Purpose of this document is to document how to install Apache Tomcat server with SSL certificate in the amazon EC2 cloud.

Special thanks to day, geek where I took the tomcat installation from.

Server instance

8.04 LTS Hardy Server 64-Bit (Large, Extra Large Instances)

Tomcat 6

First we need to download the latest version from the apache tomcat web site and extract it to a temp directory.

wget http://mirrors.issp.co.th/apache/tomcat/tomcat-6/v6.0.20/bin/apache-tomcat-6.0.20.tar.gz

tar xvzf apache-tomcat-6.0.20.tar.gz

Move the tomcat folder to it permanent destination.

mv apache-tomcat-6.0.20 /usr/local/tomcat6

Tomcat configuration

We nee to tell tomcat where to find the JAVA_HOME directory this can be done in the .bashrc file.

vim ~/.bashrc

Where we add the following line to the end of the file.

export JAVA_HOME=/usr/lib/jvm/java-6-sun

Now we create the start-up file so tomcat will start-up automatically.

vim /etc/init.d/tomcat6

Copy and past the following code:

# Tomcat auto-start
#
# description: Auto-starts tomcat
# processname: tomcat
# pidfile: /var/run/tomcat.pid
 
 export JAVA_HOME=/usr/lib/jvm/java-6-sun
 
 case $1 in
 start)
        sh /usr/local/tomcat6/bin/startup.sh
        ;;
 stop)     
        sh /usr/local/tomcat6/bin/shutdown.sh
        ;;
restart)
        sh /usr/local/tomcat6/bin/shutdown.sh
        sh /usr/local/tomcat6/bin/startup.sh
         ;;
esac       
exit 0

Change file permission to execute.

chmod 755 /etc/init.d/tomcat6

Now we can link the script to the start-up folder.

ln -s /etc/init.d/tomcat6 /etc/rc1.d/K99tomcat6
ln -s /etc/init.d/tomcat6 /etc/rc2.d/S99tomcat6

Tomcat should run now under http://PUBLIC_DNS.amazonaws.com:8080/

Specify the minimum and maximum memory tomcat should be allocated. Create the following file.

vim /usr/local/tomcat6/bin/setenv.sh

and add this line to associate min 1GB and maximum 5GB of memory.

export CATALINA_OPTS="-server -XX:+UseParallelGC -Xms1024m -Xmx5120m -XX:MaxPermSize=160m -Djava.awt.headless=true"

Apache2 / MySql

To install apache2 and mysql we use the default ubuntu command to make sure we get a compatible version

apt-get install apache2
apt-get install mysql-server

We should now be able to access apache server:
http://ec2-75-101-229-75.compute-1.amazonaws.com/

Configure apache2 with tomcat6

Apache, mod_proxy/mod_jk2, Tomcat:
Configure Apache as the front end to all requests then forward certain URLs or virtual hosts to Tomcat.  This option lets have some content served by Tomcat (e.g. a whole domain, or a certain directory on a domain) and other content (e.g. HTML, PHP pages, etc) served by Apache

aptitude install libapache2-mod-jk

Next we need to modify Apache's configuration files to point specified paths of your site to Tomcat. First create a workers file that contains connection properties to Tomcat.

vi /etc/libapache2-mod-jk/workers.properties

Add the following lines to the file:

#
# This file provides minimal jk configuration properties needed to
# connect to Tomcat.
#
# We define a worked named 'default'
#

workers.tomcat_home=/var/lib/tomcat6
workers.java_home=/usr/lib/jvm/java-6-sun
ps=/
worker.list=default

worker.default.port=8009
worker.default.host=localhost
worker.default.type=ajp13
worker.default.lbfactor=1

This creates a worker named "default" which connects to the Tomcat ajp port 8009. Now we make Apache aware of this file and tell it how to log jk information. Open apache2.conf:

vi /etc/apache2/apache2.conf

Add the following lines to the bottom of the file:

# Where to find workers.properties
JkWorkersFile /etc/libapache2-mod-jk/workers.properties

# Where to put jk logs
JkLogFile /var/log/apache2/mod_jk.log

# Set the jk log level [debug/error/info]
JkLogLevel info

# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

Next we tell Apache which paths of your site to let Tomcat serve. Site configuration files reside in /etc/apache2/sites-enabled. If Apache serves one site you can edit the default site. Open the site configuration file and add the following between the VirtualHosts tags:

vi /etc/apache2/sites-enabled/000-default

Delete "DocumentRoot /var/www"

rm -R /var/www/

And mount new location

JkMount / default
JkMount /* default

Notice the JKMount and JKUnMount lines. These settings enable Tomcat to serve all paths by default, and Apache to handle the /static and /photos paths. Adjust accordingly to your site. Next restart Apache so the changes take effect:

/etc/init.d/tomcat6 restart
/etc/init.d/apache2 restart

Configure SSL certificate

First we need to create the certificate wit VeriSign therefore we need to create a CRS key file.

Create CRS certificate

$JAVA_HOME/bin/keytool -genkey -alias dg -keyalg RSA -keystore dg_keystore

keytool -certreq -keyalg RSA -alias dg -file certreq.csr -keystore dg_keystore

Install certificate

Note:
HOWTO get rid of the SSL pass-phrase dialog at Apache startup

The reason why this dialog pops up at startup and every re-start is that the RSA private key inside your private.key file is stored in encrypted format for security reasons. The pass-phrase is needed to be able to read and parse this file. When you can be sure that your server is secure enough you perform two steps:

Remove the encryption from the RSA private key (while preserving the original file):

cp private.key private.key.orig
openssl rsa -in private.key.orig -out private.key

Make sure the private.key file is now only readable by root (or webserver UID):

chmod 400 private.key

Write a comment

• Required fields are marked with *.

Name: *

Email: *

Subject:

Comment: *

Help prevent spam - enter security code above: