Red Hat Summit Red Hat Summitサポートコンソール開発者トライアルの開始お問い合わせ

このコンテンツは選択した言語では利用できません。

Release Notes 1.0.1

Red Hat JBoss Web Server 1.0

for use with Red Hat JBoss Web Server 1.0.1

Laura Bailey

Abstract

These release notes contain important information related to Red Hat JBoss Web Server 1.0.1. You should read these Release Notes in their entirety before installing Red Hat JBoss Web Server 1.0.1.

1.  Introduction

These release notes contain important information related to JBoss Enterprise Web Server 1.0.1. New features, known problems, resources, and other current issues are addressed here.

1.1. Overview

JBoss Enterprise Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the industry's leading Web Server (Apache HTTP Server), the popular Apache Tomcat Servlet container as well as the mod_jk connector and the Tomcat Native library. This release of the JBoss Enterprise Web Server consists of the following components:
  • Apache Tomcat 5.5.28: Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Apache Tomcat version 5.5 implements the Servlet 2.4 and JavaServer Pages 2.0 specifications.

    Note

    The default Red Hat Enterprise Linux 5 installation contains Apache Tomcat 5.5.23.
  • Apache Tomcat 6.0.24: Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Apache Tomcat version 6.0 implements the Servlet 2.5 and JavaServer Pages 2.1 specifications.
  • Apache Tomcat Native 1.1.19: Tomcat can use the Apache Portable Runtime to provide superior scalability, performance, and better integration with native server technologies. The Apache Portable Runtime is a highly portable library that is at the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced IO functionality (such as sendfile, epoll and OpenSSL), OS level functionality (random number generation, system status, etc), and native process handling (shared memory, NT pipes and Unix sockets). This package contains the Tomcat native library which provides support for using APR in Tomcat.
  • Apache Tomcat Connector (mod_jk) 1.2.28: Apache Tomcat Connector (mod_jk) is a bridge between Apache Httpd and Apache Tomcat using binary AJP protocol. It also contains a load balancer, which provides clustering and fault tolerance.
  • Apache HTTP Server 2.2.14: The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.

    Note

    The default Red Hat Enterprise Linux 5 installation contains Apache HTTP Server 2.2.3-31.
This release of JBoss Enterprise Web Server is certified for the following Operating Systems :
  • Red Hat Enterprise Linux 4, latest update (x86, x86_64)
  • Red Hat Enterprise Linux 5, latest update (x86, x86_64)
  • Solaris 9 (x86, SPARC32, SPARC64)
  • Solaris 10 (x86, x86_64, SPARC64)
  • Windows Server 2003 SP2 (x86, x86_64)
  • Windows Server 2008 R2 (x86, x86_64)

Important

Red Hat products, including Red Hat Enterprise Linux, are signed with a Red Hat Key to indicate that these packages and JARs are shipped by Red Hat. Red Hat Signed JARs mean you can be confident that your product distribution is exactly the distribution that was shipped by Red Hat.

2. Installation Notes

This section contains information related to installing JBoss Enterprise Web Server version 1.0.1, including hardware and platform requirements and prerequisites.

Important

RPM installation shares Java library files. When Enterprise Web Server coexists with Enterprise Application Platform, library version conflicts occur. Only one version (either Enterprise Web Server or Enterprise Application Platform) can exist on one server when RPM installation is used. The workaround for this issue is to yum remove Enterprise Application Platform before installing Enterprise Web Server.

2.1. Installation Notes for Red Hat Enterprise Linux

The preferred method for installing the JBoss Enterprise Web Server on Red Hat Enterprise Linux is by using the Red Hat Enterprise Linux rpm file; however we will also discuss installation via the zip package.
You must have adequate disk space to install JBoss Enterprise Web Server while also allowing enough space for your applications.
A working, supported installation of Java 1.6 on your system will also be necessary. On Red Hat Enterprise Linux 4 systems subscribed to the Extras channel, this can be achieved by executing: 
up2date java-<version>-<vendor>
Where <version> is 1.6.0 and <vendor> can be sun or ibm.
On Red Hat Enterprise Linux 5 systems, this can be achieved by executing: 
yum install java-<version>-<vendor>
Where <version> is 1.6.0 and <vendor> can be sun, ibm or openjdk. Please note that OpenJDK is only available for version 1.6.0.
Once the Java SDK has been installed, please check to make sure the desired JDK is chosen by executing the following: 
alternatives --config java
alternatives --config javac
If the JDK in use is not the desired option, the above commands can be used to switch to another JDK.

Important

By switching alternatives for the Java JDK for Tomcat, other software that makes use of the java and javac commands will now be using the same JDK as well.
JBoss Enterprise Web Server can either be installed via the Red Hat Network (RHN) or the JBoss Customer Support Portal (CSP).
Installing via RHN

  1. If you are subscribed to the Red Hat Application Stack channel, you will need to disable that channel before installing the JBoss Enterprise Web Server.
  2. Subscribe to the JBoss Enterprise Web Server channel: Red Hat Enterprise Linux 4 ews or Red Hat Enterprise Linux 5 ews
    The available channels for Red Hat Enterprise Linux 4 are:
    • jb-ews-1-i386-es-4-rpm
    • jb-ews-1-x86_64-as-4-rpm
    • jb-ews-1-i386-es-4-rpm
    • jb-ews-x86_64-es-4-rpm
    The avaliable channels for Red Hat Enterprise Linux 5 are:
    • jb-ews-1-i386-server-5-rpm
    • jb-ews-1-x86_64-server-5-rpm
  3. Install the packages: tomcat5, tomcat6, tomcat-native, httpd22 and mod_jk
    On Red Hat Enterprise Linux 4 to install the packages, execute: 
    up2date tomcat6 tomcat6-webapps tomcat6-admin-webapps tomcat5 tomcat5-webapps tomcat5-admin-webapps ecj tomcat-native httpd22 mod_jk-ap20
  4. On Red Hat Enterprise Linux 5, to install the Tomcat 5 packages, you must make the following modification to the /etc/yum.conf file. Comment out the option: 
    exactarch=1

    Note

    This change should be reverted when installation is complete to return yum configuration to the default settings.
    Then install the packages: 
    yum install tomcat6 tomcat6-webapps tomcat6-admin-webapps tomcat5.noarch tomcat5-webapps.noarch tomcat5-admin-webapps.noarch tomcat-native httpd mod_jk-ap20

Installing via CSP

  1. Download the JBoss Enterprise Web Server zip file from the CSP site that is correct for your operating system and architecture.
  2. Unzip the file.

Important

You can install both Tomcat 5 and Tomcat 6 in parallel on your system, however port addresses would need to be modified in order to avoid conflict.

2.2. Red Hat Enterprise Linux directory structure

The following is the default directory layout after a successful installation: 
.
|-- jboss-ews-1.0
    |-- httpd (includes mod_jk)
    |-- tomcat5 (includes tomcat-native)
    |-- tomcat6 (includes tomcat-native)
    |-- doc
|-- jboss-ews-1.0-src
    |-- httpd
    |-- mod_jk
    |-- tomcat5
    |-- tomcat6
    |-- tomcat-native

2.3. Running the Installation

To run the downloaded packages differs depending on the download method. This section will now detail how to run the installation for a RHN download and CSP download.

2.3.1. Running a RPM Installation

Running Tomcat version 5 or 6

Tomcat can be started, stopped, and configured to start automatically at boot time either from the command line or using a graphical tool.

The tomcat5 or tomcat6 services can be started and stopped using the service command as root on a console window (as is typical of a network service):
Starting and stopping the tomcat5 service: 
service tomcat5 start

service tomcat5 stop
Starting and stopping the tomcat6 service: 
service tomcat6 start

service tomcat6 stop
Once the tomcat service has been started, you can verify that it is running by pointing your web browser to http://localhost:8080.
The tomcat service runs under a new tomcat system user. Due to file system permissions it may be necessary to use the su -s /bin/bash tomcat system command to deploy the application under the webapps directory. Alternatively, a developer can be listed in the tomcat user group by the system administrator. The best approach is to use the Web Console (URL above) to deploy the application.
The behavior at boot can be controlled with the chkconfig command (see the chkconfig man page for further details).
Configuration can then be altered in the /etc/sysconfig/tomcat5 file for Tomcat version 5 and the /etc/sysconfig/tomcat6 file for Tomcat version 6.
Running the HTTP Server

The HTTP Server can be started, stopped, and configured to start automatically at boot time either from the command line or using a graphical tool.

The following examples of running the HTTP Server will also cover the differences of undertaking this on Red Hat Enterprise Linux 4 and 5
You can start and stop the HTTP Server service using the service command as root on a console window (as is typical of a network service):
Starting and stopping the HTTP Server service on Red Hat Enterprise Linux 4: 
service httpd22 start

service httpd22 stop
Starting and stopping the HTTP Server service on Red Hat Enterprise Linux 5: 
service httpd start

service httpd stop
Configuration can then be altered in the /etc/sysconfig/httpd22 file on Red Hat Enterprise Linux 4 and the /etc/sysconfig/httpd file on Red Hat Enterprise Linux 5.
Running the mod_jk

To load the mod_jk module, the file /etc/httpd22/conf/httpd.conf on Red Hat Enterprise Linux 4 or the file /etc/httpd/conf/httpd.conf on Red Hat Enterprise Linux 5 needs to be updated, and a workers.properties file needs to be added in that directory. See /usr/share/doc/mod_jk-ap20-1.2.28/mod_jk.conf.sample and /usr/share/doc/mod_jk-ap20-1.2.28/workers.properties.sample for examples of how this can be achieved.

Running log4j for logging in Tomcat 6

To use log4j for logging in Tomcat 6, install the tomcat6-log4j rpm file.

Running log4j for logging in Tomcat 5

To use log4j for logging in Tomcat 5, you must copy the appropriate files from the Tomcat 6 distribution included in JBoss Enterprise Application Platform 1.0.1. Copy log4j.jar from tomcat6/extras into tomcat5/common/lib. Copy log4j.properties from tomcat6/extras files into tomcat5/common/classes.

Running Apache Tomcat Native

Edit /etc/sysconfig/tomcat5 file for Tomcat 5 or /etc/sysconfig/tomcat6 for Tomcat 6 and add the LD_LIBRARY_PATH variable so that it points to the library correct library:

The correct value when running on 64bit architecture is: 
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib64/
The correct value when running on 32bit architecture is: 
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/

2.3.2. Running a ZIP Installation

Running Tomcat version 5 or 6

After extracting the zip file, check to see if a user called tomcat exists on the system by running the following command: 

id tomcat
If the user does not exist then it will need to be added, along with the appropriate usergroup. In order to achieve this, execute the following: 
groupadd -g 91 -r tomcat
useradd -c "Tomcat" -u 91 -g tomcat -s /bin/sh -r -d /home/tomcat tomcat
Once this is completed, if the tomcat user will be running Tomcat, then the ownership of the tomcat directories will need to be changed to reflect this:
For Tomcat 5: 
chown -R tomcat:tomcat tomcat5
For Tomcat 6: 
chown -R tomcat:tomcat tomcat6
To test that the above commands have been successful, check that the tomcat user has execution permission to the tomcat install path.
The JAVA_HOME variable must now be set and this can be achieved by either modifying your .bashrc file or by modifying the Tomcat catalina.sh file.
If you chose to modify your .bashrc file, add the following line with the correct path to suit your systems configuration (a path is provided here as an example only): 
export JAVA_HOME=/usr/lib/jvm/java
If you chose to modify your tomcat5/bin/catalina.sh or tomcat6/bin/catalina.sh file (depending on the version of Tomcat installed), add the following line with the correct path to suit your systems configuration (a path is provided here as an example only): 
JAVA_HOME=/usr/lib/jvm/java
To start and stop Tomcat, execute the follwing scripts as the user tomcat:
To start Tomcat: 
sh startup.sh
To stop Tomcat: 
sh shutdown.sh
Once the Tomcat service has been started, you can verify that it is running by pointing your web browser to http://localhost:8080.
Running the HTTP Server

In order to run the HTTP Server, the distcache and pcre rpm packages must be installed as they are a requirement of mod_ssl. To check if these dependencies are already installed, execute the following in a command prompt: 

rpm -q distcache pcre
The output will either say the rpms are not installed or it will display the package name followed by the version number. If distcache or pcre is not installed, execute:
for Red Hat Enterprise Linux 4: 
up2date distcache
up2date pcre
For Red Hat Enterprise Linux 5: 
yum install distcache
yum install pcre
While undertaking the install, you will be asked it you wish to proceed. When this occurs press the y key.
Once installation is complete run the following command in order to check that the package was installed successfully. 
rpm -q distcache
rpm -q pcre
If the package was successfully installed then the output of the command will be the package name and the version number.
Now, after you have extracted the Enterprise Web Server zip file, change into the httpd directory and run the post install script by executing the following: 
./.postinstall
Check to see if a user called apache exists on the system by running the following command: 
id apache
If the user does not exist then it will need to be added, along with the appropriate usergroup. In order to achieve this, execute the following: 
groupadd -g 91 -r apache 2> /dev/null || :
useradd -c "Apache" -u 91 -g apache -s /bin/sh -r -d /home/apache apache 2> /dev/null || :
Once this is completed, if the apache user will be running the httpd service, then the ownership of the HTTP directories will need to be changed to reflect this: 
chown -R apache:apache httpd
To test that the above commands have been successful, check that the apache user has execution permission to the HTTP server install path.
Start the HTTP server by changing to the httpd directory and executing: 
su -m -c "./sbin/apachectl start"
Stop the HTTP server by executing: 
su -m -c "./sbin/apachectl stop"
Running the mod_jk

To load the mod_jk module, the file httpd/conf/httpd.conf needs to be updated, and a workers.properties file needs to be added in that directory. See doc/mod_jk/mod_jk.conf.sample and doc/mod_jk//workers.properties.sample for examples of how this can be achieved.

Running Apache Tomcat Native

The native library for Tomcat 6 is setup to be used by default, with the LD_LIBRARY_PATH and -Djava.library.path having been set accordingly within the catalina.sh file.

For Tomcat 6, start the service and check that you see a message similar to: 
Feb 8, 2008 12:27:41 PM org.apache.catalina.core.?AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.x.y.
Feb 8, 2008 12:27:41 PM org.apache.catalina.core.?AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
Feb 8, 2008 12:27:41 PM org.apache.coyote.http11.?Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
For Tomcat 5, start the service and if the tomcat native library is not used, a message similar to the one below will appear: 
INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path
Running log4j for logging in a zip installation of Tomcat 6

In order to use log4j logging in Tomcat 6, copy the content of the extras/ directory into the lib/ directory and restart Tomcat.

2.4. Installation Notes for Microsoft Windows

Read this section to learn how to install JBoss Enterprise Web Server on a Microsoft Windows system.

2.4.1. Prerequisites

There are a number of prerequisites that must be fulfilled before you can install JBoss Enterprise Web Server on Microsoft Windows.
  1. Java SDK 1.6
  2. System environment variables:
    JAVA_HOME
    The install location of Java SDK 1.6.
    TMP
    Temporary directory.
    TEMP
    Temporary directory.
    You must use a local administrator account to set up a system environment variable.
    Go to Control Panel > System and click on the Advanced tab. Click the Environment Variables button. Click the New for System Variables, and enter the required JAVA_HOME, TMP and TEMP name-value pairs.

2.4.2. Installing Enterprise Web Server

  1. Download the JBoss Enterprise Web Server zip file from the CSP site that is correct for your operating system and architecture.
  2. Unzip the Enterprise Web Server binary inside C:\Program Files.
    To extract the .zip archive, right-click on the file and select Extract All.... Click Next. When prompted for the extract location, click Browse and navigate to the C:\Program Files directory. Click Finish.
    Your files will be extracted to C:\Program Files\Red Hat\Enterprise Web Server.
  3. Run JBoss Enterprise Web Server as an administrator:
    1. Run the Command Prompt as an administrator. Click on Start > All Programs > Accessories. Right-click on Command Prompt and select Run as administrator.

      Note

      You will need to select Run as administrator even if you are logged in as an administrator.

      Note

      Windows Server 2003 does not have the User Account Control concept, so you will only need to run the Command Prompt (cmd.exe).
    2. Inside the Command Prompt, type the following to move to the etc directory of your Enterprise Web Server installation: 
      C:\> cd /D "C:\Program Files\Red Hat\Enterprise Web Server\etc"
    3. Run the post-installation script by typing: 
      C:\> call postinstall.bat
      This script creates the required symbolic links (Junction Points) for temporary logging and configuration directories.

2.4.3. Installing services

Installing Apache Httpd as a service

  1. Run the Command Prompt as administrator. Click on Start > All Programs > Accessories. Right-click on Command Prompt and select Run as administrator.
  2. Move to the bin directory of your new installation: 
    C:\> cd /D "C:\Program Files\Red Hat\Enterprise Web Server\bin"
    Then type the following: 
    C:\> httpd -k install

    Note

    This step can cause a Firewall security dialog prompt to allow networking access for the Apache Httpd service. Click Allow if you wish to access this service from the network.

    Note

    By default, Apache Httpd is configured to listen on port 80. If you have Microsoft IIS installed, ensure either that:
    • World Wide Web... service is stopped and the Startup Type is set to Manual
    • World Wide Web... service is configured to listen on a different port
    Alternatively, you can edit the httpd.conf file before installing the service and change the Listen directive to a port that will not collide with the Internet Information Service listening ports.

Installing Apache Tomcat as a service

  1. Run the Command Prompt as administrator. Click on Start > All Programs > Accessories. Right-click on Command Prompt and select Run as administrator.

    Note

    On 64-bit Windows, you need to use the 64-bit version of the Command Prompt (cmd.exe). Running the cmd command from a 32-bit application launches a 32-bit Command Prompt instance. This causes the service setup script to fail with a File Not Found warning.
  2. Move to the sbin directory in your JBoss Enterprise Web Server installation: 
    C:\> cd /D "C:\Program Files\Red Hat\Enterprise Web Server\sbin"
    Then type the following to install Apache Tomcat 6: 
    C:\> call service6.bat install
    You can check the service parameters by typing tomcat6w.exe.

    Note

    You can install Apache Tomcat 5.5 instead with the call service5.bat install command, and check its service parameters with tomcat5w.exe.
2.4.3.1. Service security settings
Follow the steps in this section to ensure that the account used to run the services has full control over the C:\Program Files\Red Hat folder and all of its subfolders.

For Windows Server 2003:

  1. Right-click on the C:\Program Files\Red Hat folder and click on Properties.
  2. Select the Security tab.
  3. Click the Add.. button and type in LOCAL SERVICE.
  4. Check the Full Control check box for the new LOCAL SERVICE account.
  5. Click the Advanced button.
  6. Inside the Advanced Security Settings for Red Hat dialog, check the Replace permissions on all child objects... check box and click the OK button.
The new settings will be applied after a short while (one or two minutes).
This procedure differs slightly in Windows Server 2008 or Windows Server 2008R2, but the end result must be the same.

2.5. Windows directory structure

The following is the default directory layout after a successful installation: 
|-- bin
|-- doc
|-- etc
|   |-- httpd
|   |-- postinstall.bat
|   |-- ssl
|   `-- sysconfig
|-- include
|-- lib64
|-- sbin
|-- share
|   |-- apache-tomcat-5.5.28
|   |-- apache-tomcat-6.0.24
|   |-- java
|   |-- tomcat5
|   `-- tomcat6
`-- var
    |-- cache
    |-- log
    |-- run
    `-- www
The Windows directory structure follows Red Hat Enterprise Linux conventions:
  • The bin and sbin directories contain the executable files for Apache HTTP Server and Tomcat.
  • The etc directory contains configuration files for Apache HTTP Server and the post-installation script.
  • The share directory contains Apache Tomcat 5 and 6 installations and shared Java JARs.
  • The var contains two sub-directories:
    log
    This directory contains the log files for Apache HTTP Server and Tomcat.
    www
    Apache HTTP Server looks in this directory for web content in the default configuration.

2.6. Installation Notes for the Solaris Operating System

The preferred method for installing the JBoss Enterprise Web Server on the Solaris operating system is by using the provided Solaris package file; however we will also discuss installation via the zip package.
Download the desired Enterprise Web Server package that you wish to use and that will match your Solaris version and CPU architecture.

Note

For Solaris you can choose between i386 (x86) and x86_64 system versions. If running a x86_64 JVM choose the x86_64 version of the Enterprise Web Server.
If you are building the packages from source, the Tomcat 5 and Tomcat 6 packages (regardless of the Tomcat you choose) will be built by using the srpms.

2.6.1. Installation using the Solaris package

Log into your system as root and use the gunzip and pkgadd commands. The commands will be: 
gunzip RHATews-1.0.0*-solaris10-i386.package.gz
and 
pkgadd -d RHATews-1.0.0*-solaris10-i386.package
The output will be: 
The following packages are available:
1  RHATews     JBoss Enterprise Web Server (i386) 1.0.0,REV=2.el5
					
Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]:
Type 1 or just press enter. The following information will now appear: 
JBoss Enterprise Web Server(i386) 1.0.0,REV=2.GA
	
	
END USER LICENSE AGREEMENT
JBOSS(r) ENTERPRISE MIDDLEWARE(tm)
	
The end user license agreement ("EULA") governs the use of the various software modules that collectively comprise JBoss Enterprise Middleware
and any related updates, source code, appearance, structure and organization,
regardless of the delivery mechanism.
	
The JBoss Enterprise Middleware EULA can be found here:
http://www.redhat.com/licenses/jboss_eula.html
	
	
## Executing checkinstall script.
Using </opt> as the package base directory.
## Processing package information.
## Processing system information.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.

This package contains scripts which will be executed with super-user
permission during the process of installing this package.

Do you want to continue with the installation of <RHATews> [y,n,?]
The package installer contains custom scripts that execute during install and are used for setting up the apache and tomcat user accounts. When package installer asks whether you wish to continue with the installation type y and press enter.
Installation will then commence and the following will be displayed: 
## Executing postinstall script.
Apache group (id=48) already exists. +++ or created if not
Apache user  (id=48) already exists.
Generating private RSA key ... OK
Generating new (+++ user hostname displayed here) certificate ... OK
Tomcat group (id=91) already exists.
Tomcat user  (id=91) already exists.
	
-----------------------------------------------------------------------
NOTICE
-----------------------------------------------------------------------
	
JAVA_HOME environment variable is not set.
Either set the  JAVA_HOME  or edit the configuration
scripts inside `/opt/redhat/ews/etc/sysconfig' directory
and set the JAVA_HOME to the installed JDK location.
	
	
Installation of <RHATews> was successful.
After the installation finishes the package is installed within the /opt/redhat/ews directory.
The package information can be checked by executing the following command: 
pkginfo -l RHATews

Note

During installation the system generated a notice that the JAVA_HOME environment variable was not set. Configuring this is discussed later in the Section 2.8, “Running on a Solaris Operating System Installation” section.

2.6.2. Installation using the zip package

Installing the zip package requires root access and the GNU version of tar.
The package should be uncompressed inside the /opt directory since the post installation script will not run if installation occurs within a different location.
The commands to achieve this are as follows: 
cd /opt
unzip -q RHATews-1.0.0*-solaris10-i386.zip
Once extraction of the archive has completed, the post install script must be run in order to setup the user accounts and final directories with required access privileges.
This is achieved with the following commands: 
cd /opt/redhat/ews/etc
sh .postinstall
Once the post install process has been completed, the users and groups apache with an ID of 48 and tomcat with an ID of 91, will have been created. The apache user will be used to run httpd, while the tomcat user will be used to run tomcat.
In addition, the post install process will also create the following additional directories that the tomcat group has write permission to:
  • /var/logs/tomcat5
  • /var/logs/tomcat6

2.7. The Solaris operating system directory structure

The following is the default directory layout after a successful installation: 
.
|-- /opt/redhat/ews
    |-- bin
    |-- doc
    |-- etc
    |-- lib
    |-- lib64 (present only for the x86_64 systems platform)
    |-- include
    |-- README
    |-- man
    |-- share
        |-- tomcat5
        |-- tomcat6
    |-- sbin
    |-- var
The Solaris operating system directory structure is different to the Red Hat Enterprise Linux structure and the reasoning for this is as follows:
  • Native Solaris packages require the absolute location
  • Solaris operating systems (and other non-Red Hat Enterprise Linux platforms) must ship and build all the dependent components such as openldap, openssl, db4 and cyrus-sasl to name a few.

2.8. Running on a Solaris Operating System Installation

Red Hat Enterprise Web Server consists of Apache Httpd and Apache Tomcat and the set of components needed to run them. These components can be run with the following users and groups who are created after installation:
Running Tomcat version 5 or 6

In order to run Tomcat on the Solaris operating system, some service configuration files will need manual editing.

Editing the Tomcat service entails uncommenting and setting the JAVA_HOME variable to the desired JDK in the configuration file. The configuration file can be found at:
For Tomcat 5: 
/opt/redhat/ews/etc/sysconfig/tomcat5
For Tomcat 6: 
/opt/redhat/ews/etc/sysconfig/tomcat6
To run Tomcat 5 or 6, the following command must be run as root:
For Tomcat 5: 
sbin/tomcat5 start
For Tomcat 6: 
sbin/tomcat6 start
By running one of the above commands, the configuration file is read and the user and group are changed to that of the tomcat user account before the catalina.sh script is executed.
The catalina.sh script file can be found within:
For Tomcat 5: 
/opt/redhat/ews/share/tomcat5/bin
For Tomcat 6: 
/opt/redhat/ews/share/tomcat6/bin
To stop Tomcat, one of the following commands can be executed:
For Tomcat 5: 
sbin/tomcat5 stop
For Tomcat 6: 
sbin/tomcat6 stop
By default, tomcat-native is automatically added to the LD_LIBRARY_PATH and -Djava.library.path during Tomcat startup. The catalina.sh script detects the running JVM version and adds the /opt/redhat/ews/lib path (/opt/redhat/ews/lib64 for 64 bit JVM) to the library path.
To run Tomcat as a service, use the provided scripts within the /opt/redhat/ews/etc/init.d directory. The following commands can be used to copy the necessary scripts:
For Tomcat 5: 
cp /opt/redhat/ews/etc/init.d/tomcat6 /etc/rc3.d/S70tomcat5
cp /opt/redhat/ews/etc/init.d/tomcat6 /etc/rcS.d/K20tomcat5
For Tomcat 6: 
cp /opt/redhat/ews/etc/init.d/tomcat6 /etc/rc3.d/S70tomcat6
cp /opt/redhat/ews/etc/init.d/tomcat6 /etc/rcS.d/K20tomcat6
For information on how to choose the init level numbers, consult your Solaris operating system documentation. The preferred method of service management is through the Solaris Service Management Facility. In order to read more about this facility, consult the smf(5) manual.
Running the HTTP Server

Apache httpd configuration files are located inside the /opt/redhat/ews/etc/httpd directory. By default all supported modules are loaded and enabled, so it is advised that you edit the httpd.conf file and disable the modules you don't need.

Starting the HTTP server is performed using the provided apachectl script located inside the /opt/redhat/ews/sbin directory. The apachectl script uses the configuration script, where you can edit and select various startup parameters, including the running of mpm. The file used is /opt/redhat/ews/etc/sysconfig/httpd
To start the HTTP Server, use the following command: 
sbin/apachectl start
To stop the HTTP Server, use the following command: 
sbin/apachectl stop
If you want your server to continue running automatically after a system reboot, a call to the apachectl script should be added to your system startup files.

Note

For complete documentation on how to start and stop the HTTP Server, refer to the files, docs/httpd/invoking.html and docs/httpd/stopping.html respectively.
Running the mod_jk

Running mod_jk on the Solaris operating system is the same as running the package on Red Hat Enterprise Linux installed via zip. For detailed instructions see Running the mod_jk

2.9. Uninstalling the package in the Solaris operating sytem

Uninstalling the Enterprise Web Server in the Solaris operating system is achieved by first executing: 
pkgrm RHATews
Following this, the run-time files have to be manually removed. The directories requiring manual removal are:
  • /opt/redhat/ews
  • /var/run/tomcat5
  • /var/run/tomcat6
  • /var/cache/tomcat5
  • /var/cache/tomcat6
  • /var/log/httpd
  • /var/cache/mod_ssl
  • /var/cache/mod_proxy

2.11. Excluded, Removed and Deprecated Items

This section outlines the items which are excluded from this release, deprecated or removed. In order to maintain a high level of backwards compatibility and customer service, an item will usually be deprecated before it is removed from a release.

Note

The difference between an excluded item and a removed item is that an excluded item is one that is commonly apart of a component of the JBoss Enterprise Web Server but has never featured within a JBoss Enterprise Web Framework release. However, a removed item is one that has previously been in a release of the JBoss Enterprise Web Server and is no longer included.

2.11.1. Excluded Items

The following items have been excluded from this release of the JBoss Enterprise Web Server:
  • Tomcat Clustering has been excluded from the Apache Tomcat 6 component. Specifically the catalina-tribes.jar file has been removed. This has occurred to eliminate any possibility of session replication and because Red Hat does not believe this feature is suitable for medium or large scale production deployments.

2.11.2. Deprecated Items

The following items have been deprecated for this release of the JBoss Enterprise Web Server:
  • The Tomcat Clustering feature of Apache Tomcat 5 is marked as deprecated for this release. Specifically the catalina-cluster.jar file has been deprecated.

2.11.3. Removed Items

None.

2.13.  Issues fixed in this release

The following sections detail the issues fixed in this release of JBoss Enterprise Web Server. Updates for some of these issues have been made available previously via Red Hat Network, and are listed alongside the appropriate Red Hat Security Advisory identifier.

2.13.1. Fixed Security Issues

CVE-2010-2086
JBoss Enterprise Web Server 1.0.0 ships with Apache MyFaces 1.1.0. Apache MyFaces 1.1.0 does not support encrypted view state. When the application's view state is not encrypted, it is possible for an attacker to supply a new or modified view object as part of a request. This allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
This issue is resolved in JBoss Enterprise Web Server 1.0.1 because it does not include Apache MyFaces.
CVE-2009-3555
A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation on Red Hat Enterprise Linux 4 and 5. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials.
Refer to the following Knowledgebase article for more information about how this issue affects JBoss Enterprise Web Server: http://kbase.redhat.com/faq/docs/DOC-20491
CVE-2009-3095
A flaw was found in the Apache mod_proxy_ftp module on Red Hat Enterprise Linux 4 and 5 such that, in a reverse proxy configuration, a remote attacker could bypass intended access restrictions by creating a HTTP Authorization header and send arbitrary commands to the FTP server. (RHSA-2010:0011)
CVE-2009-3094
A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp module on Red Hat Enterprise Linux 4 and 5. A malicious FTP server to which requests were proxied could use this flaw to crash an httpd child process through a malformed reply to the EPSV or PASV commands, resulting in a limited denial of service. (RHSA-2010:0011)
CVE-2009-2902
A directory traversal flaw was found in the Tomcat deployment process. WAR file names were not being sanitized during Tomcat deployment in Red Hat Enterprise Linux 4 and 5. This could allow attackers to create a specially-crafted WAR file that could delete files in the Tomcat host's work directory. (RHSA-2010:0119)
CVE-2009-2699
A flaw was found in the way errors were handled in the Event Port back end in the Apache Portable Runtime (APR) library, used by the Apache HTTP Server. If an error was incorrectly handled while processing HTTP requests, httpd could hang. Note: This flaw only affected users running JBoss Enterprise Web Server on the Solaris operating system.
CVE-2009-2693
A directory traversal flaw was found in the Tomcat deployment process. An attacker could create a specially-crafted WAR file which, once deployed by an unsuspecting local user, would lead to attacker-controlled content being deployed outside the web root, into directories accessible to the Tomcat process. (RHSA-2010:0119)
CVE-2009-2412
Multiple integer overflow flaws that led to heap-based buffer overflows were found in the way the Apache Portable Runtime (APR) included in httpd22 manages memory pool and relocatable memory allocations on Red Hat Enterprise Linux 4. An attacker could use these flaws to issue a specially-crafted request for memory allocation, which would lead to a denial of service (application crash) or, potentially, execute arbitrary code with the privileges of an application using the APR libraries. (RHSA-2009:1462)
CVE-2009-1955
A denial of service flaw was found in the Apache HTTP Server apr-util Extensible Markup Language (XML) parser for Red Hat Enterprise Linux 4. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine. (RHSA-2009:1160)
CVE-2009-1891
A denial of service flaw was found in the Apache HTTP Server mod_deflate module for Red Hat Enterprise Linux 4 and 5. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This caused mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. (RHSA-2009:1155, RHSA-2009:1160)
CVE-2009-1890
A denial of service flaw was found in the Apache HTTP Server mod_proxy module when it was used as a reverse proxy on Red Hat Enterprise Linux 4 and 5. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. (RHSA-2009:1155, RHSA-2009:1160)
CVE-2009-1195
In Apache HTTP Server on Red Hat Enterprise Linux 4 and 5, in configurations using the AllowOverride directive with certain Options= arguments, local users were not restricted from executing commands from a Server-Side-Include script as intended. (RHSA-2009:1155, RHSA-2009:1160)
CVE-2009-0783
In Tomcat 5 and 6 on Red Hat Enterprise Linux 4 and 5, web applications containing their own XML parsers could replace the XML parser that Tomcat uses to parse configuration files. A malicious web application running on a Tomcat instance could read or, potentially, modify the configuration and XML-based data of other web applications deployed on the same Tomcat instance. (RHSA-2009:1506, RHSA-2009:1454)
CVE-2009-0580
In Tomcat 5 and 6 on Red Hat Enterprise Linux 4 and 5, the error checking methods of certain authentication classes did not have sufficient error checking, allowing remote attackers to ennumerate (via brute force methods) usernames registered with applications running on Tomcat when FORM-based authentication was used. (RHSA-2009:1506, RHSA-2009:1454)
CVE-2009-0033
A flaw was found in the way that the Tomcat 5 and 6 AJP (Apache JServ Protocol) connector processed AJP connections on Red Hat Enterprise Linux 4 and 5. An attacker could use this flaw to send specially-crafted requests that would cause a temporary denial of service. (RHSA-2009:1506, RHSA-2009:1454)
CVE-2009-0023
A heap-based underwrite flaw was discovered in the way Apache HTTP Server's apr-util library created compiled forms of particular search patterns on Red Hat Enterprise Linux 4. An attacker could formulate a specially-crafted search keyword that would overwrite arbitrary heap memory locatons when processed by the pattern preparation engine. (RHSA-2009:1160)
CVE-2008-5515
In Tomcat 5 and 6 on Red Hat Enterprise Linux 4 and 5, request dispatchers did not properly normalize user requests that had trailing query strings, which allowed remote attackers to send specially-crafted requests that would cause an information leak. (RHSA-2009:1506, RHSA-2009:1454)
CVE-2007-5333
Tomcat 5 did not properly handle a certain character sequence in cookie values on Red Hat Enterprise Linux 4 and 5. A remote attacker could use this flaw to obtain sensitive information, such as session IDs, and use this information for session hijacking attacks. (RHSA-2009:1454)

Note

Version 0 cookies that contain values that must be quoted to be valid are automatically changed to version 1 cookies. To reactivate the previous, but insecure, behavior, add the following entry to /etc/tomcat5/catalina.properties 
org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false
CVE-2009-1191
An information disclosure flaw was found in Apache HTTP Server's mod_proxy_ajp module. In certain situations, if a user sent a specially-crafted HTTP request, the httpd server could return a response intended for another user. (RHSA-2009:1058)

2.13.2. General Fixed Issues

JBPAPP-3272
Installing the tomcat5-admin-webapps package resulted in missing dependencies. This made it impossible to access the Tomcat Administration section from http://localhost:8080/. The missing dependency, jakarta-commons-chain, has been added.
JBPAPP-3255
The zip distribution of Enterprise Web Server 1.0 did not contain the administration web application, and directed users to download and install tomcat5-admin-webapps separately. The package is now included in the zip distribution.
JBPAPP-2850
Apache HTTP Server Control Interface (apachectl) required several modifications to work with Enterprise Web Server. The httpd/.postinstall script has been updated to make these modifications automatically.
JBPAPP-2122
The apachectl binary available from the Customer Service Portal for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5 i386 was zero length. The fix for this caused problems with the RPM distribution. This has been corrected.
JBPAPP-1838
When Enterprise Web Server was installed by zip, the httpd/.postinstall script did not modify the conf/httpd.conf file to point to the correct ServerRoot directory.
JBPAPP-1837
Following RPM installation on Red Hat Enterprise Linux 4, the /var/log/httpd22 directory was not automatically created, which forced the httpd startup script to fail. The directory is now created on startup.
JBPAPP-1809
Some Tomcat users would receive a warning that there were no write permissions on the directory. This problem can no longer be reproduced.
JBPAPP-1788
Tomcat 6 on the Solaris operating system stopped at the command /ews/etc/init.d/tomcat6 stop, and though the server terminated successfully, the output displayed command usage errors because the CATALINA_PID variable was not defined in Tomcat 6. CATALINA_PID is now defined and the command usage errors no longer occur.
JBPAPP-1783
Two Tomcat Native libraries, libapr and libaprutil have been included in Enterprise Web Server to prevent problems when running Enterprise Web Server on Red Hat Enterprise Linux 5.

2.13.3.  Known Issues with this release

Following is a list of known issues at the time of release.

General Known Issues

JBPAPP-3789
Installing both Tomcat 5 and Tomcat 6 rpms causes Tomcat 5 to load the Tomcat 6 servlet JAR, tomcat6-servlet-2.5-api.jar, instead of geronimo-j2ee-1.4-apis.jar. Before Tomcat 6 is installed, Tomcat 5 uses: 
/var/lib/tomcat5/common/lib/\[servlet\].jar -> /usr/share/java/servlet.jar -> 
/etc/alternatives/servlet -> /usr/share/java/geronimo-j2ee-1.4-apis.jar
After Tomcat 6 is installed, Tomcat 5 uses: 
/var/lib/tomcat5/common/lib/\[servlet\].jar -> /usr/share/java/servlet.jar -> 
/etc/alternatives/servlet -> /usr/share/java/tomcat6-servlet-2.5-api.jar
There are two workarounds to this issue:
  1. Install only the Tomcat 6 rpm, and install Tomcat 5 from the zip download.
  2. Remove /var/lib/tomcat5/common/lib/\[servlet\].jar and copy geronimo-j2ee-1.4-apis.jar to /var/lib/tomcat5/common/lib/ to achieve the same effect.
JBPAPP-3762
When JBoss Enterprise Web Server is run on the IBM Java Development Kit 1.6 using Java Security Manager, Tomcat 6 does not start.
JBPAPP-3755
The current JBoss ON plugin (v2.3) for JBoss Enterprise Web Server is not supported on Windows or Solaris platforms, and there are several known issues on Red Hat Enterprise Linux. JBoss ON support for JBoss Enterprise Web Server on these platforms is planned for a future release of JBoss ON.
JBPAPP-3753
Undeploying any web application in the /manager and /admin applications causes an infinite loop. We do not currently recommend using the /manager or /admin applications to undeploy applications from your server.
JBPAPP-3735
The Apache HTTP Server module mod_ssl provides an interface to the OpenSSL library, which provides Strong Encryption using the Transport Layer Security/Secure Sockets Layer security protocols. To use this feature, install the mod_ssl package.
JBPAPP-3734
Unless <package>.noarch is specified for Tomcat 5 packages, yum fetches all Tomcat 5 packages from the Red Hat Enterprise Linux 5 base channel instead of the JBoss Enterprise Web Server channel. The installation instructions have been modified to include a work-around for this issue.
JBPAPP-3685
Attempting to edit server configuration details with the Tomcat 5 administration application results in some configuration information being lost from the configuration file (server.xml). At present we do not recommend using the the administration application for Tomcat 5.
JBPAPP-3658
Attempting to delete an existing host with the Tomcat 5 Administration Tool results in a NullPointerException. This is a problem upstream and is expected to be fixed for JBoss Enterprise Web Server 1.0.2.
JBPAPP-3646
The Tomcat 6 test suite attempts to compile and execute org.apache.catalina.tomcat.util.http.TestCookies instead of org.apache.tomcat.util.http.TestCookies. This is a problem upstream and is expected to be fixed for JBoss Enterprise Web Server 1.0.2.
JBPAPP-3644
Setting SECURITY_MANAGER="true" in sysconfig/tomcat5 or sysconfig/tomcat6 has no effect. To start the server securely, users must start with the -secure flag, like so: 
catalina.sh start -secure
This is a problem upstream and is expected to be fixed for JBoss Enterprise Web Server 1.0.2.
JBPAPP-3628
When a virtual host is created using the /host-manager/html application, all actions work as expected, but the newly created host is not persistently added to the Tomcat configuration. Only the localhost is listed after server restart. This is a problem upstream and is expected to be fixed for JBoss Enterprise Web Server 1.0.2.
JBPAPP-3627
The Host Manager Help link in the /host-manager application leads to a HTTP 404 Error. This is a problem upstream and is expected to be fixed for JBoss Enterprise Web Server 1.0.2.
JBPAPP-3626
The links that Tomcat Web Application Manager displays for /host-manager and /manager result in a HTTP 404 Error. To work around this issue, add the following section to the WEB-INF/web.xml descriptor, immediately after the servlet-mapping section: 
<welcome-file-list>
   <welcome-file>
      html/
   </welcome-file>
</welcome-file-list>
This is a problem upstream and is expected to be fixed for JBoss Enterprise Web Server 1.0.2.
JBPAPP-3625
When Tomcat Native is used upon server shutdown, a "Server accept failed" error occurs because the AJP Connector continues to wait for a client connection during shutdown. This is a problem upstream and is expected to be fixed for JBoss Enterprise Web Server 1.0.2.
JBPAPP-2852
RPM installation shares Java library files. When Enterprise Web Server coexists with Enterprise Application Platform or similar, library version conflicts occur. Only one version (either Enterprise Web Server or Enterprise Application Platform) can exist on one server when RPM installation is used. The workaround for this issue is to yum remove Enterprise Application Platform before installing Enterprise Web Server.
JBPAPP-2655
jaxp_parser_impl.jar and xml-commons-apis.jar are not included in Tomcat 6. This can cause a SAXParseException when parsing XML with a specific encoding (for example, GBK). Tomcat 6 requires JDK5 or higher; these JARs are not included in Tomcat because the JAXP implementation (JAXP 1.3) is built into JDK5. If users require encoding that is not supported by JAXP 1.3, the user must provide an external implementation of that encoding. The workaround for the missing JARs is therefore to copy them from Tomcat 5 into Tomcat 6.
JBPAPP-2150
The presence of a httpd-devel.i386 package in the Red Hat Enterprise Linux 5 base channel means that the httpd-devel may not be properly installed to the Red Hat Enterprise Linux x86_64 from the JBoss Enterprise Web Server channel. The correct way to install this package is to run the following command: 
yum install httpd-devel.x86_64
JBPAPP-1966
Apache Tomcat handles SSL encryption and decryption such that browser-httpd communication takes place in HTTPS. However, communication between httpd and JBoss Enterprise Web Server takes place in plain HTTP. By default, redirects will also use HTTP. To use HTTPS redirects, define the following attributes on the JBoss HTTP Connector: 
proxyName="www.somedomain.com" proxyPort="443" scheme="https"
If JBoss Enterprise Web Server handles redirect requests for both HTTP and HTTPS, you will need one HTTP connector per protocol.

A. Revision History

Revision History
Revision 2.3.0-0.1Wed Feb 11 2015Lucas Costi
Updated the Product Name to reflect the new name grouping for the product. No update was made to details in the guide.
Revision 1.0.1-13Tue Jun 21 2011Rebecca Newton
Updating for security fixes.
Revision 2.3.0-0Mon Dec 20 2010Rebecca Newton
Updating CVE descriptions.
Revision 2.2.0-0Thu Oct 07 2010Rebecca Newton
Retagging for Publican update.
Revision 2.1.0-0Mon Feb 22 2010Laura Bailey
Corrected CVE descriptions.

Legal Notice

Copyright © 2010 Red Hat, Inc.
This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Red Hat logoGithubRedditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

© 2024 Red Hat, Inc.