Tomcat SSL Installation

Reference Docs at http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html#Edit%20the%20Tomcat%20Configuration%20File
Then follow the following instructions:

Installing the Certificates to the Keystore

1. Download your certificate files from your certificate authority and save them to the same directory as the keystore that you created during the CSR creation process. The certificate will only work with the same keystore that you initially created the CSR with. The certificates must be installed to your keystore in the correct order.
2. Install the Root Certificate file: Every time you install a certificate to the keystore you must enter the keystore password that you chose when you generated it. Enter the following command to install the Root certificate file:

keytool -import -trustcacerts -alias root -file RootCertFileName.crt -keystore keystore.key

If you receive a message that says "Certificate already exists in system-wide CA keystore under alias <...> Do you still want to add it to your own keystore? [no]:", select Yes. If successful, you will see "Certificate was added to keystore".
3.

Install the Intermediate Certificate file: If your certificate authority provided an intermediate certificate file, you will need to install it here by typing the following command:

keytool -import -trustcacerts -alias intermediate -file IntermediateCertFileName.crt -keystore keystore.key

If successful, you will see "Certificate was added to keystore".
4.

Install the Primary Certificate file: Type the following command to install the Primary certificate file (for your domain name):

keytool -import -trustcacerts -alias tomcat -file PrimaryCertFileName.crt -keystore keystore.key

If successful, you will see "Certificate reply was installed in keystore". You now have all the certificates installed to the keystore file. You just need to configure your server to use the keystore file.
Configuring your SSL Connector

Tomcat requires an SSL Connector to be configured before it can accept secure connections.

By default Tomcat looks for your Keystore with the file name .keystore in the home directory with the default password "changeit". The home directory is generally /home/user_name/ on Unix and Linux systems, and C:\Documents and Settings\user_name\ on Microsoft Windows systems. You will be able to change the password and file location.

Method 1 -- Add an SSL Connector using admintool:
1. Start Tomcat.
2. Enter 'http://localhost:8080/admin' in a local browser to start admintool.
3. Type a username and password with administrator rights.
4. On the left select service (Java Web Services Developer Pack).
5. Select Create New Connector from the drop-down list on the right.
6. Choose HTTPS in the Type field.
7. In the Port field, enter 443. This defines the TCP/IP port number on which Tomcat will listen for secure connections.
8. Enter the Keystore Name and Keystore Password if your keystore is named something other than .keystore, if .keystore is located in a directory other than the home directory of the machine on which Tomcat is running, or if the password is something other than the default value of changeit. If you have used the default values, you can leave these fields blank.
9. Select Save to save the new Connector.
10. Select Commit Changes to save the new Connector information to the server.xml file so that it is available the next time Tomcat is started.

Method 2 -- Configure the SSL Connector in server.xml :
1. Copy your keystore file (your_domain.key) to the home directory.
2. Open the file Home_Directory/conf/server.xml in a text editor.
3. Uncomment the SSL Connector Configuration.
4. Make sure that the Connector Port is 443.
5. Make sure the keystorePass matches the password for the keystore and the keystoreFile contains the path and filename of the keystore.
When you are done your connector should look something like this:




6. Save the changes to server.xml

JDBC3 Connection and Statement Pooling

JDBC3 Connection and Statement Pooling Documents
http://www.mchange.com/projects/c3p0/#installation

Redirect all traffic from port 80 to port 443 https in Apache2

Force an SSL connection and redirect all traffic from port 80 (HTTP) to port 443 (HTTPS), use this instead:
(assuming: Apache2 Listen on 80 and 8080)


RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]

RewriteCond %{SERVER_PORT} ^8080$
RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]

RewriteLog "logs/rewrite.log"
RewriteLogLevel 2

Struts2 Security Code Action

package com.ozview.struts2.action;

import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Random;

import javax.imageio.ImageIO;

import org.apache.log4j.Logger;

/**
*
* SecurityImageCodeAction.
*
*/
public class SecurityImageCodeAction extends BaseAction
{
/** The image font. * */
private static Font imageFont = new Font("Arial Bold", Font.BOLD, 24);

/** The InputStream imageStream. * */
protected InputStream imageStream;

/** The logger log. * */
private final Logger log = Logger.getLogger(this.getClass().getName());

/**
* Generate the security image code.
*
* @return SUCCESS if there is no error.
*/
public String genSecurityImageCode()
{
try
{
ByteArrayOutputStream output = new ByteArrayOutputStream();
String randomCode = generateImageCode(output);
// store the random number in session.
storeInSession(SECURITY_CODE, randomCode);
this.imageStream = new ByteArrayInputStream(output.toByteArray());
output.close();
} catch (Exception e)
{
removeFromSession(SECURITY_CODE);
log.error("generating the security code error");
return ERROR;
}
return SUCCESS;
}

/**
* Generate the Buffered image.
* @param output The ByteArrayOutputStream output.
* @return a SecurityImageCode which contians a random characters and an image.
*/
protected String generateImageCode(ByteArrayOutputStream output)
{
//image size
int width = 150, height = 30;
BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_BYTE_GRAY);
Graphics g = image.getGraphics();
Random random = new Random();
//g.setColor(getRandColor(200, 250));
//set the background color
g.setColor(new Color(230,241,241));
g.fillRect(1, 1, width - 1, height - 1);
g.setColor(new Color(102, 102, 102));
g.drawRect(0, 0, width - 1, height - 1);
g.setFont(imageFont);
g.setColor(getRandColor(160, 200));
for (int i = 0; i < 155; i++)
{
int x = random.nextInt(width - 1);
int y = random.nextInt(height - 1);
int xl = random.nextInt(6) + 1;
int yl = random.nextInt(12) + 1;
g.drawLine(x, y, x + xl, y + yl);
}
for (int i = 0; i < 70; i++)
{
int x = random.nextInt(width - 1);
int y = random.nextInt(height - 1);
int xl = random.nextInt(12) + 1;
int yl = random.nextInt(6) + 1;
g.drawLine(x, y, x - xl, y - yl);
}

String sRand = "";
for (int i = 0; i < 8; i++)
{
String tmp = getRandomChars();
sRand += tmp;
// g.setColor(new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 +
//random.nextInt(110)));
g.setColor(new Color(220, 220, 220));
g.drawString(tmp, 17 * i + 9, 22);
}
g.dispose();
try
{
ImageIO.write(image, "jpg", output);
} catch (IOException e)
{
log.error("Generating the security image code error, " + e.getMessage());
}
return sRand;
}

/**
* Get random color.
*
* @param fc
* a int fc.
* @param bc
* a int bc.
* @return a Random color.
*/
protected Color getRandColor(int fc, int bc)
{
Random random = new Random();
if (fc > 255)
fc = 255;
if (bc > 255)
bc = 255;
int r = fc + random.nextInt(bc - fc);
int g = fc + random.nextInt(bc - fc);
int b = fc + random.nextInt(bc - fc);
return new Color(r, g, b);
}

/**
* Get a random characters.
*
* @return a random characters.
*/
protected String getRandomChars()
{
int rand = (int) Math.round(Math.random() * 2);
long itmp = 0;
char ctmp = '\u0000';
switch (rand)
{
case 1:
itmp = Math.round(Math.random() * 25 + 65);
ctmp = (char) itmp;
return String.valueOf(ctmp);
case 2:
itmp = Math.round(Math.random() * 25 + 97);
ctmp = (char) itmp;
return String.valueOf(ctmp);
default:
itmp = Math.round(Math.random() * 9);
return String.valueOf(itmp);
}
}

/**
* Set the InputSteam imageStream.
*
* @param imageStream
* The InputSteam imageStream to be set.
*/
public void setImageStream(InputStream imageStream)
{
this.imageStream = imageStream;
}

/**
* Get the InputSteam imageStream.
*
* @return An InputSteam imageStream.
*/
public InputStream getImageStream()
{
return imageStream;
}
}

Add the following lines into struts.xml file:



Using the Security Code in the JSP file:

How to ceate a Security Code

package com.ozview;

import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Random;

import javax.imageio.ImageIO;

public class Test
{
/** The image font. * */
private static Font imageFont = new Font("Arial Bold", Font.BOLD, 24);



protected String generateImageCode(ByteArrayOutputStream output)
{
int width = 150, height = 30;
BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_BYTE_GRAY);
Graphics g = image.getGraphics();
Random random = new Random();
//g.setColor(getRandColor(200, 250));
g.setColor(new Color(230, 241, 241));
g.fillRect(1, 1, width - 1, height - 1);
g.setColor(new Color(102, 102, 102));
g.drawRect(0, 0, width - 1, height - 1);
g.setFont(imageFont);
g.setColor(getRandColor(160, 200));
for (int i = 0; i < 155; i++)
{
int x = random.nextInt(width - 1);
int y = random.nextInt(height - 1);
int xl = random.nextInt(6) + 1;
int yl = random.nextInt(12) + 1;
g.drawLine(x, y, x + xl, y + yl);
}
for (int i = 0; i < 70; i++)
{
int x = random.nextInt(width - 1);
int y = random.nextInt(height - 1);
int xl = random.nextInt(12) + 1;
int yl = random.nextInt(6) + 1;
g.drawLine(x, y, x - xl, y - yl);
}

String sRand = "";
for (int i = 0; i < 8; i++)
{
String tmp = getRandomChars();
sRand += tmp;
//g.setColor(new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 + random.nextInt(110)));
g.setColor(new Color(0, 0, 255));
g.drawString(tmp, 17 * i + 9, 22);
}
g.dispose();
try
{
File imagefile = new File("securitycode.jpg");
ImageIO.write(image, "jpg", imagefile);
} catch (IOException e)
{
System.err.print("Generating the security image code error, " + e.getMessage());
}
return sRand;
}

/**
* Get random color.
*
* @param fc
* a int fc.
* @param bc
* a int bc.
* @return a Random color.
*/
protected Color getRandColor(int fc, int bc)
{
Random random = new Random();
if (fc > 255)
fc = 255;
if (bc > 255)
bc = 255;
int r = fc + random.nextInt(bc - fc);
int g = fc + random.nextInt(bc - fc);
int b = fc + random.nextInt(bc - fc);
return new Color(r, g, b);
}

/**
* Get a random characters.
*
* @return a random characters.
*/
protected String getRandomChars()
{
int rand = (int) Math.round(Math.random() * 2);
long itmp = 0;
char ctmp = '\u0000';
switch (rand)
{
case 1:
itmp = Math.round(Math.random() * 25 + 65);
ctmp = (char) itmp;
return String.valueOf(ctmp);
case 2:
itmp = Math.round(Math.random() * 25 + 97);
ctmp = (char) itmp;
return String.valueOf(ctmp);
default:
itmp = Math.round(Math.random() * 9);
return String.valueOf(itmp);
}
}

public static void main(String [] args) {
Test test = new Test();
ByteArrayOutputStream output = new ByteArrayOutputStream();
String randomCode = test.generateImageCode(output);

System.out.println(randomCode);


}

}

UsingMod_proxy With Apache2 and Tomcat

1. yum install apache2
2. Setup Apache to use mod_proxy (AJP)
Make sure that at least following modules are loaded (uncomment this in httpd.conf)

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

Add those lines in /etc/httpd/conf/httpd.conf :

<Proxy balancer://mycluster>
    Order deny,allow
   Allow from all
   BalancerMember ajp://localhost:8009/yourapp
</Proxy>
 
<VirtualHost *:80>
   ServerAdmin admin@yourhost.com
   ServerName  www.yourhost.com
   ServerAlias  yourhost.com

   ProxyPass /yourapp balancer://mycluster
   ProxyPassReverse /yourapp balancer://mycluster/

   ErrorLog logs/yourhost_error_log
   CustomLog logs/yourhost_access_log combined
</VirtualHost>

3. The yourapp application will be deployed in tomcat, and make sure the tomcat 8009 connector is opened.

4. In a browser, type: http://www.yourhost.com/yourapp, it will go to yourapp that deployed in the tomcat, you don't need to type the port number.

Reference: usintMod_ProxyWithJBoss

Installing Apache Tomcat 5 as a service on Linux5(CentOS5)

1. First, create the shell script file below and name it tomcat under /etc/init.d/

#!/bin/sh
#
# /etc/init.d/tomcat
#
# chkconfig: 345 84 16
#
# This is the init script for starting up the
# Jakarta Tomcat server
#
# description: Starts and stops the Tomcat daemon.
#

tomcat=/usr/local/tomcat
startup=$tomcat/bin/startup.sh
shutdown=$tomcat/bin/shutdown.sh
export JAVA_HOME=/usr/local/java
RETVAL=0

start() {
echo -n $"Starting Tomcat service: "
sh $startup
RETVAL=$?
echo
}

stop() {
echo -n $"Stopping Tomcat service: "
sh $shutdown
RETVAL=$?
echo
}

restart() {
stop
start
}

status() {
SHUTDOWN_PORT=`netstat -vatn |grep LISTEN | grep 8080 |wc -l`
if [ $SHUTDOWN_PORT -eq 0 ]; then
echo "Tomcat stopped"
else
echo "Tomcat is running!"
fi

}

# Handle the different input options
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status
;;
restart)
restart
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
exit 1
esac

exit 0
2. Change the Permissions:

chmod u+x /etc/init.d/tomcat

3. You can test the script by running this command
cd /etc/init.d
./tomcat status
which will return the Tomcat process info if it is running; otherwise, it will return blank

4. Add tomcat as a service by running the following:
chkconfig --add tomcat

5. Now the tomcat is a service, you can issue these commands from anywhere:

service tomcat start
service tomcat stop
service tomcat restart
service tomcat status
6. Check whether the tomcat will start at boot:
chkconfig --list tomcat

How to Install eclipse and Add it to Desktop

1. Download the eclipse-jee-ganymede-SR2-linux-gtk.tar.gz from eclipse.org

2. Extract the eclipse to /opt directory

[root@www opt]# tar xvfz eclipse-jee-ganymede-SR2-linux-gtk.tar.gz

3. Change the ownship to root:

[root@www opt]# chown -R root:root eclipse

[root@www opt]#chmod -R +r eclipse

4.Then create an eclipse executable in your path

[root@www opt]# touch /usr/bin/eclipse

[root@www opt]# chmod 755 /usr/bin/eclipse

[root@www opt]# vim /usr/bin/eclipse

with this contents:

#!/bin/sh

export ECLIPSE_HOME="/opt/eclipse"

$ECLIPSE_HOME/eclipse $*

5.Then create a gnome menu item, download one of eclipse icon from eclipse website, and put it into the /op/eclipse directory as eclipse.png.

[root@www opt]# vim /usr/share/applications/eclipse.desktop

with the following contents:
[Desktop Entry]
Encoding=UTF-8
Name=Eclipse
Comment=Eclipse IDE
Exec=eclipse
Icon=/opt/eclipse/eclipse.png
Terminal=false
Type=Application
Categories=GNOME;Application;Development;
StartupNotify=true

6. Configuration
You now have a working eclipse, run this command first to initialize the settings:
/opt/eclipse/eclipse -clean

Then from here on you can run from the menu item applications/programming/eclipse

Install Flash player 10. in Scientific Linux5 (CentOS5)

1. Start by installing those libraries (.i386 and .x86_64):

# yum install curl compat-libstdc++-33 glibc nspluginwrapper

2. Once done with the kitchen work, it is time to install the Flash Player RPM.

# rpm -ivh /tmp/flash-plugin-10.0.12.36-release.i386.rpm

3. Close all Firefox windows and open a new one. In the address bar, type:

about:plugins

You should see there the Flash Player , it is time to go to youtube website to play flash video now.

How to install sudosh

1. sudosh shell is very easy to install, just using yum install sudosh.

> yum install sudosh

After installation is completed, you need to change the /etc/sudoers file, and add the following lines:

User_Alias SAMPLEUSERS = simon, barabra

Cmnd_Alias SUDOSH = /usr/bin/sudosh

Cmnd_Alias MOUNT = /usr/mount

SAMPLEUSER ALL=(ALL) SUDOSH, MOUNT

2. To verify the sudosh shell, just run the following command:

> sudosh

If you get some errors like: segmentation fault. this is due to a tiny bug in sudosh, you need to remove any blank lines in the /etc/sudosh.conf, and make sure the log directory exists, if not exists, just create it.

Once the verifying is successful, you are ready to use the sudo sudosh shell, and only an user password requires. sudosh makes you easy to get the root privileges and doesn't require a root password, in most case, a normal user doesn't know a root password. the sudosh brings a power for you.

How to increase max_allowed_packet size in MySQL database

The max_allowed_packet size of MySQL is 1 M, which will be easy to raise an error when you try to upload (save) a big file in a MySQL database. The error message looks like this:

Mysql::Error: Got a packet bigger than 'max_allowed_packet' bytes:

How to modify the max_allowed_packet size, it is very easy:

1. run mysql shell:

mysql> SHOW VARIABLES LIKE 'max_allowed_packet';

+--------------------+-----------------+
| Variable_name | Value |
+--------------------+------------------+
| max_allowed_packet | 1048576 |
+--------------------+-------------------+
1 row in set (0.00 sec)

2. change the max allowed packet size:

edit the /etc/my.cnf file, add the value as the following before the line [mysql_safe]:

max_allowed_packet = 20M

save /etc/my.cnf file, restart the mysqld service

3. Verify the max_allowed_packet:

mysql> SHOW VARIABLES LIKE 'max_allowed_packet';
+--------------------+---------------------+
| Variable_name | Value |
+--------------------+---------------------+
| max_allowed_packet | 20970496 |
+--------------------+---------------------+
1 row in set (0.00 sec)

Now the max_allowed_packet size is changed to 20 M.

How to install RPMforge repo (SL5, CentOS5)

Go to https://rpmrepo.org/RPMforge/Using website, check the RPMforge user instruction:

rpm -Uhv http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

The rpmrepo.repo will be installed in /etc/yum.repos.d/ directory.

Install PostgreSQL from yum repo in Scientific Linux 5 or CentOS5

Install PostgreSQL from yum repo in Scientific Linux5 (CentOS5)

make sure you have a root privileges

1. check latest postgresql yum configure rpm url from

http://yum.pgsqlrpms.org/reporpms/repoview/

Once you get the url for the rpm, then

Under RedHat5 (Scientific Linux5)

rpm -Uvh http://yum.pgsqlrpms.org/reporpms/8.4/pgdg-redhat-8.4-1.noarch.rpm

Under CentOS5

rpm -Uvh http://yum.pgsqlrpms.org/reporpms/8.4/pgdg-centos-8.4-1.noarch.rpm

2. upgrad any old package (there are package dependencies, you can't simply remove them)
(Optional, it will be upgraded automatically when you do 'yum install postgresql' if the installed postgresql-libs is older)

yum list 'postgresql*'

#
# Installed Packages
# postgresql-libs.x86 8.1.11-1.el5_1.1 installed
#

yum upgrade postgresql-libs


3. install postgresql

yum install postgresql postgresql-server


4. initdb and start service

service postgresql initdb

service postgresql start

5. change the init postgresql password, stop the postgresql service first.

service postgresql stop
su - postgres

Then go to /var/lib/pgsql/data directory, and edit pg_hba.conf file. Change the host all all 127.0.0.1/32 md5 to trust. Exit the postgres user, su root privileges to start the postgresql service

service postgresql start
su - postgres

psql -d template1
template1=# ALTER USER postgres WITH PASSWORD 'yourpassword';
template1=\q

su root privileges to stop postgresql service again, and use postgres user, go to /var/lib/pgsql/data,

Change the line back to md5, su root privileges to restart postgresql service

service postgresql start

Now you get a latest postgresql server installed in your machine.