JAVA DEPENDENCY FIRST (centos6 comes with openjdk6 but alternatively there's sun/oracle jre) download jdk-6u38-linux-x64.rpm.bin (easiest via browser from oracle.com) chmod +x jdk-6u38-linux-x64.rpm.bin ./jdk-6u38-linux-x64.rpm.bin
sudo rpm -Uvh jdk-6u38-linux-amd64.rpm # ignore file not found errors java -version
maybe necessary: alternatives --install /usr/bin/java java /usr/java/latest/bin/java 2
alternatives --config java
java -version
vi /etc/profile # AND vi ~/.bashrc AND vi /root/.bashrc export JAVA_HOME="/usr/java/jdk1.6.0_38/bin/" export JAVA_PATH="$JAVA_HOME" export PATH="$PATH:$JAVA_HOME"
source /root/.bashrc # reload with the new settings
yum install tomcat6 # should install java as a dependency , if you need to install java7
/etc/init.d/tomcat6 start
less /var/log/tomcat6/catalina.out
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
THE APR LIBRARY REQUIRES JDK download from http://tomcat.apache.org/download-native.cgi wget http://mirror.symnds.com/software/Apache//tomcat/tomcat-connectors/native/1.1.27/source/tomcat-native-1.1.27-src.tar.gz
tar -xf tomcat-native-1.1.24-src.tar.gz cd tomcat-native-1.1.24-src/jni/native
sudo yum install gcc openssl-devel.x86_64 apr apr-devel
sudo ./configure --with-apr=/usr/bin/apr-1-config --with-java-home=/usr/java/jdk1.6.0_38 --with-ssl=/usr/include/openssl
make make install
cd /usr/local/apr/lib # verify Libraries have been installed in: /usr/local/apr/lib
cp -a libtcnative-1.* /usr/lib64
/etc/init.d/tomcat6 start # verify that /var/log/tomcat6/catalina.out does not report the APR warning
create or get ssl certificate, intermediate, and key in PEM format ...
vi /etc/tomcat6/server.xml # have the server attach to 8443 with SSL
port < 1024 means 443 needs authbind or iptables
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
iptables -t nat -D PREROUTING 1 # to delete the first rule from PREROUTING
service iptables save # otherwise run your firewall.sh as a startup script
rpm -qf /usr/share/selinux/devel/include/apps/authbind.if # selinux-policy-3.7.19-155.el6_3.14.noarch
wget http://ftp.debian.org/debian/pool/main/a/authbind/authbind_1.2.0.tar.gz
tar -xf authbind_1.2.0.tar.gz
cd authbind-1.2.0
sudo make
sudo make install
EITHER use port number or uid (from cat /etc/passwd)
touch /etc/authbind/byport/443 chown tomcat /etc/authbind/byport/443 chmod /etc/authbind/byport/443
/usr/local/bin/authbind # this is the executable, should display the version
AUTHBIND AND TOMCAT
sudo touch /etc/authbind/byport/443 sudo chmod 500 /etc/authbind/byport/443 sudo chown tomcat:tomcat /etc/authbind/byport/443
sudo vi /usr/sbin/tomcat6 #uncomment the following
Get the tomcat config (use this for environment specific settings)
if [ -z "${TOMCAT_CFG}" ]; then TOMCAT_CFG="/etc/tomcat6/tomcat6.conf" fi
if [ -r "$TOMCAT_CFG" ]; then . $TOMCAT_CFG fi
!/bin/sh
/usr/local/bin/authbind --deep /usr/sbin/tomcat6 start # script to run tomcat with authbind
settings configured are then used in the startup script
vi /etc/tomcat6/tomcat6.conf
vi /etc/init.d/tomcat6
# Path to the tomcat launch script
TOMCAT_SCRIPT="exec authbind --deep /usr/sbin/tomcat6"
the exectuable script imports the configuration
vi /usr/sbin/tomcat6
if [ "$1" = "start" ]; then ${JAVACMD} $JAVA_OPTS $CATALINA_OPTS -classpath "$CLASSPATH"
sudo /sbin/chkconfig --levels 235 tomcat6 on sudo /etc/init.d/tomcat6 restart cd ~