Yesterday (yes, that was a Saturday!) I was running a tailored Apache Tomcat training and consultancy day - a day on which I cover a lot of standard training material, but did so in relation to a particular application for the delegate(s).
Most of what I covered was in our own material (which we can print out even during the course!), but there were some topics that were or are best illustrated by web sites other than our. "Don't re-invent the wheel" they say - and indeed, I projected up / used the following web sites - amongst others - as sources during the day. I'm documenting them here, now ... for course attendees to be able to refer back, and to help give web visibility to resources that others may find useful too.
For
SSL setup for apache httpd I referred to
a page at securityfocus.com and that carried on to
part 2. There are so many options with SSL, so much technology, that it can be hard to see the wood for the trees - but this example if far better than most.
One question that arises time and time again is "how do I set up SSL on Tomcat" to which I answer "why do you want to?". Whilst there ARE some instances where you'll want to do it, it's far more common to set up SSL on an outward facing Apache httpd server, and use a non secure protocol such as http or ajp between Htttpd and Tomcat. After all - the place where you want the security is out in the big wide word of the internet, which httpd is looking after. It's an unusual situation where you want to secure all your traffic between a couple of computers that are on your own intranet, behind your own firewall and probably sitting next to each other in the rack!
Tomcat Manager is a good, interactive deployment tool ... but so often, system admin delegates want to
(un)deploy an application from the command line. Now that SOUNDS like it will be easy, but it isn't. You can do it through ant - and there's a sample of deploying Java applications through ant on
a page at ProjectCaroline.net. Why isn't there just an easy command line tool? Perhaps it's because of the whole security thing - to use the Tomcat Manager your JMX roles and realms all have to be set up via tomcat-users.xml, and a simple command line tool would need to consider this, and not provide a magnificent loophole to circumvent Java's security model.
On a lighter note, the tenth System Admin Appreciation day is on 31st July this year - see
sysadminday.com.
And finally, if you're connecting to databases from within a web application hosted by Tomcat, you may want to use
Database (JDBC) Connection pooling. Pooling allows each of your requests to carry on the same SQL session with the SQL server, rather than opening up and shutting down connections with a frequency that could have a serious impact on performance. See
this page on onjava.com.
If you have this sort of question and would like my help, take an initial look at our
deploying Apache httpd and Tomcat course. If the course agenda is such that we won't be able to answer all your specialised questions, let me know and we can either add an extra day for you or - if what you want is very different - run a special session. Email
graham@wellho.net to ask about your own specific requirements.
(written 2009-03-01)
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles
A912 - Web Application Deployment - Upgrading and tuning Tomcat [1377] Load Balancing with Apache mod_jk (httpd/Tomcat) - (2007-10-02)
[1718] Increasing Java Virtual Machine memory for Tomcat - (2008-07-24)
[1908] Java CLASSPATH explained - (2008-11-26)
[2082] Jmeter - a first test case - (2009-03-14)
[3018] Tuning Apache httpd and Tomcat to work well together - (2010-10-27)
A603 - Web Application Deployment - Further httpd Configuration [345] Spotting a denial of service attack - (2005-06-12)
[466] Separating 'per instance' data from binaries and web sites - (2005-10-16)
[526] Apache httpd - serving web documents from different directories - (2005-12-12)
[550] 2006 - Making business a pleasure - (2006-01-01)
[631] Apache httpd to Tomcat - jk v proxy - (2006-03-03)
[649] Denial of Service ''attack'' - (2006-03-17)
[662] An unhelpful error message from Apache httpd - (2006-03-30)
[755] Using different URLs to navigate around a single script - (2006-06-11)
[853] To list a directory under httpd on a web server, or not? - (2006-09-02)
[934] Clustering, load balancing, mod_rewrite and mod_proxy - (2006-11-21)
[1009] Passing GET parameters through Apache mod_rewrite - (2006-12-27)
[1080] httpd.conf or .htaccess? - (2007-02-14)
[1121] Sharing the load with Apache httpd and perhaps Tomcat - (2007-03-29)
[1207] Simple but effective use of mod_rewrite (Apache httpd) - (2007-05-27)
[1351] Compressing web pages sent out from server. Is it worth it? - (2007-09-14)
[1355] .php or .html extension? Morally Static Pages - (2007-09-17)
[1381] Using a MySQL database to control mod_rewrite via PHP - (2007-10-06)
[1551] Which modules are loaded in my Apache httpd - (2008-02-23)
[1554] Online hotel reservations - Melksham, Wiltshire (near Bath) - (2008-02-24)
[1564] Default file (MiMe types) for Apache httpd and Apache Tomcat - (2008-03-04)
[1566] Strange behaviour of web directory requests without a trailing slash - (2008-03-06)
[1619] User and Group settings for Apache httpd web server - (2008-04-22)
[1636] What to do if the Home Page is missing - (2008-05-08)
[1707] Configuring Apache httpd - (2008-07-12)
[1762] WEB-INF (Tomcat) and .htaccess (httpd) - (2008-08-20)
[1767] mod_proxy and mod_proxy_ajp - httpd - (2008-08-22)
[1778] Pointing all the web pages in a directory at a database - (2008-08-30)
[1939] mod_proxy_ajp and mod_proxy_balancer examples - (2008-12-13)
[1954] mod_rewrite for newcomers - (2008-12-20)
[1955] How to avoid duplicating web page maintainance - (2008-12-20)
[1974] Moving a directory on your web site - (2009-01-03)
[2272] Monitoring and loading tools for testing Apache Tomcat - (2009-07-07)
[2478] How did I do THAT? - (2009-10-26)
[2900] Redirecting a page - silent, temporary or permanent? - (2010-08-03)
[3133] An image from a website that occasionally comes out as hyroglyphics - (2011-01-14)
[3449] Apache Internal Dummy Connection - what is it and what should I do with it? - (2011-09-19)
[3635] Parse error: parse error, unexpected T_STRING on brand new web site - why? - (2012-03-03)
[3862] Forwarding a whole domain, except for a few directories - Apache http server - (2012-09-17)
[3955] Building up from a small PHP setup to an enterprise one - (2012-12-16)
[4001] Helping search engines with appropriate 400 error codes - (2013-02-11)
[4307] Identifying and clearing denial of service attacks on your Apache server - (2014-09-27)
Some other Articles
East of Melksham CountrysideInternal Dummy Connections on Apache httpdVirtual hosting and mod_proxy forwarding of different domains (httpd)Tomcat 6 - Annotated Sample Configuration FilesDatabase connection Pooling, SSL, and command line deployment - httpd and TomcatSharing the load between servers - httpd and TomcatInvoker and cgi servlets on Tomcat 6Train and Coach fares from London (and airports) to MelkshamWeb Site Loading - experiences and some solutions sharedEffect on server when memory runs out and swapping starts