Versions Compared

Old Version 38

changes.mady.by.user Eleanor Brodie

Saved on

compared with

New Version Current

changes.mady.by.user Gary Parden

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Unix/ Linux installation: these instructions guide you to setting up tomcat to run as a service under the classic init mechanism on unix/ linux (System V) since this will be available on all platforms, but you should consider using Upstart, a more modern init mechanism that will be available on most modern unix/ linux distributions. Installation using upstart is widely covered on the web.

Further, at some versions of tomcat, on certain unix/ linux versions, a complete tomcat installation can be performed using a few simple package commands. Before you begin, a web search for tomcat installation at the desired version of tomcat, on the installed version of your unix/ linux distribution, may give you a much simpler installation method.

However you install tomcat, please note the settings that are needed under configuring tomcat

Download

The System Administrator should have set up a linked directory structure like [c:]/opt/tomcat. The details of this may differ between installations so from this point on, the “root” tomcat directory will be referred to as $TOMCAT.

Download the appropriate version of Tomcat from tomcat.apache.org and unpack (unzip/uncompress) into the $TOMCAT. (Refer to Compatibility Guide and Upgrade Planning for supported versions).

Install

Some instructions are given here for installing tomcat, and making it run as a service. You should ensure that any installation meets with your company standards.

Installing on windows

Run the tomcat installation programFollow these instructions.

Installing on unix/ linux

Install the login scripts in tomcat login scripts into the tomcat user home directory. These scripts are correct as of Tomcat 8.0 but you should confirm that no changes are needed because of environment differences or because of different versions of tomcat.Follow these instructions.

Anchor
configureTomcat
configureTomcat
Configure tomcat

Having completed the basic tomcat installation, stop the tomcat service then make the following changes:

conf/context.xml: cache settings

The default Tomcat cache settings are insufficient for PhixFlow:

Edit $TOMCAT/conf/context.xml:

Add <Resources ... /> to at the end of the <Context/> block in

Code Block
[tomcat base]/conf/context.xml

so block so that the file looks something like this:

Code Block
languagexml
<Context>
    <!-- lines omitted -->
	<Resources allowLinking="true" cachingAllowed="true" cacheMaxSize="1000000" />
</Context>

conf/server.xml: Connector settings

Edit the <Connector block in Edit $TOMCAT/conf/server.xml to::

Find the line starting <Connector port="8080"

Edit the <Connector block to

  • Use the required port number (port="8080"). Tomcat defaults to port 8080 for HTTP, but you may need to use a different port if you are running other web servers on the same host.
  • Enable compression (compression="

...

  • on"). Compressing responses from the server is particularly important if you are going to access the PhixFlow server over a slow connection (e.g. a mobile data connection).

After editing, the <Connector/> block should look like this:

Code Block
languagexml
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443"
           compresscompression="forceon"/>

Remember to enable this port in the server’s firewall (if enabled).

web.xml: Session timeout

Modify The default session timeout period is 30 minutes.

We recommend that you change this to a longer period, e.g. 12 hours (720 minutes).

Edit $TOMCAT/conf/web.xml to change the Tomcat

Find the line containing <session-timeout.

Change the session timeout period from its default value (30 mins). Find the following lines and change as needed:Once changed, it should look something like this (this example shows a 12-hour timeout).

Code Block
languagexml
<session-config>
	<session-timeout>720</session-timeout>
</session-config>

Update <session-timeout> to the value you need, e.g. to 720 (minutes i.e. 12 hours).

Java and JVM Options

Download and install Java from java.com. Java JDK 1.8 is required (and version 1.8.0_74 or greater is recommended). Also install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html (required for reading password protected Excel files). The following JVM (Java Virtual Machine) options should be set to control (amongst other things) the amount of memory reserved for Tomcat and therefore made available for PhixFlow. The options are:

...

Option

...

Recommended Setting

...

Syntax

...

Initial Memory Pool

...

1024Mb on 32bit architecture. 40% of physical memory on x64 architecture. Consult your sys admin for recommended settings on virtual servers.

...

-Xms1024m

...

Max Memory Pool

...

As much as possible. 1024Mb on 32bit architecture. 75% of physical memory on x64 architecture. Consult your sys admin for recommended settings on virtual servers.

...

-Xmx1024m

...

Garbage Collector Diagnostics

...

Enabled

...

-verbose:gc

...

Some JDBC (database) drivers generate warning messages direct to the screen if running under a GUI (graphical user interface).

These messages are confusing at best for a background service such as the PhixFlow web application server, and should be disabled.

This setting tells Java to behave as though there were no GUI present.

...

To set JVM options:

...

Windows

  • Run the Tomcat Monitor
  • Open the Tomcat Monitor system tray Configure … menu
  • Select the Java tab
  • Set the Initial memory Pool (see table above)
  • Set the Max Memory Pool (see table above)
  • Add the following lines to the Java Options scrollable field:
Code Block
-Xms1024m
-Xmx1024m
-verbose:gc
-Djava.awt.headless=true

...

Unix/Linux

If you have installed the scripts in tomcat login scripts, these option will already be set however for clarity, these options are defined in the JAVA_OPTS environment variable set in the tomcat user’s shell startup file (e.g. .profile / .bash_profile / .cshrc in the user’s home directory – the actual startup file is determined by the user’s default shell settings).

...

Pre-installed Web Applications

Warning

We recommend that you remove all web applications that are provided as part of the Tomcat installation as they are not required for PhixFlow's normal operation and constitute potential security loopholes.

These are the pre-installed web apps, in more detail.

Supplied Web ApplicationDescription
ROOTThe ROOT web application presents a very low security risk but it does include the version of Tomcat that is being used. The ROOT web application should normally be removed from a publicly accessible Tomcat instance, not for security reasons, but so that a more appropriate default page is shown to users.
DocumentationThe documentation web application presents a very low security risk but it does identify the version of Tomcat that is being used. It should normally be removed from a publicly accessible Tomcat instance.
ExamplesThe examples web application should always be removed from any security sensitive installation.
ManagerThe Manager application allows the remote deployment of web applications and is frequently targeted by attackers due to the widespread use of weak passwords and publicly accessible Tomcat instances with the Manager application enabled.
Host ManagerThe Host Manager application allows the creation and management of virtual hosts - including the enabling of the Manager application for a virtual host.

Database JDBC Drivers

The drivers needed to connect to PhixFlow’s own database are included within the release pack and no action is needed.

...

For information on using SQLServer with Integrated Authentication, see SQLServer Integrated Authentication.

Start Tomcat

To start Tomcat:

...

Windows

...

Run the Tomcat Monitor.

Click on Right mouse menu -> Start Service

...

Unix

Login to the unix server as user tomcat.

Code Block
languagebash
unix> cd $TOMCAT
unix> startup.sh

Make tomcat run as a service

Windows

  • Run the Tomcat Monitor.
  • Right click on the Apache Tomcat icon in the system tray and select Configure …
  • On the ‘General’ tab:
  • Set Startup Type to Automatic.

Unix/ Linux

As the root user, install the tomcat script listed in tomcat service scripts and create a soft link to it from the appropriate run-level directory. The actual run-level directories are specific to the particular unix variant.