Skip to content

This is in setting up tomcat 9 on linux with self-sign cert enable. It is with some discretion that the version of tomcat must align with the version of either OpenJDK or from Oracle's JDK. The version from Apache Tomcat website had mentioned that Tomcat v9 can be used with newer Oracle JDK 1.8.xxx or whereas Tomcat v8 can be used with Oracle JDK 1.7.xxx or newer.

Install Oracle's JDK can be super simple on linux. Download either their x86 or x86_64 bit version and plop it onto your local home download directory /home/username/Download .

Download Java: https://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
Download Tomcat: http://mirror.cogentco.com/pub/apache/tomcat/tomcat-9/v9.0.21/bin/apache-tomcat-9.0.21.tar.gz


The following are commands where i had issued in order to move a binary JDK file to another directory location before extracting this tarball package.


sudo mv /home/username/Download/ jdk-8u211-linux-x64.tar.gz /opt
sudo mv /home/username/Download/apache-tomcat-9.0.21.tar.gz /opt
cd /opt
sudo tar xzvf jdk-8u211-linux-x64.tar.gz
sudo chown -R username:username jdk1.8.0_211
sudo mkdir tomcat9
sudo tar xzvf apache-tomcat-9.0.21.tar.gz
cd apache-tomcat-9.0.21/
sudo cp -pr . ../tomcat9
cd ..
sudo chown -R username:username tomcat9/

# Your /opt directory should look something like this.
drwxr-xr-x 7 username username 4096 Jun 20 12:51 jdk1.8.0_211
drwxr-xr-x 9 username username 4096 Jun 20 13:05 tomcat9

Now, oracle's JDK v1.8.211 and tomcat 9 have both been installed. There is a minor issue with executing both java and catalina server from the command line. We must configure a few files for this user named username on this linux VM with the following commands:

cd
vim .bashrc

somehow paste the following lines onto this file if you are using ubuntu linux otherwise Fedora/CentOS/Redhat would be .bash_profile.

# for use of Java JDK
JAVA_HOME=/opt/jdk1.8.0_211
export PATH=$PATH:$JAVA_HOME/bin
#used for TOMCAT CATALINA HOME
export CATALINA_HOME=/opt/tomcat9

Save either your .bashrc or .bash_profile file by issuing when using vim :wq
Finally, we must use the command source one of those two files to activate the commands.
source .bashrc
or
source .bash_profile

Now, we must configure tomcat 9 since java is functional. Tomcat 6/7/8/9 must have a user before one could use its built-in management tools and system monitoring software. Therefore we must conduct the following items.

cd /opt/tomcat9/conf
vim tomcat-users.xml
paste the following items before the last tag of this tomcat-users.xml file.

We must now generate a keystore file and a new directory inside /opt/tomcat9/conf directory to hold the key and keystore file.

cd /opt/tomcat9/conf
mkdir pki; cd pki

keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -storetype JKS -keystore keystore.jks -storepass maythehobbitbewithyou -validity 1024

once you had decided to use JKS type using keytool, there should be a new file called keystore.jks. There is a warning since this JKS format is proprietary algorithm from former SUN Microsystem and now Oracle. There is an alternative approach to this madness.

# keytool -genkey -alias tomcat -keystore keystore.pfx -storetype PKCS12 -keyalg RSA -storepass maythehobbitbewithyou -validity 1024 -keysize 2048

we can then check the key to see the fingerprint and see if our tomcat key has been placed inside this keystore.* by issuing this command.

keytool -list -keystore keystore.jks

one last item we must now do would be to configure this /opt/tomcat9/conf/server.xml file to enable port 8443 for this self-signed cert we've created on the previous step. 🙂


Finally, after saving the above text in your server.xml config file. You can now start tomcat Catalina service with the following command:
$CATALINA_HOME/bin/catalina.sh start

This command is to stop the service. You can also find some additional instructions to figure out a way to make this tomcat instance run when your OS boots up.

$CATALINA_HOME/bin/catalina.sh stop

I also had to comment out the inner two lines of this file called context.xml inside each of these two directories in order host management on the web interface would appeared :
/opt/tomcat9/webapps/host-manager/META-INF/context.xml
/opt/tomcat9/webapps/manager/META-INF/context.xml

i believed this was all that i had done before tomcat 9 and oracle JDK were working rediculously well. This was an example only to demonstrate a simple semi-secure middleware web engine. One would need to make a production instance of any J2EE engine or other html engine such as Glassfish/WildFly/JBOSS/Weblogic/apache/IIS to be more secure in order to prevent data being leaked out over connection and prevent some random Hobbit in the Middle Attacks. Some recommendation would be to acquire an actual pem file which is publicly verified Cert from digicert.com or other cert authorities and reconfigure your production Tomcat instance. Second, for development/testing environment, one could also place this entire deployment of JDK, Tomcat and configuration onto a container environment using Docker or Kubetnetty running one container as a service in your Linux environment. Running either dockers, or Kubernetty was ridicously slow inside windows ->VM(linux)->Dockers. Use some form of a linux distro(CentOS,Redhat,Ubuntu,Slackware) to deploy your container once this container environment has been installed and configured properly. Bare in mind that RAM is important ! and no, we are not talking about sheep or goat or a four legged animal with lots of white bushy hair on its body !

# Assuming you have your linux CentOS 7-1804 environment correctly installed with networking enabled.

sudo yum update;sudo yum upgrade
sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum update
sudo yum -y groupinstall "development tools"
sudo yum install vim
sudo yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
sudo yum update
sudo yum -y install php72-php
sudo yum -y install php72 php-opcache
sudo yum -y install php72-php-mysqlnd
sudo yum -y install php72-php-mbstring
sudo yum -y install vim mlocate ntp ntpdate

# installing Apache Server 2.4.x, you can also try nginx if you like

sudo yum -y install httpd

# the below instructions are meant to install MariaDB

sudo touch /etc/yum.repos.d/mariadb.repo
--paste the next 7 lines of stuff into this repo files and save--

# MariaDB 10.2 CentOS repository list - created 2018-05-12 04:10 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.2/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

# We've chosen to install MariaDB instead of Mysql from Mysql Repo
# you can Choose to install Mysql-server, which is also easy to install
# grab that mysql-server repo and follow some simple instructions online then you
# are Golden.
# for MariaDB-server 10.2

sudo yum update
sudo yum install mariadb-server mariadb-client
sudo mysql_secure_installation

 

# there might need to be two additional items inorder to get php72 to function in your centOS server.

  1. Disable SElinux: sudo vim /etc/sysconfig/selinux
  2. turn off firewalld: sudo service firewalld stop

# To Build:
# Ref: https://raw.github.com/nmilford/rpm-tomcat7/master/tomcat7.spec

#
# sudo yum -y install rpmdevtools && rpmdev-setuptree
#
# wget https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.27/bin/apache-tomcat-8.5.27-fulldocs.tar.gz -O ~/rpmbuild/SOURCES/apache-tomcat-8.5.27-fulldocs.tar.gz
# cd ~/rpmbuild/SOURCES
# mkdir apache-tomcat-8.5.27-doc
# mkdir ./apache-tomcat-8.5.27-doc/docs
# tar xzvf apache-tomcat-8.5.27-fulldocs.tar.gz
# cp -pr ./tomcat-8.5-doc/ ./apache-tomcat-8.5.27-doc/docs
# tar czvf apache-tomcat-8.5.27-doc.tar.gz apache-tomcat-8.5.27-doc/
# rpmbuild -bb ~/rpmbuild/SPECS/tomcat8doc.spec
##################################################################
# this is kind of complicated, but i think more or less will work.
##################################################################

%define tomcat_home /usr/share/tomcat8
#%define _unpackaged_files_terminate_build 0

Summary: Apache Servlet/JSP Engine, RI for Servlet 2.4/JSP 2.0 API
Name: tomcat8
Version: 8.5.27
BuildArch: noarch
Release: 1
License: Apache Software License
Group: Networking/Daemons
URL: http://tomcat.apache.org/
Source0: apache-tomcat-%{version}-doc.tar.gz
Requires: java
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-docroot-%(%{__id_u} -n)

%description
Tomcat is the servlet container that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies.
The Java Servlet and JavaServer Pages specifications are developed by
Sun under the Java Community Process.

Tomcat is developed in an open and participatory environment and
released under the Apache Software License. Tomcat is intended to be
a collaboration of the best-of-breed developers from around the world.
We invite you to participate in this open development project. To
learn more about getting involved, click here.

This package contains the base tomcat installation that depends on Sun's JDK and not
on JPP packages.

%package fulldoc-webapp
Group: System Environment/Applications
Summary: The docs web application for Apache Tomcat
Requires: %{name} = %{version}-%{release}-doc

%description fulldoc-webapp
The docs web application for Apache Tomcat.

%prep
%setup -q -n apache-tomcat-%{version}-doc

%build

%install
install -d -m 755 %{buildroot}/%{tomcat_home}
cp -R * %{buildroot}/%{tomcat_home}

# Put docs in /var/lib and link back.
install -d -m 755 %{buildroot}/usr/share/doc/%{name}-%{version}
mv %{buildroot}/%{tomcat_home}/docs %{buildroot}/usr/share/doc/%{name}-%{version}
cd %{buildroot}/%{tomcat_home}/
ln -s /usr/share/doc/%{name}-%{version}/docs docs
cd -

%clean
rm -rf %{buildroot}

%files fulldoc-webapp
%defattr(0644,root,root,0755)
/usr/share/doc/%{name}-%{version}/docs

%post

%preun

%postun

%changelog
* Tue Feb 27 2018 Freeman Lo <aschenbach@gmail.com>
- updated to 0.0.1

Solaris system disk nomenclature:

healthy disk indicated by ^++

There are two additional commands to discover if SAN, NAS disks are bad on your Storage system. "iostat -En" , "zpool status", "dmesg | grep -i error"

root@frodo:~$ hd -c -d -s

 

-----------------------------SunFire -------Rear-----------------
 3:    7:   11:   15:   19:   23:   27:   31:   35:   39:   43:   47:
c1t3  c1t7  c2t3  c2t7  c3t3  c3t7  c4t3  c4t7  c5t3  c5t7  c6t3  c6t7
^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++
 2:    6:   10:   14:   18:   22:   26:   30:   34:   38:   42:   46:
c1t2  c1t6  c2t2  c2t6  c3t2  c3t6  c4t2  c4t6  c5t2  c5t6  c6t2  c6t6
^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++
 1:    5:    9:   13:   17:   21:   25:   29:   33:   37:   41:   45:
c1t1  c1t5  c2t1  c2t5  c3t1  c3t5  c4t1  c4t5  c5t1  c5t5  c6t1  c6t5
^b+   ^++   ^b+   ^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++
 0:    4:    8:   12:   16:   20:   24:   28:   32:   36:   40:   44:
c1t0  c1t4  c2t0  c2t4  c3t0  c3t4  c4t0  c4t4  c5t0  c5t4  c6t0  c6t4
^b+   ^++   ^b+   ^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++
-------*---------*-----------SunFire ---*---Front-----*-------*---
Broken Disk indicated by: ^--
-----------------------------SunFire -------Rear-----------------
 3:    7:   11:   15:   19:   23:   27:   31:   35:   39:   43:   47:
c1t3  c1t7  c2t3  c2t7  c3t3  c3t7  c4t3  c4t7  c5t3  c5t7  c6t3  c6t7
^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++
 2:    6:   10:   14:   18:   22:   26:   30:   34:   38:   42:   46:
c1t2  c1t6  c2t2  c2t6  c3t2  c3t6  c4t2  c4t6  c5t2  c5t6  c6t2  c6t6
^++   ^++   ^++   ^++   ^--   ^++   ^++   ^++   ^++   ^++   ^++   ^--
 1:    5:    9:   13:   17:   21:   25:   29:   33:   37:   41:   45:
c1t1  c1t5  c2t1  c2t5  c3t1  c3t5  c4t1  c4t5  c5t1  c5t5  c6t1  c6t5
^b+   ^++   ^b+   ^++   ^--   ^++   ^--   ^++   ^++   ^--   ^++   ^++
 0:    4:    8:   12:   16:   20:   24:   28:   32:   36:   40:   44:
c1t0  c1t4  c2t0  c2t4  c3t0  c3t4  c4t0  c4t4  c5t0  c5t4  c6t0  c6t4
^b+   ^++   ^b+   ^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++   ^++
-------*---------*-----------SunFire ---*---Front-----*-------*---

Solaris disk naming scheme is somewhat confusing until when one has cracked open a SUN SunFire server and seeing so many disks,  one shall at that very instance realize the reason  of solaris's madness with its logical disk nomenclature.

First of all, a DVD/CD disk loaded on the solaris system is identified as /dev/dsk/c0t0d0s0 aka cotodoso.

The reason why this was a logical method was that, on these large scale SUN systems, there were actually disk controllers available to control hard disks. In the above example, we could see that there were controllers.  one controller controlling each  two columns of drives.    'c' is translate into controller, so if there were a drive failed in either of the first two column. It would be located in the first controller. The next character is 't'. no clue what it means but in my own term, it is the value for type of disk or the range of disks in a given controller. sadly, 't' could not be translate into the row value as we can see it is listed as the number of disks in a controller.  Starting with 0 on the front panel and count up towards the rear. Kind of like the first slot in an array in terms of CS, all things in CS starts with 0.  next, we have 'd', it is the disk number. 't' and 'd' may have similar meaning.

Finally, 's' is the slice or the partition. So... if we had something categorized as such c6t3d3s5. This would be partition 5 disk 3 row 3 in controller 6.  Solaris does care for the exact location of disk in any multi-disk system. This was an straight forward approach in location disk for all large scale systems.  if we were to translate *c6t3d3s5 into linux jargon, we believed that it might be *sdd5, this means that your third {ssd||spinningDisk} connected to your mobo via sata cable partition 5 might be having an issue.  Overall, linux does provide an abstracted layer approach in disk orientation unlike Solaris, where it provided more of a logical approach in identifying each individual disk based on controller location.

* Correction, we had it sdc5, but disk in solaris starts with 0 so its actually the fourth disk in linux jargon. Linux's disk is based on solely with SATA cable orientations and depending on the number of SATA ports available on the MOBO. Starting with sda, which is the first SATA cable connected to SATA0 on MOBO unless this is a DVD/CD rom drive otherwise, we are claiming it to be HD. sda = firstHD, sdb = secondHD, sdc=thirdHD, sdd = fourthHD. A normal Desktop MOBOs might be able to insert 4 HDs. A super charge MOBO might be able to insert 8 HDs or more. the number after the sda is the partition value. For example sda3. This means the first HD or first SATA cable connected to the MOBO where partition 3 on this disk call sda. This is one perspective we have based on each individual controller controlling the 8 HDs. If you were to look at it from a large picture, then this drive is a part of the entire set of disks. In a second linux jargon, it might actually be sdar5 if you were to count from bottom left hand corner to this particular drive location. surely, its one confusing mess. Depending on how you look at it, one controller (tree) or the entire shebang (forest), its either drive 'sdd' or drive 'sdar'. we kind of enjoy looking at it at a tree perspective, so sdd will be.

Often times, it is challenging to install OS such as any distributions of Linux, but installing Linux has come a long way when compared to RedHat versions 7.x in the olden days. We've experience installing various OSes in the past. The most difficult OSes to install would be the {net||open||free} BSDs from scratch. Bare in mind, Linux distributions had come a long way.  With its archaic menu driven installation process with complicated disk partitioning schemes, which perhaps drove some users away from using and learning Linux OS. It was actually worth using a disk utility to partition the disk first before popping in your favorite distro into the DVD drive.  Kudos to all Linux OS Communities, who came together and made the installation process simpler with prettified GUI installation steps for all non-hardware experts like myself.

Many of these installation processes for many *nis distros had all been simplified with a click of a button to choose packages, automatic partition your {SSD||spinningDisk}.  Many popular Linux distributions can be found here: Distrowatch *nix OSes

One interesting thing about one particular OS, where it has not changed much with its installation system. With its archaic menu installation driven steps and disk naming nomenclature, installing this particular OS is more or less climbing mount Everest.

Success in installing this the first try came in far and wide; second try, a long shot; third, so close......; fourth SUCCESS ! With all its ugliness,  we believed this OS is truly designed and made for certain types of hardware in mind.

By default, Solaris 10 is built with low maintenance, stability, long uptime in mind. Installation Solaris 10 or Solaris 11.3 on a typical desktop machine defeat its designed purpose. This OS should really be installed on one of the Sun SunFire server 4U servers.  If you are lucky enough to overcome all of the installation steps with the OS up and running. Congrats !

One issue could arise if networking is not chosen properly. There was one incident where DNS was not selected during an installation process and we found ourselves scratching our head as to the reason why 'ping yahoo.com' doesn't work. We then cooked coffee and decided to check a few files, if they existed after this installation process. Luckily, /etc/resolv.conf was missing.  We then added the following:

domain YOURDOMAIN

search YOURDOMAIN

nameserver DNSSERVER1

nameserver DNSSERVER2

we then tried one last time to 'ping yahoo.com', still no luck. Make sure that /etc/defaultrouter has your gateway IP address. With more head scratching, we then poked at nsswitch.conf, looked correct at first glance, yet feeling something which was missing there. With some quick browsing, we came across one line where it needed help.  Also, there was this one other nsswitch file called, nsswitch.dns in solaris 10, which we would need it to overwrite nsswitch.conf.

The line was missing the word 'dns' at the end of this line.

........

hosts files

........

should be

........

hosts files dns

then:

svcadm restart svc:/system/name-service-cache:default

ping yahoo.com

yahoo.com is alive.

Success !

If you wish to try to install this OS on your desktop, the ISO can be obtained from the following link along with some documentations on how to install Solaris.

download: Solaris 10 Solaris Installation Guide

 

On linux there are a few different favors of Java. there are atleast two that we are aware of. One from Oracle and a second from opensource community which is called OpenJDK. For some reason, we like to do this old fashion way. Therefore, we will install JDK from oracle.

As of this writing, there is this release of JDK 1.8.91 and 1.8.92.

  1. download the latest JDk from oracle:
    1. JDK 1.8.92/91
    2. download either the *.*.91 or *.*.92 edition
    3. save it somewhere on your machine
    4. its weird how we do this but other software are doing this as well so we are following them.
    5. sudo cp jdk-8u92-linux-x64.tar.gz /opt
    6. cd /opt
    7. sudo tar xzvf jdk-8u92-linux-x64.tar.gz
    8. sudo chown -R root:root jdk1.8.0_92/
      1. you can make it own by your username which is fine too, root should be ok, otherwise,
      2. sudo chown -R yourusername:yourusername jdk1.8.0_92/
    9. cd /usr/bin
    10. sudo ln -s /opt/jdk1.8.0_92/bin/java java
    11. sudo ln -s /opt/jdk1.8.0_92/bin/javac javac
    12. DONE !