Difference between revisions of "Tomcat"

From John Freier
Jump to: navigation, search
(SSL)
 
(12 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
== Debug Mode - TOMCAT 6 ==
 
To start Tomcat in debug listing mode add jpda to the argument list
 
To start Tomcat in debug listing mode add jpda to the argument list
 
  Example
 
  Example
Line 6: Line 7:
  
  
== A Clean Up Script ==
+
== A Clean Up Script - TOMCAT 6 ==
 +
This is a clean up script to get rid of CACHE and LOGS.
 +
 
 +
%TOMCAT%/cleanup.bat
 +
cd c:/dev/tomcat/apache-tomcat-6.0.32
 +
 
  cd ./temp
 
  cd ./temp
 
  rm -fr *
 
  rm -fr *
Line 18: Line 24:
 
  rm -fr *
 
  rm -fr *
 
  cd ..
 
  cd ..
 +
 +
== Enable Remote JMX - TOMCAT 6 ==
 +
To enable remote JMX follow the steps.
 +
 +
1. Create a file %TOMCAT%/bin/setenv.bat
 +
 +
2. Add the following lines.
 +
  REM Enable Remote JMX
 +
  set CATALINA_OPTS=-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8686 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false
 +
 +
== Add A Classpath - TOMCAT 6 ==
 +
This will bring all the files in a certian director in to the tomcat classpath.  Great for server side property files.
 +
 +
'''Windows'''
 +
 +
1. Create a file %TOMCAT%/bin/setenv.bat
 +
 +
2. Add the following lines.
 +
set "CLASSPATH=%CLASSPATH%;%CATALINA_HOME%/../foldername"
 +
 +
'''Unix based'''
 +
 +
1. Create a file %TOMCAT%/bin/setenv.sh
 +
 +
2. Add the following lines.
 +
  CLASSPATH=${CLASSPATH}:${CATALINA_HOME}/../properties
 +
 +
== Increase Memmory - TOMCAT 6 ==
 +
This will boost the memory that Tomcat uses.
 +
 +
1. Create a file %TOMCAT%/bin/setenv.bat
 +
 +
2. Add the following lines.
 +
set "JAVA_OPTS=%JAVA_OPTS% -Xms1536m -Xmx1536m -XX:PermSize=128m -XX:MaxPermSize=128m -XX:NewSize=768m -XX:MaxNewSize=768m -XX:+UseParNewGC -XX:+UseTLAB -XX:+UseConcMarkSweepGC"
 +
 +
== SSL ==
 +
To create a 2 way SSL connection using tomcat spring boot.
 +
 +
Create CA
 +
  openssl req -newkey rsa:2048 -nodes -keyform PEM -keyout ca.key -x509 -days 3650 -outform PEM -out ca.cer
 +
 +
Create Server Key
 +
  openssl genrsa -out server.key 2048
 +
 +
Create Server signing request - * Make the unit name or common name different then CA
 +
  openssl req -new -key server.key -out server.req
 +
 +
Issue server certificate
 +
  openssl x509 -req -in server.req -CA ca.cer -CAkey ca.key -set_serial 100 -extensions server -days 365 -outform PEM -out server.cer
 +
 +
Create server *.p12
 +
  openssl pkcs12 -export -in server.cer -inkey server.key -chain -CAfile ca.pem -name "tomcat" -out server.p12
 +
 +
Create server java keystore - Tomcat java spring boot app requires that you have the p12 and keystore.  I believe it uses the keystore file and not the java environment keystore, which you could use, but Ilike handling files better.
 +
  keytool -import -alias server -file ca.cer -storepass changeit -keystore server.keystore
 +
 +
Create client key.  This is for 2-way ssl.
 +
  openssl genrsa -out client.key 2048
 +
 +
Create client signing request.  Make sure the unit or common name is different.
 +
  openssl req -new -key client.key -out client.req
 +
 +
Issue the client certificate.
 +
  openssl x509 -req -in client.req -CA ca.cer -CAkey ca.key -set_serial 101 -extensions client -days 365 -outform PEM -out client.cer
 +
 +
Create the client p12 file.  Most apps like this.
 +
  openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12
 +
 +
Spring Boot Source
 +
package com.example;
 +
 +
  import org.apache.catalina.connector.Connector;
 +
  import org.apache.coyote.http11.Http11NioProtocol;
 +
  import org.springframework.beans.factory.annotation.Value;
 +
  import org.springframework.boot.SpringApplication;
 +
  import org.springframework.boot.autoconfigure.SpringBootApplication;
 +
  import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;
 +
  import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
 +
  import org.springframework.context.annotation.Bean;
 +
 
 +
  @SpringBootApplication
 +
  public class DemoApplication {
 +
 
 +
      @Value("${key:'\'}")
 +
      private String keystoreProperty = "";
 +
     
 +
      @Value("${sshPort}")
 +
      private int port = 8443;
 +
 
 +
      public static void main(String[] args) {
 +
          SpringApplication.run(DemoApplication.class, args);
 +
      }
 +
 
 +
      @Bean
 +
      public EmbeddedServletContainerFactory servletContainer() {
 +
          TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory();
 +
          tomcat.addAdditionalTomcatConnectors(createSslConnector());
 +
          return tomcat;
 +
      }
 +
 
 +
      private Connector createSslConnector() {
 +
 
 +
          Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
 +
          Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
 +
 
 +
          connector.setScheme("https");
 +
          connector.setSecure(true);
 +
          connector.setPort(port);
 +
 
 +
          protocol.setKeystoreFile("{path}/server.p12");
 +
          protocol.setKeystorePass("changeit");
 +
          protocol.setKeystoreType("PKCS12");
 +
          protocol.setKeyAlias("tomcat");
 +
          protocol.setTruststoreFile("{path}/tomcat.keystore");
 +
          protocol.setTruststorePass("changeit");
 +
         
 +
          protocol.setSSLEnabled(true);
 +
          protocol.setSSLVerifyClient("require");
 +
          protocol.setSSLVerifyDepth(1);
 +
          protocol.setSslProtocol("TLSv1");
 +
 
 +
          return connector;
 +
 
 +
      }
 +
 
 +
  }
 +
 +
Debugging
 +
To debug from the client - This will show the hand shake between client and server from the clients view.
 +
  openssl s_client -connect localhost:8443 -cert client.cer -key client.key -CAfile ca.cer -tls1
 +
 +
To debug from the server - Add the following property to tomcat or spring boot.
 +
Tomcat - add to the $TOMCAT_HOME/bin/catalinea.sh
 +
  JAVA_OPTS  -Djavax.net.debug=ssl
 +
 +
Spring Boot - Add the parameter
 +
  mvn spring-boot:run -Djavax.net.debug=ssl
 +
 +
Resources
 +
https://makandracards.com/jan0sch/24553-import-private-key-and-certificate-into-java-keystore
 +
http://prasenjitdas235.blogspot.com/2014/11/2-way-ssl-with-example.html

Latest revision as of 10:11, 28 June 2017

Debug Mode - TOMCAT 6

To start Tomcat in debug listing mode add jpda to the argument list 

Example
In startup.bat
call "%EXECUTABLE%" jpda start %CMD_LINE_ARGS%


A Clean Up Script - TOMCAT 6

This is a clean up script to get rid of CACHE and LOGS.

%TOMCAT%/cleanup.bat 

cd c:/dev/tomcat/apache-tomcat-6.0.32

cd ./temp
rm -fr *
cd ..

cd ./work
rm -fr *
cd ..

cd ./logs
rm -fr *
cd ..

Enable Remote JMX - TOMCAT 6

To enable remote JMX follow the steps.

1. Create a file %TOMCAT%/bin/setenv.bat

2. Add the following lines. 

 REM Enable Remote JMX
 set CATALINA_OPTS=-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8686 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false

Add A Classpath - TOMCAT 6

This will bring all the files in a certian director in to the tomcat classpath. Great for server side property files.

Windows

1. Create a file %TOMCAT%/bin/setenv.bat

2. Add the following lines. 

set "CLASSPATH=%CLASSPATH%;%CATALINA_HOME%/../foldername"

Unix based

1. Create a file %TOMCAT%/bin/setenv.sh

2. Add the following lines. 

 CLASSPATH=${CLASSPATH}:${CATALINA_HOME}/../properties

Increase Memmory - TOMCAT 6

This will boost the memory that Tomcat uses.

1. Create a file %TOMCAT%/bin/setenv.bat

2. Add the following lines. 

set "JAVA_OPTS=%JAVA_OPTS% -Xms1536m -Xmx1536m -XX:PermSize=128m -XX:MaxPermSize=128m -XX:NewSize=768m -XX:MaxNewSize=768m -XX:+UseParNewGC -XX:+UseTLAB -XX:+UseConcMarkSweepGC"

SSL

To create a 2 way SSL connection using tomcat spring boot.

Create CA 

 openssl req -newkey rsa:2048 -nodes -keyform PEM -keyout ca.key -x509 -days 3650 -outform PEM -out ca.cer

Create Server Key 

 openssl genrsa -out server.key 2048

Create Server signing request - * Make the unit name or common name different then CA 

 openssl req -new -key server.key -out server.req

Issue server certificate 

 openssl x509 -req -in server.req -CA ca.cer -CAkey ca.key -set_serial 100 -extensions server -days 365 -outform PEM -out server.cer

Create server *.p12 

 openssl pkcs12 -export -in server.cer -inkey server.key -chain -CAfile ca.pem -name "tomcat" -out server.p12

Create server java keystore - Tomcat java spring boot app requires that you have the p12 and keystore. I believe it uses the keystore file and not the java environment keystore, which you could use, but Ilike handling files better. 

 keytool -import -alias server -file ca.cer -storepass changeit -keystore server.keystore

Create client key. This is for 2-way ssl. 

 openssl genrsa -out client.key 2048

Create client signing request. Make sure the unit or common name is different. 

 openssl req -new -key client.key -out client.req

Issue the client certificate. 

 openssl x509 -req -in client.req -CA ca.cer -CAkey ca.key -set_serial 101 -extensions client -days 365 -outform PEM -out client.cer

Create the client p12 file. Most apps like this. 

 openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12

Spring Boot Source package com.example; 

 import org.apache.catalina.connector.Connector;
 import org.apache.coyote.http11.Http11NioProtocol;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;
 import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
 import org.springframework.context.annotation.Bean;
 
 @SpringBootApplication
 public class DemoApplication {
 
     @Value("${key:'\'}")
     private String keystoreProperty = "";
     
     @Value("${sshPort}")
     private int port = 8443;
 
     public static void main(String[] args) {
         SpringApplication.run(DemoApplication.class, args);
     }
 
     @Bean
     public EmbeddedServletContainerFactory servletContainer() {
         TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory();
         tomcat.addAdditionalTomcatConnectors(createSslConnector());
         return tomcat;
     }
 
     private Connector createSslConnector() {
 
         Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
         Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
 
         connector.setScheme("https");
         connector.setSecure(true);
         connector.setPort(port);
 
         protocol.setKeystoreFile("{path}/server.p12");
         protocol.setKeystorePass("changeit");
         protocol.setKeystoreType("PKCS12");
         protocol.setKeyAlias("tomcat");
         protocol.setTruststoreFile("{path}/tomcat.keystore");
         protocol.setTruststorePass("changeit");
         
         protocol.setSSLEnabled(true);
         protocol.setSSLVerifyClient("require");
         protocol.setSSLVerifyDepth(1);
         protocol.setSslProtocol("TLSv1");
 
         return connector;
 
     }
 
 }

Debugging To debug from the client - This will show the hand shake between client and server from the clients view. 

 openssl s_client -connect localhost:8443 -cert client.cer -key client.key -CAfile ca.cer -tls1

To debug from the server - Add the following property to tomcat or spring boot. Tomcat - add to the $TOMCAT_HOME/bin/catalinea.sh 

 JAVA_OPTS  -Djavax.net.debug=ssl

Spring Boot - Add the parameter 

 mvn spring-boot:run -Djavax.net.debug=ssl

Resources https://makandracards.com/jan0sch/24553-import-private-key-and-certificate-into-java-keystore http://prasenjitdas235.blogspot.com/2014/11/2-way-ssl-with-example.html

Retrieved from "http://wiki.johnfreier.com/index.php?title=Tomcat&oldid=842"