Red Hat SummitChapter 2. Installing JBoss Web Server on Red Hat Enterprise Linux
You can install JBoss Web Server on Red Hat Enterprise Linux using one of two methods:
Regardless of which method you choose, you must first install a supported Java Development Kit (JDK).
Prerequisites for Red Hat Enterprise Linux-7 and Red Hat Enterprise Linux-8 are different, see Red Hat Enterprise Linux Package Prerequisites.
2.1. Prerequisites
2.1.1. Installing a Java Development Kit (JDK) using the YUM package manager
Before installing JBoss Web Server, you must first install a supported Java Development Kit (JDK).
For a completed list of supported JDKs see Supported operating systems and configurations.
Procedure
Subscribe your Red Hat Enterprise Linux system to the appropriate channel:
OpenJDK:
- rhel-7-server-rpms
- rhel-8-server-rpms
IBM:
- rhel-7-server-supplementary-rpms
- rhel-8-server-supplementary-rpms
Red Hat Enterprise Linux 6 is no longer supported and subsequently was removed from the documentation.
As the root user, execute the command to install a 1.8 JDK:
yum install java-1.8.0-<VENDOR>-devel
# yum install java-1.8.0-<VENDOR>-develCopy to Clipboard Copied! Toggle word wrap Toggle overflow Replace
<VENDOR>withibmoropenjdkRun the following commands as the root user to ensure the correct JDK is in use:
alternatives --config java
# alternatives --config javaCopy to Clipboard Copied! Toggle word wrap Toggle overflow alternatives --config javac
# alternatives --config javacCopy to Clipboard Copied! Toggle word wrap Toggle overflow These commands return lists of available JDK versions with the selected version marked with a plus (
+) sign. If the selected JDK is not the desired one, change to the desired JDK as instructed in the shell prompt.ImportantAll software that use the
javaandjavaccommands uses the JDK set byalternatives. Changing Java alternatives may impact on the running of other software.
2.1.2. Installing a JDK from a compressed archive (such as .zip or .tar)
Before installing JBoss Web Server, you must first install a supported Java Development Kit (JDK).
A full list of supported JDKs is given in section 1.2 of this document.
If the JDK was downloaded from the vendor’s website (Oracle or OpenJDK), use the installation instructions provided by the vendor and set the JAVA_HOME environment variable.
If the JDK has was installed from a compressed archive, set the JAVA_HOME environment variable for Tomcat before running JBoss Web Server.
In the bin directory of Tomcat (JWS_HOME/tomcat/bin), create a file named setenv.sh, and insert the JAVA_HOME path definition.
For example:
cat JWS_HOME/tomcat/bin/setenv.sh export JAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk.x86_64
$ cat JWS_HOME/tomcat/bin/setenv.sh
export JAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk.x86_642.1.3. Red Hat Enterprise Linux Package Prerequisites
Before installing JBoss Web Server on Red Hat Enterprise Linux, ensure the following prerequisites are met.
- A supported JDK is installed.
Additionally, RHEL 8 users needing OpenSSL or APR need to install them from the operating system. To install OpenSSL and APR, run the following commands:
yum install openssl
# yum install opensslCopy to Clipboard Copied! Toggle word wrap Toggle overflow yum install apr
# yum install aprCopy to Clipboard Copied! Toggle word wrap Toggle overflow
You must remove the
tomcatjsspackage before installing thetomcat-nativepackage. Thetomcatjsspackage uses an underlying NSS security model rather than the OpenSSL security model.As the root user, run the following command to remove
tomcatjss:yum remove tomcatjss
# yum remove tomcatjssCopy to Clipboard Copied! Toggle word wrap Toggle overflow
- In RHEL 7, JWS uses OpenSSL and APR from Red Hat JBoss Core Services however in RHEL 8 OpenSSL and APR are used from the operating system.
- RHEL 8 zip package does not contain OpenSSL and APR which should be installed from the operating system.
2.2. Installing and Managing JBoss Web Server (ZIP)
You can install JBoss Web Server from an archive file. Installation from an archive results in different methods of managing the product compared to installation from an RPM package. For example, you can use a system daemon at boot time and manage JBoss Web Server from a command line. Start by downloading and extracting the archive file.
2.2.1. Downloading and Extracting JBoss Web Server
This method of installation involves accessing the Red Hat Customer Portal and locating the correct version of JBoss Web Server.
Prerequisites
- Ensure that all of the prerequisites are met before installing JBoss Web Server.
Procedure
To install JBoss Web Server, download and extract the installation archive files.
- Open a browser and log in to the Red Hat Customer Portal.
- Click Downloads.
- Click Red Hat JBoss Web Server in the Product Downloads list.
- Select the correct JBoss Web Server version from the Version drop-down menu.
Click Download for each of the following files, ensuring that you select the correct platform and architecture for your system:
-
The Red Hat JBoss Web Server 5.5 Application Server (
jws-5.5.0-application-server.zip). -
The Red Hat JBoss Web Server 5.5 Native Components for RHEL (
jws-5.5.0-application-server-<platform>-<architecture>.zip).
-
The Red Hat JBoss Web Server 5.5 Application Server (
Unzip the downloaded archive files to your installation directory.
For example:
unzip jws-5.5.0-application-server.zip -d /opt/ unzip -o jws-5.5.0-application-server-<platform>-<architecture>.zip -d /opt/
# unzip jws-5.5.0-application-server.zip -d /opt/ # unzip -o jws-5.5.0-application-server-<platform>-<architecture>.zip -d /opt/Copy to Clipboard Copied! Toggle word wrap Toggle overflow
The directory created by extracting the archives is the top-level directory for JBoss Web Server. This is referred to as JWS_HOME.
2.2.2. Managing JBoss Web Server on Red Hat Enterprise Linux
There are two supported methods for running and managing Red Hat JBoss Web Server on Red Hat Enterprise Linux:
The recommended method for managing the JBoss Web Server is using a system daemon.
2.2.2.1. Managing JBoss Web Server using a system daemon for .zip installations on Red Hat Enterprise Linux
Using the JBoss Web Server with a system daemon provides a method of starting the JBoss Web Server services at system boot. The system daemon also provides start, stop and status check functions.
The default system daemon for Red Hat Enterprise Linux 8 and Red Hat Enterprise Linux 7 is systemd.
To determine which system daemon is running, issue ps -p 1 -o comm=.
For systemd:
ps -p 1 -o comm=
$ ps -p 1 -o comm= systemdCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Red Hat Enterprise Linux 6 is no longer supported and subsequently was removed from the documentation.
2.2.2.1.1. Setting up and using the JBoss Web Server with systemd
Setting up the JBoss Web Server for systemd
As the root user, execute the .postinstall.systemd script:
cd JWS_HOME/tomcat sh .postinstall.systemd
# cd JWS_HOME/tomcat
# sh .postinstall.systemdControlling the JBoss Web Server with systemd
Systemd commands can only be issued by the root user.
To enable the JBoss Web Server services to start at boot using systemd:
systemctl enable jws5-tomcat.service
# systemctl enable jws5-tomcat.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow To start the JBoss Web Server using systemd:
systemctl start jws5-tomcat.service
# systemctl start jws5-tomcat.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow NoteSECURITY_MANAGERvariable is now deprecated for configurations based on the RHEL zips installations and this adds the following comment:SECURITY_MANAGER has been deprecated. To run tomcat under the Java Security Manager use:
# SECURITY_MANAGER has been deprecated. To run tomcat under the Java Security Manager use: JAVA_OPTS="-Djava.security.manager -Djava.security.policy==\"$CATALINA_BASE/conf/"catalina.policy\"""Copy to Clipboard Copied! Toggle word wrap Toggle overflow To stop the JBoss Web Server using systemd:
systemctl stop jws5-tomcat.service
# systemctl stop jws5-tomcat.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow To verify the status of the JBoss Web Server using systemd (the
statusoperation can be executed by any user):systemctl status jws5-tomcat.service
# systemctl status jws5-tomcat.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow
For more information on using systemd on RHEL 7, see: RHEL 7 System Administrator’s Guide: Managing System Services
For more information on using systemd on RHEL 8, see: RHEL 8 Configuring Basic System Settings: Managing system services with systemctl
2.2.2.2. Managing JBoss Web Server on a command line
2.2.2.2.1. Configuring the JBoss Web Server Installation
The following configuration steps are performed by the .postinstall.sysv script and the .postinstall.systemd script described in Managing JBoss Web Server using a system daemon for .zip installations on Red Hat Enterprise Linux
Some configuration is required before running JBoss Web Server. This section includes the following configuration procedures:
- Setting the JAVA_HOME Environment Variable.
- Creating the tomcat user for simple and secure user management: Creating a Tomcat User.
- Grant the tomcat user access to the JBoss Web Server by moving the ownership of tomcat directory to the tomcat user.
Setting the JAVA_HOME Environment Variable
You must set the JAVA_HOME environment variable for Tomcat before running JBoss Web Server.
In the bin directory of Tomcat (JWS_HOME/tomcat/bin), create a file named setenv.sh, and insert the JAVA_HOME path definition.
For example: export JAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk.x86_64
Creating a Tomcat User
Follow this procedure to create the tomcat user and its parent group:
-
In a shell prompt as the root user, change directory to
JWS_HOME. Run the following command to create the
tomcatuser group:groupadd -g 53 -r tomcat
# groupadd -g 53 -r tomcatCopy to Clipboard Copied! Toggle word wrap Toggle overflow Run the following command to create the
tomcatuser in thetomcatuser group:useradd -c "tomcat" -u 53 -g tomcat -s /sbin/nologin -r tomcat
# useradd -c "tomcat" -u 53 -g tomcat -s /sbin/nologin -r tomcatCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Move the ownership of tomcat directory to the tomcat user
From
JWS_HOME, run the following command to assign the ownership of the Tomcat directories to thetomcatuser to allow the user to run the Tomcat service:chown -R tomcat:tomcat tomcat/
# chown -R tomcat:tomcat tomcat/Copy to Clipboard Copied! Toggle word wrap Toggle overflow You can use
ls -lto verify that thetomcatuser is the owner of the directory.Ensure that the
tomcatuser has execute permissions to all parent directories. For example:chmod -R u+X tomcat/
# chmod -R u+X tomcat/Copy to Clipboard Copied! Toggle word wrap Toggle overflow
2.2.2.2.2. Starting JBoss Web Server
Run the following command as the tomcat user:
sh JWS_HOME/tomcat/bin/startup.sh
$ sh JWS_HOME/tomcat/bin/startup.sh2.2.2.2.3. Stopping JBoss Web Server
To stop Tomcat, run the following command as the tomcat user:
sh JWS_HOME/tomcat/bin/shutdown.sh
$ sh JWS_HOME/tomcat/bin/shutdown.sh2.3. RPM Installation
Installing JBoss Web Server from RPM packages installs Tomcat as service, and installs its resources into absolute paths. The RPM installation option is available for Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8.
RPM installation packages for JBoss Web Server are available from Red Hat Subscription Management.
2.3.1. Attaching subscriptions to Red Hat Enterprise Linux
Before downloading and installing the RPM packages, you must register your system with Red Hat Subscription Management and subscribe to the respective Content Delivery Network (CDN) repositories.
For information on registering Red Hat Enterprise Linux, see the following procedures:
Red Hat Enterprise Linux 6 is no longer supported and subsequently was removed from the documentation.
Procedure
- Log in to the Red Hat Subscription Manager.
- Click on the Systems tab.
-
Click on the
Nameof the system to add the subscription to. -
Change from the Details tab to the Subscriptions tab, then click
Attach Subscriptions. -
Select the check box beside the subscription to attach, then click
Attach Subscriptions.
To verify that a subscription provides the required CDN repositories:
- Log in to: https://access.redhat.com/management/subscriptions.
-
Click the
Subscription Name. Under Products Provided, you require:
- JBoss Enterprise Web Server.
- Red Hat JBoss Core Services.
2.3.2. Installing JBoss Web Server from RPM packages using YUM
Procedure
On a command line, subscribe to the JBoss Web Server CDN repositories for your operating system version using
subscription-manager:subscription-manager repos --enable <repository>
# subscription-manager repos --enable <repository>Copy to Clipboard Copied! Toggle word wrap Toggle overflow For Red Hat Enterprise Linux 7:
- jws-5-for-rhel-7-server-rpms
- jb-coreservices-1-for-rhel-7-server-rpms
For Red Hat Enterprise Linux 8:
- jws-5-for-rhel-8-x86_64-rpms
Issue the following command as the root user to install JBoss Web Server:
yum groupinstall jws5
# yum groupinstall jws5Copy to Clipboard Copied! Toggle word wrap Toggle overflow ImportantFor RPM distributions, the JWS_HOME folder is
/opt/rh/jws5/root/usr/share.
- Although not recommended, instead of using the group install, you can install each of the packages and their dependencies individually.
- The Red Hat JBoss Core Services repositories above are required for the installation of JBoss Web Server except on RHEL 8 systems.
- The feature to enable NFS usage using Software Collection is enabled. For full instructions on this feature refer to the Packaging Guide, Using Software Collections over NFS.
2.3.3. Starting JBoss Web Server
This procedure demonstrates how you can start the JBoss Web Server.
Red Hat Enterprise Linux 6 is no longer supported and subsequently was removed from the documentation.
Procedure
In a shell prompt as the root user, start the Tomcat service.
For Red Hat Enterprise Linux 7 or 8:
systemctl start jws5-tomcat.service
# systemctl start jws5-tomcat.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow NoteThis is the only supported method of starting JBoss Web Server for an RPM installation.
To verify that Tomcat is running, the output of the service
statuscommand should be reviewed. This can be executed as any user.For Red Hat Enterprise Linux 7 or 8:
systemctl status jws5-tomcat.service
# systemctl status jws5-tomcat.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow NoteFor complete instructions on installing and configuring HTTPD on RHEL 8, please see this link
2.3.4. Stopping JBoss Web Server
This procedure demonstrates how you can stop the JBoss Web Server.
Red Hat Enterprise Linux 6 is no longer supported and subsequently was removed from the documentation.
Procedure
In a shell prompt as the root user, stop the Tomcat service.
For Red Hat Enterprise Linux 7 or 8:
systemctl stop jws5-tomcat.service
# systemctl stop jws5-tomcat.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow
To verify that Tomcat is no longer running, the output of the service
statuscommand should be reviewed. This can be executed as any user.For Red Hat Enterprise Linux 7 or 8:
systemctl status jws5-tomcat.service
# systemctl status jws5-tomcat.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow
For complete instructions on installing and configuring HTTPD on RHEL 8, please see this link
2.3.5. Configuring JBoss Web Server Services to Start at Boot
Use the following commands to enable the JBoss Web Server services to start at boot.
Red Hat Enterprise Linux 6 is no longer supported and subsequently was removed from the documentation.
Procedure
Depending on your Red Hat Enterprise Linux version, enter one of the following commands:
For Red Hat Enterprise Linux 7 or 8:
systemctl enable jws5-tomcat.service
# systemctl enable jws5-tomcat.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow
2.4. SELinux Policies
2.4.1. SELinux Policy Information
The following table contains information about the SELinux policies provided in the jws5-tomcat-selinux packages.
| Name | Port Information | Policy Information |
|---|---|---|
| jws5_tomcat |
Four ports in |
The jws5_tomcat policy is installed, which sets the appropriate SELinux domain for the process when Tomcat executes. It also sets the appropriate contexts to allow tomcat to write to |
For more information about using SELinux and other Red Hat Enterprise Linux security information, see the Red Hat Enterprise Linux Security Guide.
2.4.2. SELinux policies for an RPM installation
SELinux policies for JBoss Web Server are provided by the jws5-tomcat-selinux package. These packages are available in the JWS channel.
To enable SELinux policies for JBoss Web Server 5.5, install the jws5-tomcat-selinux package.
2.4.3. SELinux policies for an archive installation
In this release, SELinux policies are provided in the archive packages. The SELinux security model is enforced by the kernel and ensures applications have limited access to resources such as file system locations and ports. This helps ensure that the errant processes (either compromised or poorly configured) are restricted and in some cases prevented from running.
The .postinstall.selinux file is included in the tomcat folder of jws-5.5.0-application-server-<platform>-<architecture>.zip. If required, you can run the .postinstall.selinux script.
To install the SELinux policies using archive:
Install the
selinux-policy-develpackage:yum install -y selinux-policy-devel
yum install -y selinux-policy-develCopy to Clipboard Copied! Toggle word wrap Toggle overflow Execute the
.postinstall.selinuxscript:cd <JWS_home>/tomcat/ sh .postinstall.selinux
cd <JWS_home>/tomcat/ sh .postinstall.selinuxCopy to Clipboard Copied! Toggle word wrap Toggle overflow Add access permissions to the required ports for JBoss Web Server. The JBoss Web Server has access to ports
8080,8009,8443and8005on Red Hat Enterprise Linux systems.When additional ports are required for JBoss Web Server, use the
semanagecommand to provide the necessary permissions, replacing the port number with the port required:semanage port -a -t http_port_t -p tcp <port>
semanage port -a -t http_port_t -p tcp <port>Copy to Clipboard Copied! Toggle word wrap Toggle overflow Start Tomcat:
<JWS_home>/tomcat/bin/startup.sh
<JWS_home>/tomcat/bin/startup.shCopy to Clipboard Copied! Toggle word wrap Toggle overflow Check the context of the running process expecting
jws5_tomcat:ps -eo pid,user,label,args | grep jws5_tomcat | head -n1
ps -eo pid,user,label,args | grep jws5_tomcat | head -n1Copy to Clipboard Copied! Toggle word wrap Toggle overflow To verify the contexts of the Tomcat directories, for example:
ls -lZ <JWS_home>/tomcat/logs/
ls -lZ <JWS_home>/tomcat/logs/Copy to Clipboard Copied! Toggle word wrap Toggle overflow
By default, the SElinux policy provided is not active and the Tomcat processes run in the unconfined_java_t domain. This domain does not confine the processes, and it is recommended that you undertake the following security precautions if you chose not to enable the SElinux policy provided:
-
Restrict file access for the
tomcatuser to only the files and directories that are necessary to the JBoss Web Server runtime. -
Do not run Tomcat as the
rootuser.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}