Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 2. Installing JBoss Web Server on Red Hat Enterprise Linux from archive files
You can install JBoss Web Server on Red Hat Enterprise Linux from archive files or RPM packages. If you want to install JBoss Web Server from archive files, you can download and extract the JBoss Web Server archive files from the Red Hat Customer Portal.
When you install JBoss Web Server from an archive file, you can manage the product in different ways. For example, you can use a system daemon at system startup or manage JBoss Web Server from a command line.
2.1. Prerequisites
- You have installed a supported Java Development Kit (JDK) by using the YUM package manager or from a compressed archive.
- Your system is compliant with Red Hat Enterprise Linux package requirements.
2.1.1. Installing a JDK by using the YUM package manager
You can use the YUM package manager to install a Java Development Kit (JDK). For a full list of supported JDKs, see JBoss Web Server operating systems and configurations.
Procedure
Subscribe your Red Hat Enterprise Linux system to the appropriate channel:
OpenJDK:
- rhel-7-server-rpms
- rhel-8-server-rpms
- rhel-9-server-rpms
IBM:
- rhel-7-server-supplementary-rpms
- rhel-8-server-supplementary-rpms
- rhel-9-server-supplementary-rpms
ImportantRed Hat Enterprise Linux 6 is no longer supported and subsequently was removed from the documentation.
As the root user, execute the command to install a 1.8 JDK:
yum install java-1.8.0-<VENDOR>-devel
# yum install java-1.8.0-<VENDOR>-develCopy to Clipboard Copied! Toggle word wrap Toggle overflow Replace
<VENDOR>withibmoropenjdkRun the following commands as the root user to ensure the correct JDK is in use:
alternatives --config java
# alternatives --config javaCopy to Clipboard Copied! Toggle word wrap Toggle overflow alternatives --config javac
# alternatives --config javacCopy to Clipboard Copied! Toggle word wrap Toggle overflow These commands return lists of available JDK versions with the selected version marked with a plus (
+) sign. If the selected JDK is not the desired one, change to the desired JDK as instructed in the shell prompt.ImportantAll software that use the
javaandjavaccommands uses the JDK set byalternatives. Changing Java alternatives may impact on the running of other software.
2.1.2. Installing a JDK from a compressed archive
You can install a Java Development Kit (JDK) from a compressed archive such as a .zip or .tar file. For a full list of supported JDKs, see JBoss Web Server operating systems and configurations.
Procedure
-
If the JDK was downloaded from the vendor’s website (Oracle or OpenJDK), use the installation instructions provided by the vendor and set the
JAVA_HOMEenvironment variable. If the JDK was installed from a compressed, archive, set the
JAVA_HOMEenvironment variable for Tomcat:-
In the
bindirectory of Tomcat (JWS_HOME/tomcat/bin), create a file namedsetenv.sh. In the
setenv.shfile, enter theJAVA_HOMEpath definition. For example:cat JWS_HOME/tomcat/bin/setenv.sh export JAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk.x86_64
$ cat JWS_HOME/tomcat/bin/setenv.sh export JAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk.x86_64Copy to Clipboard Copied! Toggle word wrap Toggle overflow
-
In the
2.1.3. Red Hat Enterprise Linux package requirements
Before you install JBoss Web Server on Red Hat Enterprise Linux, you must ensure that your system is compliant with the following package requirements.
The package requirements vary depending on the version of Red Hat Enterprise Linux you are using.
On Red Hat Enterprise Linux version 8 or 9, if you want to use OpenSSL or Apache Portable Runtime (APR), you must install the
opensslandaprpackages that Red Hat Enterprise Linux provides.To install the
opensslpackage, enter the following command as the root user:yum install openssl
# yum install opensslCopy to Clipboard Copied! Toggle word wrap Toggle overflow To install the
aprpackage, enter the following command as the root user:yum install apr
# yum install aprCopy to Clipboard Copied! Toggle word wrap Toggle overflow
You must remove the
tomcatjsspackage before you install thetomcat-nativepackage. Thetomcatjsspackage uses an underlying Network Security Services (NSS) security model rather than the OpenSSL security model.To remove the
tomcatjsspackage, enter the following command as the root user:yum remove tomcatjss
# yum remove tomcatjssCopy to Clipboard Copied! Toggle word wrap Toggle overflow
-
On Red Hat Enterprise Linux 7, JBoss Web Server uses the
opensslandaprpackages that Red Hat JBoss Core Services provides. -
On Red Hat Enterprise Linux versions 8 and 9, JBoss Web Server does not provide
opensslandaprpackages. JBoss Web Server uses theopensslandaprpackages that Red Hat Enterprise Linux provides. If you want to use OpenSSL or APR on Red Hat Enterprise Linux version 8 or 9, you must install theopensslandaprpackages from the operating system, as described earlier in this section.
2.2. Downloading and extracting the JBoss Web Server archive file on RHEL
You can download the JBoss Web Server archive file from the Red Hat Customer Portal.
Prerequisites
- You have installed a supported Java Development Kit (JDK) by using the YUM package manager or from a compressed archive.
- Your system is compliant with Red Hat Enterprise Linux package requirements.
Procedure
- Open a browser and log in to the Red Hat Customer Portal.
- Click Downloads.
- Click Red Hat JBoss Web Server in the Product Downloads list.
- Select the correct JBoss Web Server version from the Version drop-down menu.
Click Download for each of the following files, ensuring that you select the correct platform and architecture for your system:
-
The Red Hat JBoss Web Server 5.8 Application Server (
jws-5.8.0-application-server.zip). -
The Red Hat JBoss Web Server 5.8 Native Components for RHEL (
jws-5.8.0-application-server-<platform>-<architecture>.zip).
-
The Red Hat JBoss Web Server 5.8 Application Server (
Unzip the downloaded archive files to your installation directory.
For example:
unzip jws-5.8.0-application-server.zip -d /opt/ unzip -o jws-5.8.0-application-server-<platform>-<architecture>.zip -d /opt/
# unzip jws-5.8.0-application-server.zip -d /opt/ # unzip -o jws-5.8.0-application-server-<platform>-<architecture>.zip -d /opt/Copy to Clipboard Copied! Toggle word wrap Toggle overflow
The top-level directory for JBoss Web Server is created when you extract the archive. This documentation refers to the top-level directory for JBoss Web Server as JWS_HOME.
2.3. Managing JBoss Web Server by using systemd when installed from an archive file
When you install JBoss Web Server from an archive file on Red Hat Enterprise Linux, you can use a system daemon to perform management tasks. Using the JBoss Web Server with a system daemon provides a method of starting the JBoss Web Server services at system startup. The system daemon also provides start, stop and status check functions.
On Red Hat Enterprise Linux versions 7, 8, and 9, the default system daemon is systemd.
Red Hat Enterprise Linux 6 is no longer supported and subsequently was removed from the documentation.
Prerequisites
Procedure
To determine which system daemon is running, enter the following command:
ps -p 1 -o comm=
$ ps -p 1 -o comm=Copy to Clipboard Copied! Toggle word wrap Toggle overflow If
systemdis running, the following output is displayed:systemd
systemdCopy to Clipboard Copied! Toggle word wrap Toggle overflow To set up the JBoss Web Server for
systemd, run the.postinstall.systemdscript as the root user:cd JWS_HOME/tomcat sh .postinstall.systemd
# cd JWS_HOME/tomcat # sh .postinstall.systemdCopy to Clipboard Copied! Toggle word wrap Toggle overflow To control the JBoss Web Server with
systemd, you can perform any of the following steps as the root user:To enable the JBoss Web Server services to start at system startup by using
systemd:systemctl enable jws5-tomcat.service
# systemctl enable jws5-tomcat.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow To start the JBoss Web Server by using
systemd:systemctl start jws5-tomcat.service
# systemctl start jws5-tomcat.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow NoteThe
SECURITY_MANAGERvariable is now deprecated for JBoss Web Server configurations that are based on archive file installations. Consider the following deprecation comment:SECURITY_MANAGER has been deprecated. To run tomcat under the Java Security Manager use:
# SECURITY_MANAGER has been deprecated. To run tomcat under the Java Security Manager use: JAVA_OPTS="-Djava.security.manager -Djava.security.policy==\"$CATALINA_BASE/conf/"catalina.policy\"""Copy to Clipboard Copied! Toggle word wrap Toggle overflow To stop the JBoss Web Server by using
systemd:systemctl stop jws5-tomcat.service
# systemctl stop jws5-tomcat.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow To verify the status of the JBoss Web Server by using
systemd:systemctl status jws5-tomcat.service
# systemctl status jws5-tomcat.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow NoteAny user can run the
statusoperation.
2.4. JBoss Web Server configuration for managing archive installations from the command line
When you install JBoss Web Server from an archive file on Red Hat Enterprise Linux, you can start and stop JBoss Web Server directly from the command line. Before you can run JBoss Web Server from the command line, you must perform the following series of configuration tasks:
-
Set the
JAVA_HOMEenvironment variable for Tomcat. -
Create a
tomcatuser and its parent group. -
Grant the
tomcatuser access to JBoss Web Server.
When you manage JBoss Web Server by using a system daemon rather than from the command line, the .postinstall.systemd script performs these configuration steps automatically.
2.4.1. Setting the JAVA_HOME environment variable for Apache Tomcat
Before you run JBoss Web Server from the command line for the first time, you must set the JAVA_HOME environment variable for Apache Tomcat.
Prerequisites
Procedure
-
On a command line, go to the
JWS_HOME/tomcat/bindirectory. -
Create a file named
setenv.sh. In the
setenv.shfile, enter theJAVA_HOMEpath definition.For example:
export JAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk.x86_64
export JAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk.x86_64Copy to Clipboard Copied! Toggle word wrap Toggle overflow
2.4.2. Creating a Tomcat user and group
Before you run JBoss Web Server from the command line for the first time, you must create a tomcat user account and user group to enable simple and secure user management. On Red Hat Enterprise Linux, the user identifer (UID) for the tomcat user and the group identifier (GID) for the tomcat group both have a reserved value of 53.
You must perform all steps in this procedure as the root user.
Prerequisites
Procedure
-
On a command line, go to the
JWS_HOMEdirectory. Create the
tomcatuser group:groupadd -g 53 -r tomcat
# groupadd -g 53 -r tomcatCopy to Clipboard Copied! Toggle word wrap Toggle overflow Create the
tomcatuser in thetomcatuser group:useradd -c "tomcat" -u 53 -g tomcat -s /sbin/nologin -r tomcat
# useradd -c "tomcat" -u 53 -g tomcat -s /sbin/nologin -r tomcatCopy to Clipboard Copied! Toggle word wrap Toggle overflow
The preceding commands set both the UID and the GID to 53. If you subsequently want to change the UID and GID values, see Changing the UID and GID for the tomcat user and group.
2.4.3. Granting the Tomcat user access to JBoss Web Server
Before you run JBoss Web Server from the command line for the first time, you must grant the tomcat user access to JBoss Web Server by assigning ownership of the Tomcat directories to the tomcat user.
You must perform all steps in this procedure as the root user.
Prerequisites
Procedure
-
Go to the
JWS_HOMEdirectory. Assign ownership of the Tomcat directories to the
tomcatuser:chown -R tomcat:tomcat tomcat/
# chown -R tomcat:tomcat tomcat/Copy to Clipboard Copied! Toggle word wrap Toggle overflow Ensure that the
tomcatuser has execute permissions for all parent directories:chmod -R u+X tomcat/
# chmod -R u+X tomcat/Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Verification
Verify that the
tomcatuser is the owner of the directory:ls -l
# ls -lCopy to Clipboard Copied! Toggle word wrap Toggle overflow
2.5. Starting JBoss Web Server from the command line when installed from an archive file
When you install JBoss Web Server from an archive file on Red Hat Enterprise Linux, you can start JBoss Web Server directly from the command line.
Prerequisites
Procedure
Enter the following command as the
tomcatuser:sh JWS_HOME/tomcat/bin/startup.sh
$ sh JWS_HOME/tomcat/bin/startup.shCopy to Clipboard Copied! Toggle word wrap Toggle overflow
2.6. Stopping JBoss Web Server from the command line when installed from an archive file
When you install JBoss Web Server from an archive file on Red Hat Enterprise Linux, you can stop JBoss Web Server directly from the command line.
Prerequisites
Procedure
Enter the following command as the
tomcatuser:sh JWS_HOME/tomcat/bin/shutdown.sh
$ sh JWS_HOME/tomcat/bin/shutdown.shCopy to Clipboard Copied! Toggle word wrap Toggle overflow
2.7. SELinux policies for JBoss Web Server
You can use Security-Enhanced Linux (SELinux) policies to define access controls for JBoss Web Server. These policies are a set of rules that determine access rights to the product.
2.7.1. SELinux policy information for jws5-tomcat
The SELinux security model is enforced by the kernel and ensures that applications have limited access to resources such as file system locations and ports. SELinux policies ensure that any errant processes that are compromised or poorly configured are restricted or prevented from running.
The jws5-tomcat-selinux packages in your JBoss Web Server installation provide a jws5_tomcat policy. The following table contains information about the supplied SELinux policy.
| Name | Port Information | Policy Information |
|---|---|---|
|
|
Four ports in |
The
|
2.7.2. Installing SELinux policies for a JBoss Web Server archive installation
In this release, the archive packages provide SELinux policies. The tomcat folder of the jws-5.8.0-application-server-<platform>-<architecture>.zip archive includes the .postinstall.selinux file. If required, you can run the .postinstall.selinux script.
Procedure
Install the
selinux-policy-develpackage:yum install -y selinux-policy-devel
yum install -y selinux-policy-develCopy to Clipboard Copied! Toggle word wrap Toggle overflow Run the
.postinstall.selinuxscript:cd <JWS_home>/tomcat/ sh .postinstall.selinux
cd <JWS_home>/tomcat/ sh .postinstall.selinuxCopy to Clipboard Copied! Toggle word wrap Toggle overflow Add access permissions to the required ports for JBoss Web Server:
semanage port -a -t http_port_t -p tcp <port>
semanage port -a -t http_port_t -p tcp <port>Copy to Clipboard Copied! Toggle word wrap Toggle overflow NoteThe JBoss Web Server has access to ports
8080,8009,8443and8005on Red Hat Enterprise Linux systems.When additional ports are required for JBoss Web Server, use the preceding
semanagecommand to provide the necessary permissions, and replace<port>with the required port.Start Tomcat:
<JWS_home>/tomcat/bin/startup.sh
<JWS_home>/tomcat/bin/startup.shCopy to Clipboard Copied! Toggle word wrap Toggle overflow Check the context of the running process expecting
jws5_tomcat:ps -eo pid,user,label,args | grep jws5_tomcat | head -n1
ps -eo pid,user,label,args | grep jws5_tomcat | head -n1Copy to Clipboard Copied! Toggle word wrap Toggle overflow Verify the contexts of the Tomcat directories. For example:
ls -lZ <JWS_home>/tomcat/logs/
ls -lZ <JWS_home>/tomcat/logs/Copy to Clipboard Copied! Toggle word wrap Toggle overflow
By default, the SElinux policy that JBoss Web Server provides is not active and the Tomcat processes run in the unconfined_java_t domain. This domain does not confine the processes.
If you choose not to enable the SELinux policy that is provided, you can take the following security measures:
-
Restrict file access for the
tomcatuser, so that thetomcatuser only has access to the files and directories that are necessary for the JBoss Web Server runtime. - Do not run Tomcat as the root user.
When JBoss Web Server is installed from an archive file, Red Hat does not officially support the use of network file sharing (NFS). If you want your JBoss Web Server installation to use an NFS-mounted file system, you are responsible for ensuring that SELinux policies are modified correctly to support this type of deployment.
2.8. Changing the UID and GID for the tomcat user and group
On Red Hat Enterprise Linux, the user identifer (UID) for the tomcat user and the group identifier (GID) for the tomcat group both have a reserved value of 53. Depending on your setup requirements, you can change the UID and GID for the tomcat user and group to some other value.
To avoid SELinux conflicts, use UID and GID values that are less than 500. If SELinux is set to enforcing mode, UID and GID values greater than 500 might cause unexpected issues.
Prerequisites
-
You have created a
tomcatuser account and group.
Procedure
-
If JBoss Web Server is already running, stop JBoss Web Server as the
tomcatuser. For more information, see Stopping JBoss Web Server from the command line when installed from an archive file. To view the current UID and GID for the
tomcatuser and group, enter the following command as the root user:id tomcat
id tomcatCopy to Clipboard Copied! Toggle word wrap Toggle overflow The preceding command displays the user account and group details. For example:
uid=53(tomcat) gid=53(tomcat) groups=53(tomcat)
uid=53(tomcat) gid=53(tomcat) groups=53(tomcat)Copy to Clipboard Copied! Toggle word wrap Toggle overflow To assign a new GID to the
tomcatgroup, enter the following command as the root user:groupmod -g <new_gid> tomcat
groupmod -g <new_gid> tomcatCopy to Clipboard Copied! Toggle word wrap Toggle overflow For example:
groupmod -g 410 tomcat
groupmod -g 410 tomcatCopy to Clipboard Copied! Toggle word wrap Toggle overflow To assign a new UID to the
tomcatuser, enter the following command as the root user:usermod -u <new_uid> -g <new_gid> tomcat
usermod -u <new_uid> -g <new_gid> tomcatCopy to Clipboard Copied! Toggle word wrap Toggle overflow For example:
usermod -u 401 -g 410 tomcat
usermod -u 401 -g 410 tomcatCopy to Clipboard Copied! Toggle word wrap Toggle overflow To reassign file and directory permissions to the new UID, enter the following command as the root user:
find / -not -path '/proc*' -uid <original_uid> | perl -e '$ug = @ARGV[0]; foreach $fn (<STDIN>) { chomp($fn);$m = (stat($fn))[2];chown($ug,-1,$fn);chmod($m,$fn)}' <new_uid># find / -not -path '/proc*' -uid <original_uid> | perl -e '$ug = @ARGV[0]; foreach $fn (<STDIN>) { chomp($fn);$m = (stat($fn))[2];chown($ug,-1,$fn);chmod($m,$fn)}' <new_uid>Copy to Clipboard Copied! Toggle word wrap Toggle overflow In the preceding command, replace <original_uid> with the old UID and replace <new_uid> with the new UID. For example, to reassign file and directory permissions from UID
53to UID401, enter the following command:find / -not -path '/proc*' -uid 53 | perl -e '$ug = @ARGV[0]; foreach $fn (<STDIN>) { chomp($fn);$m = (stat($fn))[2];chown($ug,-1,$fn);chmod($m,$fn)}' 401# find / -not -path '/proc*' -uid 53 | perl -e '$ug = @ARGV[0]; foreach $fn (<STDIN>) { chomp($fn);$m = (stat($fn))[2];chown($ug,-1,$fn);chmod($m,$fn)}' 401Copy to Clipboard Copied! Toggle word wrap Toggle overflow To reassign file and directory permissions to the new GID, enter the following command as the root user:
find / -not -path '/proc*' -gid <original_gid> | perl -e '$ug = @ARGV[0]; foreach $fn (<STDIN>) { chomp($fn);$m = (stat($fn))[2];chown(-1,$ug,$fn);chmod($m,$fn)}' <new_gid># find / -not -path '/proc*' -gid <original_gid> | perl -e '$ug = @ARGV[0]; foreach $fn (<STDIN>) { chomp($fn);$m = (stat($fn))[2];chown(-1,$ug,$fn);chmod($m,$fn)}' <new_gid>Copy to Clipboard Copied! Toggle word wrap Toggle overflow In the preceding command, replace <original_gid> with the old GID and replace <new_gid> with the new GID. For example, to reassign file and directory permissions from GID
53to GID410, enter the following command:find / -not -path '/proc*' -gid 53 | perl -e '$ug = @ARGV[0]; foreach $fn (<STDIN>) { chomp($fn);$m = (stat($fn))[2];chown(-1,$ug,$fn);chmod($m,$fn)}' 410# find / -not -path '/proc*' -gid 53 | perl -e '$ug = @ARGV[0]; foreach $fn (<STDIN>) { chomp($fn);$m = (stat($fn))[2];chown(-1,$ug,$fn);chmod($m,$fn)}' 410Copy to Clipboard Copied! Toggle word wrap Toggle overflow -
To restart JBoss Web Server as the
tomcatuser, see Starting JBoss Web Server from the command line when installed from an archive file.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}