[PlanetJ Corporation]

[info@planetJavaInc.com]

[www.PlanetJavaInc.com]

 


Configuring and Optimizing Tomcat


INTRODUCTION

TOMCAT  ADMINISTRATOR  AND  MANAGER  APPLICATIONS

CHANGING  TOMCAT  PORT  SETTINGS

SECURING  APPLICATIONS  FILES  IN  TOMCAT

TOMCAT  SECURITY  AND  SSL

References

INTRODUCTION

Introduction to Tomcat:

WebSphere has gained significant market share in Web application development space.  A powerful, easy to use, and free alternative to WebSphere is Apache’s  Tomcat.  Tomcat is open source and is the reference implementation for Sun’ servlet standard.  Tomcat has proven itself as production quality and is used by many companies. Tomcat installation on Window servers is an automated and easy process however the default installation places Tomcat into development mode.  The advantage of development mode is that changes to JSPs, class, and JAR files are automatically incorporated at runtime without the need to restart the application server.  The drawback is that performance suffers in development mode.  Once you have created your WOW application and are ready to serve it to the public, the following steps should be taken to optimize Tomcat.

 

STEP 1

Increase Maximum Memory Used

The following recommendation does not apply to IBM iSeries because i5OS automatically manages memory. Tomcat ships with the maximum amount of memory set to 64MB, which is not large enough to operate most large web applications.  We recommend increasing the maximum amount of memory to 80% of the total RAM available on your server.  This can be done as shown below.

First, open Tomcat by going to the Start Menu-Programs-Apache Tomcat-Configure Tomcat.

After the Tomcat Configuration box has opened you should see the Service Status if stopped, then click on the Start button to start Tomcat.(Recommended: Change all performance settings before starting Tomcat).

To change the Tomcat properties allowing changes to the maximum memory, click on the Java tab in the Apache Tomcat Properties screen. You will see at the bottom of the window two dialog boxes Initial memory pool and Maximum memory pool. These are the initial Tomcat min and max memory allocations, which you will want to increase for large applications. (PlanetJ recommends that you increase memory after installing WOW to handle any future WOW Applications).  

The minimum value can be anything but should start with at least 64-100MB. The maximum memory should be up to 80% of your computers RAM. For example, if you have 512MB of RAM then you should set the maximum memory to around 400MB. Enter in the new values and click on Apply  

STEP 2

Changes to web.xml configuration file:

The web.xml is the document that defines default values for all web applications loaded into each instance of Tomcat.  As each application is deployed, this file is processed, followed by the “/WEB-INF/web.xml” deployment descriptor for your own applications. The web.xml is located in Apache Software Foundation-666 Tomcat-conf folder shown below.

Open the web.xml by right clicking and select open with (NotePad or Wordpad or any text editor.) Now in the document we want to find the JSP Servlet Tag.  This is located a quarter of the way down the page.  Add two initial parameters - the reloading parameter and the development parameter.  

The reloading and development parameters are automatically set to true when Tomcat is installed. The development init-parameter will check for JSP modification on every access and reload. Set both of these parameters in the web.xml document to false so Tomcat will not look for or reload changes to JSPs on every access.

To add the init-parameters you will add this code:

<init-param>

            <param-name>development</param-name>

     <param-value>false</param-value>

</init-param>

<init-param>

            <param-name>reloading</param-name>

            <param-value>false</param-value>

</init-param>

In summary, Tomcat is a cost-efficient tool to hosting Web applications.  Now that you have made the above simple changes, Tomcat will run much faster and handle more complex workloads.  

STEP 3

Disable Session Persistence  

WOW does not support session persistence and it should be disabled to avoid unpredictable results after server restarts.  Session persistence is intended to allow browser interactions to be “saved and restored” after the application server is stopped and restarted.  Due to WOW’s RAM based magic request architecture, session persistence is not compatible.  

To disable session persistence uncomment the Manager tag that is in:  

<tomcat-home>/conf/context..xml  

    <!-- Uncomment this to disable session persistence across Tomcat restarts -->  

    <!--  

    <Manager pathname="" />  

    -->  

To uncomment remove the comments which are matching <!--  this is a comment --> change the text to appear as follows:  

<!-- Uncomment this to disable session persistence  across Tomcat restarts -->  

    <Manager pathname="" />  

With the comments removed this configuration file which cause a “blank” session manager to be assign thus stopping session persistence.  

STEP 4

Increase Session Timeout (Optional)  

WOW defaults to keeping a session active for 4 hours (240 minutes) before it is “timed out” to conserve memory.  Timeout can be an inconvenience to users who access WOW applications in a frequent manner.  For frequent users, you may increase the timeout to 36 hours by modifying the  file located at:

<tomcat-home>/webapps/wowXX/web-inf/web..xml  

NOTE: Replace XX with your WOW version number. A restart of the Application Server is required to changes to take effect.  Near the bottom of this file, the Session timeout is declared.  Carefully change 240 to 2160 or some other desire value.  This is the time out in minutes.  

<!-- Below is the Session Timeout-->

      <session-config id="Session_Timeout">

         <session-timeout>2160</session-timeout> 999

      </session-config>

     

TOMCAT  ADMINISTRATOR  AND  MANAGER  APPLICATIONS   

Administering Tomcat:

Tomcat also has its own administration, which can be helpful and accessed through the Tomcat server.  Now we are going to show some of the helpful and powerful administration applications that Tomcat ships with such as Tomcat Administrator and Tomcat Manager.

To access both of these you can either go through the start menu under Apache Tomcat folder or you can open a browser and type go to the localhost such as http://localhost:80 with the port that you specified in the installation of Tomcat.

 

NOTE: Tomcat Administrator is not installed by Default. If needed you must run “Admin” package.  Tomcat allows administration (start, stop, destroy, manage, create etc) via a web application. The Tomcat Administration Application allows you to see the server information, edit connections, edit users, groups, resources and change the main settings of the webserver.  This application runs using the userid and password supplied when you installed Tomcat.

The userid and pwd are defined in tomcat at:

..../config/tomcat_users.xml    

as shown below:  

<?xml version=”1.0” encoding=”utf-8” ?>  

- <tomcat-users>  

<role rolename=”tomcat” />  

<role rolename=”role1” />  

<role rolename=”manager” />  

<role rolename=”admin” />  

<user username=”tomcat” password=”tomcat” roles=”tomcat” />  

<user username=”role1” password=”tomcat” roles=”role1” />  

<user username=”both” password=”tomcat” roles=”tomcat,role1” />  

<user username=”admin” password=”admin” roles=”admin,manager” />  

</tomcat-user>

These are set when you first install Tomcat on to your machine when the installation asks for username and password. You can also change the username and password and add new users in Tomcat Administration Application.  Tomcat also ships with the Tomcat Manager.  This is an application that will allow you to edit, start, and stop applications dynamically without restarting the Tomcat. It also shows current applications and a few other options, which you can learn about by clicking on the Manager Help Link Shown below.

 

CHANGING  TOMCAT  PORT  SETTINGS    

Changing Port Settings:

When you install Apache Tomcat it defaults the port to 8080.  The ports are set in the

..Tomcat/conf/server.xml document.  To adjust the port being used right click and open with notepad or any other text editor. After the document is open scroll down around half way looking for the connector tag shown below and change the port number to a new port number (Usually either 8080 or 80). Then save the newly changed server.xml file and restart Tomcat.

 

SECURING  APPLICATIONS  FILES  IN  TOMCAT  

Secure Application Files in Tomcat:

When installing a new web application such as WOW to Tomcat, Tomcat automatically allows people to view the directory listing of all files inside of the webapps folder. An example of this is the sharedFiles folder in the webapps folder on the hard drive shown below.

By Default the sharedFiles folder includes three directories:  one directory contains sample images and another directory contains sample MS Word Documents.   These folders are for example purpose only and may be deleted or added upon.  There is also a directory labeled WEB-INF.  This folder contains a file called web.xml.  Web.xml allows WOW to be set up to show its contents over the Internet or to be set so that those files cannot be seen over the Internet. Below is an example of connecting to the sharedFiles directory through Tomcat.    

This creates a security problem, as the whole Internet will be able to see our code and mess around with our files. To disable this feature you need to go in Apache Tomcat file structure <Apache Tomcat>/conf/web.xml file.  In this web.xml file shown below there is an initial parameter called listing that is automatically set to true. We want to change that to false so that your files cannot be directly accessed and seen over the Internet.

 

Now that listings has been set to false users will not be able to see our files by connecting through Tomcat.  

TOMCAT  SECURITY  AND  SSL  

SSL:

To set up SSL and other security features for Tomcat refer to the Apache’s Tomcat site for SSL setup and optimization, http://jakarta.apache.org/tomcat 

Other Security Considerations:

1. Make sure your have set proper userids and passwords for your Tomcat user file.  This file is located at:  ..../config/tomcat_users.xml      

References

Tomcat:  http://jakarta.apache.org/tomcat

PlanetJ’s WOW:  http://www.planetjavainc.com  

Tomcat Performance on IBM i  :  https://www.ibm.com/developerworks/ibmi/library/i-run-asf-tomcat-on-ibmi/