JAVA DEPENDENCY FIRST (centos6 comes with openjdk6 but alternatively there's sun/oracle jre) download jdk-6u38-linux-x64.rpm.bin (easiest via browser from oracle.com) chmod +x jdk-6u38-linux-x64.rpm.bin ./jdk-6u38-linux-x64.rpm.bin

sudo rpm -Uvh jdk-6u38-linux-amd64.rpm # ignore file not found errors java -version

maybe necessary: alternatives --install /usr/bin/java java /usr/java/latest/bin/java 2

alternatives --config java

java -version

vi /etc/profile # AND vi ~/.bashrc AND vi /root/.bashrc export JAVA_HOME="/usr/java/jdk1.6.0_38/bin/" export JAVA_PATH="$JAVA_HOME" export PATH="$PATH:$JAVA_HOME"

source /root/.bashrc # reload with the new settings

yum install tomcat6 # should install java as a dependency , if you need to install java7

/etc/init.d/tomcat6 start

less /var/log/tomcat6/catalina.out

INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib

THE APR LIBRARY REQUIRES JDK download from http://tomcat.apache.org/download-native.cgi wget http://mirror.symnds.com/software/Apache//tomcat/tomcat-connectors/native/1.1.27/source/tomcat-native-1.1.27-src.tar.gz

tar -xf tomcat-native-1.1.24-src.tar.gz cd tomcat-native-1.1.24-src/jni/native

sudo yum install gcc openssl-devel.x86_64 apr apr-devel

sudo ./configure --with-apr=/usr/bin/apr-1-config --with-java-home=/usr/java/jdk1.6.0_38 --with-ssl=/usr/include/openssl

make make install

cd /usr/local/apr/lib # verify Libraries have been installed in: /usr/local/apr/lib

cp -a libtcnative-1.* /usr/lib64

/etc/init.d/tomcat6 start # verify that /var/log/tomcat6/catalina.out does not report the APR warning

create or get ssl certificate, intermediate, and key in PEM format ...

vi /etc/tomcat6/server.xml # have the server attach to 8443 with SSL

port < 1024 means 443 needs authbind or iptables

/sbin/iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443

iptables -t nat -D PREROUTING 1 # to delete the first rule from PREROUTING

service iptables save # otherwise run your firewall.sh as a startup script

rpm -qf /usr/share/selinux/devel/include/apps/authbind.if # selinux-policy-3.7.19-155.el6_3.14.noarch

wget http://ftp.debian.org/debian/pool/main/a/authbind/authbind_1.2.0.tar.gz

tar -xf authbind_1.2.0.tar.gz

cd authbind-1.2.0

sudo make

sudo make install

EITHER use port number or uid (from cat /etc/passwd)

touch /etc/authbind/byport/443 chown tomcat /etc/authbind/byport/443 chmod /etc/authbind/byport/443

/usr/local/bin/authbind # this is the executable, should display the version

AUTHBIND AND TOMCAT

sudo touch /etc/authbind/byport/443 sudo chmod 500 /etc/authbind/byport/443 sudo chown tomcat:tomcat /etc/authbind/byport/443

sudo vi /usr/sbin/tomcat6 #uncomment the following

Get the tomcat config (use this for environment specific settings)

if [ -z "${TOMCAT_CFG}" ]; then TOMCAT_CFG="/etc/tomcat6/tomcat6.conf" fi

if [ -r "$TOMCAT_CFG" ]; then . $TOMCAT_CFG fi

!/bin/sh

/usr/local/bin/authbind --deep /usr/sbin/tomcat6 start # script to run tomcat with authbind

settings configured are then used in the startup script

vi /etc/tomcat6/tomcat6.conf

vi /etc/init.d/tomcat6
# Path to the tomcat launch script TOMCAT_SCRIPT="exec authbind --deep /usr/sbin/tomcat6"

the exectuable script imports the configuration

vi /usr/sbin/tomcat6

if [ "$1" = "start" ]; then ${JAVACMD} $JAVA_OPTS $CATALINA_OPTS -classpath "$CLASSPATH"

sudo /sbin/chkconfig --levels 235 tomcat6 on sudo /etc/init.d/tomcat6 restart cd ~