If you don't want to run the Tomcat daemon as root, create a new user/group tomcat (first make sure that the UID and GID you use are still available by checking the files /etc/passwd and /etc/group):
You really should not use the root account to run the Tomcat daemon; (using Tomcat version 4.1.27) we found out that this allows the MMBase admin user to write backup dumps of his sites anywhere on the system.
<TODO: better solution available?>
Extract the Tomcat distribution in a new directory:
cd /usr/local/
tar -zxvf .../jakarta-tomcat-xxx.tar.gz
Note
Version 4.1.27 came with a hot-fix:
cd /usr/local/jakarta-tomcat-xxx/
tar -zxvf .../xxx-hotfix-xxx.tar.gz
Change the ownership of the Tomcat directory and make it available as /usr/local/tomcat/:
You need to reboot your system to make this rule effective or restart the iptables firewall:
service iptables restart
Tip
Since (for some odd reason) some network managers allow outgoing web connections only to TCP port 80, there might be people around that cannot access your Tomcat (and MMBase) server through port 8080. Further below we will explain how to install a JK 2 mapping or a reverse proxy in Apache, so Tomcat and MMBase can be accessed through the Apache web server at port 80. Apart from the port issue, this has the advantage that you can use Apache to manage you SSL connections and use your existing Apache logs and statistics facilities for Tomcat and MMBase as well.
If you decide to use Apache as a front-end to your Tomcat and MMBase server, there's no need to open up port 8080 in your firewall.
To run Tomcat, set the $CATALINA_HOME environment variable:
Found this kind of information about installation. I didn't find this kind of groups from my comp. Could this be the reason?
4. Installing Tomcat
Download a binary distribution of Tomcat from the Apache Jakarta website:
http:// jakarta. apache. org/tomcat/
If you don't want to run the Tomcat daemon as root, create a new user/group tomcat (first make sure that the UID and GID you use are still available by checking the files /etc/passwd and /etc/group):
groupadd -g 220 tomcat
useradd -u 220 -g tomcat -c "Tomcat" -r -d /usr/local/tomcat -s "/sbin/nologin" tomcat
Warning
You really should not use the root account to run the Tomcat daemon; (using Tomcat version 4.1.27) we found out that this allows the MMBase admin user to write backup dumps of his sites anywhere on the system.
<TODO: better solution available?>
Extract the Tomcat distribution in a new directory:
cd /usr/local/ tomcat- xxx.tar. gz
tar -zxvf .../jakarta-
Note
Version 4.1.27 came with a hot-fix:
cd /usr/local/ jakarta- tomcat- xxx/ hotfix- xxx.tar. gz
tar -zxvf .../xxx-
Change the ownership of the Tomcat directory and make it available as /usr/local/tomcat/:
chown -R tomcat:tomcat /usr/local/ jakarta- tomcat- xxx jakarta- tomcat- xxx /usr/local/tomcat
ln -s /usr/local/
Open up the firewall for web access to the Tomcat server by adding to the file /etc/sysconfig/ iptables:
-A RH-Lokkit- 0-50-INPUT -p tcp -m tcp --dport 8080 --syn -j ACCEPT
You need to reboot your system to make this rule effective or restart the iptables firewall:
service iptables restart
Tip
Since (for some odd reason) some network managers allow outgoing web connections only to TCP port 80, there might be people around that cannot access your Tomcat (and MMBase) server through port 8080. Further below we will explain how to install a JK 2 mapping or a reverse proxy in Apache, so Tomcat and MMBase can be accessed through the Apache web server at port 80. Apart from the port issue, this has the advantage that you can use Apache to manage you SSL connections and use your existing Apache logs and statistics facilities for Tomcat and MMBase as well.
If you decide to use Apache as a front-end to your Tomcat and MMBase server, there's no need to open up port 8080 in your firewall.
To run Tomcat, set the $CATALINA_HOME environment variable: