...
| Info |
|---|
Unix/ Linux installation: these instructions guide you to setting up tomcat to run as a service under the classic init mechanism on unix/ linux (System V) since this will be available on all platforms, but you should consider using Upstart, a more modern init mechanism that will be available on most modern unix/ linux distributions. Installation using upstart is widely covered on the web. Further, at some versions of tomcat, on certain unix/ linux versions, a complete tomcat installation can be performed using a few simple package commands. Before you begin, a web search for tomcat installation at the desired version of tomcat, on the installed version of your unix/ linux distribution, may give you a much simpler installation method. However you install tomcat, please note the settings that are needed under configuring tomcat |
Download
The System Administrator should have set up a linked directory structure like [c:]/opt/tomcat. The details of this may differ between installations so from this point on, the “root” tomcat directory will be referred to as $TOMCAT.
...
| Code Block | ||
|---|---|---|
| ||
<Context>
<!-- lines omitted -->
<Resources allowLinking="true" cachingAllowed="true" cacheMaxSize="1000000" />
</Context> |
...
- Use the required port number (port="8080"). Tomcat defaults to port 8080 for HTTP, but you may need to use a different port if you are running other web servers on the same host.
- Enable compression (compression="forceon"). Compressing responses from the server is particularly important if you are going to access the PhixFlow server over a slow connection (e.g. a mobile data connection).
...
| Code Block | ||
|---|---|---|
| ||
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
compresscompression="forceon"/> |
Remember to enable this port in the server’s firewall (if enabled).
...
| Code Block | ||
|---|---|---|
| ||
<session-config> <session-timeout>720</session-timeout> </session-config> |
...
Pre-installed Web Applications
| Warning |
|---|
We recommend that you remove all supplied Tomcat web applications that are provided as part of the Tomcat installation as they are not required for PhixFlow's normal operation and constitute potential security loopholes. |
These are the supplied pre-installed web apps, in more detail.
| Supplied Web Application | Description |
|---|---|
| ROOT | The ROOT web application presents a very low security risk but it does include the version of Tomcat that is being used. The ROOT web application should normally be removed from a publicly accessible Tomcat instance, not for security reasons, but so that a more appropriate default page is shown to users. |
| Documentation | The documentation web application presents a very low security risk but it does identify the version of Tomcat that is being used. It should normally be removed from a publicly accessible Tomcat instance. |
| Examples | The examples web application should always be removed from any security sensitive installation. |
| Manager | The Manager application allows the remote deployment of web applications and is frequently targeted by attackers due to the widespread use of weak passwords and publicly accessible Tomcat instances with the Manager application enabled. |
| Host Manager | The Host Manager application allows the creation and management of virtual hosts - including the enabling of the Manager application for a virtual host. |
Database JDBC Drivers
The drivers needed to connect to PhixFlow’s own database are included within the release pack and no action is needed.
...