Midtier 7.6 Linux Install

ars-midtier

Installing the .war file using tomcat.

Install tomcat

Use yum to install the following packages:

tomcat5.x86_64 5.5.23-0jpp.16.el5 installed tomcat5-admin-webapps.x86_64 5.5.23-0jpp.16.el5 installed tomcat5-common-lib.x86_64 5.5.23-0jpp.16.el5 installed tomcat5-jasper.x86_64 5.5.23-0jpp.16.el5 installed tomcat5-jsp-2.0-api.x86_64 5.5.23-0jpp.16.el5 installed tomcat5-server-lib.x86_64 5.5.23-0jpp.16.el5 installed tomcat5-servlet-2.4-api.x86_64 5.5.23-0jpp.16.el5 installed tomcat5-webapps.x86_64 5.5.23-0jpp.16.el5 installed libstdc++

Enable the startup service:

chkconfig tomcat5 on

Configure tomcat

We need to set some env variables so tomcat knows where the midtier libs are. Normally, this file is named catalina.sh. But, the rpm package installs it here: /usr/bin/dtomcat5.

Add the following after the comments:

JAVA_OPTS="-Djava.library.path=/usr/share/tomcat5/webapps/arsys/WEB-INF/lib" LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/share/tomcat5/webapps/arsys/WEB-INF/lib; export LD_LIBRARY_PATH JAVA_OPTS

Install the war file

There’s various ways to install a war file. The easiest method is to copy it to the webapps tomcat directory. Make sure to rename the war file to arsys.war. By default, tomcat will configure your app path to the name of the war file. Let’s be consistent and use arsys as your path root.:

mv /midtier_linux.war /usr/share/tomcat5/webapps/arsys.war

Start tomcat:

/usr/bin/tomcat5 start

In your browser, navigate to the following URL:

http://:8080/arsys

SSL certificate

Certificate setup

Install mod_ssl:

yum install mod_ssl

Create directories for certificates and keys:

mkdir /etc/httpd/conf/ssl mkdir /etc/httpd/conf/ssl/certs

Create the server key

Use the ssl password in tome:

openssl genrsa -des3 1024 > /etc/httpd/ssl/server.key

Convert the key to passwordless so apache can start itself without prompting for the key’s password:

openssl rsa -in /etc/httpd/conf/ssl/server.key -out /etc/httpd/conf/ssl/server.pem

Create the certificate request

When creating the request, it’s important that the OU field is the exact fully qualified domain that you intend to serve your requests.

openssl req -new -key /etc/httpd/conf/ssl/server.key > /etc/httpd/conf/ssl/certs/hbfweb18.hi.gemini.edu.csr

Copy and paste the certifcate request to the sysadmin in charge of creating certificates. Make sure to ask for a base-64 encoded certificate.

Intstall the signed certificate

Copy and paste the signed certificate into a new file:

vi /etc/httpd/conf/ssl/certs

Apache configuration

Apache needs to be configured with support for ssl and proxying of the tomcat server.

Install the ssl package:

yum install mod_ssl

Modify the ssl conf:

vi /etc/httpd/conf.d/ssl.conf SSLCertificateKeyFile /etc/httpd/conf/ssl/server.pem SSLCertificateFile /etc/httpd/conf/ssl/certs/hbfweb18.hi.gemini.edu.crt SSLProxyEngine on ProxyRequests Off ProxyPreserveHost On ProxyPass /arsys http://hbfweb18.hi.gemini.edu:8080/arsys ProxyPassReverse /arsys http://hbfweb18.hi.gemini.edu:8080/arsys

Tomcat SSL configuration

Tomcat needs to be aware of the proxy. Find a similar block of text as the following, modifying only the last line as follows:

[textarea] vi /etc/tomcat5/server.xml <!– Define a non-SSL HTTP/1.1 Connector on port 8080 –> <Connector port=”8080″ maxHttpHeaderSize=”8192″ URIEncoding=”UTF-8″ maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″ enableLookups=”false” redirectPort=”8443″ acceptCount=”100″ connectionTimeout=”20000″ disableUploadTimeout=”true” proxyName=”hbfweb18.hi.gemini.edu” proxyPort=”443″ scheme=”https”/>
[/textarea]

Tomcat7 Disable Cross Site Scripting

Tomcat 7 ships with XSS support enabled by default. Due to our use of a proxy, midtier throws errors because the cookies are being intercepted by the XSS. Here’s how to turn it off:

vi /usr/local/tomcat7/conf/context.xml

Make sure to add ‘useHttpOnly’ attribute to the context element.