DNO_DL_NEEDED \
-I<$APACHE_INSTALL_DIR>/include -c ajpv11.c
:
:
gcc -DSOLARIS2=270 -DUSE_EXPAT -I../lib/expat-lite -DNO_DL_NEEDED \
-I<$APACHE_INSTALL_DIR>/include -c mod_jserv.c
-o autochange.so mod_jserv.o jserv_wrapper_win.o \
jserv_wrapper_unix.o jserv_watchdog.o jserv_utils.o jserv_status.o \
jserv_protocols.o jserv_mmap.o jserv_image.o jserv_balance.o \
jserv_ajpv12.o jserv_ajpv11.o autochange.o
apxs:Break: Command failed with rc=16711680
Attempting to explicitly change the options to gcc to build and link
mod_serv.so by doing this:
> gcc -fpic -SHARED_MODULE -I<$APACHE_SRC_DIR>/src/include \
-I<$APACHE_SRC_DIR>/src/os/unix -c mod_jserv.c
> ld -shared -o mod_jserv.so mod_jserv.o
Gives error:
ld: fatal: option -h and building a dynamic executable are
incompatible
ld: fatal: Flags processing errors
What should I do?
ANSWER: Your question implies you read the Tomcat docs, but also
read the INSTALL file in the toplevel directory of the Apache source
distribution, especially the sections that describe '--enable-shared',
'--enable-rule' and '--enable-module'. Also read "Apache 1.3 Dynamic
Shared Object (DSO) Support" (either from the Apache website or from
htdocs/manual/dso.html that is included in the Apache source distribution).
To successfully build mod_jserv.so, do the following (following the
instructions in the 'installation/Compilation of Apache DSO...' document
available by clicking on the "New" link at
http://www.ccl.net/cca/software/UNIX/apache/):
1). Rebuild Apache to get an apxs script that works for
building *.so files:
> cd $APACHE_SRC_DIR
> ./configure --prefix=<APACHE_INSTALL_PATH> \
--enable-module=so --enable-rule=SHARED_CORE \
--enable-module=most --enable-shared=max
> make
> make install
2). Run 'httpd -l' from the bin subdirectory of the
APACHE_INSTALL_PATH. You'll see that the only
compiled-in modules are http_core.c and mod_so.c.
You'll also see a lot of *.so files in $APACHE_INSTALL_PATH/
libexec. The 'apxs' in $APACHE_INSTALL_PATH/bin will
work properly for mod_jserv.so.
3). If you want all of the Apache modules to be DSOs,
add the necessary LoadModule entries in httpd.conf.
OR
If you really want your 'old' Apache binary (httpd)
which probably has a bunch of compiled-in modules, but
won't let .so's get built, go ahead and rebuild Apache,
but BE SURE TO COPY THIS 'apxs' script somewhere (putting
it with the Tomcat jserv src is good idea).
4). Build mod_jserv.so as follows:
> cd $TOMCAT_SRC_DIR/src/native/apache/jserv
> apxs -c *.c -o mod_jserv.so
> ld -G autochange.so mod_jserv.o jserv_wrapper_win.o \
jserv_wrapper_unix.o jserv_wrapper.o jserv_watchdog.o \
jserv_utils.o jserv_status.o jserv_protocols.o \
jserv_mmap.o jserv_image.o jserv_balance.o \
jserv_ajpv12.o jserv_ajpv11.o autochange.o \
-o mod_jserv.so
> cp mod_jserv.so $APACHE_INSTALL_DIR/libexec
==================================================================
Date: Mon, 2 Oct 2000 12:35:07 +0100 (BST)
From: Antony Riley <antony@internation.co.uk>
To: jkl@ccl.net
Subject: Apache + mod_ssl/openssl + tomcat
........
I've noticed a few features/bugs...
(a) mod_jserv doesn't pass the scheme when ssl is used, this causes a
problem when you use response.sendRedirect(), as if you don't specify the
scheme (https or http or whatever) most browsers seem to assume the
scheme should be http, and try to use http to connect to port 443. (you
are supposed to use a fully qualified url for send redirect anyway).
If you pull the scheme from the request it's always http. We've just fixed
this by guessing the scheme from the port number (this is passed via
mod_jserv)
From looking at the code it looks like the scheme isn't passed via Ajp12.
(b) The performance on a sparc of openssl on a sparc appears to be
appauling.
(I compiled it with gcc instead of the cc that comes with solaris)
When you do make test it says the server time for openssl is ~0.6 seconds
for 10 handshakes, compared with ~0.2 seconds on a pentium 500 (or there
abouts).
(this was on a 4*ultrasparc 400, though it didn't appear to be using more
than one processor)
I was wondering if you knew of anyway of compiling something to use
multiple processors, or even if apache has optimizations for multiple
processors.
-Antony
.............
==================================================================
Since some versions of software which I use in this installation
are no longer available at original places, I am including them here.
Of course, I can only include the ones which I am allowed to redistribute.
I do it not because I think that
you should use them, but because this description
refers to these, and only these versions. Using some other versions
may require some modifications in the installation procedure.
You should, however, always try to use the latest versions,
and I would be glad if you could send me the updates
to this file. The original tar/zip balls of 3.1 Tomcat are in
http://jakarta.apache.org/builds/tomcat/release/v3.1/src/. You can also grab my
copies here:
==================================================================
To : Dan Weinman <dano@bluedevil.cvsi.com>
Cc :
Attchmnt:
Subject : Re: apache,tomcat,jserv installation
On Thu, 31 Aug 2000, Dan Weinman wrote:
> Jan:
>
> I read your faq and your install logs. Thanks for all the info. I have
> one question. You include the jserv config in your httd along with
> tomcat.conf. I thought tomcat was supposed to replace jserv. Are
> both supposed to be working with apache at the same time?
>
> -dan
The Tomcat and JServ are different servlet containers (engines).
The Tomcat implements the newer Servlet Specification (2.2) while
the JServ implements the older 2.0 Servlet Spec. I personally consider
Tomcat still experimental, while the JServ is a solid, production quality
servlet container by older.
Before, when I wanted to do development in Tomcat and run production
service on the same machine, I had to run two independent Apache servers:
one for JServ, and one for Tomcat. This solution allows you to serve your
existing Web Site in JServ, and do development in Tomcat ON THE SAME MACHINE
USING ONLY ONE COPY OF APACHE WEBSERVER.
==================================================================
Date: Wed, 30 Aug 2000 18:43:54 -0400
From: Noel Haydt <Noel@remcoserv.com>
To: "'jkl@ccl.net'" <jkl@ccl.net>
Subject: Tomcat / SSL
Jan :
...cut...
I have been working
on getting Tomcat & SSL to work together for a while now. Your paper
allowed me to put together the pieces I needed to finish it of properly.
...cut...
The developers and apache seem to be always outdated when it comes to
documentation. They've changed things already and your paper is also
outdated. Before you build Tomcat you must do the following.
Download XML 1.0.1 packages from java.sun.com/xml
Install it and add the following to your .profile
XML=/usr/jaxp1.0.1;export XML
CLASSPATH=$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar:$XML/jaxp.jar:$
XML/parser.jar:;export CLASSPATH
...cut...
==================================================================
Original starts here
==================================================================
This is a log of my installation/Compilation of Apache DSO
with SSL, MM, and Tomcat 3.1 stable (source distribution), JSERV 1.1.1
on Solaris SunOS heechee 5.7 Generic_106541-08 sun4u sparc SUNW,Ultra-250
Apache -- the Web Server
DSO -- Dynamic Shared Object (additional modules can be added/updated
to Apache without the need to recompile the whole thing, similar
to shared libraries, but DSO modules are not only called, but
can call routines within Apache)
JServ -- the Servlet container which is very well tested and tried
which uses the older Java Servlet Spec 2.0. It is still the more
popular servlet container for production sites.
MM -- memory management or something like that - and add on to Apache
and its modules to communicate via shared memory rather than files
(faster).
SSL -- Secure Socket Layer - the encryption and certificate package which
works with Apache
Tomcat -- the Java Server Pages (JSP) and Servlet container which uses the
latest Java Servlets spec 2.2, and the latest JSP spec 1.1.
It is still being actively developed and has some "features".
You may want to read my FAQ on Tomcat 3.1 beta 1. since it will be
easier to follow this installation log. It is available at:
http://www.ccl.net/cca/software/UNIX/apache/tomcat3.1b1-faq.html
This stuff if based on INSTALL file which comes with mod_ssl
and on the
http://www.servlets.com/soapbox/techtips/
December 8, 1999
"Install instructions for Apache 1.3.9 with Tomcat 3.0"
by Jason Hunter.
If you are outside US, please look into INSTALL which comes
with mod_ssl, since you do not need RSAREF and can use more
robust code [your 8) and apache configure will be different].
I use GNU tar. It may be called gtar on your machine. If you do not have it,
try to do:
gunzup some.tar.gz
tar xvf some.tar
rather than
tar zxvf some.tar.gz
1) Be a root... Run ksh or other sh, but not C-shell.
2) Installed Java 1.3 under Solaris
a) went to www.javasoft.com
b) clicked on Products and API on the left bar
c) at the middle of the page under COMPLETE PRODUCT LIST
retrieved JDK at "JavaTM 2 SDK, Standard Edition, v 1.3"
d) used j2sdk1_3_0beta-solsparc.bin
24932252 j2sdk1_3_0beta-solsparc.bin
and saved it in /tmp
e) created a directory /usr/local/java3 and unpacked archive
chmod 755 /tmp/j2sdk1_3_0beta-solsparc.bin
mkdir /usr/local/java3
cd /usr/local/java3
/tmp/j2sdk1_3_0beta-solsparc.bin
f) this created directory /usr/local/java3/j2sdk1_3_0beta
mv /usr/local/java3/j2sdk1_3_0beta /usr/local/j2sdk1_3_0beta
cd /usr/local
ln -s /usr/local/j2sdk1_3_0beta jdk1.3
3) Installed Java Servlet Development Kit 2.0
Get the JSDK2.0 -- It is hidden someplace in the www.javasoft.com
since they are pushing the new stuff. Go to:
http://java.sun.com/products/servlet/download.html
Go to the very bottom of the page and select platfom for
Java Servlet Development Kit 2.0 (Unix) and click continue.
Then [ACCEPT] terms. Pick up HTTP download (or FTP -- which is
usually faster) and you will retrieve a file
jsdk20-solaris2-sparc.tar.Z = 318,426 bytes.
It is not really Solaris package file. It will work on any UNIX since it
is Pure Java. Unpack this file in /usr/local, i.e.,
cd /usr/local
gtar Zxvf /path/where/you/have/it/jsdk20-solaris2-sparc.tar.Z
This will create directory /usr/local/JSDK2.0.
4) Set your environment variables for Java (I am assuming you use
some Bourne shell lookalike -- ksh or sh.
JAVA_HOME=/usr/local/jdk1.3
export JAVA_HOME
JSDK_HOME=/usr/local/JSDK2.0
export JSDK_HOME
PATH=/usr/local/bin:${JAVA_HOME}/bin:${JSDK_HOME}/bin:/${PATH}
export PATH
CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar:${JSDK_HOME}/lib
export CLASSPATH
5) Make top directory for Tomcat installation. I did
/usr/local/apache_t3.1
All presentation below assumes that. If you do some other, you
need to remember when you use instructions below,
mkdir /usr/local/apache_t3.1
6) I also made a subdirectory "sources" to have all needed sources in one
place:
mkdir /usr/local/apache_t3.1/sources
cd /usr/local/apache_t3.1/sources
Put there all the tar files:
wget http://www.apache.org/dist/apache_1.3.12.tar.gz
wget http://www.modssl.org/source/mod_ssl-2.6.4-1.3.12.tar.gz
wget http://www.openssl.org/source/openssl-0.9.5a.tar.gz
wget http://www.engelschall.com/sw/mm/mm-1.1.2.tar.gz
wget http://java.apache.org/jserv/dist/ApacheJServ-1.1.1.tar.gz
wget http://jakarta.apache.org/builds/tomcat/release/v3.1/src/jakarta-ant.tar.gz
wget http://jakarta.apache.org/builds/tomcat/release/v3.1/src/jakarta-taglibs.tar.gz
wget http://jakarta.apache.org/builds/tomcat/release/v3.1/src/jakarta-tomcat.tar.gz
wget http://jakarta.apache.org/builds/tomcat/release/v3.1/src/jakarta-tools.tar.gz
wget http://jakarta.apache.org/builds/tomcat/release/v3.1/src/jakarta-watchdog.zip
and then unpack them as shown below:
a) apache_1.3.12.tar.gz from http://www.apache.org/dist/
gtar zxvf apache_1.3.12.tar.gz
b) mod_ssl-2.6.4-1.3.12.tar.gz from http://www.modssl.org
gtar zxvf mod_ssl-2.6.4-1.3.12.tar.gz
c) openssl-0.9.5a.tar.gz from http://www.openssl.org
gtar zxvf openssl-0.9.5a.tar.gz
d) mm-1.1.2.tar.gz from http://www.engelschall.com/sw/mm/
gtar zxvf mm-1.1.2.tar.gz
e) rsaref20.tar.Z -- it is no longer distributed by RSA. I got it
from my private museum. It is available from many places
on the Web outside US. Search the Web FOR RSAREF 2.0, and you will
find a dozen.
mkdir rsaref-2.0
cd rsaref-2.0
gtar Zxvf ../rsaref20.tar.Z
cd ..
f) ApacheJServ-1.1.1.tar.gz from http://java.apache.org/jserv/dist/
gtar zxvf ApacheJServ-1.1.1.tar.gz
g) tar.gz sources for tomcat 3.1 from
http://jakarta.apache.org/builds/tomcat/release/v3.1/src
jakarta-ant.tar.gz
jakarta-tomcat.tar.gz
jakarta-tools.tar.gz
jakarta-watchdog.zip
jakarta-taglibs.tar.gz
I untarred them as:
cd /usr/local/apache_t3.1/sources
gtar zxvf jakarta-ant.tar.gz
gtar zxvf jakarta-tomcat.tar.gz
gtar zxvf jakarta-tools.tar.gz
gtar zxvf jakarta-taglibs.tar.gz
unzip jakarta-watchdog.zip
While I do not need most of them, just in case, I got them all to
be in sync when I need them.
7) Compiled RSAREF library needed by openssl (since we are in US and RSA has
a patent, and we cannot use the decent implementation of crypto
libraries). If you are in Europe, you can skip this thing.
cd /usr/local/apache_t3.1/sources/rsaref-2.0
cp -rp install/unix local
cd local
edited makefile to have
CC = gcc
changed all (i.e., two {:-)} occurrances of cc --> $(CC)
added -fPIC to CFLAGS
make
mv rsaref.a librsaref.a
8) Compiled the openssl [if you are in Europe, you need to
check the mod_ssl INSTALL how not to include the RSAREF]
cd /usr/local/apache_t3.1/sources/openssl-0.9.5a
sh config \
-L/usr/local/apache_t3.1/sources/rsaref-2.0/local/rsaref -fPIC
make
make test
9) Compiled MM shared memory library
cd /usr/local/apache_t3.1/sources/mm-1.1.2
./configure --disable-shared
make
cd ..
10) Configured mod_ssl
cd /usr/local/apache_t3.1/sources/mod_ssl-2.6.4-1.3.12
EAPI_MM=../mm-1.1.2 \
./configure \
--with-apache=/usr/local/apache_t3.1/sources/apache_1.3.12
11) Configure and make and install Apache with DSO support:
cd /usr/local/apache_t3.1/sources/apache_1.3.12
SSL_BASE=/usr/local/apache_t3.1/sources/openssl-0.9.5a \
RSA_BASE=/usr/local/apache_t3.1/sources/rsaref-2.0/local \
EAPI_MM=/usr/local/apache_t3.1/sources/mm-1.1.2 \
./configure --prefix=/usr/local/apache_t3.1 \
--enable-module=so \
--enable-rule=SHARED_CORE \
--enable-module=most \
--enable-shared=max \
--enable-module=ssl \
--enable-shared=ssl
make
make certificate TYPE=custom
make install
My entries for certificates with
make certificate TYPE=custom
were defaults, no passwords/passphrases, etc. and:
STEP 0: R
STEP 2:
1. Country Name [XY]:US
2. State or Province Name [Snake Desert]:Ohio
3. Locality Name [Snake Town]:Columbus
4. Organization Name [Snake Oil, Ltd]:OSC
5. Organizational Unit Name [Cer..Authority]:Gateway
6. Common Name [Snake Oil CA]:heechee.ccl.net
7. Email Address [ca@snakeoil.dom]:jkl@ccl.net
8. Certificate Validity [365]:1000
STEP 3: 3
STEP 5:
1. Country Name [XY]:US
2. State or Province Name [Snake Desert]:Ohio
3. Locality Name [Snake Town]:Columbus
4. Organization Name [Snake Oil, Ltd]:OSC
5. Organizational Unit Name [Webserver Team]:PSE
6. Common Name [www.snakeoil.dom]:heechee.ccl.net
7. Email Address [www@snakeoil.dom]:jkl@ccl.net
8. Certificate Validity [365]:1001
STEP 6: 3
STEP 7:n
STEP 8:n
After I created the certificates, and after I did "make install" for apache
I actually discarded them and copied over my previous certificates,
from my original install of Apache. Always save your all certificates/keys
since otherwise everybody who was using your site will have to go through
accepting site certificates again. People do not like it.
My previous certificates where
/usr/local/apache_JServ1.1-SC99/conf
And I tarred them, and untarred them in the new directory like this:
cd /usr/local/apache_JServ1.1-SC99/conf
gtar zcvf /usr/local/certificates.tar.gz ssl*
cd /usr/local/apache_t3.1/conf
gtar zxvf /usr/local/certificates.tar.gz
12) edited a file in /usr/local/apache_t3.1/conf/httpd.conf and
added (actually uncommented):
ServerName heechee.ccl.net
Then changed ports not to confilct with other servers I am running.
Port 80 --> Port 7180
Listen 80 --> Listen 7180
Listen 443 --> Listen 7143
<VirtualHost _default_:443> --> <VirtualHost _default_:7143>
13) Testing if Apache works:
a) make sure other installation of apache is not running,
or if it runs, it does not use port 7180 and port 7143.
(do: ps -ef | grep httpd), and if httpd runs, kill it either
with its own apachectl script, or if you do not know what it is
just find the PID of the httpd process which is owned by root:
ps -ef | grep root | grep httpd
(PID is in the second column of the output from ps). Kill it first with
kill PID
and then find all other apaches:
ps -ef | grep httpd
and kill them one by one.
b) start apache with:
/usr/local/apache_t3.1/bin/apachectl startssl
If you have warning, you have a problem, and try to
do "exactly what I say" next time {:-)}.
c) Use your browser (preferable on some other machine)
and check if http: and https: work
In my case, I tried URLs:
http://heechee.ccl.net:7180/
and
https://heechee.ccl.net:7143/
In the https case you should get a lot of windows
which ask you for accepting the certificate if you did not have
https protocol from this site before, or with different certificates.
Just click Next to the series of questions, and also mark
"Keep this certificate forever" on one of the boxes.
d) Stop apache, since you are not finshed yet.
/usr/local/apache_t3.1/bin/apachectl stop
14) Configuring and compiling JServ 1.1.1
cd /usr/local/apache_t3.1/sources/ApacheJServ-1.1.1
./configure \
--prefix=/usr/local/apache_t3.1/jserv \
--with-apxs=/usr/local/apache_t3.1/bin/apxs \
--with-jdk-home=$JAVA_HOME \
--with-JSDK=$JSDK_HOME \
--with-java-platform=3 \
--enable-EAPI \
--disable-debugging \
--enable-compressed-jar
make
make install
cd /usr/local/apache_t3.1/conf
edit file httpd.conf and add a line at the very end
Include /usr/local/apache_t3.1/conf/jserv/jserv.conf
check if JServ works:
/usr/local/apache_t3.1/bin/apachectl startssl
and see if the URLs show something:
http://heechee.ccl.net:7180/servlets/Hello
http://heechee.ccl.net:7180/servlets/IsItWorking
https://heechee.ccl.net:7143/servlets/Hello
https://heechee.ccl.net:7143/servlets/IsItWorking
Seemed to have worked for me.
15) Building and installing tomcat
Before building tomcat, the CLASSPATH had to be changed to:
CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar:
export CLASSPATH
I.e., the previous CLASSPATH needs to be zapped, and new CLASSPATH
entered. It is done to avoid the class name clashes between
JSDK2.0 (JServ) and (servlet pages spec 2.2 -- the tomcat).
Tomcat does not use JSDK2.0 and should not see these classes
in any way or you will have troubles.
cd /usr/local/apache_t3.1/sources/jakarta-ant
./bootstrap.sh
./build.sh
PATH=${PATH}:/usr/local/apache_t3.1/sources/jakarta-ant/bin
export PATH
ANT_HOME=/usr/local/apache_t3.1/sources/jakarta-ant
export ANT_HOME
cd /usr/local/apache_t3.1/sources/jakarta-tomcat
./build.sh
This builds Tomcat with the top directory in:
/usr/local/apache_t3.1/sources/build/tomcat
I moved it to the main apache directory as:
mv /usr/local/apache_t3.1/sources/build/tomcat /usr/local/apache_t3.1
16) Starting stand alone tomcat and testing:
cd /usr/local/apache_t3.1/tomcat/bin
edited startup.sh to be:
/usr/local/apache_t3.1/tomcat/bin/startup.sh
edited shutdown.sh to be:
/usr/local/apache_t3.1/tomcat/bin/shutdown.sh
edited /usr/local/apache_t3.1/tomcat/conf/server.xml
and changed port numbers, (to avoid conflict, I already had them
used by something else):
<Parameter name="port" value="8080"/> --> <Parameter name="port" value="7280"/>
<Parameter name="port" value="8007"/> --> <Parameter name="port" value="7287"/>
In fact, I am planning on taking the tomcat web server port out someday
after I am finished testing, since it is unsafe. I keep it for debug,
but later on all requests to tomcat will go only via apache's mod_jserv
module.
Then I did:
cd /usr/local/apache_t3.1/tomcat/bin
./startup.sh
In my browser I called:
http://heechee.ccl.net:7280/
and it gave me the Tomcat examples page. Examples worked, so I shut down.
cd /usr/local/apache_t3.1/tomcat/bin
./shutdown.sh
17) Create scripts which start/stop the venerable JServ1.1.1 engine in manual
mode:
cd /usr/local/apache_t3.1/bin
edited a file jserv_start
/usr/local/apache_t3.1/bin/jserv_start
Edited the jserv_stop:
/usr/local/apache_t3.1/bin/jserv_stop
and of course did:
chmod 755 jserv_start jserv_stop
I think there is some confusion here, so I will elaborate {:-(}
Note that the jserv.properties file is read by Apache's mod_jserv
module only when automatic mode is on (i.e., manual mode is off):
ApJServManual off
If automatic startup mode is disabled, (ApJServManual on), i.e.,
Apache does not start tomcat or JServ1.1.1, this file is not
read by Apache, i.e., putting the line:
ApJServProperties /some/path/to/jserv.properties
in httpd.conf (or one of its includes) is irrelevant.
You can put there whatever, but if "ApJServManual on" the file is not read
in by apache. This is important, since we will have actually 2 different
servlets containers/engines running, each with different configurations,
though they both will be talking via a single mod_jserv to Apache.
In our case:
_________ JServ1.1.1 (TCP server)
/ Listens on port: 7288
/ Configured by reading jserv.properties
(TCP Client) /
Apache---mod_jserv \
\ Configured by reading server.xml/web.xml
\_________ Listens on port: 7287
Tomcat 3.1 (TCP server)
Note that while Apache is a server for external requests for Web pages,
in this situation it is a client, since it first contacts the JServ1.1.1
and Tomcat 3.1. What follows is that the JServ1.1.1 should be started
before the Apache, and wait for Apache to contact them. Of course,
this would not be satisfied if Apache starts the servlet container.
In fact, it is quite irrelevant, since it is unlikely that the
request for servlet/JSP comes before the servlet container is running.
And even if, than what? User will see an error message...
You cannot start configuration with 2 (or more) servlet containers in
an automatic mode. You can only start the single servlet container
automatically (i.e. with (ApJServManual off) and have Apache read in
the jserv.properties or tomcat.properties file. While it would be
in principle possible, the current configuration options and syntax
allows only for one properties file, for the container in the httpd.conf.
Even if containers were identical and shared all properties and
options, there is one thing they cannot share -- a TCP port number.
Hence, in case of more than one servlet container, you cannot
start them automatically from within Apache, you have to issue the
command yourself. It has an important disadvantage. The Apache
mod_jserv module was watching JServ running, and if by a reason of some
crooked servlet the thing died, the Apache was restarting it automatically
without human (or some other, say daemon) intervetion. Without Apache
automatic mode, when servlet engine dies, a human, or some other
program needs to restart it. One way of doing the is to use Mon:
http://www.kernel.org/software/mon/
In the manual mode, you have to provide JServ and Tomcat with
configuration files. You can see that in the scripts: jserv_start
and jserv_stop, the file: jserv.properties is given on the command line as:
java [-java_options] org.apache.jserv.JServ jserv.properties [option]
You can see java_options by typing "java".
The options to the org.apache.jserv.JServ are:
-v --- server version
-V --- server version with details
-r --- restart server
-s --- stop server
And no option means: start server. You can get a lot more info
by consulting documents which come with JServ1.1.1 distribution,
the official site:
http://java.apache.org/jserv
and:
http://www.magiccookie.com/computers/apache-jserv/
As to Tomcat, the file tomcat.properties is present in the distribution
in $TOMCAT_HOME/conf/tomcat.properties. While I never started tomcat
in automatic mode, I suspect, it is used when you have
ApJServManual off
ApJServProperties /usr/local/apache_t3.1/tomcat/conf/tomcat.properties
in httpd.conf or an Include file. It is my understanding that in
the manual mode (i.e., when ApJServManual on) this file is not used by
tomcat at all, and tomcat is configured based on server.xml and web.xml
in the $TOMCAT_HOME/conf directory.
18) Edited the /usr/local/apache_t3.1/conf/jserv/jserv.properties
port=8007 --> port=7288
zones=root --> zones=jserv111
root.properties=/usr/local/apache_t3.1/conf/jserv/zone.properties -->
jserv111.properties=/usr/local/apache_t3.1/conf/jserv/zone.properties
The final file looked like:
/usr/local/apache_t3.1/conf/jserv/jserv.properties
19) Edited the file $TOMCAT_HOME/conf/tomcat.conf , i.e.,:
/usr/local/apache_t3.1/tomcat/conf/tomcat.conf to be:
/usr/local/apache_t3.1/tomcat/conf
20) Added tomcat.conf to httpd.conf by adding a line:
Include /usr/local/apache_t3.1/tomcat/conf/tomcat.conf
at the end of /usr/local/apache_t3.1/conf/httpd.conf
(I removed the Include line with jserv.conf)
Also made some other changes in the httpd.conf.
After tomcat/apache is compiled/built, the default configuration of
mod_jserv.c and mod_rewrite_c is wrong, since mod_jserv follows
mod_rewrite (for details look up:
http://www.magiccookie.com/computers/apache-jserv/ )
To fix it I put mod_serv before mod_rewrite in
LoadModule jserv_module libexec/mod_jserv.so
LoadModule rewrite_module libexec/mod_rewrite.so
and
AddModule mod_jserv.c
AddModule mod_rewrite.c
and commented out the line
# LoadModule jserv_module libexec/mod_jserv.so
in /usr/local/apache_t3.1/tomcat/conf/tomcat.conf
21) In the /usr/local/apache_t3.1/conf/httpd.conf I added some rewrite
rules:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteLog /usr/local/apache_t3.1/logs/rewrite_log
RewriteLogLevel 2
RewriteRule ^/ROOT/examples /examples [R]
RewriteRule ^/ROOT/test /test [R]
RewriteRule ^/ROOT/admin /admin [R]
RewriteRule ^/ROOT/ROOT /ROOT [R]
RewriteRule ^/tomcat.gif /ROOT/tomcat.gif [R]
RewriteRule ^/examples/servlets$ /examples/servlets/ [R]
RewriteRule ^/examples/jsp$ /examples/jsp/ [R]
RewriteRule ^/examples$ /examples/ [R]
RewriteRule ^/admin$ /admin/ [R]
RewriteRule ^/ROOT$ /ROOT/ [R]
RewriteRule ^/test$ /test/ [R]
</IfModule>
for the HTTP (port 7189) and HTTPS (virtual host at 7143). It was needs
to cure a problem that /usr/local/apache_t3.1/tomcat/webapps/ROOT
is a Document Root for Tomcat, but for Apache, the
/usr/local/apache_t3.1/htdocs is the Document Root. Moreover, for reasons
which I quite frankly do not understand the URL which like
https://heechee.ccl.net:7143/some/directory
which served by Tomcat, comes back as:
http://heechee.ccl.net:7143/some/directory
and the error is repported. However, when one rewrites the URL to add the
slash after directory, i.e.,
http://heechee.ccl.net:7143/some/directory/
the things are working fine and HTTPS is used. Hopefully it will be taken
care when Tomcat has support for HTTPS.
22) Created new users, in my case webflow2, and webrun2, and groups for
them, home diretories, and normal login regular environment.
The webrun2 was assigned /bin/ksh and webflow2 had tcsh as primary shell.
Note, that when you execute the script as
su - uid -c script
the script will be executed with the default shell (i.e., the shell
the user uid has assigned in /etc/passwd) of the uid user, and it does not
matter what you put in #!/bin/someshell on the top of your script.
The script is sourced with default shell, not forked with a new shell.
The webflow2 will own most of the files in the web site, while the
webrun2 will be the user who runs the Apache server, the tomcat, and
the JServ. It will own log files and other files which the
apache/tomcat/JServ need to write.
In /usr/local/apache_t3.1/conf/httpd.conf I did:
User webrun2
Group webrun2
Final version of httpd.conf was:
usr/local/apache_t3.1/conf/httpd.conf
Also chown_ed to webrun2 the log directories:
chown -R webrun2 /usr/local/apache_t3.1/logs
chgrp -R webrun2 /usr/local/apache_t3.1/logs
chown -R webrun2 /usr/local/apache_t3.1/tomcat/logs
chgrp -R webrun2 /usr/local/apache_t3.1/tomcat/logs
And for tomcat:
chown -R webrun2 /usr/local/apache_t3.1/tomcat/conf
chgrp -R webrun2 /usr/local/apache_t3.1/tomcat/conf
chown -R webrun2 /usr/local/apache_t3.1/tomcat/logs
chgrp -R webrun2 /usr/local/apache_t3.1/tomcat/logs
chown -R webrun2 /usr/local/apache_t3.1/tomcat/work
chgrp -R webrun2 /usr/local/apache_t3.1/tomcat/work
23) In /usr/local/apache_t3.1/bin
cp apachectl apache-tomcat-jserv
and edited apache-tomcat-jserv to have a script to start/stop
tomcat/apache/jserv
/usr/local/apache_t3.1/bin/apache-tomcat-jserv
chmoded apache-tomcat-jserv to be executable :
chmod 755 /usr/local/apache_t3.1/bin/apache-tomcat-jserv
24) Started the apache/tomcat as:
/usr/local/apache_t3.1/bin/apache-tomcat-jserv startssl
and checked if http://heechee.ccl.net/examples and
https://heechee.ccl.net/examples worked. They did, so I killed the
server with:
/usr/local/apache_t3.1/bin/apache-tomcat-jserv stop
25) changed permissions/ownership on the example directories
cd /usr/local/apache_t3.1/sources/build/tomcat/webapps
chown -R webflow2 .
chgrp -R webflow2 .
cd /usr/local/apache_t3.1/tomcat/logs
chown -R webrun2 .
26) After all thise changes, the ports should be the following:
Orig New Files affected
http(apache) --> 80 --> 7180 conf/httpd.conf
https --> 443 --> 7143 conf/httpd.conf
http(tomcat) --> 8080 --> 7280 tomcat/conf/server.xml
tomcat/jserv
--> 8007 --> 7287 tomcat/conf/tomcat.conf
tomcat/conf/tomcat.properties
tomcat/conf/server.xml
JServ1.1.1 --> 8007 --> 7288 conf/jserv/jserv.properties
27) The server.xml file in my case looked like:
/usr/local/apache_t3.1/tomcat/conf/server.xml
28) Since starting/stopping apache+jserv+tomcat in this environment requires
one to be a root, I created C. wrappers to start and stop the whole zoo.
/usr/local/apache_t3.1/bin/apache_start.c
and compiled it with
gcc -o apache_start apache_start.c
as a root, and then added suid permissions to the resulting
apache_start executable file as:
chmod ug+s apache_start
I did exactly the same with apache_stop.c
/usr/local/apache_t3.1/bin/apache_stop.c
Now, people do not have to have root access to start/stop Web Server,
Tomcat and JServ
I also added a C program killme.c which kills the processes which are
running by user webrun2. It is indentded to be used after "apache_stop"
to kill some runaway processes started by apache, Tomcat, or JServ.
After compiling the program:
gcc -o killme killme.c
changed its user and group ownership to webrun2 and added
SETUID permission bits
chmod ug+s killme
To learn which processes need to be killed, the user does
ps -ef | grep webrun2 | grep -v grep
(I actually saved this line as a shell script "killwhich" so they can
just type: killwhich).
and the user can kill the processes listed by previous command as:
killme pid1 pid2 ....
where pidn is the process id number in the second column.
/usr/local/apach_t3.1/bin/killme.c
29) Since some of the work we do will involve CORBA, and we use the
ORBacus from Object Oriented Concepts (http://www.ooc.com/)
I created /usr/local/orbacus-3.3.1, created there subdirectories:
JOB, JTC, OB, and jidl, and downloaded LICENSES/READMES and tar balls
from ftp.ooc.com: JOB-3.3.1*, JTC-1.0.10*, OB-3.3.1*,
jidl-3.3.1-solaris.tar.gz and diligently unpacked them.
a) cd /usr/local/orbacus-3.3.1/jidl
tar zxvf jidl-3.3.1-solaris.tar.gz
then made links:
cd /usr/local/bin
ln -s ../orbacus-3.3.1/jidl/idlcpp idlcpp
ln -s ../orbacus-3.3.1/jidl/iordump iordump
ln -s ../orbacus-3.3.1/jidl/irdel irdel
ln -s ../orbacus-3.3.1/jidl/irfeed irfeed
ln -s ../orbacus-3.3.1/jidl/irserv irserv
ln -s ../orbacus-3.3.1/jidl/jidl jidl
b) cd /usr/local/orbacus-3.3.1/JOB
tar zxvf JOB-3.3.1.jars.tar.gz
which produced:
OBEvent.jar
OB.jar
OBNaming.jar
OBProperty.jar
OBTest.jar
OBTrading.jar
OBUtil.jar
which will be later added to CLASSPATH
At this moment, other files were not needed.
30) I installed the old version of XML4J (xml4j_2_0_15) from IBM, since
we have some older servlets to port. The IBM site
http://www.alphaworks.ibm.com/tech/xml4j/
distributes only the newest stuff, and I know of now way to retrieve
the older thing. But I had the old tar in my old instalation. So I did:
mkdir /usr/local/xml4j
cp .../xml4j_2_0_15.tar.gz .
tar zxvf xml4j_2_0_15.tar.gz
I linked doc directories to the Web tree
cd /usr/local/apache_t3.1/htdocs
ln -s /usr/local/xml4j/xml4j_2_0_15/apiDocs xml4j-apiDocs
ln -s /usr/local/xml4j/xml4j_2_0_15/docs xml4j-docs
ln -s /usr/local/xml4j/xml4j_2_0_15/TXapiDocs TXapiDocs
31) Installed Xalan-J:
Created directory and unpacked tar, and made links
mkdir /usr/local/Xalan-J
cd /usr/local/Xalan-J
wget http://xml.apache.org/dist/xalan-j/xalan-j_1_0_1.tar.gz
tar zxvf xalan-j_1_0_1.tar.gz
I made the docs available by this link below:
cd /usr/local/apache_t3.1/htdocs
ln -s /usr/local/Xalan-J/xalan_1_0_1/docs xalan-docs>
32) Installed Xerces-J
mkdir /usr/local/Xerces-J
cd /usr/local/Xerces-J
wget http://xml.apache.org/dist/xerces-j/Xerces-J-bin.1.1.1.tar.gz
tar zxvf Xerces-J-bin.1.1.1.tar.gz
I made the docs available on the Web by:
cd /usr/local/apache_t3.1/htdocs
ln -s /usr/local/Xerces-J/xerces-1_1_1/docs xerces-docs
34) I also installed Cocoon from xml.apache.org, but I am exploring
the matter further, since supposedly (but I am not sure at this time)
cocoon uses the older versions of xerces which is
not compatible with the latest one (the one which I installed).
mkdir /usr/local/Cocoon
cd /usr/local/Cocoon
wget http://xml.apache.org/dist/cocoon/Cocoon-1.7.4.tar.gz
and linked the docs to the Web Root.
cd /usr/local/apache_t3.1/htdocs
ln -s /usr/local/Cocoon/cocoon-1.7.4/docs cocoon-docs
34) Installed JSSE (JavaTM Secure Socket Extension (JSSE) 1.0.1)
available from http://java.sun.com/products/jsse/
mkdir /usr/local/jsse
with a netscape browser go to: http://java.sun.com/products/jsse/
Click on domestic distribution
Logged in, accepted, continue, answerer Yes, Continue,
downloaded jsse1_0_1-do.zip
cd /usr/local/jsse
cp .../jsse1_0_1-do.zip .
unzip jsse1_0_1-do.zip
cd jsse1.0.1
cd doc
cp -p ../*.html .
and linked the docs to the Web Root.
cd /usr/local/apache_t3.1/htdocs
ln -s /usr/local/jsse/jsse1.0.1/doc jsse-docs
35) Installed JCE 1.2 Java Cryptography Extension 1.2
Go to: http://www.javasoft.com/products/jce/index.html
Click on: Download JCE 1.2 Software
This will get you: jce1_2-do.tar.Z
mkdir /usr/local/JCE
cd /usr/local/JCE
cp .../jce1_2-do.tar.Z .
zcat jce1_2-do.tar.Z | tar xvf -
and linked the docs to the Web Root.
cd /usr/local/apache_t3.1/htdocs
ln -s /usr/local/JCE/jce1.2/doc jce-docs
36) Installed JAF JavaBeansTM Activation Framework
http://java.sun.com/beans/glasgow/jaf.html.
Click on download, continue, accept, FTP download
get jaf1_0_1.zip
mkdir /usr/local/jaf
cd /usr/local/jaf
cp .../jaf1_0_1.zip .
unzip jaf1_0_1.zip
and linked the docs to the Web Root.
cd /usr/local/apache_t3.1/htdocs
ln -s /usr/local/jaf/jaf-1.0.1/doc jaf-docs
37) Installed JavaMail 1.1.3 release:
With your browser go to:
http://www.javasoft.com/products/javamail/index.html
Click on continue, accept, get javamail1_1_3.zip = 1,960,787 bytes.
mkdir /usr/local/JavaMail
cd /usr/local/JavaMail
cp .../javamail1_1_3.zip .
unzip javamail1_1_3.zip
and linked the docs to the Web Root.
cd /usr/local/apache_t3.1/htdocs
ln -s /usr/local/JavaMail/javamail-1.1.3/docs JavaMail-docs
38) I copied the jars to the Tomcat lib directory
cd /usr/local/apache_t3.1/tomcat/lib
cp /usr/local/orbacus-3.3.1/JOB/*jar .
cp /usr/local/xml4j/xml4j_2_0_15/xml4j.jar .
cp /usr/local/Xalan-J/xalan_1_0_1/bsf.jar .
cp /usr/local/Xalan-J/xalan_1_0_1/bsfengines.jar .
cp /usr/local/Xalan-J/xalan_1_0_1/xalan.jar .
cp /usr/local/Xerces-J/xerces-1_1_1/xerces.jar .
cp /usr/local/jsse/jsse1.0.1/lib/*.jar .
cp /usr/local/JavaMail/javamail-1.1.3/mail.jar .
cp /usr/local/jaf/jaf-1.0.1/activation.jar .
cp /usr/local/JCE/jce1.2/lib/jce1_2-do.jar .
39) I added and modified the JServ properties file:
/usr/local/apache_t3.1/conf/jserv/jserv.properties
to include jars.
/usr/local/apache_t3.1/conf/jserv/jserv.properties
40) Basic environment for working with Java on webflow2 account.
Since the assumption is that all content for this Apache server
is owned by user webflow2, beside some files which
are owned by webrun2 (a user/group which runs Web server and
servlet containers).
The webflow2 runs /bin/tcsh as default shell. The .cshrc file
in the HOME directory is:
/home/webflow2/.cshrc
I provided short scripts which allow users to switch from
java1.1 (for applets) to 1.2(latest production release)
to 1.3(lastest beta)
/home/webflow2/bin/cjdk1.1
/home/webflow2/bin/cjdk1.2
/home/webflow2/bin/cjdk1.3
and have put the following aliases into .cshrc
alias jdk1.1 'source /home/webflow2/bin/cjdk1.1'
alias jdk1.2 'source /home/webflow2/bin/cjdk1.2'
alias jdk1.3 'source /home/webflow2/bin/cjdk1.3'
e.g., typing:
jdk1.1
when you are logged in as webflow2 with set your environment
to the Java 1.1 needed for applets compilation, and you can get
back to Java 1.3 by typing
jdk1.3
And if you have problems with JDK1.3, you can always try the J2SE
by typing
jdk1.2
41) I also created the basic running environment for user webrun2.
The webrun2 is running ksh and is not expected to be used often,
though, during development, it may be used occassionally.
The webrun2 user (see point 22 above) is the id which
Apache/Tomcat/JServ are using to run. I created the .profile file:
/home/webrun2/.profile
and also the kjdk1.x which allow you to switch the release of JDK..
/home/webrun2/bin/kjdk1.1
/home/webrun2/bin/kjdk1.2
/home/webrun2/bin/kjdk1.3
42) Created a script "cs" script to compile servlets and placed it
in /home/webflow2/bin directory. The script is:
/home/webflow2/bin/cs
To run it, you should cd to the directory where you have your servlet
source, and then execute:
cs MyNiceServlet.java
You can also add more options to the the java compiler (javac) but you
need to enclose it in quotes. For example, to have more output you can do:
cs "-verbose MyNiceServlet.java"
43) I created a skeleton of the web application called SciPortal
and mounted it as SciPortal under Apache DocumentRoot. My $APACHE_HOME
is /usr/local/apache_t3.1. I created directory SciPortal under
$APACHE_HOME/htdocs:
cd /usr/local/apache_t3.1/htdocs
mkdir SciPortal
cd SciPortal
mkdir WEB-INF
mkdir WEB-INF/classes
mkdir WEB-INF/lib
44) For doc directories which came with commercial software, and
which are linked in the /usr/local/apache_t3.1/htdocs
I placed the .htaccess file. The docs may have some copyright
restrictions and I am too lazy to read the small print..
/usr/local/WebRoot/jkl/.htaccess