Java + Httpd + Tomcat + Sakai installation (step-by-step)

Please change paths according to your failsystem layout ;)

JAVA INSTALLATION:
— 1.
# cp jdk-1_5_0_22-linux-amd64.bin /srv
# cd /srv
# sh jdk-1_5_0_22-linux-amd64.bin
# ln -s jdk1.5.0_22 jdk

# updatedb;locate javac |grep bin
/srv/jdk1.5.0_22/bin/javac

2.
Here /usr/java/jdk1.5.0_22 is the actual JAVA_HOME for your machine. Note this as you will need it to run the future commands.

alternatives --install /usr/bin/java java /srv/jdk1.5.0_22/bin/java 100
alternatives --install /usr/bin/jar jar /srv/jdk1.5.0_22/bin/jar 100
alternatives --install /usr/bin/javac javac /srv/jdk1.5.0_22/bin/javac 100

3.
Finally you should configure alternative to use Sun's JVM as the default JVM. To do this type:
# /usr/sbin/alternatives --config java

4.
In the future when we update Java, we only need to update this symlink (for JAVA_HOME) and paragraph 2 and 2
# cd /usr/java/
# ln -s jdk1.5.0_22 jdk

5.
Last check:
# java -version
java version «1.5.0_22»
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_22-b03)
Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_22-b03, mixed mode)

6.
I think this step is not really necessary now but anyway:
# cd /etc/profile.d
# vi java.sh

# cat /etc/profile.d/java.sh
export JAVA_HOME=/srv/jdk
export PATH="${PATH}:${JAVA_HOME}/bin/"
export JAVA_OPTS='-server -XX:+UseParallelGC -Xmx1500m -XX:MaxPermSize=200m -XX:+CMSPermGenSweepingEnabled -Djava.awt.headless=true'
#

# chmod +x java.sh
# ./java.sh

# export JAVA_HOME=/srv/jdk
# export PATH="${PATH}:${JAVA_HOME}/bin/"
# export JAVA_OPTS='-server -XX:+UseParallelGC -Xmx1500m -XX:MaxPermSize=200m -XX:+CMSPermGenSweepingEnabled -Djava.awt.headless=true'

7.
# cat /srv/tomcat/bin/setenv.sh
export JAVA_OPTS="-server -XX:+UseParallelGC -Xmx1500m -XX:MaxPermSize=200m -XX:+CMSPermGenSweepingEnabled -Djava.awt.headless=true"
#
# chown tomcat:tomcat /srv/tomcat/bin/setenv.sh
# chmod 755 /srv/tomcat/bin/setenv.sh

TOMCAT INSTALLATION (I'm using 5.5 ver. since it is recommended by Sakai):
— 1. wget archive.apache.org/dist/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.tar.gz

# cp apache-tomcat-5.5.26.tar.gz /srv/

# tar -xvzf apache-tomcat-5.5.26.tar.gz
# ln -s apache-tomcat-5.5.26 tomcat

We would like to run tomcat as a tomcat user:

# groupadd tomcat
# useradd -g tomcat -c «Tomcat» -d /srv/tomcat -s "/bin/bash" tomcat

# chown -R tomcat:tomcat /srv/tomcat
# chown -R tomcat:tomcat /srv/apache-tomcat-5.5.26

2.

[username@server029 yum.d]$ su — tomcat -c '/srv/tomcat/bin/startup.sh'
Password:
Using CATALINA_BASE: /opt/tomcat
Using CATALINA_HOME: /opt/tomcat
Using CATALINA_TMPDIR: /opt/tomcat/temp
Using JRE_HOME: /usr/java/jdk
[username@server029 yum.d]$ ps -ef | grep tom
tomcat 21417 1 33 09:54? 00:00:04 /usr/java/jdk/bin/java -server -XX:+UseParallelGC -Xmx768m -XX:MaxPermSize=128m -Djava.awt.headless=true -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.util.logging.config.file=/opt/tomcat/conf/logging.properties -Djava.endorsed.dirs=/opt/tomcat/common/endorsed -classpath :/opt/tomcat/bin/bootstrap.jar:/opt/tomcat/bin/commons-logging-api.jar -Dcatalina.base=/opt/tomcat -Dcatalina.home=/opt/tomcat -Djava.io.tmpdir=/opt/tomcat/temp org.apache.catalina.startup.Bootstrap start

3.
Checking now that tomcat can run the service and it's fine by going to serverIP:8080/

4.
Shutting it down:
[username@server029 ~]$ sudo su — tomcat -c /srv/tomcat/bin/shutdown.sh

5.
Init script:

# cat /etc/init.d/tomcat
#!/bin/sh
#
# Startup script for Tomcat 5.0, the Apache Servlet Engine
#
# chkconfig: 2345 80 20
# description: Tomcat 5.0 is the Apache Servlet Engine
#
# Tomcat Startup Script

# Source function library.
if [ -x /etc/rc.d/init.d/functions ]; then
. /etc/rc.d/init.d/functions
fi

CATALINA_HOME=/srv/tomcat; export CATALINA_HOME
JAVA_HOME=/srv/jdk; export JAVA_HOME
TOMCAT_OWNER=tomcat; export TOMCAT_OWNER

start() {
echo -n «Starting Tomcat: „
su $TOMCAT_OWNER -c $CATALINA_HOME/bin/startup.sh
sleep 2
}
stop() {
echo -n “Stopping Tomcat: „
su $TOMCAT_OWNER -c $CATALINA_HOME/bin/shutdown.sh
}

# See how we were called.
case “$1» in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo $«Usage: tomcat {start|stop|restart}»
exit
esac

6.
# chmod +x /etc/init.d/tomcat
# chkconfig --add tomcat
# chkconfig tomcat on

Sakai Installation:
— 1.
# wget apache.wildit.net.au/maven/binaries/apache-maven-2.2.1-bin.tar.gz
# cp apache-maven-2.2.1-bin.tar.gz /srv
# cd /srv
# tar -xvzf apache-maven-2.2.1-bin.tar.gz
# ln -s apache-maven-2.2.1 maven2

2. Set Maven environment variables

# vi /etc/profile.d/maven.sh

# cat /etc/profile.d/maven.sh
export MAVEN_HOME=/srv/maven2
export PATH=$PATH:$MAVEN_HOME/bin
export MAVEN_OPTS='-Xms256m -Xmx512m -XX:PermSize=64m -XX:MaxPermSize=128m'

# chmod +x /etc/profile.d/maven.sh
# /etc/profile.d/maven.sh

3. Create a local Maven repository

Create a local Maven repository (.m2) in your home directory:

# cd $HOME
# mkdir -p .m2/repository

4. Create a Maven settings.xml file

# cat ~/.m2/settings.xml
<settings xmlns=«maven.apache.org/POM/4.0.0»
xmlns:xsi=«www.w3.org/2001/XMLSchema-instance»
xsi:schemaLocation=«maven.apache.org/POM/4.0.0
maven.apache.org/xsd/settings-1.0.0.xsd»>
tomcat5x
true

<appserver.id>tomcat5x</appserver.id>
<appserver.home>/srv/tomcat</appserver.home>
<maven.tomcat.home>/srv/tomcat</maven.tomcat.home>
<sakai.appserver.home>/srv/tomcat</sakai.appserver.home>
<surefire.reportFormat>plain</surefire.reportFormat>
<surefire.useFile>false</surefire.useFile>





5. Install Subversion 1.5+

# yum install subversion

# svn co https://source.sakaiproject.org/svn/sakai/branches/sakai_2-6-x/ sakai_2-6-x

# cd sakai_2-6-x/master
# mvn clean install
# cd…

# mvn clean install | tee maven-sakai-log

Check the build log — maven-sakai-log and deploy
# mvn sakai:deploy -Dmaven.tomcat.home=/srv/tomcat | tee maven-sakai-deploy-log

Note: You can also issue mvn clean install sakai:deploy from any sakai project module top-level folder in order to build and deploy portions of Sakai such as individual tools.

6.
From the Installation guides (http://confluence.sakaiproject.org/display/DOC/Installation+(2.6) ):
Both Oracle 10g AND Oracle 9i users must use the 10g driver; the latest 10g «Release 2» (10.2.x) or higher is recommended.
Install Oracle JDBC driver (or connector) for your installation. For Oracle download the ojdbc14.jar file and copy it to $CATALINA_HOME/common/lib:

www.oracle.com/technology/software/tech/java/sqlj_jdbc/index.html

# wget download.oracle.com/otn/utilities_drivers/jdbc/10204/ojdbc14.jar
# cp Downloaded/ojdbc14.jar /srv/tomcat/common/lib/
# chown tomcat:tomcat /srv/tomcat/common/lib/ojdbc14.jar
# ls -l /srv/tomcat/common/lib
-rw-r--r-- 1 tomcat tomcat 1555682 Jan 11 11:33 ojdbc14.jar

7.
Check location of sakai.properties file in the source code:
— root@server031 sakai_2-6-x]# ls -l reference/docs/sakai.properties
-rw-r--r-- 1 root root 24375 Jan 13 16:50 reference/docs/sakai.properties

The default location for your local sakai.properties file is $CATALINA_HOME/sakai. This folder is not created by Maven during the build and deployment process, so you will have to create it manually or via a script.
If you checkout a copy of sakai.properties from our SVN repository make sure it corresponds to the version of Sakai you are using (e.g. Sakai 2.6.x):
$ svn co source.sakaiproject.org/svn/reference/branches/sakai_2-6-x/docs/sakai.properties

# mkdir -p /srv/tomcat/sakai
# cp sakai.properties /srv/tomcat/sakai/

# chown -R tomcat:tomcat /srv/tomcat
# chown -R tomcat:tomcat /srv/apache-tomcat-5.5.26

Now start tomcat:
# /etc/init.d/tomcat start
check the log during boot:
# tail -f /srv/tomcat/logs/catalina.out

8. On startup, Sakai will generate all database objects (tables, keys, constraints, etc.) automatically, obviating the need to run DDL scripts manually per the sakai.properties setting auto.ddl.
# establish auto.ddl — on by default
auto.ddl=true
#auto.ddl=false

Once the database schema is created you should set auto.ddl=false and restart tomcat.

8a.
# chmod 640 /srv/apache-tomcat-5.5.26/sakai/sakai.properties

9. Configuring mail properties:
stop Sakai, remove the sakai-mailarchive-james directory under webapps (but leave sakai-mailarchive-james.war), and then start Sakai again

[root@server029 webapps]# /etc/init.d/tomcat stop
[root@server029 webapps]# rm -rf /srv/tomcat/webapps/sakai-mailarchive-james

[root@server029 Downloaded]# yum install postfix system-switch-mail mailx
Now change to postfix:
[root@server029 Downloaded]# system-switch-mail

main.cf:
— # For Sakai
myorigin = $myhostname
relayhost = smtp.yoursmtp.server

# /sbin/chkconfig postfix on && /sbin/service postfix restart

Test:
echo «test message» | mail -s test user@domain.com.au

Check that it's all working:

# tail /var/log/messages
# tail /var/log/maillog

11. Adding this file for autoredirection to portal:
# cat /srv/tomcat/webapps/ROOT/index.html




Install APACHE HTTP AND MOD_JK:
— 1.
# yum install httpd httpd-devel gcc gcc-c++

2.
Go to tomcat.apache.org/download-connectors.cgi and download the source code:
# wget apache.16degrees.com.au/tomcat/tomcat-connectors/jk/source/jk-1.2.28/tomcat-connectors-1.2.28-src.tar.gz

3.
# tar -xvzf tomcat-connectors-1.2.28-src.tar.gz

Read docs/webserver_howto/apache.html or native/BUILDING.txt for options.

# cd tomcat-connectors-1.2.28-src/native/
# which apxs
# ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility
# make
# make install
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
— chmod 755 /usr/lib64/httpd/modules/mod_jk.so

Please be sure to arrange /etc/httpd/conf/httpd.conf…

Check:
# ls -l /etc/httpd/modules/mod_jk.so
-rwxr-xr-x 1 root root 959821 Jan 7 14:10 /etc/httpd/modules/mod_jk.so

4.
# chkconfig --add httpd
# chkconfig httpd on

5.
# mkdir -p /etc/httpd/conf/vhosts.d

6. add those lines to /etc/httpd/conf/httpd.conf file:

Include /etc/httpd/conf/mod_jk.conf
Include /etc/httpd/conf/vhosts.d/*.conf

7. Create /etc/httpd/conf/mod_jk.conf:

# cat /etc/httpd/conf/mod_jk.conf
LoadModule jk_module modules/mod_jk.so

# mod_jk config
# Where to find workers.properties
# Update this path to match your conf directory location (put workers.properties next to httpd.conf)
JkWorkersFile /etc/httpd/conf/workers.properties
# Where to put jk shared memory
# Update this path to match your local state directory or logs directory
JkShmFile /var/log/httpd/mod_jk.shm
# Where to put jk logs
# Update this path to match your logs directory location (put mod_jk.log next to access_log)
JkLogFile /var/log/httpd/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel info
# Select the timestamp log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
#JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"
# Globally deny access to the WEB-INF directory
<LocationMatch '.*WEB-INF.*'>
AllowOverride None
deny from all


8. Create /etc/httpd/conf/workers.properties file:

# cat /etc/httpd/conf/workers.properties
#
# This file provides minimal jk configuration properties needed to
# connect to Tomcat.
#
# We define a workers named worker1 and worker2
workers.tomcat_home=/srv/tomcat/
workers.java_home=/srv/jdk
ps=/
# worker.list=worker1,worker2
worker.list=worker1
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009
worker.worker1.lbfactor=1
# worker.worker2.type=ajp13
# worker.worker2.host=sakai26.dyndns.org
# worker.worker2.port=8009
# worker.worker2.lbfactor=1

# Load-balancing behaviour (add when you have more than 1 worker and change worker.workerX.host and worker.list accordingly)
# worker.loadbalancer.type=lb

# Status worker for managing load balancer (add when you have more than 1 worker)
worker.status.type=status

9. Create /etc/httpd/conf/vhosts.d/01YOURSERVERNAME.its.your.domain.conf

# cat /etc/httpd/conf/vhosts.d/01server029.its.your.domain.conf
NameVirtualHost *:80

<VirtualHost *:80>
ServerName server029.its.your.domain
ServerAdmin admin@its.your.domain
ServerAlias server031

# Just in case
DocumentRoot /srv/sakai

# if not specified, the global error log is used
ErrorLog /var/log/httpd/server029.its.your.domain-error_log
CustomLog /var/log/httpd/server029.its.your.domain-access_log combined
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off

# Add index.jsp to DirectoryIndex files
DirectoryIndex index.php index.html index.htm index.shtml index.php4 index.php3 index.phtml index.cgi index.jsp

JkMount /* worker1
# JkMount /*.jsp worker1


9a. Create (just in case) /srv/sakai
# mkdir -p /srv/sakai

10. Finally, you must edit $CATALINA_HOME/conf/server.xml to make sure that the AJP connection is enabled on port 8009, and to turn off clear-text traffic on port 8080. The AJP connector should NOT be commented out:


<Connector port=«8009»
address=«127.0.0.1»
enableLookups=«false» redirectPort=«8443» protocol=«AJP/1.3» />

Make sure you're asking Tomcat to look for connection on localhost (127.0.0.1) only, meaning it'll ignore your public-facing traffic, for even tighter security.

And the HTTP connector on port 8080 should be commented out (no need to listen on 8080 in our case):




11. Start the bundle:

# /etc/init.d/httpd configtest
# /etc/init.d/httpd start
# /etc/init.d/tomcat start
# tail -f /srv/tomcat/logs/catalina.out

You can also use APACHE to handle HTTPS traffic, with Tomcat backstage:
— 1.
# yum install mod_ssl openssl

# ls -l /etc/pki/tls/certs

Generate a self-signed certificate
— Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you will need a key from Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands
openssl genrsa -out ca.key 1024 # Generate private key

2a. Generate CSR
# openssl req -new -key ca.key -out ca.csr

2b. Generate Self Signed Key
# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

2c. Move the files to the correct locations
# mv ca.crt /etc/pki/tls/certs
# mv ca.key /etc/pki/tls/private/ca.key
# mv ca.csr /etc/pki/tls/private/ca.csr

3. Edit /etc/httpd/conf/vhosts.d/01YOURSERVERNAME.its.your.domain.conf:

# cat /etc/httpd/conf/vhosts.d/01server029.its.your.domain.conf
NameVirtualHost *:80

<VirtualHost *:80>
ServerName server029.its.your.domain
ServerAdmin admin@its.your.domain
ServerAlias server029

# DocumentRoot /srv/server029

# ServerAlias www.server029.its.your.domain
# if not specified, the global error log is used
ErrorLog /var/log/httpd/server029.its.your.domain-error_log
CustomLog /var/log/httpd/server029.its.your.domain-access_log combined
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off

# Add index.jsp to DirectoryIndex files
DirectoryIndex index.php index.html index.htm index.shtml index.php4 index.php3 index.phtml index.cgi index.jsp

# JkMount /* worker1
# JkMount /*.jsp worker1
RedirectMatch ^/$ https://server029.its.your.domain/portal
RedirectMatch ^/(.+) https://server029.its.your.domain/$1


NameVirtualHost *:443

<VirtualHost *:443>
ServerName server029.its.your.domain:443
DocumentRoot /srv/server029

JkMount /* worker1
# JkMount /*.jsp worker1

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on
SSLProtocol all -SSLv2

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key


I Think that's it ;)

Any comments/fixes are welcome :)

By Leon Kolchinsky from Melbourne,AU

Comments (3)

RSS Collapse / Expand
+
+1
Great work!
avatar

t0lkman

  • January 27, 2010, 8:01pm
+
0
Thanks mate :)
avatar

lkolchin

  • January 27, 2010, 8:21pm
+
0
Could you please translate this to Windows?
avatar

thirilog

  • November 21, 2011, 4:28pm

Only registered and authorized users can leave comments. Login or Register