Apache Tomcat

Owned by Steven Hicks
Last updated: Aug 30, 2018 by Oliver Wood
3 min read

Installation

uControl is a dynamic Java application running under Apache Tomcat. To install Apache Tomcat:

  1. Download the Core Apache Tomcat 8 zip package from http://tomcat.apache.org/ (star)
  2. unZip / unTar the package under the uControl user home directory

  3. Rename the unZip / unTar directory as required. 

    Typically the apache tomcat directory is shortened to tomcat 8 giving the path : <uControl_homeDir>/tomcat8/webapps

  4. Navigate to the <uControl_homeDir>/<Apache TomcatDir>/bin directory
  5. Give all *.sh files execute permissions
  6. Navigate to the <uControl_homeDir>/<Apache TomcatDir>/webapps directory
  7. Create a uControl directory with standard permissions (755)


We don't wish Apache Tomcat to hot-redeploy uControl, to prevent this edit the context.xml file located in your <uControl_homeDir>/tomcat8/conf directory

Within the <Context> element, comment out the element <WatchedResource>/WEB-INF/web.xml</WatchedResource>: see below

<Context>
       <!-- <WatchedResource>/WEB-INF/web.xml</WatchedResource> -->
</Context>

Configuration

uControl can be configured to run under HTTP or HTTPS (With the addition of HTTPD server). 

HTTP - Apache Tomcat

In this example the server name tekwurx.ucontrol.com is used - this has also been added to the local /etc/hosts file to resolve to it's IP.

The server IP address is 192.168.5.202 and the uControl application is running on port 8080 under Apache Tomcat.


  1. Enable the proxy_module and proxy_http_module within the httpd.conf configuration file 

    LoadModule proxy_module libexec/apache2/mod_proxy.so
LoadModule proxy_http_module libexec/apache2/mod_proxy_http.so
LoadModule proxy_wstunnel_module libexec/apache2/mod_proxy_wstunnel.so

  2. Add the following virtualhost configuration 

    <VirtualHost *:80>
        ServerName 192.168.5.202
        ProxyRequests off
        ProxyPreserveHost on
        ProxyPass "/ws/kpi" "ws://192.168.5.202:8080/uControl/ws/kpi"
        ProxyPassReverse "/ws/kpi" "ws://192.168.5.202:8080/uControl/ws/kpi"
        ProxyPass "/ws/umanage" "ws://192.168.5.202:8080/uControl/ws/umanage"
        ProxyPassReverse "/ws/umanage" "ws://192.168.5.202:8080/uControl/ws/umanage"
        ProxyPass "/uControl" "http://192.168.5.202:8080/uControl"
        ProxyPassReverse "/uControl" "http://192.168.5.202:8080/uControl"
</VirtualHost>

HTTPS - Apache Tomcat + Apache Server (HTTPD)

Red Hat will block incomming connections to port 443 OOTB so "

Add rule for incomming port 443
firewall-cmd --zone=public --add-port=443/tcp --permanent
Reload the firewall config
firewall-cmd --reload

In this example the server name tekwurx.ucontrol.com is used - this has also been added to the local /etc/hosts file to resolve to it's IP.

The server IP address is 192.168.5.202 and the uControl application is running on port 8080 under Apache Tomcat.


Create Self Signed Certificate

  1. Generate a private key 

    openssl genrsa -des3 -out server.key 2048

Generating RSA private key, 2048 bit long modulus
.........................................................++++++
........++++++
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:

  2. Generate a CSR 

    openssl req -new -key server.key -out server.csr

Country Name (2 letter code) [GB]:UK
State or Province Name (full name) [Berkshire]:London
Locality Name (eg, city) [Newbury]:London
Organization Name (eg, company) [My Company Ltd]:TekWurx Software Limited
Organizational Unit Name (eg, section) []:Information Technology
Common Name (eg, your name or your server's hostname) []:tekwurx.ucontrol.com
Email Address []: steve@tekwurx.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

  3. Remove passphrase from key 

    cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

-rw-r--r-- 1 root root 745 Jun 29 12:19 server.csr
-rw-r--r-- 1 root root 891 Jun 29 13:22 server.key
-rw-r--r-- 1 root root 963 Jun 29 13:22 server.key.org

    One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started. Obviously this is not necessarily convenient as someone will not always be around to type in the pass-phrase, such as after a reboot or crash. 

  4. Generate self signed certificate 

    openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
Getting Private key

  5. Install the private key and certificate 

    cp server.crt /usr/local/apache/conf/ssl.crt
cp server.key /usr/local/apache/conf/ssl.key

 Configure SSL in apache

  1. Enable the following modules in the httpd.conf configuration file 

    LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
LoadModule ssl_module libexec/apache2/mod_ssl.so
 
Include /etc/apache2/extra/httpd-ssl.conf

  2. Create the VirtualHost configuration  in httpd-ssl.conf

    <VirtualHost *:443>
        ServerName 192.168.5.202
        SSLEngine on
        SSLCertificateFile "/etc/apache2/cert/ucontrol.crt"
        SSLCertificateKeyFile "/etc/apache2/cert/ucontrol.key"
        ProxyRequests off
        ProxyPreserveHost on
        #RequestHeader set X-Forwarded-Proto "https"
        ProxyPass "/ws/kpi" "ws://192.168.5.202:8080/uControl/ws/kpi"
        ProxyPassReverse "/ws/kpi" "ws://192.168.5.202:8080/uControl/ws/kpi"
        ProxyPass "/ws/umanage" "ws://192.168.5.202:8080/uControl/ws/umanage"
        ProxyPassReverse "/ws/umanage" "ws://192.168.5.202:8080/uControl/ws/umanage"
        ProxyPass "/uControl" "http://192.168.5.202:8080/uControl"
        ProxyPassReverse "/uControl" "http://192.168.5.202:8080/uControl"
</VirtualHost>

  3. Redirect all traffic over https protocol : add following VirtualHost configuration to httpd.conf

    <VirtualHost *:80>
        ServerName tekwurx.ucontrol.com
        Redirect permanent /uControl https://tekwurx.ucontrol.com/uControl
</VirtualHost>