Apache Tomcat
Installation
uControl is a dynamic Java application running under Apache Tomcat. To install Apache Tomcat:
- Download the Core Apache Tomcat 8 zip package from http://tomcat.apache.org/
- unZip / unTar the package under the uControl user home directory
Rename the unZip / unTar directory as required.
Typically the apache tomcat directory is shortened to tomcat 8 giving the path : <uControl_homeDir>/tomcat8/webapps
- Navigate to the <uControl_homeDir>/<Apache TomcatDir>/bin directory
- Give all *.sh files execute permissions
- Navigate to the <uControl_homeDir>/<Apache TomcatDir>/webapps directory
- Create a uControl directory with standard permissions (755)
We don't wish Apache Tomcat to hot-redeploy uControl, to prevent this edit the context.xml file located in your <uControl_homeDir>/tomcat8/conf directory
Within the <Context> element, comment out the element <WatchedResource>/WEB-INF/web.xml</WatchedResource>: see below
<Context> <!-- <WatchedResource>/WEB-INF/web.xml</WatchedResource> --> </Context>
Configuration
uControl can be configured to run under HTTP or HTTPS (With the addition of HTTPD server).
HTTP - Apache Tomcat
In this example the server name tekwurx.ucontrol.com is used - this has also been added to the local /etc/hosts file to resolve to it's IP.
The server IP address is 192.168.5.202 and the uControl application is running on port 8080 under Apache Tomcat.
Enable the proxy_module and proxy_http_module within the httpd.conf configuration file
LoadModule proxy_module libexec/apache2/mod_proxy.so LoadModule proxy_http_module libexec/apache2/mod_proxy_http.so LoadModule proxy_wstunnel_module libexec/apache2/mod_proxy_wstunnel.so
Add the following virtualhost configuration
<VirtualHost *:80> ServerName 192.168.5.202 ProxyRequests off ProxyPreserveHost on ProxyPass "/ws/kpi" "ws://192.168.5.202:8080/uControl/ws/kpi" ProxyPassReverse "/ws/kpi" "ws://192.168.5.202:8080/uControl/ws/kpi" ProxyPass "/ws/umanage" "ws://192.168.5.202:8080/uControl/ws/umanage" ProxyPassReverse "/ws/umanage" "ws://192.168.5.202:8080/uControl/ws/umanage" ProxyPass "/uControl" "http://192.168.5.202:8080/uControl" ProxyPassReverse "/uControl" "http://192.168.5.202:8080/uControl" </VirtualHost>
HTTPS - Apache Tomcat + Apache Server (HTTPD)
Red Hat will block incomming connections to port 443 OOTB so "
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload
In this example the server name tekwurx.ucontrol.com is used - this has also been added to the local /etc/hosts file to resolve to it's IP.
The server IP address is 192.168.5.202 and the uControl application is running on port 8080 under Apache Tomcat.
Create Self Signed Certificate
Generate a private key
openssl genrsa -des3 -out server.key 2048 Generating RSA private key, 2048 bit long modulus .........................................................++++++ ........++++++ e is 65537 (0x10001) Enter PEM pass phrase: Verifying password - Enter PEM pass phrase:
Generate a CSR
openssl req -new -key server.key -out server.csr Country Name (2 letter code) [GB]:UK State or Province Name (full name) [Berkshire]:London Locality Name (eg, city) [Newbury]:London Organization Name (eg, company) [My Company Ltd]:TekWurx Software Limited Organizational Unit Name (eg, section) []:Information Technology Common Name (eg, your name or your server's hostname) []:tekwurx.ucontrol.com Email Address []: steve@tekwurx.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
Remove passphrase from key
cp server.key server.key.org openssl rsa -in server.key.org -out server.key -rw-r--r-- 1 root root 745 Jun 29 12:19 server.csr -rw-r--r-- 1 root root 891 Jun 29 13:22 server.key -rw-r--r-- 1 root root 963 Jun 29 13:22 server.key.org
One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started. Obviously this is not necessarily convenient as someone will not always be around to type in the pass-phrase, such as after a reboot or crash.
Generate self signed certificate
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Signature ok Getting Private key
Install the private key and certificate
cp server.crt /usr/local/apache/conf/ssl.crt cp server.key /usr/local/apache/conf/ssl.key
Configure SSL in apache
Enable the following modules in the httpd.conf configuration file
LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so LoadModule ssl_module libexec/apache2/mod_ssl.so Include /etc/apache2/extra/httpd-ssl.conf
Create the VirtualHost configuration in httpd-ssl.conf
<VirtualHost *:443> ServerName 192.168.5.202 SSLEngine on SSLCertificateFile "/etc/apache2/cert/ucontrol.crt" SSLCertificateKeyFile "/etc/apache2/cert/ucontrol.key" ProxyRequests off ProxyPreserveHost on #RequestHeader set X-Forwarded-Proto "https" ProxyPass "/ws/kpi" "ws://192.168.5.202:8080/uControl/ws/kpi" ProxyPassReverse "/ws/kpi" "ws://192.168.5.202:8080/uControl/ws/kpi" ProxyPass "/ws/umanage" "ws://192.168.5.202:8080/uControl/ws/umanage" ProxyPassReverse "/ws/umanage" "ws://192.168.5.202:8080/uControl/ws/umanage" ProxyPass "/uControl" "http://192.168.5.202:8080/uControl" ProxyPassReverse "/uControl" "http://192.168.5.202:8080/uControl" </VirtualHost>
Redirect all traffic over https protocol : add following VirtualHost configuration to httpd.conf
<VirtualHost *:80> ServerName tekwurx.ucontrol.com Redirect permanent /uControl https://tekwurx.ucontrol.com/uControl </VirtualHost>