Daniel,
first of all, stop top-posting (this applies to both of you). This is not the style of
posting desired on this list.
See http://tomcat.apache.org/lists.html#tomcat-users, #6.
Secondly,
the original poster (lyallex) wants to run Tomcat under Linux, without a front-end, as a
webserver, listening on port 80, but running as a user which is not root.
This is a legitimate way of running Tomcat, and it is not for you to tell him to run it
otherwise. Presumably, he knows what he is doing, under his circumstances.
Tomcat by itself cannot do that, because it cannot by itself start as root, bind to port
80, and then switch users.
The jsvc program (a "wrapper" for the JVM which runs Tomcat) allows this, which is why the
OP wants to use it.
But he has problems configuring this to run under systemd.
And this was his question : how to run Tomcat as non-root under a JVM under jsvc under
systemd, listening on port 80.
I have not yet tried it myself, so I cannot really help.
But I have a feeling that the information that you have provided earlier, can be
extrapolated to the configuration which lyallex wants.
So thank you for providing that information, and let's leave it at that.
There is no need and no point in transforming this conversation into a flame
now.
On 19.03.2016 21:33, Daniel Savard wrote:
I still don't see how the number of concurrent sessions is related to
the port number.
The default ports for Tomcat are 8080 and 8443.
For huge websites, usually you have a load balancer as a front-end
anyway. You then get the capability to distribute the workload on more
than one instance of Tomcat and/or servers, so, sticking on a single
port isn't desirable since many instances on a single server cannot
run on the same port. You get the capability to eliminate any
single-point of failure as well as getting the capability to implement
a non-stop environment making a Tomcat cluster.
-----------------
Daniel Savard
2016-03-19 15:40 GMT-04:00 Lyallex <lyal...@gmail.com>:
<Sigh!>
On 19 March 2016 at 19:19, Daniel Savard <daniel.sav...@gmail.com> wrote:
I see what you were trying to achieve, however I don't see much
interest in that.
Really, I've been running a successful commercial web site for the
last 4 years using Tomcat as a standalone web server
and servlet container using exactly this solution. 1000 concurrent
sessions pose no problem
I mentioned this in my first post, sorry if you missed it.
1) Obviously, if you were expecting systemd to solve that problem, you
were wrong and it is a sane behavir of systemd to not allow that
neither
No, you misunderstood. I was trying to start jsvc from a systemd service file
Please read more carefully.I never suggested that systemd would solve
the problem
2) Your solution to your problem is lying on jsvc alone.
3) I believe is bad security practice to insist to bind on privileged
ports for process that don't need that level of privilege.
Btw, even if you switch to another user to run the code, you actually
are binding to port 80 as root.
Maybe you can explain us why you want to do such a thing and using any
other unprivileged port isn't a solution to your problem.
What is the default port for non.-encrypted http traffic to a web server?
Anyway, I see no reason to start a slanging match, I have better things to do.
It's all working quite nicely now anyway, thank you for your input.
To learn about jsvc see
http://commons.apache.org/proper/commons-daemon/jsvc.html
You'll need an up to date ANSI C compiler (I use gcc)
Lyallex
Regards,
-----------------
Daniel Savard
2016-03-19 12:10 GMT-04:00 Lyallex <lyal...@gmail.com>:
It's the simplest way to find out which port you have Tomcat listening on
*NIX based systems don't allow non root uses bind to ports < 1024
jsvc
http://commons.apache.org/proper/commons-daemon/jsvc.html
solves this problem, nobody seems to have grasped that this is what I
was asking about.
I know of no way to start the container, on port 80 using either
startup.sh or catalina.sh using start, run or anything else.
If I'm wrong then I would love to see how it's done.
CentOS Linux release 7.2.1511 (Core)
On 19 March 2016 at 13:46, Daniel Savard <daniel.sav...@gmail.com> wrote:
Why? What is the point? The server.xml has nothing to do with
integration with systemd.
-----------------
Daniel Savard
2016-03-19 1:40 GMT-04:00 Lyallex <lyal...@gmail.com>:
Would you mind posting your server.xml, here is the relevant bit from mine.
<Service name="Catalina">
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps" unpackWARs="true"
autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log" suffix=".txt"
rotatable="false" pattern="combined" />
</Host>
</Engine>
</Service>
On 18 March 2016 at 23:35, Daniel Savard <daniel.sav...@gmail.com> wrote:
I believe all distros have over engineered the scripts to start
Tomcat. Forget all the scripts from your distro, learn the
signification of the environment variables from the catalina.sh script
shipped with the default Tomcat version. Define your variables in a
file, this file is not a script, so you cannot reuse a previously
defined variable, feed your systemd service definition file with this
file in the service section as EnvironmentFile=/path/name/to/your/file
ExecStart=/path/to/catalina.sh start
ExecStop=/path/to/catalina.sh stop
and you are done. You control everything from the environment file,
you can easily manage the environment variables without editing the
systemd's service file.
It is much simpler than the OpenRC set of scripts at my humble
opinion. I am running Gentoo at home and RHEL at work and both distros
wrapped Tomcat into too many layers of scripts in order to make it
working with OpenRC while none of these are required to run and manage
Tomcat with systemd.
In particular with Gentoo, I no longer use the Tomcat distro packaged
with Gentoo because they separated the servlet api from Tomcat and you
need to wrap things into layers of scripts to define the classpath
properly taking this into account, the vanilla classpath.sh file
distributed with Tomcat doesn't work and so one. Really, they did a
very bad job at integrating Tomcat.
Here is my service file:
[Unit]
Description=Tomcat 8 (Dev)
After=syslog.target
After=network.target
[Service]
EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env
Type=forking
User=tomcat
Group=tomcat
ExecStart=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh start
ExecStop=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh stop
[Install]
WantedBy=multi-user.target
And here is the content of my EnvironmentFile:
CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds"
CATALINA_BASE="/tomcat/tomcat-8-dev"
CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out"
JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74"
CATALINA_PID="/var/run/tomcat-8-dev.pid"
-----------------
Daniel Savard
2016-03-18 13:31 GMT-04:00 Lyallex <lyal...@gmail.com>:
I thought you might be interested in the resolution to this.
It turns out that we needed to reproduce the environment in tomcat.service
For some reason
ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work
(file shown at the end of this message)
Instead, in /etc/systemd/system/tomcat.service
we have had to reproduce the environment in longhand to get it to work.
It appears that systemd doesn't expand variables so I really need to
investigate the systemd Environment thing a bit more.
Anyway, when I shutdown -r now the server comes back up and tomcat is
running at the unprivileged tomcat user on port 80 so that's a result
============== /etc/systemd/system/tomcat.service ============
[Unit]
Description=Apache Tomcat Web Application Container
After=network.target
[Service]
Type=forking
User=root
ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \
-user tomcat \
-home /opt/jdk1.7.0_45 \
-Dcatalina.home=/opt/apache-tomcat-7.0.42 \
-Dcatalina.base=/opt/apache-tomcat-7.0.42 \
-Djava.io.tmpdir=/var/tmp \
-Djava.awt.headless=true \
-Xms512m \
-Xmx1024m \
-outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \
-errfile /opt/apache-tomcat-7.0.42/logs/catalina.err \
-pidfile /var/run/tc7/jsvc.pid \
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
-Djava.util.logging.config.file=/opt/apache-tomcat-7.0.42/conf/logging.properties
\
-cp
/opt/apache-tomcat-7.0.42/bin/bootstrap.jar:/opt/apache-tomcat-7.0.42/bin/commons-daemon.jar:/opt/jdk1.7.0_45/lib/tools.jar:/opt/apache-tomcat-7.0.42/bin/tomcat-juli.jar
\
org.apache.catalina.startup.Bootstrap
ExecStop=/bin/kill -9 /var/run/tc7/jsvc.pid
ExecStopPost=/bin/rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
[Install]
WantedBy=multi-user.target
Oh happy day
Thanks again to all responders
Lyallex
========= /etc/rc.d/init.d/tomcat7 =========
JAVA_HOME=/opt/jdk1.7.0_45
CATALINA_HOME=/opt/apache-tomcat-7.0.42
export JAVA_HOME CATALINA_HOME
CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar
TOMCAT_USER=tomcat
TMPDIR=/var/tmp
PIDFILE=/var/run/tc7/jsvc.pid
RC=0
case "$1" in
start)
$CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME
-Dcatalina.home=/opt/apache-tomcat-7.0.42
-Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR
-Djava.awt.headless=true \
-Xms512m \
-Xmx1024m \
-outfile $CATALINA_HOME/logs/catalina.out \
-errfile $CATALINA_HOME/logs/catalina.err \
-pidfile '/var/run/tc7/jsvc.pid' \
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
-Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.properties \
-cp $CLASSPATH \
org.apache.catalina.startup.Bootstrap
RC=$?
[ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat
echo "starting tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"
echo "tomcat started"
;;
stop)
PID=`cat /var/run/tc7/jsvc.pid`
kill $PID
RC=$?
[ $RC = 0 ] && rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
echo "stopping tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"
echo "tomcat stopped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit $RC
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org