{"id":1310,"date":"2022-02-07T21:41:11","date_gmt":"2022-02-07T20:41:11","guid":{"rendered":"https:\/\/www.symablog.de\/blog\/?p=1310"},"modified":"2022-02-09T19:43:12","modified_gmt":"2022-02-09T18:43:12","slug":"apache-tomcat-10-installieren-auf-rocky-linux-8","status":"publish","type":"post","link":"https:\/\/www.symablog.de\/blog\/apache-tomcat-10-installieren-auf-rocky-linux-8\/","title":{"rendered":"Apache Tomcat 10 installieren auf Rocky Linux 8"},"content":{"rendered":"\n

(1) Java installieren
dnf install java-17-openjdk -y<\/strong><\/p>\n\n\n\n

(2) tomcat Benutzer anlegen
mkdir \/opt\/tomcat
groupadd tomcat
useradd -g tomcat -c „Tomcat User“ \u2013d \/opt\/tomcat -s \/sbin\/nologin tomcat<\/strong><\/p>\n\n\n\n

(3) Tomcat herunterladen und entpacken
wget https:\/\/downloads.apache.org\/tomcat\/tomcat-10\/v10.0.16\/bin\/apache-tomcat-10.0.16.tar.gz
tar xzf apache-tomcat-10.0.16.tar.gz -C \/opt\/tomcat –strip-components=1
chown -R tomcat: \/opt\/tomcat\/<\/strong><\/p>\n\n\n\n

(4) Tomcat Admin Benutzerrolle definieren
nano \/opt\/tomcat\/conf\/tomcat-users.xml<\/strong><\/p>\n\n\n\n

....\n<role rolename=\"manager-gui\"\/>\n<user username=\"admin\" password=\"password\" roles=\"manager-gui,admin-gui\"\/><\/strong>\n<\/tomcat-users>\n<\/pre>\n\n\n\n
(5) Tomcat f\u00fcr den remote Zugriff konfigurieren
nano \/opt\/tomcat\/webapps\/manager\/META-INF\/context.xml<\/strong><\/p>\n\n\n\n
remove :<\/p>\n\n\n\n
  <Valve className=\"org.apache.catalina.valves.RemoteAddrValve\"\n         allow=\"127\\.\\d+\\.\\d+\\.\\d+|::1|0:0:0:0:0:0:0:1\" \/><\/pre>\n\n\n\n
nano \/opt\/tomcat\/webapps\/host-manager\/META-INF\/context.xml<\/strong><\/p>\n\n\n\n
remove:<\/p>\n\n\n\n
  <Valve className=\"org.apache.catalina.valves.RemoteAddrValve\"\n         allow=\"127\\.\\d+\\.\\d+\\.\\d+|::1|0:0:0:0:0:0:0:1\" \/>\n<\/pre>\n\n\n\n
(6) Eine Steuerdatei (Unit File) f\u00fcr systemd anlegen f\u00fcr Apache Tomcat
Ermitteln des JAVA-Pfad mit sudo alternatives –list | grep ^java und Verwendung in der Unit-Datei als JAVA_HOME Umgebungsvariable<\/p>\n\n\n\n
nano \/etc\/systemd\/system\/tomcat.service<\/strong><\/p>\n\n\n\n
[Unit]\nDescription=Apache Tomcat Server\nAfter=syslog.target network.target\n\n[Service]\nType=forking\nUser=tomcat\nGroup=tomcat\n\nEnvironment=JAVA_HOME=\/usr\/lib\/jvm\/java-17-openjdk-17.0.2.0.8-4.el8_5.x86_64\nEnvironment=CATALINA_PID=\/opt\/tomcat\/temp\/tomcat.pid\nEnvironment=CATALINA_HOME=\/opt\/tomcat\nEnvironment=CATALINA_BASE=\/opt\/tomcat\n\nExecStart=\/opt\/tomcat\/bin\/catalina.sh start\nExecStop=\/opt\/tomcat\/bin\/catalina.sh stop\n\nRestartSec=10\nRestart=always\n[Install]\nWantedBy=multi-user.target<\/pre>\n\n\n\n
systemctl daemon-reload<\/strong><\/p>\n\n\n\n
systemctl start tomcat<\/strong><\/p>\n\n\n\n
systemctl enable tomcat<\/strong><\/p>\n\n\n\n
systemctl status tomcat<\/strong><\/p>\n\n\n\n
\u25cf tomcat.service - Apache Tomcat Server 10\n   Loaded: loaded (\/etc\/systemd\/system\/tomcat.service; enabled; vendor preset: disabled)\n   Active: active (running) since Mon 2022-02-07 17:16:13 CET; 36s ago\n Main PID: 49244 (java)\n    Tasks: 30 (limit: 4770)\n   Memory: 105.7M\n   CGroup: \/system.slice\/tomcat.service\n           \u2514\u250049244 \/usr\/bin\/java -Djava.util.logging.config.file=\/opt\/tomcat\/conf\/logging.properties -Djava.util.logging.manager=org>\n\nFeb 07 17:16:13 Rocky8 systemd[1]: Starting Apache Tomcat Server 10...\nFeb 07 17:16:13 Rocky8 systemd[1]: Started Apache Tomcat Server 10.\n<\/pre>\n\n\n\n
(7) Firewall freischalten f\u00fcr den Port 8080
Standardm\u00e4\u00dfig wird die \u00f6ffentliche Zone (public) verwendet. Andernfalls mit dem Parameter –zone=internal wie hier die interne Zone spezifizieren.<\/p>\n\n\n\n
sudo firewall-cmd --add-port=8080\/tcp --permanent<\/strong>\nsuccess\nsudo firewall-cmd --reload<\/strong>\nSuccess\nsudo firewall-cmd --info-zone=public<\/strong>\npublic (active)\n  target: default\n  icmp-block-inversion: no\n  interfaces: ens160\n  sources:\n  services: cockpit dhcpv6-client ssh\n  ports: 8080\/tcp<\/strong>\n  protocols:\n  forward: no\n  masquerade: no\n  forward-ports:\n  source-ports:\n  icmp-blocks:\n  rich rules:\n<\/pre>\n\n\n\n
\"\"
Startseite des Tomcat, Aufruf mit http:\/<servername>:8080<\/figcaption><\/figure>\n\n\n\n
Jetzt ist unser Tomcat \u00fcber explizite Angabe des Ports 8080 erreichbar. Das kann man so machen. muss man aber nicht. Sch\u00f6ner ist es, die Kommunikation auf Port 80 umzulegen.<\/p>\n\n\n\n
sudo iptables -t nat -A PREROUTING -p tcp --dport  80 -j REDIRECT --to-ports 8080<\/strong>\n\nsudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080<\/strong>\n\nsudo iptables-save<\/strong>\n<\/pre>\n\n\n\n
Anzeige der definierten iptables Eintr\u00e4ge:<\/p>\n\n\n\n
sudo iptables -t nat -L<\/strong>\nChain PREROUTING (policy ACCEPT)\ntarget     prot opt source               destination\nREDIRECT   tcp  --  anywhere             anywhere             tcp dpt:http <\/strong>redir ports 8080<\/strong>\n\nChain INPUT (policy ACCEPT)\ntarget     prot opt source               destination\n\nChain POSTROUTING (policy ACCEPT)\ntarget     prot opt source               destination\n\nChain OUTPUT (policy ACCEPT)\ntarget     prot opt source               destination\nREDIRECT   tcp  --  anywhere             anywhere             tcp dpt:http <\/strong>redir ports 8080<\/strong>\n<\/pre>\n\n\n\n
Abspeichern\/Backup der iptables-Konfiguration:<\/p>\n\n\n\n
sudo iptables-save<\/strong>\nsudo iptables-save -c > \/etc\/iptables.rules<\/strong><\/pre>\n\n\n\n
f\u00fcr ein sp\u00e4teres Restore mit folgendem Aufruf:<\/p>\n\n\n\n
sudo iptables-restore < \/etc\/iptables.rules<\/strong><\/pre>\n\n\n\n
Weiter oben haben wir in der firewall den Port 8080 freigegeben. Das ist nun nicht mehr notwendig; entfernen des Ports aus der Firewall:<\/p>\n\n\n\n
sudo firewall-cmd --remove-port=8080\/tcp --permanent<\/strong>\nsuccess\nsudo firewall-cmd --reload<\/strong>\nsuccess\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
Apache Tomcat 10 installieren auf Rocky Linux 8<\/p>\n Weiterlesen →<\/span><\/a>","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[1,218,235,44],"tags":[237,236],"class_list":["post-1310","post","type-post","status-publish","format-standard","hentry","category-allgemein","category-linux","category-tomcat","category-unix","tag-rocky-linux","tag-tomcat"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p37Rzq-l8","_links":{"self":[{"href":"https:\/\/www.symablog.de\/blog\/wp-json\/wp\/v2\/posts\/1310"}],"collection":[{"href":"https:\/\/www.symablog.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.symablog.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.symablog.de\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.symablog.de\/blog\/wp-json\/wp\/v2\/comments?post=1310"}],"version-history":[{"count":11,"href":"https:\/\/www.symablog.de\/blog\/wp-json\/wp\/v2\/posts\/1310\/revisions"}],"predecessor-version":[{"id":1329,"href":"https:\/\/www.symablog.de\/blog\/wp-json\/wp\/v2\/posts\/1310\/revisions\/1329"}],"wp:attachment":[{"href":"https:\/\/www.symablog.de\/blog\/wp-json\/wp\/v2\/media?parent=1310"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.symablog.de\/blog\/wp-json\/wp\/v2\/categories?post=1310"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.symablog.de\/blog\/wp-json\/wp\/v2\/tags?post=1310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}