ubuntu 12.04 server guide.pdf (1.33 mb)

Re: Several hosts within one tomcat / catch-all problem 2010-11-21 20:08

Hi Konstantin,
>BTW, you can put those names in an external file and use it in the
>server.xml as an XML entity. Like the example in
>http://wiki.apache.org/tomcat/FAQ/Password
Inspired by this thread and having a similar issue in maintaining virtual host aliases I edited my server.xml as follows:
I added this before the <Server>.
<!DOCTYPE aliases-xml [
<!ENTITY aliases SYSTEM "/path/to/network/storage/aliases.txt">
]>
I moved my <Alias> tags to /path/to/network/storage/aliases.txt, substituting &aliases;
This works very well. Thanks!
>and use JMX or call mapper.addHostAlias(..) directly to add aliases
>programmatically at runtime. (though there is no guarantee that the
>Mapper API does not change between Tomcat minor releases).
I investigated what an implementation of this might look like at a higher level. In looking through the Tomcat interfaces it looks like this is similar to the notion of automatically creating Context for users with a UserConfig listener.
It would be an AliasConfig class extending HostConfig.
<Listener className="my.web.server.listener.package.AliasConfig" aliases="/path/to/alias/file"/>
Then in the start event function it is as simple as "host.addAlias(subDomainName);" for each alias found in the aliases file.
Does this make sense?
Regards,
Dave

Tomcat and Apache Setup

My example at bottom…

Most Tomcat configurations are a Apache/Tomcat setup, Apache serving up the static content and then passing any JSP to Tomcat to process. Tomcat can be integrated with Apache by using the JK Connector. The JK Connector uses the Apache JSserv Protocol (AJP) for communications between Tomcat and Apache.

The AJP Connector

The AJP protocol is used for communication between Tomcat and Apache, the software modules used on Apache are mod_jk or mod_proxy. Both are native code extension modules written in C/C++, on the Tomcat side the software module is the AJP Connector written in Java.

The below diagram shows how the native code Apache module (mod_jk or mod_proxy) works with Tomcat. Apache will receive the incoming JSP or servlet request and using the Apache module will pass this request via the AJP protocol to Tomcat, the response will also be sent back to the Apache server via the AJP protocol.

The Apache JServ Protocol (AJP) uses a binary format for transmitting data between the Web server and Tomcat, a network socket is used for all communication. The AJP packet consist of a packet header and a payload, below is the structure of the packet

As you can see, the binary packet starts with the sequence 0X1234, this is followed by the packet size (2 bytes) and then the actual payload. On the return path the packets are prefixed by AB (the ASCII codes for A and B), the size of the packet and then the payload.

The major feature of this protocol are

• Good performance on fast networks
• Support for SSL, encryption and client certificate
• Support of clustering by forwarding requests to multiple Tomcat 6 servers

One of the ways the AJP protocol reduces latency is by making the Web server reuse already open TCP-level connections with Tomcat. This saves the overhead of opening a new socket connections for each request, its a bit like a connection pool.

The configuration of a AJP Connector is below

Tomcat Workers

A worker represents a running instance of Tomcat, a worker serves the requests for all dynamic web components. However you can run multiple instances of Tomcat in a cluster to implement load balancing or site partitioning. Each worker is identified by a unique hostname or a unique IP address and port number. You may what to implement multiple workers for the following reasons

• When you want different Web application contexts to be served by different Tomcat workers
• When you want different virtual hosts to be served by different Tomcat workers
• When you want to service more requests than the capacity of a single physical server

To let Apache know where the Tomcat servers are a file called workers.properties is created detailing this information. I describe this file next

There are a number of Apache directives that you can configure in the httpd.conf file

Configuring SSL for Apache

SSL provides a secure connection between Tomcat and Apache, the steps involved in getting this working are

• Install OpenSSL on your server
• Check that Apache has mod_ssl support
• Get or generate a SSL certificate and install it into Apache
• Test the SSL-enabled Apache-Tomcat setup

To make sure that you have openssl installed and the mod_ssl modules installed in Apache run the following

If any of these are not installed then I recommend you download the latest version and install as per the Installation guides.

There are a number of steps to generate a test certificate using OpenSSL

• Create the configuration file for generating the certificate
• Create a certificate signing request, this is what you send to the CA if you are buying a certificate
• Remove the passphrase from the private key
• Purchase a certificate from a CA or create a self-signed certificate
• Install the key and certificate to the Apache server

Below are the steps to creating your own cert

To setup the mod_ssl in Apache you need to perform the following in Apache httpd.conf file

Once all the above is completed you can now point your browser to the Apache server, hopefully the browser will pop up with a security alert (because of the self-signed certificate).

The only change to make the Apache-Tomcat setup is to change the <VirtualHost> attribute

Load Balancing

I will be discussing Tomcat clustering in a later topic will describes a more detailed viewing of load balancing and persistent sessions with-in-memory session replication but for this section I will discuss a basic load balancing solution.

The mod_proxy module can also be used for load balancing but will not be discussed here, the mod_jk module sup[ports load balancing with seamless sessions, it uses a simple round-robin algorithm. Each Tomcat worker is weighted in the worker.properties file which specifies how the request load is distributed between workers.

A seamless session is also known as session affinity or a sticky session. When a request is made any of the Tomcat instances is used, but any subsequent request will be routed to the same Tomcat instance. to keep the same user session.

The following steps are required to set up load balancing in Tomcat

• Change the CATALINA_HOME in the Tomcat startup files to point to different locations for each of the Tomcat instances
• Set different AJP Connector ports for the instances
• Disable the Coyote HTTP/1.1 Connector
• set the jvmroute in the Standalone Engine
• Configure the Tomcat worker in the workers.properties file.

One assumption I will be making here is that all the Tomcat instances will be running on the same server

The first step is to change the CATALINA_HOME variable in each of the startup.bat (Windows) or startup.sh (Unix) instances

Now in each Tomcat instance we must set a different AJP Connector port number (server.xml)

To avoid startup/shutdown port conflicts we must change each Tomcats worker server port (server.xml)

Because all the Tomcat instances will be running in conjunction with the load-balancer worker, it's possible that someone could directly access any of the available workers vioa the default HTTP Connector, by passing the load-balancer path. To avoid this comment out the HTTP Connector configuration of all the Tomcat instances (server.xml)

An important step for load balancing is specifying the jvmRoute. The jvmRoute is an attribute of Engine directive that acts as an identifier for that particular Tomcat worker. The attribute must be unique across all Tomcat instances, this unique ID is used in the workers.properties file for identifying each Tomcat worker (server.xml).

You will also need to comment out the Catalina Engine directive (server.xml)

In Apache's httpd.,conf file you need to add some load balancing directives, also make sure you have the module mod_jk loaded

The last thing is to create the workers property file, i have already discuss this file above.

To test the load balancer and sticky sessions use the below JSP page (one for each instance), just place it in the webapps/examples/jsp directory.

Use the below URL's for testing, etc. Don't forget to play around with the lbfactor on each Tomcat instance to see what affect it has.

==============================================

Don't forget to set your jvmRoute on each instance of TomCat within the server.xml

<Engine name="Catalina" defaultHost="localhost">–>
<Engine name="Catalina" defaultHost="localhost" jvmRoute="tc8xx">

==============================================

My Example located: vi /etc/libapache2-mod-jk/workers.properties

==============================================

# The workers that your plugins should create and work with
#
#worker.list=loadbalancer,status
#worker.list=loadbal1,stat1
worker.list=lb_tc8xx,lb_tc81x,stat1

#
#—— ajp13_worker WORKER DEFINITION ——————————
#———————————————————————
#

#
# Defining a worker named ajp13_worker and of type ajp13
# Note that the name and the type do not have to match.
#
worker.tc811.host=192.168.1.81
worker.tc811.port=8113
worker.tc811.type=ajp13

worker.tc812.host=192.168.1.81
worker.tc812.port=8123
worker.tc812.type=ajp13

worker.tc821.host=192.168.1.82
worker.tc821.port=8213
worker.tc821.type=ajp13

worker.tc822.host=192.168.1.82
worker.tc822.port=8223
worker.tc822.type=ajp13

#
# Specifies the load balance factor when used with
# a load balancing worker.
# Note:
# —-> lbfactor must be > 0
# —-> Low lbfactor means less work done by the worker.
worker.tc811.lbfactor=1
worker.tc812.lbfactor=1
worker.tc821.lbfactor=1
worker.tc822.lbfactor=1
#
# Specify the size of the open connection cache.
#worker.ajp13_worker.cachesize

#
#—— DEFAULT LOAD BALANCER WORKER DEFINITION ———————-
#———————————————————————
#

#
# The loadbalancer (type lb) workers perform wighted round-robin
# load balancing with sticky sessions.
# Note:
# —-> If a worker dies, the load balancer will check its state
# once in a while. Until then all work is redirected to peer
# workers.
# workers.

#Method — can be set to R (Requests), T (Traffic), B (Busy-ness)
# R = The worker to use is based on the number of requests forwarded
# T = The worker to use is based on the traffic that had been sent to the workers
# B = The worker to use is based on the load dividing the number of concurrent requests by the load factor

#setup the load-balancer
worker.lb_tc8xx.type=lb
worker.lb_tc8xx.method=R
worker.lb_tc8xx.balance_workers=tc811,tc812,tc821,tc822
worker.lb_tc8xx.sticky_session=True
###(This will generate a 500 instead of rerouting to a new server)
#worker.loadbalancer.sticky_session_force=True

worker.lb_tc81x.type=lb
worker.lb_tc81x.method=R
worker.lb_tc81x.balance_workers=tc811,tc812
worker.lb_tc81x.sticky_session=True
###(This will generate a 500 instead of rerouting to a new server)
#worker.loadbalancer.sticky_session_force=True

# Status worker for managing load balancer
worker.stat1.type=status

Tomcat changes:

You should be able to visit http://yourip:8080/manager/html and the below:

• http://192.168.1.81:8100/
• http://192.168.1.81:8110/
• http://192.168.1.81:8120/
• http://192.168.1.82:8200/
• http://192.168.1.82:8210/
• http://192.168.1.82:8220/

Deploy your tomcat application sample.war (433.79 kb) using the manager.

Note down the deployed application name (sample).

Edit /etc/tomcat7inst/8xx/conf/server.xml with following lines AFTER the ending </Host> tag, and BEFORE the ending </Engine> tag, insert the following:

Find the following in the same file (server.xml) and uncomment by removing <!– and –>
< !–
<Connector port=”8009″ protocol=”AJP/1.3″ redirectPort=”8443″ />
–>

<Connector port="8xx8" protocol="AJP/1.3" redirectPort="8443" />

Edit /etc/tomcat7inst/880/bin/startup.sh

export JAVA_OPTS="
-Dcom.qbw.instance=880
-Xms1g -Xmx1g -XX:MaxPermSize=128m
-Djava.rmi.server.hostname=192.168.1.186
"

Issue following the following command to activate the tomcat virtual host settings:

/etc/init.d/tomcat8xx stop

/etc/init.d/tomcat8xx start

Apache2 changes with load balancer:

Install the modjk module using following commad:

apt-get install libapache2-mod-jk

Files created:

• /etc/libapache2-mod-jk/workers.properties
• /var/log/apache2/mod_jk.log
• /var/log/apache2/jk-runtime-status

Edit /etc/libapache2-mod-jk/workers.properties

Create a apache2 virtualhost for eg. sample.com.conf with following contents on it.

<VirtualHost sample.com:80>
ServerName sample.com
ServerAlias sample.com

DocumentRoot /var/lib/tomcat6/webapps/appname/
<Directory /var/lib/tomcat6/webapps/appname/>
Options FollowSymLinks Indexes
AllowOverride None
</Directory>
JkMount /* ajp13_worker
</VirtualHost>

Save conf file

Enable site:

cd /etc/apache2/sites-available

a2ensite sample.com.conf

Restart apache2 with following command /etc/init.d/apache2 restart

Update your hosts file to point sample.com to ip 192.168.1.186 (apache server ip)

Figures crossed. If every is followed as specified, the tomcat webapp deployed as appname shall be visible in your browser as simple apache2 page such as http://abc.com as opposed to http://abc.com:8080

Benefit: From now on, we just need to deploy the tomcat application and finally apache2 virtualhost creation followed by a restart to activate the new settings.

# sudo vi /etc/init/control-alt-delete.conf

Output

# control-alt-delete - emergency keypress handling## This task is run whenever the Control-Alt-Delete key combination is# pressed, and performs a safe reboot of the machine.description     "emergency keypress handling"author          "Scott James Remnant "start on control-alt-deletetaskexec shutdown -r now "Control-Alt-Delete pressed"

Change the following line

exec shutdown -r now "Control-Alt-Delete pressed"

To

#exec shutdown -r now "Control-Alt-Delete pressed"

Ubuntu SFTP-Only Account How-to

sudo addgroup sftponly

sudo useradd -d /home/raq3785/bandrplus.com -s /usr/lib/sftp-server -M -N -g sftponly raq3785

sudo passwd raq3785

sudo adduser raq3785 sftponly

sudo chmod 755 /home/raq3785
sudo chmod 755 /home/raq3785/bandrplus.com

cd /home/raq3785/.ssh
cat raq3785.pub >> authorized_keys
chmod 700 authorized_keys
chown raq3785:sftponly authorized_keys
rm -r raq3785.pub

/usr/lib/sftp-server

Subsystem sftp internal-sftp

sudo /etc/init.d/ssh restart 

Should you run in any problems, check /var/log/syslog and /var/log/auth.log for details. Runssh or sftp with the -vvv option for debugging messages. For sftp, the option must appear before the host as in sftp -vvv user@host.

=======================================================================

For extra security, restrict the users who can login. If you forget to add SFTP users to the sftp group, you give them free shell access. Not a nice scenario. Because SSH cannot combine AllowUsers andAllowGroups (a login has to fulfill both rules), you've to create an additional group, say ssh-users. Add the users who are allowed to login (youruser below) over SSH:

sudo groupadd ssh-users
sudo usermod -a -G ssh-users youruser

And add the next line to sudo vi /etc/ssh/sshd_config

AllowGroups ssh-users sftponly

Now proceed with modifying the permissions of the users home directory to allow for chrooting (example user raq3785):

sudo chown root:sftponly /home/raq3785
sudo chmod 755 /home/raq3785

sudo chmod 755 /home/raq3785/bandrplus.com

Create a directory in which raq3785 is free to put any files in it:

sudo mkdir /home/raq3785/bandrplus.com

sudo chown raq3785: /home/raq3785/bandrplus.com

sudo chmod 755 /home/raq3785/bandrplus.com

==============================================================

==============================================================

==============================================================

### cd /home/apache/http

### ln -s /home/raq3785/bandrplus.com/ /home/apache/http/bandrplus.com

### ls -l | grep bandrplus.com
lrwxrwxrwx 1 root root 28 Feb 4 13:53 bandrplus.com -> /home/raq3785/bandrplus.com/

chown -R apache:apache /home/apache/http/bandrplus.com

chown apache:apache /home/apache/http/bandrplus.com
ln -s /home/raq3785/bandrplus.com/* /home/apache/http/bandrplus.com

— =======================================================
— =======================================================
— =======================================================
Expected results for user::::

### ls -l / | grep home
drwxr-xr-x 6 root root 4096 Feb 4 13:10 home

### ls -l /home | grep raq3785
drwxr-xr-x 4 root sftponly 4096 Feb 4 13:34 raq3785


### ls -l /home/raq3785/
total 8
drwxr-xr-x 2 raq3785 sftponly 4096 Feb 4 13:36 bandrplus.com
drwxr-xr-x 4 raq3785 sftponly 4096 Feb 4 13:27 www

### sudo cat /etc/group | grep sftp
sftponly:x:1002:apache,root,raq3785
sftpguy:x:1004:

### sudo cat /etc/passwd | grep raq3785
raq3785:x:1002:1002::/bandrplus.com:/usr/lib/sftp-server

— =======================================================

sudo service ssh start
sudo service ssh restart
sudo service ssh stop

— =======================================================

http://www.smithvoice.com/apache-logging-access-and-errors

Build ASP.NET/Mono Applications with mod_mono and Apache on Ubuntu 12.04

Published: Thursday, August 5th, 2010 by Brett Kaplan

mod_mono is an Apache module that makes it possible to run ASP.NET applications in Linux environments running Apache. While ASP.NET is a Microsoft technology and is traditionally used with IIS, mod_monohas become a viable option for deploying ASP.NET applications on Linux. This guide is largely based on the mod_mono guide from the Ubuntu Community and theMono Project's Apache and Mono documentwith minor modifications. This guide does not cover installation and configuration of the Mono IDE which is used to develop ASP.NET applications on Linux. If you are interested in developing using Visual Studio for Mono, you can download a 30-day trial of the commercial Mono Tools plugin at the Mono Tools for Visual Studio page.

This guide assumes that you've followed the steps outlined in ourgetting started guide. You will install theApache web serverwith very minimal configuration. If you already have Apache installed and configured, you may omit these steps; however, if you have not installed Apache and are unfamiliar with this server read the installation guide for additional documentation. Additionally,mod_mono is incompatible with the integrated PHP interpreter described in other guides. If you need to have both mod_mono and PHP running on the same Apache server you will need to run PHP scripts using the CGI method

Contents

• Install Required Software
  • Enable Universe Repositories
  • Install Apache
  • Install mod_mono
  • Configure Apache
• More Information

Enable Universe Repositories

Before installing mod_mono we must ensure that the universerepositories are enabled on your system. Your/etc/apt/sources.list should resemble the following (you may have to uncomment or add the universe lines):

File: sudo vi /etc/apt/sources.list

If you had to enable new repositories, issue the following command to update your package lists:

Install Apache

If you already have Apache installed and configured, you can safely skip this section of the guide. Install Apache by running the following command:

As mentioned earlier, you will need to go to the installation guide if you wish to configure your server beyond the default configuration.

Install mod_mono

The Apache daemon must be stopped before mod_mono is installed. Issue the following command to stop the apache process:

At this point we're able to install the required packages for mod_mono. Run the following command:

While installing, you will see a prompt that looks like the following:

Accept the default option at this point. When the installation process completes start Apache with the following command:

sudo vi /etc/apache2/apache2.conf

ErrorLog /srv/www-logs/apache2.error.log

sudo mkdir -p /srv/www-logs

sudo mkdir -p /srv/www

sudo useradd -d /home/apache -m apache

sudo passwd apache

sudo mkdir /home/apache/.mono

sudo chown root:apache /home/apache/.mono

sudo chmod 0774 /home/apache/.mono

sudo chown root:apache /srv/www-logs/

sudo chmod 0774 /srv/www-logs/

sudo chown -R apache /srv/www/

sudo chgrp -R apache /srv/www/

sudo chmod -R 0774 /srv/www/

sudo vi /etc/apache2/envvars

export APACHE_RUN_USER= apache
export APACHE_RUN_GROUP= apache

Configure Apache

We recommend using name-based virtual hosts for web hosting. Refer to the Apache documentation for setting up Name-based virtual hosts.

Recent versions of mod_mono utilize the AutoHosting method of application deployment. This allows non-privileged users to deploy new applications without modifying Apache configuration files. While this provides great flexibility, it may also present a security risk. As a result, mod_mono must be enabled on a per-virtual host basis.

For the sake of this guide, we're going to create a site on the root of our example domain, example.org. If you already have an Apache configuration for the root of your site, you will need to modify your existing virtual host file or create a new one on a subdomain of your site. Create the virtual host file, taking the following example virtual host configuration and modifying it to suit your needs. You may also use the Mod_Mono Configuration Generator to generate your own custom configuration.

File excerpt:/etc/apache2/sites-available/example.org

Save and close the file, and create the directories referenced in theDocumentRoot and ErrorLog directive:

Enable the site by running the a2ensite command:

FileZilla Copy all files/directorys E:\WebSites\.NET WWW\* /home/apache/www

sudo mv /home/apache/www/*.com /etc/apache2/sites-available/

sudo mv /home/apache/www/*.Web /etc/apache2/sites-available/

sudo mv /home/apache/www/*.org /etc/apache2/sites-available/

sudo chown root:root /etc/apache2/sites-available/*

sudo mv /home/apache/www/complete/* /srv/www/

sudo –rf rm /home/apache/www/

sudo /etc/apache2/sites-available

sudo a2ensite AJ.QBytesWorld.com

sudo a2ensite Ashleigh.QBytesWorld.com

sudo a2ensite BlogEngine.Web

sudo a2ensite Gaming.BlogEngine.Web

sudo a2ensite Java.Qbytesworld.com

Agile.QBytesWorld.com

Ajax.QBytesWorld.com

QbytesWorld.com

QbytesWorld.DynDns.info

QbytesWorld.info

TFSBasicTraining.QBytesWorld.com

_bandrplus.com

sudo chown -R apache /srv/www/

sudo chgrp -R apache /srv/www/

sudo chmod -R 0774 /srv/www/

Since we have modified the virtual host configuration, Apache must be reloaded:

If you still see the default "It works!" Apache installation page, you may need to disable the default site. Run the following command if this is an issue for you:

Note: Should you restart Apache in the future, you will see an error that will look similar to this:

You can safely ignore this warning, as it won't affect deployment using the methods explained in this guide.

Ubuntu Linux: add a new user to secondary group

Use the following syntax:

useradd -G Group-name Username

passwd Username

Create a group called foo and add user tom to a secondary group called foo:
$ sudo groupadd foo
$ sudo useradd -G foo tom
OR
# groupadd foo
# useradd -G foo tom
Verify new settings:

id tom

groups tom

Finally, set the password for tom user, enter:
$ sudo passwd tom
OR
# passwd tom
You can add user tom to multiple groups – foo, bar, and ftp, enter:
# useradd -G foo,bar,ftp top

useradd -d /home/apache -m apache

passwd apache

mkdir /home/apache/.mono

chown root:apache /home/apache/.mono

chmod 0774 /home/apache/.mono

chown root:apache /srv/www-logs/

chmod 0774 /srv/www-logs/

groupadd apache

useradd –g apache apache

sudo chown -R apache /srv/www/

sudo chgrp -R apache /srv/www/

sudo chmod -R 0774 /srv/www/

#########################################################

### Configure the rights to YourFolder ### (optional***)

cd /srv/www/YourFolder

sudo chown -R root:www-data .

sudo chmod -R 774 .

sudo usermod -a -G www-data <yourusername>

#########################################################

cat /etc/apache2/envvars

change ENVARS user and group:

vi /etc/apache2/envvars

export APACHE_RUN_USER= apache
export APACHE_RUN_GROUP= apache

sudo /etc/init.d/apache2 stop

rm -rf /tmp/.wapi/

sudo rm -rf /tmp/*

sudo rm -rf /srv/www-logs/*

sudo /etc/init.d/apache2 start

sudo /etc/init.d/apache2 stop

sudo chmod -R 0777 /srv/

sudo chown -R www-data /srv/

sudo chgrp -R www-data /srv/

sudo rm -rf /tmp/*

sudo rm -rf /srv/www-logs/*

sudo /etc/init.d/apache2 start

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

• Mono Project – Homepage
• Mono Project – Autohosting Documentation
• Mod_Mono Configuration Generator
• ModMono – Ubuntu Community Documentation

Download here.

Installed Ubuntu Server 12.04

• openSSH, if not from Install click here.

Disable CTL-ALT-DEL

• here.

HostName and TimeZone

• Setup.
  

Apply Patches

Audit/Log user activity.

• here

Disks and mounts.

• Mount and Format disk…here.
• NFS – NetWork File Share, (Linux/UNIX only).
  • Server here.
  • Client here.
  • Issues here.
    
• Samba File Share, (If windows needs access, click here).

Backup Jobs.

• Job here.

• $ sudo apt-get install nmon –> here.
• $ sudo apt-get install htop –> here.
• Install sensors for monitoring –>here.
• Xosview –> here.

Ability to Search for packages

• sudo apt-get install aptitude
• sudo aptitude search <package part>

Application Setup

• Java setup here.
• WebMin here and info here.
• VirtualBox
  • VBoxHeadless setup here.
  • VBoxHeadless remote web manage here.
• Apache2
  • w/ Mono here.
  • Restore mono apps here.
  • w/ SSL setup here.
  • Connect using Mod JK AJP-Connector.
  • LoadBalancer connection here.
  • Host HTML pages with QBW-FrontPage here.
  • Mass HOSTS with mod_rewrite here (Catch ALL??).
  • Resolve apache2: Could not reliably determine the server's fully qualified domain name here.
• Tomcat
  • Tomcat Multi instance apt-get config here.
  • Tomcat Multi instance manual config here.
  • Connect with JMX here.
  • https://java.qbytesworld.com/post/Tomcat-and-Apache-Setup-With-LB.aspx

• MySQL
  • Setup here.
  • Setup here.
  • Tools here.
  • Backup here.

• Hudson setup here or as a service here.
• Artifactory setup here.
• Subersion setup here.

Secure the server:

http://library.linode.com/securing-your-server

High availability Ubuntu servers

FTP

SSH should work for most needs (Filezilla), but if FTP is needed

• SFTP over SSH here.
  
• FTP Server here.

CRONTAB

• Setup backups here.
• Clean scripts
• etc….

Startup/Shutdown script

• How to setup here.
  

Update and Patch

• How to update and patch here.
  

http://www.serveridol.com/2011/03/18/how-do-i-host-java-application-using-apache-ajp-connector/

=============================================

Here I’m going to host a java application on my development server which had capable of hosting php/rails sites.

For hosting a Java application, You may complete the following steps.

Packages required

1.mod_jk apache module <
2. Tomcat 6.0.29
3. JDK 1.6.0_14
4. Apache 2.2.3

1. Install mod_jk

Download the the mod_jk built for your Apache version from here http://download.filehat.com/apache//tomcat/tomcat-connectors/jk/binaries/linux/ and copy it to /usr/lib/httpd/modules/ and rename it to mod_jk.so
[root@rc-040 conf]# ls -la /usr/lib/httpd/modules/mod_jk.so
-rw-r–r– 1 root root 416473 Nov 1 10:12 /usr/lib/httpd/modules/mod_jk.so
Now I’m going to create a jk.conf file and workers.properties in “/etc/httpd/conf.d”

#vi /etc/httpd/conf.d/jk.conf

LoadModule jk_module /usr/lib/httpd/modules/mod_jk.so
JkWorkersFile /etc/httpd/conf.d/workers.properties
JkShmFile /var/log/httpd/mod_jk.shm
JkLogFile /var/log/httpd/mod_jk.log
JkLogLevel info
JkLogStampFormat “[%a %b %d %H:%M:%S %Y] ”

#vi /etc/httpd/conf.d/workers.properties

# service httpd restart

2. Install Java and Apache Tomcat
I installed Java in ” /usr/java” and tomcat in “/usr/local” and set a permanent environment variable for JAVA_HOME and CATALINA_HOME by copying following variables in s script. My java.sh having
a. Setting up Java variables

# vi /etc/profile.d/java.sh

# cp java.sh /etc/profile.d/
# source /etc/profile.d/java.sh
[root@rc-040 public_html]# echo $JAVA_HOME $CATALINA_HOME
/usr/java/jdk1.6.0_14 /usr/local/apache-tomcat-6.0.29

Perfect !

b. Configuring Tomcat

Ajp connector will enabled by default in Tomcat which running on the port 8009 ( check the server.xml file). Ensure that follwoing lines are commented out.

Now you need to Add virtual Host entry in Tomcat server.xml file. Open “/usr/local/apache-tomcat-6.0.29/conf/server.xml” and find the line starts with <Engine name=”Catalina” . Add the following entry after this line and restart the tomcat.

<Engine name=”Catalina” defaultHost=”localhost”>
<Host name=”dplpool.rainconcert.in” appBase=”/home/dplpool/public_html”
autoDeploy=”true” unpackWARs=”true”
xmlValidation=”false” xmlNamespaceAware=”false” >
<Alias>selfcare.rainconcert.in</Alias>
< Context path=”/newapp” docBase=”.”/>
< /Host>

Here are the description of each parameter given,

1. name : Your domain name
2. appBase : Where .war file to be placed (it would be a ftp location in most cases)
3. autoDeploy : This is ideal for development purpose and must be set to “false” in Prod enviorment
4. unpackWAR : Tomcat is exploded the war if it is set to true file by looking for if any class file changes in “WEB-INF” folder
5. Alias : Domain alias, can added any number of domains to use the same hosting space
6. Context path : Like location alias in Apache. Suppose if you want to access the images over the http://domain.tld/images, you need to set in this virtual host

3. Apache Configuration.
I have placed a virtualhost config. file (javapp.conf” under “/etc/httpd/conf.d” having the following content.

< VirtualHost *:80>
ServerName domain.tld
ServerAlias www.domain.tld
DocumentRoot /home/dplpool/public_html
DirectoryIndex index.html
Alias / /home/dplpool/public_html
ErrorLog logs/myapp-javahost.log
JkMount /*.jsp worker1
JkMount /* worker1

</VirtualHost>

NB: You need to usr the exact identical hostname in Apache virtualhost and Tomcat virtual host. Otherwise AJP connector can’t identify the workers which JkMount being looked for.

Restart Apache and Tomcat

Testing new hosting,

You can download the sample java application provided by the Apache project. Download this file http://tomcat.apache.org/tomcat-7.0-doc/appdev/sample/sample.war and rename it to ROOT.war. Then upload it to “/home/domain/public_html”. You will see the site at http://domain.tld