1. Launch new instance
2. sudo su
3. apt-get update
4. sudo apt-get install tomcat6 (refer: https://help.ubuntu.com/9.10/serverguide/C/tomcat.html)
5. http://www.ex-parrot.com/pete/tomcat-vhost.html
http://thelowedown.wordpress.com/2010/08/17/tomcat-6-binding-to-a-privileged-port-on-debianubuntu/
Running Tomcat on a privileged port used to be as simple as modifying the connector in Tomcat’s server.xml file. However, that meant running Tomcat as root — leaving open the possibility of privilege escalation and system compromise should exploitable vulnerabilities exist. As of Tomcat 6.0.24, the Debian/Ubuntu package includes some changes in the way Tomcat starts, including how it binds to privileged ports.
The installation of the tomcat6 package also creates the tomcat6 user and group. The user runs tomcat, and both the user and group own portions of the CATALINA_BASE directory tree. This is an unprivileged user, and so it cannot bind to privileged (aka well-known) ports. Many daemons start as root, bind to a privileged port and perform other setup work, then drop privileges and run as another user. Tomcat 6, however, now uses authbind(1) for this purpose. Authbind provides access control as follows, from the authbind(1) manpage:
So why does an attempt to start after having modified /etc/tomcat6/server.xml to start on TCP/80 fail with an error like the following?
**********************************************************************************
http://www.ex-parrot.com/pete/tomcat-vhost.html
This is a guide on setting up Tomcat to do virtual hosting and make it behave like a simple webserver with jsp and servlet support, for many different sites all hosted on the same IP address. The aim is to have a single directory for each virtual host, which can be manipulated individually without hassles from managing multiple .war files and other configuration difficulties.
To configure Tomcat for a virtual host, you need a <Host ..> directive in the server.xml file, and a ROOT.xml file in the conf/Catalina/$host directory. Here's the minimal setup required for a copy of Tomcat serving directly on Port 80, using no connectors or other configuration difficulties.
This was written for Tomcat 5 on linux, with Tomcat installed in /usr/local/tomcat
We start with the simplest configuration, of one website, called 'localhost' which keeps it's files in /usr/local/tomcat/webapps/localhost . We're not using any .war files here - all the files are placed straight into the directory.
2. sudo su
3. apt-get update
4. sudo apt-get install tomcat6 (refer: https://help.ubuntu.com/9.10/serverguide/C/tomcat.html)
5. http://www.ex-parrot.com/pete/tomcat-vhost.html
In case Links fail:
http://thelowedown.wordpress.com/2010/08/17/tomcat-6-binding-to-a-privileged-port-on-debianubuntu/
Running Tomcat on a privileged port used to be as simple as modifying the connector in Tomcat’s server.xml file. However, that meant running Tomcat as root — leaving open the possibility of privilege escalation and system compromise should exploitable vulnerabilities exist. As of Tomcat 6.0.24, the Debian/Ubuntu package includes some changes in the way Tomcat starts, including how it binds to privileged ports.
The installation of the tomcat6 package also creates the tomcat6 user and group. The user runs tomcat, and both the user and group own portions of the CATALINA_BASE directory tree. This is an unprivileged user, and so it cannot bind to privileged (aka well-known) ports. Many daemons start as root, bind to a privileged port and perform other setup work, then drop privileges and run as another user. Tomcat 6, however, now uses authbind(1) for this purpose. Authbind provides access control as follows, from the authbind(1) manpage:
Access to low numbered ports is controlled by permissions and contents of files in a configuration area, /etc/authbind.In our case, the tomcat6 package creates a small file in /etc/authbind/byuid named with the UID of the tomcat6 user, and containing the line:
Firstly, /etc/authbind/byport/port is tested. If this file is accessible for execution to the calling user, according to access(2), then binding to the port is authorised. If the file can be seen not to exist (the existence check returns ENOENT) then further tests will be used to find authorisation; otherwise, binding is not authorised, and the bind call will return with the errno value from the access(2) call, usually EACCES (Permission denied).
Secondly, if that test fails to resolve the matter, /etc/authbind/byaddr/addr:port is tested, in the same manner as above.
Thirdly, if the question is still unresolved, the file /etc/authbind/byuid/uid will be opened and read. If the file does not exist then the binding is not authorised and bind will return EPERM (Operation not permitted, or Not owner). If the file does exist it will be searched for a line of the form addr/length:min-port,max-port matching the request (ie, the initial length bits of addr match those in the proposed bind call, and the proposed port number lies is in the inclusive range specified. If such a line is found then the binding is authorised. Otherwise it is not, and bind will fail with ENOENT (No such file or directory).
0.0.0.0/32:1,1023This allows the tomcat6 user to bind to any IP address with any low-numbered port, TCP or UDP.
So why does an attempt to start after having modified /etc/tomcat6/server.xml to start on TCP/80 fail with an error like the following?
SEVERE: Error starting endpoint java.net.BindException: Permission denied <null>:80One piece is still missing! Authbind is not enabled by default. You will find the following section in the /etc/default/tomcat6 file:
# If you run Tomcat on port numbers that are all higher than 1023, then you # do not need authbind. It is used for binding Tomcat to lower port numbers. # NOTE: authbind works only with IPv4. Do not enable it when using IPv6. # (yes/no, default: no)
#AUTHBIND=noUncomment the last line, and change ‘no’ to ‘yes’ and tomcat6 will start as you expect! Kudos to the package maintainers for being security conscious, although I’ll admit finding all of the clues to make this work was a bit of a chore.
**********************************************************************************
http://www.ex-parrot.com/pete/tomcat-vhost.html
Virtual Hosting with Tomcat
For Conf -> I did the changes in /etc/tomcat6/This is a guide on setting up Tomcat to do virtual hosting and make it behave like a simple webserver with jsp and servlet support, for many different sites all hosted on the same IP address. The aim is to have a single directory for each virtual host, which can be manipulated individually without hassles from managing multiple .war files and other configuration difficulties.
To configure Tomcat for a virtual host, you need a <Host ..> directive in the server.xml file, and a ROOT.xml file in the conf/Catalina/$host directory. Here's the minimal setup required for a copy of Tomcat serving directly on Port 80, using no connectors or other configuration difficulties.
This was written for Tomcat 5 on linux, with Tomcat installed in /usr/local/tomcat
We start with the simplest configuration, of one website, called 'localhost' which keeps it's files in /usr/local/tomcat/webapps/localhost . We're not using any .war files here - all the files are placed straight into the directory.
conf/server.xml
<Server port="8005" shutdown="SHUTDOWN" debug="0"> <!-- Define the Tomcat Stand-Alone Service --> <Service name="Catalina"> <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 --> <Connector port="80" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" debug="0" connectionTimeout="20000" disableUploadTimeout="true" /> <Engine name="Catalina" defaultHost="localhost" debug="0"> <!-- Define the default virtual host Note: XML Schema validation will not work with Xerces 2.2. --> <Host name="localhost" debug="0" appBase="webapps/localhost" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> <Logger className="org.apache.catalina.logger.FileLogger" directory="logs" prefix="localhost_log." suffix=".txt" timestamp="true"/> </Host> <!-- VIRTUAL HOST INJECTION POINT --> </Engine> </Service> </Server>conf/Catalina/localhost/ROOT.xml
<?xml version='1.0' encoding='utf-8'?> <Context displayName="localhost" docBase="" path="" workDir="work/Catalina/localhost/_"> </Context>webapps/localhost
index.jsp WEB-INF/web.xmlwebapps/localhost/WEB-INF/web.xml
<?xml version="1.0" encoding="ISO-8859-1"?> <web-app> </web-app>Adding a virtual host to this config.
From here, to add a virtual host $host with an alias of $alias, the following steps are required.- Shut down tomcat.
- Add a Host entry to the server.xml file at the VIRTUAL HOST INJECTION POINT
<Host name="$host" debug="0" appBase="webapps/$host" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> <Logger className="org.apache.catalina.logger.FileLogger" directory="logs" prefix="$host\_log." suffix=".txt" timestamp="true"/> <Alias>$alias</Alias> </Host> - Add a configuration file for the host
mkdir conf/Catalina/$host cat >conf/Catalina/$host/ROOT.xml <?xml version='1.0' encoding='utf-8'?> <Context displayName="$host" docBase="" path="" workDir="work/Catalina/$host/_"> </Context> ^D
- Add a skeleton directory structure for the files
mkdir $tomcatdir/webapps/$host mkdir $tomcatdir/webapps/$host/WEB-INF mkdir $tomcatdir/webapps/$host/WEB-INF/classes mkdir $tomcatdir/webapps/$host/WEB-INF/lib
- Add a minimal web.xml file
cat >webapps/$host/WEB-INF/web.xml <?xml version="1.0" encoding="ISO-8859-1"?> <web-app> </web-app>
- Add a trivial holding page
cat >index.jsp <html> <head> <title>Not yet configured</title> </head> <body> <p>This virtual server $host is not yet configured.</p> </body> </html>
- Start tomcat back up again.
No comments:
Post a Comment