Java servlets are a powerful tool for building websites and web based applications. One skill that every Java web developer should have is the ability to install and configure the Tomcat servlet engine. Many thanks to the Apache Software Foundation for providing this mbature, stable, open source software. It was recently voted the Best Application Server of 2003 by InfoWorld readers.
This article discusses how to integrate Tomcat with the Apache web server on Red Hat Linux 9 or Red Hat Enterprise Linux 3. The goal is to provide a simple, stable configuration that will allow users to gain confidence using Tomcat.
Please note the following code conventions:
- All commands are issued as root unless otherwise noted.
- Highlighted values should be customized to your setup.
I chose to install Apache using the Red Hat RPM. Using the RPM instead of compiling Apache from source simplifies system administration in the following ways:
- Updates and bug fixes can be installed automatically from the Red Hat Network.
- Startup and shutdown scripts are already configured and available.
I recommend using the Red Hat up2date command line utility to install Red Hat RPMs. It eliminates a multitude of headaches by ensuring the software you install is the correct version and you have the right dependencies installed on your system.
Red Hat RPMs that must be installed:
- httpd: the Apache web server
- httpd-devel: development tools that will be needed to create the mod_jk connector
To install these packages using up2date, make sure you are connected to the Internet, and enter the following:
up2date -i httpd
up2date -i httpd-devel
You should now be able to start/stop/restart Apache as follows:
service httpd start
service httpd stop
service httpd restart
Verify that Apache is working by starting Apache and typing http://localhost/ into your browser. You should see the default Apache install page with links to documentation.
The only requirements to run Tomcat are that a Java Development Kit (JDK), also called a Java Software Development Kit (SDK), be installed and the JAVA_HOME environment variable be set.
I chose to install Sun's Java 2 Platform, Standard Edition, which can be downloaded from http://java.sun.com/j2se/). I chose the J2SE v1.4.2 SDK Linux self-extracting binary file.
Change to the directory where you downloaded the SDK and make the self-extracting binary executable:
chmod +x j2sdk-1_4_2-linux-i586.bin
Run the self-extracting binary:
./j2sdk-1_4_2-linux-i586.bin
There should now be a directory called j2sdk1.4.2 in the download directory. Move the SDK directory to where you want it to be installed. I chose to install it in /usr/java. Create /usr/java if it doesn't exist. Here is the command I used from inside the download directory:
Set the JAVA_HOME environment variable, by modifying /etc/profile so it includes the following:
JAVA_HOME="/usr/java/j2sdk1.4.2"
export JAVA_HOME
/etc/profile is run at startup and when a user logs into the system, so you will need to log out and log back in for JAVA_HOME to be defined.
Check to make sure JAVA_HOME is defined correctly using the command below. You should see the path to your Java SDK.
You will install and configure Tomcat as root; however, you should create a group and user account for Tomcat to run under as follows:
groupadd tomcat
useradd -g tomcat tomcat
This will create the /home/tomcat directory, where I will install my Tomcat applications.
Download the latest release binary build from http://www.apache.org/dist/jakarta/tomcat-4/. Since Tomcat runs directly on top of a standard JDK, I cannot think of any reason to building it from source.
The Tomcat binary is available in two different flavors:
- non-LE
- Full binary distribution
- Includes all optional libraries and an XML parser (Xerces)
- Can be run on JDK 1.2+
- LE
- Lightweight binary distribution
- Designed to be run on JDK 1.4
- Does not include an XML parser because one is included in JDK 1.4
- Can be run on JDK 1.2 by adding an XML parser
- All the components of this distribution are open source software
- Does not include any of the following optional binaries: JavaMail, Java Activation Framework, Xerces, JNDI, or the JDBC Standard Extension
There are a number of different download formats. I chose the LE version gnu zipped tar file (jakarta-tomcat-4.1.31-LE-jdk14.tar.gz).
Unzip Tomcat by issuing the following command from your download directory:
tar xvzf jakarta-tomcat-4.1.31-LE-jdk14.tar.gz
This will create a directory called jakarta-tomcat-4.1.31. Move this directory to wherever you would like to install Tomcat. I chose /usr/local. Here is the command I issued from inside the download directory:
mv jakarta-tomcat-4.1.31 /usr/local/
The directory where Tomcat is installed is referred to as CATALINA_HOME in the Tomcat documentation. In this case CATALINA_HOME=/usr/local/jakarta-tomcat-4.1.31.
I recommend setting up a symbolic link to point to your current Tomcat version. This will save you from having to change your startup and shutdown scripts each time you upgrade Tomcat or set a CATALINA_HOME environment variable. It also allows you to keep several versions of Tomcat on your system and easily switch amongst them. Here is the command I issued from inside /usr/local to create a symbolic link called /usr/local/jakarta-tomcat that points to /usr/local/jakarta-tomcat-4.1.31:
ln -s jakarta-tomcat-4.1.31 jakarta-tomcat
Change the group and owner of the /usr/local/jakarta-tomcat and /usr/local/jakarta-tomcat-4.1.31 directories to tomcat:
chown tomcat.tomcat /usr/local/jakarta-tomcat
chown -R tomcat.tomcat /usr/local/jakarta-tomcat-4.1.31
It is not necessary to set the CATALINA_HOME environment variable. Tomcat is smart enough to figure out CATALINA_HOME on its own.
You should now be able to start and stop Tomcat from the CATALINA_HOME/bin directory by typing ./startup.sh and ./shutdown.sh respectively. Test that Tomcat is working by starting it and typing http://localhost:8080 into your browser. You should see the Tomcat welcome page with links to documentation and sample code. Verify Tomcat is working by clicking on some of the examples links.
At this point, Apache and Tomcat should be working separately in standalone mode. You can run Tomcat in standalone mode as an alternative to Apache. In fact, in some cases, it is said that Tomcat standalone is faster than serving static content from Apache and dynamic content from Tomcat. However, there are compelling reasons to use Apache as the front end. If you run Tomcat standalone:
- You will have to run Tomcat as root on port 80. This is a security concern.
- You will not be able to use a connector such as mod_jk to load balance amongst several Tomcat instances.
- You will not be able to take advantage of Apache features such as cgi and PHP.
- You will not be able to take advantage of Apache modules such as mod_rewrite.
- You will not be able to isolate virtual hosts in their own Tomcat instances.
I think the increased functionality obtained by using Apache on the front end far outweighs the effort required to install and configure a connector.
Development on the mod_jk2 connector was shut down on 11/15/2004; therefore, you no longer have to decide between the mod_jk and mod_jk2 connectors. Use the mod_jk connector. It has been around a long while and is very stable.
The mod_jk connector is the communication link between Apache and Tomcat. It listens on a defined port for requests from Apache.
Download the jk connector source from http://www.apache.org/dist/jakarta/tomcat-connectors/jk/. I used jakarta-tomcat-connectors-1.2.8-src.tar.gz.
Unzip the contents of the file into your download directory as follows:
tar xvzf jakarta-tomcat-connectors-1.2.8-src.tar.gz
This will create a folder called jakarta-tomcat-connectors-1.2.8-src. Move this folder to wherever you store source files on your system. I chose /usr/src. Here is the command I issued from inside the download directory:
mv jakarta-tomcat-connectors-1.2.8-src /usr/src
I refer to the folder where the connector source is installed as CONN_SRC_HOME. In my case CONN_SRC_HOME = /usr/src/jakarta-tomcat-connectors-1.2.8-src.
Run the buildconf script to to create the CONN_SRC_HOME/jk/native/configure file.
CONN_SRC_HOME/jk/native/buildconf.sh
Run the configure script with the path to the apxs file on your system and the options below:
./configure --with-apxs=/usr/sbin/apxs
Build mod_jk with the following command:
If you see missing object errors, try this alternate command:
make LIBTOOL=/etc/httpd/build/libtool
If all went well, the mod_jk.so file was successfully created. Manually copy it to Apache's shared object files directory:
cp CONN_SRC_HOME/jk/native/apache-2.0/mod_jk.so /etc/httpd/modules
The workers.properties file contains information so mod_jk can connect to the Tomcat worker processes.
Place the following workers.properties file in the /etc/httpd/conf directory:
# workers.properties - ajp13
#
# List workers
worker.list=wrkr
#
# Define wrkr
worker.wrkr.port=8009
worker.wrkr.host=localhost
worker.wrkr.type=ajp13
worker.wrkr.cachesize=10
worker.wrkr.cache_timeout=600
worker.wrkr.socket_timeout=300
Notes
- There is an example workers.properties file located in the CONN_SRC_HOME/jk/conf directory. The example file provides a lot of useful information and insight into the workers.properties file, but it contains so much information that it can be confusing. I recommend using it as a learning tool but creating your own workers.properties file from scratch.
- The configuration above assumes Apache and Tomcat are located on the same box and requests are forwarded to Tomcat using type ajp13 workers. Type ajp13 workers forward requests to out-of-process Tomcat workers using the ajpv13 protocol over TCP/IP sockets.
- The name of the worker in the JkMount directive in httpd.conf must match the name of the worker in worker.list ("wrkr" in the configuration above).
The server.xml file contains Tomcat server configuration information. The default CATALINA_HOME/conf/server.xml file that comes with Tomcat contains so much information that I recommend saving it for future reference (e.g. server.xml.bak) and starting from scratch. The default server.xml is great for verifying that Tomcat works in standalone mode and for viewing the examples that come with the application, but I have found it is not the best starting point when you want to integrate Apache with Tomcat. Instead, create a bare bones server.xml file as follows:
your_engine" debug="0" defaultHost="your_domain">
your_domain" debug="0">
your_application"
debug="0" reloadable="true" />
This setup assumes you will put your Tomcat applications in /home/tomcat, not CATALINA_HOME/webapps. This will allow you to easily upgrade Tomcat and back up your Tomcat applications.
If you do keep the default server.xml, make sure you comment out any other connectors besides mod_jk that are listening on port 8009. The default file comes with the Coyote/JK2 connector enabled for the Tomcat-Standalone service. This will conflict with the mod_jk connector in your Tomcat-Apache service. You should comment this connector out. It isn't needed when you connect directly to Tomcat in standalone mode (port 8080), so I'm not sure why this connector is enabled by default.
The Server address defines the interface that Tomcat will listen on for mod_jk requests from Apache. In my configuration, Apache and Tomcat reside on the same box, so I have set the address to the loopback address. The default is for Tomcat to listen on all interfaces, so restricting it to the loopback interface improves security.
The Server shutdown property is the text string that is sent over a socket connection to stop Tomcat. The default value is "SHUTDOWN". The shutdown port is always on the loopback interface, which provides host-level protection. However, there is the possibility that the host could be compromised and someone could send the command SHUTDOWN to all ports and knock Tomcat offline. To prevent this, replace the default value with one that is difficult to guess. Do not use the example string above. Create your own by feeding random bytes into md5sum as follows:
Setting the Context reloadable property to true tells Tomcat to automatically load new and changed application class files found in /WEB-INF/classes and /WEB-INF/lib. This feature is very useful during development. However, it is recommended to set reloadable to false in production environments because monitoring class file changes requires significant server resources.
head -1024c /dev/random | md5sum
Change the permissions on server.xml so no one can read the shutdown string:
chmod 600 $CATALINA_HOME/conf/server.xml
Apache is configured with directives placed in the main Apache configuration file, /etc/httpd/conf/httpd.conf. In addition, Apache 2 has configuration files for perl, php, and ssl located in /etc/httpd/conf.d/.
Rename the /etc/httpd/conf.d/ssl.conf file to ssl.conf.bak. The default Red Hat Apache 2 installation comes with ssl support enabled. If ssl is needed, you can re-enable it after you have successfully integrated Apache and Tomcat.
You will notice that there are three sections labeled in the httpd.conf file supplied by Red Hat: (1) Global Environment, (2) Main Server Configuration, and (3) Virtual Hosts.
Add the following to the bottom of the existing LoadModule directives in the Global Environment section:
LoadModule jk_module modules/mod_jk.so
Add the following to the bottom of the Main Server Configuration section:
JkWorkersFile "/etc/httpd/conf/workers.properties"
JkLogFile "/etc/httpd/logs/mod_jk.log"
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"
Set up a Virtual Host directive in the Virtual Hosts section of httpd.conf. Below is an example of how to set up the your_domain website so Tomcat handles all jsp pages and requests with "servlet" in the path:
NameVirtualHost 127.0.0.1:80
ServerAdmin webmaster@your_domain
ServerName your_domain
DocumentRoot /usr/www/your_domain/html
ErrorLog /usr/www/your_domain/logs/error_log
CustomLog /usr/www/your_domain/logs/access_log common
JkMount /*.jsp wrkr
JkMount /servlet/* wrkr
# Deny direct access to WEB-INF
AllowOverride None
deny from all
The configuration above assumes that your application's static html files will be served from the /usr/www/your_domain/html directory.
I have deliberately chosen to serve static html files and servlets/jsps from different locations for learning purposes (so there was no confusion over which server is serving which files). Typically, all application files would be located in the same directory tree.
The argument for the NameVirtualHost directive must match exactly the argument for the VirtualHost directive (127.0.0.1:80).
You can test your Apache configuration by typing the following:
You should get something like the following response:
127.0.0.1:80 is a NameVirtualHost
default server your_domain (/etc/httpd/conf/httpd.conf:1056)
port 80 namevhost your_domain (/etc/httpd/conf/httpd.conf:1056)
Syntax OK
your_domain does not need to be a domain name with a DNS entry. For testing purposes, you can set up any domain you want in the /etc/hosts file of the machine that you will be using to access your_application.
The example below shows the entry for your_domain when running Apache and Tomcat on a single machine, typical for a development computer.
We will create and install a simple Hello World html page so we can test to make sure Apache handles requests for static html pages.
Copy the following text into a file called HelloWorld.html and install the file in the /usr/www/your_domain/html directory.
If Apache has not been restarted since you added your virtual host, do so as follows:
You should now be able to type http://your_domain/HelloWorld.html into your browser and see the always-exciting "Hello World" message.
We will create and install a simple Hello World servlet so we can test to make sure Apache forwards servlet requests to Tomcat for handling.
Copy the following into a file called HelloWorld.jsp:
<%@ page contentType="text/html;charset=WINDOWS-1252"%>
<% out.println(" Hello World JSP!"); %>
Copy the HelloWorld.jsp file to the /home/tomcat/your_application/ directory.
Copy the following into a file called HelloWorld.java:
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class HelloWorld
extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("Hello World Servlet!");
}
}
Compile the source into a class file as follows:
javac -classpath /usr/local/jakarta-tomcat/common/lib/servlet.jar HelloWorld.java
This will create a file called HelloWorld.class. Copy the HelloWorld.class file to the /home/tomcat/your_application/WEB-INF/classes directory.
Create the following directories and files in /home/tomcat/your_application:
/home/tomcat/your_application/WEB-INF
/home/tomcat/your_application/WEB-INF/classes
/home/tomcat/your_application/WEB-INF/web.xml
The web.xml file is where you map the name of your servlet to a URL pattern so Tomcat can run your servlet when requested. Below is the web.xml file that runs the HelloWorld servlet whenever the URL http://your_domain/servlet/HelloWorld is entered in the browser:
HelloWorld
HelloWorld
HelloWorld
/servlet/HelloWorld
Restart Tomcat as follows:
/CATALINA_HOME/bin/shutdown.sh
/CATALINA_HOME/bin/startup.sh
Restart Apache as follows:
You should now be able to type the following into your browser and see the always-exciting "Hello World" message:
http://your_domain/HelloWorld.jsp
http://your_domain/servlet/HelloWorld
The following steps are not mandatory, but are suggested for a better, tighter Tomcat installation.
If you want to automatically start Tomcat when your system boots and manage it using the service command as we do Apache, you must create an initialization script.
Create the following Tomcat initialization script as /etc/rc.d/init.d/tomcat
#!/bin/sh
#
# Startup script for Tomcat, the Apache Servlet Engine
#
# chkconfig: 345 80 20
# description: Tomcat is the Apache Servlet Engine
# processname: tomcat
# pidfile: /var/run/tomcat.pid
#
# Mike Millson
#
# version 1.02 - Clear work directory on shutdown per John Turner suggestion.
# version 1.01 - Cross between Red Hat Tomcat RPM and Chris Bush scripts
# Tomcat name :)
TOMCAT_PROG=tomcat
# if TOMCAT_USER is not set, use tomcat like Apache HTTP server
if [ -z "$TOMCAT_USER" ]; then
TOMCAT_USER="tomcat"
fi
RETVAL=0
# start and stop functions
start() {
echo -n "Starting tomcat: "
chown -R $TOMCAT_USER:$TOMCAT_USER /usr/local/jakarta-tomcat/*
chown -R $TOMCAT_USER:$TOMCAT_USER /home/tomcat/*
su -l $TOMCAT_USER -c '/usr/local/jakarta-tomcat/bin/startup.sh'
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/tomcat
return $RETVAL
}
stop() {
echo -n "Stopping tomcat: "
su -l $TOMCAT_USER -c '/usr/local/jakarta-tomcat/bin/shutdown.sh'
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/tomcat /var/run/tomcat.pid
rm -rf /usr/local/jakarta-tomcat/work/*
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
# Ugly hack
# We should really make sure tomcat
# is stopped before leaving stop
sleep 2
start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit $RETVAL
Add the startup script to your system as follows:
You will be able to start/stop/restart it using the following commands:
service tomcat start
service tomcat stop
service tomcat restart
If you want Tomcat to start automatically when your system boots, you need to add tomcat to your runlevel as follows:
chkconfig --level 5 tomcat on
Runlevel 5 is the X Window System, typical for a development computer. Runlevel 3 is typical for a dedicated web server.
Apache and Tomcat can be started and restarted in any order. In the past (specifically with the 1.2.5 connector), if Tomcat was restarted, Apache would have to be restarted. This was because the AJP13 protocol maintains open sockets between Apache and Tomcat, and when Tomcat was restarted the connections would be hung in CLOSE_WAIT status until Apache was restarted. This has been fixed starting with the 1.2.6 connector.
During development, you will need access to your tomcat application directory. Add the user account under which you will be doing development to the tomcat group in /etc/group. For example, this is what the tomcat entry might look like in /etc/group if you do development under the yourname account:
Make sure the tomcat group has permission to publish files (e.g. using ant) to your Tomcat application in /home/tomcat/your_application. Issue the following command as root:
/usr/www/your_domain/logs/error_log
Look here for clues to Apache httpd.conf configuration issues, for example VirtualHost setup.
$CATALINA_HOME/logs/catalina.out
Look here for clues to Tomcat server.xml configuration issues. This file is written to when Tomcat starts and stops. It also catches System.out and System.err.
$CATALINA_HOME/logs/mod_jk.log
Look here for clues to mod_jk configuration issues.
The following command can be used to monitor the Apache, Tomcat, and mod_jk connections:
Below is output from running this command. Line numbers have been added to the beginning of each line for discussion purposes.
1 tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN
2 tcp 0 0 127.0.0.1:8009 0.0.0.0:* LISTEN
3 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
4 tcp 0 0 127.0.0.1:8009 127.0.0.1:34449 ESTABLISHED
5 tcp 0 0 127.0.0.1:34449 127.0.0.1:8009 ESTABLISHED
Notes
- Line 1 shows Tomcat listening on port 8005 for the shutdown command.
- Line 2 shows Tomcat listening on port 8009 for requests from Apache.
- Line 3 shows Apache listening on port 80 for user requests.
- Line 4 shows the Tomcat end of a mod_jk connection.
- Line 5 shows the Apache end of a mod_jk connection.