Last active
November 2, 2021 02:16
-
-
Save AbrarJahin/d5456827e04e7cc247da1ab643f488eb to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Update your CentOS system- | |
| ========================== | |
| sudo yum install epel-release -y && sudo yum update kernel -y && sudo yum update -y && sudo yum upgrade -y && sudo yum install nano net-tools git wget -y && sudo reboot -h now | |
| Ading a User with sudo access- | |
| ============================== | |
| adduser [username] && usermod -aG wheel [username] && passwd [username] && exit | |
| ------------------------------- | |
| Install- | |
| ======== | |
| Install java and a dedicated user for tomcat- | |
| sudo yum install -y java-1.8.0-openjdk.x86_64 && sudo groupadd tomcat && sudo mkdir /opt/tomcat && sudo useradd -s /bin/nologin -g tomcat -d /opt/tomcat tomcat && cd ~ && java -version | |
| wget https://www-us.apache.org/dist/tomcat/tomcat-9/v9.0.24/bin/apache-tomcat-9.0.24.tar.gz | |
| sudo tar -zxvf apache-tomcat-9.0.24.tar.gz -C /opt/tomcat --strip-components=1 && rm -rf apache-tomcat-9.0.24.tar.gz | |
| sudo ln -sfn /opt/tomcat/apache-tomcat-9.0.24 /opt/tomcat && sudo chown -R tomcat: /opt/tomcat && sudo sh -c 'chmod +x /opt/tomcat/bin/*.sh' | |
| Create a systemd unit file for making Tomcat a service- | |
| ======================================================= | |
| sudo nano /etc/systemd/system/tomcat.service | |
| And paste this contents- | |
| -------------------- | |
| [Unit] | |
| Description=Tomcat 9 servlet container | |
| After=network.target | |
| [Service] | |
| Type=forking | |
| User=tomcat | |
| Group=tomcat | |
| Environment="JAVA_HOME=/usr/lib/jvm/jre" | |
| Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom" | |
| Environment="CATALINA_BASE=/opt/tomcat" | |
| Environment="CATALINA_HOME=/opt/tomcat" | |
| Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid" | |
| Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC" | |
| ExecStart=/opt/tomcat/bin/startup.sh | |
| ExecStop=/opt/tomcat/bin/shutdown.sh | |
| [Install] | |
| WantedBy=multi-user.target | |
| -------------------- | |
| Then restart all services and start our tomcat service- | |
| sudo systemctl daemon-reload && sudo systemctl enable tomcat && sudo systemctl start tomcat && sudo systemctl status tomcat | |
| Then update firewall for adding the tcp port for tomcat- | |
| sudo firewall-cmd --zone=public --permanent --add-port=8080/tcp && sudo firewall-cmd --reload | |
| Then config tomcat- | |
| =================== | |
| Setup Web user- | |
| sudo nano /opt/tomcat/conf/tomcat-users.xml | |
| To add a new user who will be able to access the tomcat web interface (manager-gui and admin-gui) we need to define the user in tomcat-users.xml file as shown below. Make sure you change the username and password to something more secure: | |
| ------------------------------------------ | |
| <tomcat-users> | |
| <!-- | |
| Comments - Change admin user name and password | |
| --> | |
| <role rolename="admin-gui"/> | |
| <role rolename="manager-gui"/> | |
| <user username="admin" password="admin_password" roles="admin-gui,manager-gui"/> | |
| </tomcat-users> | |
| ------------------------------------------ | |
| By default only can be accessed from localhost only with this address- http://<your_domain_or_IP_address>:8080 | |
| ***************************************************************************** | |
| If you need to access the web interface from anywhere open the following files and comment or remove the lines inside the comments: | |
| sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml | |
| ------------------------------- | |
| <Context antiResourceLocking="false" privileged="true" > | |
| <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> | |
| </Context> | |
| ------------------------------- | |
| sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml | |
| ------------------------------- | |
| <Context antiResourceLocking="false" privileged="true" > | |
| <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> | |
| </Context> | |
| ------------------------------- | |
| ******************************************************************************* | |
| Or, | |
| ******************************************************************************* | |
| If you need to access the web interface only from a specific IP, instead of commenting the blocks add your public IP to the list. Let’s say your public IP is 41.41.41.41 and you want to allow access only from that IP: | |
| sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml | |
| -------------------------------- | |
| <Context antiResourceLocking="false" privileged="true" > | |
| <Valve className="org.apache.catalina.valves.RemoteAddrValve" | |
| allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|41.41.41.41" /> | |
| </Context> | |
| -------------------------------- | |
| sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml | |
| -------------------------------- | |
| <Context antiResourceLocking="false" privileged="true" > | |
| <Valve className="org.apache.catalina.valves.RemoteAddrValve" | |
| allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|41.41.41.41" /> | |
| </Context> | |
| -------------------------------- | |
| Then, config logs- | |
| sudo nano /opt/tomcat/conf/server.xml | |
| -------------------------------- | |
| <Valve className="org.apache.catalina.valves.AccessLogValve" | |
| directory="/opt/tomcat/logs" prefix="localhost_access_log." suffix=".txt" | |
| pattern="common"/> | |
| -------------------------------- | |
| ******************************************************************************* | |
| After config, restart the server- sudo systemctl restart tomcat && sudo systemctl status tomcat | |
| ________________________________________________________________________________________________________________________________________________________________________________________________________________________ | |
| Details are given in here- https://linuxize.com/post/how-to-install-tomcat-9-on-centos-7/ | |
| Install PostGRE- | |
| ================ | |
| sudo yum install -y postgresql-server postgresql-contrib && sudo postgresql-setup initdb && sudo systemctl start postgresql && sudo systemctl enable postgresql && sudo passwd postgres | |
| Update PstGRE- | |
| -------------- | |
| su - postgres | |
| If not working, then run this command - `su --shell /bin/bash postgres` and then run previous command again | |
| Switch to PostGRE- | |
| ------------------ | |
| psql postgres | |
| Configure PostGRE can be found in here- https://www.linode.com/docs/databases/postgresql/how-to-install-postgresql-relational-databases-on-centos-7/#configure-postgresql | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It is advisable to set the systemd dependencies properly in the After setting. In this case, it is ensured Tomcat is started after postgres, and stopped before.
tomcat.service: