vicker313 tech blog

September 12, 2013

Transfer SSL Certificate from Tomcat to Apache

Filed under: Apache, Tomcat — Tags: , , — vicker313 @ 11:27 pm

After Setup Tomcat with Apache Web Server in Linux, you might want to transfer the SSL certificate from Apache Tomcat Server to Apache Web Server.

  1. Convert Tomcat SSL Certificate to Apache Web Server SSL Certificate:
    • keytool -importkeystore -scrkeystore [tomcat key file] -destkeystore [new p12 key file] -srcstoretype jks -deststoretype pkcs12
    • openssl pkcs12 -in [new p12 key file] -out [new pem file]
    • openssl x509 -text -in [new pem file]
    • (command above will show some text, copy the certificate portion and paste to a new certificate file)
  2. [Optional] Convert the certificate to run without password
    • openssl rsa -in [new pem file] -out [no password pem file]
    • openssl x509 -text -in [no password pem file]
    • (same as step 1, copy the certificate portion and paste to a new certificate file)
  3. Edit httpd.conf:
    • uncomment “Inlucde conf/extra/httpd-ssl.conf”
    • enable mod_ssl
    • enable mod_socache_shmcb
  4. Edit httpd-ssl.conf:
    • SSLCertificateFile [certificate file location]
    • SSLCertificateKeyFile [pem file location]
    • add JkMount /[SSL Web] balancer

Setup Tomcat with Apache Web Server in Linux

Filed under: Apache, Tomcat — Tags: , , — vicker313 @ 11:08 pm

Tutorial below show how to setup Apache Tomcat as back-end and Apache Web Server as front-end at your Web Server. In this way user can run both PHP and JSP in one single server without setting up different ports, and also make use of the advantage of Apache Web Server Modules like Mod Security. All the installation files mentioned below are in source code format, however you may also install using respective Linux package manager.

(This tutorial is assumed Tomcat is already installed in the server, located at /apache-tomcat)

  1. First of all, install httpd by running command below inside the httpd extracted directory  (get it from http://httpd.apache.org). The SSL feature is optional (httpd will be installed at /usr/local/apache2).
    • ./configure –enable-ssl –enable-so –with-ssl=/usr/local/ssl
    • make
    • make install
  2. Troubleshoot: the following packages are missing during my installation of httpd, for your reference
    • install apr
      • ./configure
      • make
      • make install
    • install apr-util
      • ./configure –with-apr=/usr/local/apr
      • make
      • make install
    • install pcre
      • ./configure –disable-cpp
      • make
      • make install
  3. Install tomcat-connectors (to create mod_jk.so)
    • in terminal, change directory to native folder in the extracted directory and issue following commands:
      • ./configure –with-apxs=/usr/local/apache2/bin/apxs
      • make
      • make install
    • copy native/apache-2.0/mod_jk.so to /usr/local/apache2/modules (it might auto put it into the folder during the installation)
    • copy conf/httpd-jk.conf to /apache-tomcat/conf/mod_jk.conf
    • copy conf/workers.properties to /apache-tomcat/conf/workers.properties
    • edit /usr/local/apache2/conf/httpd.conf
      • add line “Include /apache-tomcat/conf/mod_jk.conf”
    • edit /apache-tomcat/conf/mod_jk.conf (this is the part to specify which url to refer Apahce Tomcat, eg jspSystem)
      • JkWorkersFile workers.properties
      • add line “JkMount /jspSystem/* balancer”
      • add line “JkMount /jspSystem/ balancer”
    • edit /apache-tomcat/conf/workers.properties
      • worker.node1.port=8009
      • worker.node2.activation=D
  4. Set Apache Tomcat to run at port 8080.
  5. Now you can start Apache Web Server (like using this command /usr/local/apache2/bin/apachectl -k start)

 

December 4, 2012

How to adjust Tomcat PermGen Space Size

Filed under: Tomcat — Tags: , — vicker313 @ 8:10 pm

When we putting more than 3 applications in Tomcat Webapp, we might experience slowness and eventually application crash, even after we have increase Tomcat reserved memory. It is normally refer as Out of Memory Error in PermGen space.

Default PermGen space size is 64MB. To increase it, similar to increase Tomcat reserved memory, we need to edit $TOMCAT/bin/catalina.bat (or catalina.sh in Linux) and look for JAVA_OPTS:

set JAVA_OPTS = ""

Add in -XX:PermSize=500m -XX:MaxPermSize=500m to JAVA_OPTS. If JAVA_OPTS exists with other parameters, just append the new parameters to it.

set JAVA_OPTS = "-Xms2000m -Xmx2000m -XX:PermSize=500m -XX:MaxPermSize=500m"

It is recommended to set size as 1/4 of the reserved memory, eg 1/4 of the 2GB reserved memory will be 500MB PermGen space size.

Other reference: 2 solution of java.lang.OutOfMemoryError in Java

August 12, 2011

Make Tomcat Auto Start in Linux

Filed under: Tomcat — Tags: , — vicker313 @ 7:50 am

Here is another method to install tomcat startup script in Linux (there is another method in my earlier post)

  1. Download tomcat and rename the file name from tomcat.doc to tomcat only (remove the extension)
  2. Put the file under /etc/inid.d
  3. Give execute privilege to the file (chmod +x /etc/init.d/tomcat)
  4. Adjust 2 parameters in the file, TOMCAT and JAVA_HOME.
  5. Add the file into service list (chkconfig ––add tomcat)
  6. Done!
Now you can double check whether tomcat is inside your service list or not by using “chkconfig ––list tomcat”. To start or stop tomcat, simply “service tomcat start” and “service tomcat stop”.

December 23, 2010

Setup SSL Certificate at Tomcat

Filed under: Server, Tomcat — Tags: , , — vicker313 @ 9:12 am

The method here is to implement CA certified SSL certificate in Tomcat Service.

  1. Generate a key store file using keytool utility (installed together with JDK). It will ask for a password to generate the key store file.
    keytool -genkey -alias <any alias name> -keyalg RSA -keystore <output file>
    For example:
    keytool -genkey -alias tomcat -keyalg RSA -keystore tomcat.key
  2. Generate a certificate request file.
    keytool -certreq -keyalg RSA -alias <alias> -file <output file> -keystore <keystore file>
    Example:
    keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore tomcat.key
  3. Then submit the certificate request to your CA. Normally you just need to submit the content of the request file.
  4. As a result you will get the content of the certificate. Copy the content and save it as a certificate file (for example tomcat.cer)
  5. For some CA (like Thawte), you need to download the CA trusted certificate from the their website in order to complete the implementation (EV_Root.cer and EV_intermediate.cer)
  6. Finally import the certificates using command below:
    keytool -import -alias <alias name> -keystore <keystore file> -trustcacerts -file <certificate>
    For example:
    keytool -import -alias EV_Root -keystore online.key -trustcacerts -file EV_Root.cer
    keytool -import -alias EV_intermediate -keystore online.key -trustcacerts -file EV_intermediate.cer
    keytool -import -alias tomcat -keystore tomcat.key -trustcacerts -file tomcat.cer

Some references to retrieve private key from the key store that you generate.

October 3, 2010

How to adjust Tomcat Reserved Memory

Filed under: Tomcat — Tags: , , , — vicker313 @ 8:37 am

By default, Tomcat Service is running under memory limit to 64MB. Java Memory Heap Exception might occur if the application has no enough memory to use. To increase or adjust the memory limit in Tomcat Service, simply edit $TOMCAT/bin/catalina.bat (or catalina.sh in Linux) and look for JAVA_OPTS:

set JAVA_OPTS = ""

Add in -Xms128m -Xmx256m to JAVA_OPTS. Xms is the initial memory when Tomcat is run while Xmx is the maximum memory that Tomcat can use.

set JAVA_OPTS = "-Xms128m -Xmx256m"

How to set Unlimited Session Timeout in Tomcat

Filed under: Tomcat — Tags: , , — vicker313 @ 8:25 am

Session Timeout in Tomcat is set at web.xml, either at Server Level ($TOMCAT/config/web.xml) or Web App Level ($TOMCAT/webapps/yourwebapp/WEB-INF/web.xml). Look for the following tag (or add in):

<session-config>
<session-timeout>60</session-timeout>
</session-config>

The number in session-timeout tag is in minutes. To make it unlimited or no time out, simply set the number to -1 and restart your Tomcat Service.

<session-config>
<session-timeout>-1</session-timeout>
</session-config>

August 12, 2010

Increase or Make Unlimited Maximum Post Size in Tomcat

Filed under: Tomcat — Tags: , , — vicker313 @ 7:58 pm

Tomcat by default has limited the amount of data (2 MB) that you can submit to Tomcat Service through Form Post Method. In other word, exception will occur if you upload something more than 2 MB. To increase the maximum post size or make it unlimited, you only need to:

  1. Edit the server.xml file in conf folder
  2. Look for the line (or similar):
    <Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443"/>
  3. Add this attribute: maxPostSize=”o”. Set the value 0 (zero) make it unlimited, or any size like “4MB”. Now it is look like this:
    <Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" maxPostSize="0"/>
  4. Restart Tomcat Service and done

February 14, 2010

Redirect from HTTP to HTTPS in Tomcat

Filed under: Tomcat — Tags: , , , — vicker313 @ 9:09 am

Simple method to configure Tomcat (the version I try is Tomcat 6) so that all HTTP access will redirect to HTTPS.

Edit [TOMCAT_HOME]\webapps\ROOT\WEB-INF\web.xml, add the following codes inside the web-app tag (or just the above of </web-app>).
<security-constraint>
<web-resource-collection>
<web-resource-name>Automatic SSL Forwarding</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

January 21, 2010

Install Tomcat Startup Script in Linux

Filed under: Tomcat — Tags: , — vicker313 @ 8:00 am

Make Tomcat auto startup in Windows is easy, either install it as service or just put the startup batch into Windows startup list. But not for Linux. After you install (or unzip) Tomcat into your Linux machine, and everything tested OK, you can use steps below to make Tomcat startup as service in Linux (referring to Startup script for Tomcat on Centos | Redhat | Fedora):

  1. Download the startup script from here. There are 2 files inside the zip file: tomcatd and tomcatRunner.
  2. Extract them to /etc/init.d. Make sure they are runnable.
  3. Edit parameters below inside tomcatd file:
    1. JAVA: location of your java utility, for example /usr/java/jdk1.6.0_17/bin/java.
    2. tomcatuser: user that will run the service, usually I just change it to root. (default is tomcat)
    3. CATALINA_HOME: location of your Tomcat, example /usr/tomcat.
  4. Make a tomcat directory in /var/run:
    mkdir /var/run/tomcat
  5. Add the tomcat service:
    chkconfig ––add tomcatd
  6. Now you should able to test out the service:
    service tomcatd restart

Here is another post to auto start Tomcat.

Older Posts »

Create a free website or blog at WordPress.com.