Azedi Technology

- apache (1)
- cfengine (2)
- development (1)
- dns (1)
- fault tolerance (1)
- hosting (3)
- industry (2)
- infrastructure (11)
- jvm tuning (1)
- ldap (1)
- monitoring (1)
- puppet (1)
- redhat (1)
- syzygy (1)
- todo (5)
- tomcat (10)



kief  2006-05-03 10:01         

The Tomcat documentation page is a resource to keep somewhere. I will also write it up into the Admin Guide.

kief  2006-05-01 21:28       

Basic things to do to tighten up the Tomcat configuration. Out of the box it's not really set up for production use.

Remove unnecessary webapps

Strip down the server.xml

Take out connectors you don't need. Get rid of comments to make it easier to follow. Strip the examples code. What user account functionality do you need for your apps, and for the server admin/management tools if you use them?

Some basic tuning

Reloadability and such. Logging. Connector tweaking.

kief  2006-05-01 21:23       

One of the drawbacks of the default Tomcat setup is that the logfiles aren't written to the sensible location on Unix and Linux systems. This isn't hard to correct.

Here's how. (Examples of configuration settings in server.xml and so on go here).

While you're at it, you should consider tweaking what logs are written.

Different types of logs you can have.

Recommendations for paring it down for production.

Tweaks to make for debugging.

What you may want on development.

Tweaking the log4j configuration to control what you log.

Retention policy. Decide how long you want to keep your logs. Important logs, e.g. where you have applications write data that need to be collated and reported on for business reasons, should be archived.

kief  2006-05-01 21:15       

Making all this work needs control scripts to start and stop your server. The scripts that come with Tomcat are fine at a rough level. You set up a couple of environment variables and away you go. But they have some drawbacks.

The benefits of having your own scripts that call the catalina scripts are:

  • Make sure the server runs as the appropriate user
  • Easily have multiple different configurations, with different CATALINA_BASE directories, with different applications and/or configurations. You can also have different versions of the JVM and Tomcat with the flip of a switch. Useful for servers with multiple applications, and also for development setups where you need to be able to switch the application quickly.
kief  2006-05-01 20:59       

This mainly pertains to Unix and Linux systems. One of the cardinal rules is never run Tomcat as root, but I'm sorry to say I've seen this in live production systems.

Why not?

We'll walk you through setting your system up so you can run as a non-root user.

Potential separate roles:

  • Installation file owner
  • Server runtime user
  • Webapps user
  • Server administrator user

The installation files owner owns the CATALINA_HOME directory. It is often root, which is fine since no processes need to run as this user. The other user accounts shouldn't be able to write to these files.

Syndicate content

Recommended Services

Control Your Domain (white background)


Syndicate content