This post will cover setting Google for your namesever resolvers in CentOS.
It's a simple task, but my OnApp does not set them for my CentOS templates for some reason.
If they have not been set, the first time you will likely notice is when you go to use yum and it throws PYCURL errors.
Log in as root via SSH and issue 'vi /etc/resolv.conf' to edit your resolv.conf file:
[root@david etc]# vi /etc/resolv.conf
If, like me, you have no nameserver resolvers set, you will see something like this:
# Automatically generated by OnApp (3.0.8) domain davidghedini.com ~ ~
Hit "i" for insert and add the Google Nameservers (126.96.36.199 and 188.8.131.52) as shown below, one per line:
# Automatically generated by OnApp (3.0.8) domain davidghedini.com nameserver 184.108.40.206 nameserver 220.127.116.11
Hit Escape and then ':wq' to save your changes
I'm very happy to wrapping up our MapFig Studio project.
It has monopolized a good deal of my time the past three months.
It won't change the world, but it will allow anyone to easily create and deploy leaflet maps (and for developers and web designers it could save a lot of time as well).
MapFig Studio is free, Open Source (GPLv3) application for creating, editing, and deploying leaflet maps.
The application supports Markers, Lines, Squares, and Polygons.
Maps can be exported via iframe code, HTML, BootStrap, or called via URL or API.
The Studio includes CMS plugins for WordPress, Drupal, Joomla, and Omeka to allow you to import, manage, and display of maps within your CMS!
The server is tile-agnostic, allowing users to select any provider(s)
The Studio bundles a large number of leaflet plugins (measure, search, cluster, export, playback, etc...), and also includes Image Overlays, IntroBox Slider, InfoSlider, Legend, Password-Protection, SVG Maps.
One of the my favourite features is being able to cross reference object (insert link to one object from another) via a custom drop down in tinymce we made.
Maps can be table-based or free-hand or both
The Studio also includes multi-user support, Projects, and Collaboration.
You can download the full app via our CSN
You can also download via our new MapFig Website
A free, public cloud is available which you can use to try it out before downloading. The free account requires only an email address and has limited features, but should give you a feel for the application
You can self-register at https://studio.mapfig.com/register.php
You can also use the public cloud service rather than self-hosting.
The public cloud is being provided to us by VooServers
An installer is included. Copy the files to your server, navigate to the directory and enter the required information.
Documentation is still in progress but available at docs.mapfig.come.
Commercial support and Managed Cloud Service is also available.
Please check out our WordPress Plugins at our WordPress Plugin Page
These are in queue at WordPress.org, but you can download and start using them now.
One is free and the other two are paid. I really recommend the Premium version. It is only $5 and, IMHO, it is the simplest and best leaflet plugin you will find for WordPress.. You can download a free 14 day trial and no registration or credit card is required.
This post will cover installing and configuration of Tomcat 8 on CentOS 6
Tomcat 8 implements the Servlet 3.1 and JavaServer Pages 2.3 specifications and a number of new features. In this post, we'll install Tomcat 8, JDK 7, configure Tomcat as a service, create a start/stop script, and (optionally) configure Tomcat to run under a non-root user.
We will also configure basic access to Tomcat Manager and take a quick look at memory management using JAVA_OPTS
Finally, we will look at running Tomcat on port 80 as well as some strategies for running Tomcat behind Apache.
I have just updated this post with Tomcat 8.0.8, the current stable release of Tomcat 8.
If you are using a different release, simply change the file names below accordingly.
To begin, we'll need to install the Java Development Kit (JDK) 7
JDK 1.7 is the minimum JDK version for Tomcat 8.
You can download the latest JDK here: http://www.oracle.com/technetwork/java/javase/downloads/index.html
We'll install JDK 7, Update 60 (7u60). The JDK is specific to 32 and 64 bit versions.
My CentOS box is 64 bit, so I'll need: jdk-7u60-linux-x64.tar.gz.
If you are on 32 bit, you'll need: jdk-7u60-linux-i586.tar.gz
Start by creating a new directory /usr/java:
[root@srv6 ~]# mkdir /usr/java
Change to the /usr/java directory we created
[root@srv6 ~]# cd /usr/java [root@srv6 java ]#
Download the appropriate JDK and save it to /usr/java directory we created above.
Unpack jdk-7u60-linux-x64.tar.gz in the /usr/java directory using tar -xzf:
[root@srv6 java]# tar -xzf jdk-7u60-linux-x64.tar.gz
This will create the directory /usr/java/jdk1.7.0_60. This will be our JAVA_HOME.
We can now set JAVA_HOME and put Java into the path of our users.
To set it for your current session, you can issue the following from the CLI:
[root@srv6 java]# JAVA_HOME=/usr/java/jdk1.7.0_60 [root@srv6 java]# export JAVA_HOME [root@srv6 java]# PATH=$JAVA_HOME/bin:$PATH [root@srv6 java]# export PATH
To set the JAVA_HOME permanently, however, we need to add below to the ~/.bash_profile of the user (in this case, root).
We can also add it /etc/profile and then source it to give to all users.
JAVA_HOME=/usr/java/jdk1.7.0_60 export JAVA_HOME PATH=$JAVA_HOME/bin:$PATH export PATHOnce you have added the above to ~/.bash_profile, you should log out, then log back in and check that the JAVA_HOME is set correctly.
[root@srv6 ~]# echo $JAVA_HOME /usr/java/jdk1.7.0_60
Note: If you decided to use JDK 6 rather than 7 as we did above, simply save the JDK 6 bin file to /opt (or another location), then navigate to /usr/java and issue: 'sh /opt/jdk-6u33-linux-x64.bin'. This will create a JAVA Home of /usr/java/jdk18.104.22.168
We will install Tomcat 8 under /usr/share.
Switch to the /usr/share directory:
[root@srv6 ~]# cd /usr/share [root@srv6 share ]#Download apache-tomcat-8.0.8.tar.gz (or the latest version) here
and save it to /usr/share
Once downloaded, you should verify the MD5 Checksum for your Tomcat download using the md5sum command.
[root@srv6 share ]# md5sum apache-tomcat-8.0.8.tar.gz c377b34fc4d228a63f7f1a51efbec333 *apache-tomcat-8.0.8.tar.gzCompare the output above to the MD5 Checksum provided next to the download link and you used above and check that it matches.
unpack the file using tar -xzf:
[root@srv6 share ]# tar -xzf apache-tomcat-8.0.8.tar.gzThis will create the directory /usr/share/apache-tomcat-8.0.8
We will now see how to run Tomcat as a service and create a simple Start/Stop/Restart script, as well as to start Tomcat at boot.
Change to the /etc/init.d directory and create a script called 'tomcat' as shown below.
[root@srv6 share]# cd /etc/init.d [root@srv6 init.d]# vi tomcatAnd here is the script we will use.
#!/bin/bash # description: Tomcat Start Stop Restart # processname: tomcat # chkconfig: 234 20 80 JAVA_HOME=/usr/java/jdk1.7.0_60 export JAVA_HOME PATH=$JAVA_HOME/bin:$PATH export PATH CATALINA_HOME=/usr/share/apache-tomcat-8.0.8 case $1 in start) sh $CATALINA_HOME/bin/startup.sh ;; stop) sh $CATALINA_HOME/bin/shutdown.sh ;; restart) sh $CATALINA_HOME/bin/shutdown.sh sh $CATALINA_HOME/bin/startup.sh ;; esac exit 0The above script is simple and contains all of the basic elements you will need to get going.
As you can see, we are simply calling the startup.sh and shutdown.sh scripts located in the Tomcat bin directory (/usr/share/apache-tomcat-8.0.8/bin).
You can adjust your script according to your needs and, in subsequent posts, we'll look at additional examples.
CATALINA_HOME is the Tomcat home directory (/usr/share/apache-tomcat-8.0.8)
Now, set the permissions for your script to make it executable:
[root@srv6 init.d]# chmod 755 tomcatWe now use the chkconfig utility to have Tomcat start at boot time. In my script above, I am using chkconfig: 234 20 80. 2345 are the run levels and 20 and 80 are the stop and start priorities respectively. You can adjust as needed.
[root@srv6 init.d]# chkconfig --add tomcat [root@srv6 init.d]# chkconfig --level 234 tomcat onVerify it:
[root@srv6 init.d]# chkconfig --list tomcat tomcat 0:off 1:off 2:on 3:on 4:on 5:off 6:offNow, let's test our script.
[root@srv6 ~]# service tomcat start Using CATALINA_BASE: /usr/share/apache-tomcat-8.0.8 Using CATALINA_HOME: /usr/share/apache-tomcat-8.0.8 Using CATALINA_TMPDIR: /usr/share/apache-tomcat-8.0.8/temp Using JRE_HOME: /usr/java/jdk1.7.0_60 Using CLASSPATH: /usr/share/apache-tomcat-8.0.8/bin/bootstrap.jar:/usr/share/apache-tomcat-8.0.8/bin/tomcat-juli.jarStop Tomcat:
[root@srv6 ~]# service tomcat stop Using CATALINA_BASE: /usr/share/apache-tomcat-8.0.8 Using CATALINA_HOME: /usr/share/apache-tomcat-8.0.8 Using CATALINA_TMPDIR: /usr/share/apache-tomcat-8.0.8/temp Using JRE_HOME: /usr/java/jdk1.7.0_60 Using CLASSPATH: /usr/share/apache-tomcat-8.0.8/bin/bootstrap.jar:/usr/share/apache-tomcat-8.0.8/bin/tomcat-juli.jarRestarting Tomcat (Must be started first):
[root@srv6 ~]# service tomcat restart Using CATALINA_BASE: /usr/share/apache-tomcat-8.0.8 Using CATALINA_HOME: /usr/share/apache-tomcat-8.0.8 Using CATALINA_TMPDIR: /usr/share/apache-tomcat-8.0.8/temp Using JRE_HOME: /usr/java/jdk1.7.0_60 Using CLASSPATH: /usr/share/apache-tomcat-8.0.8/bin/bootstrap.jar:/usr/share/apache-tomcat-8.0.8/bin/tomcat-juli.jar Using CATALINA_BASE: /usr/share/apache-tomcat-8.0.8 Using CATALINA_HOME: /usr/share/apache-tomcat-8.0.8 Using CATALINA_TMPDIR: /usr/share/apache-tomcat-8.0.8/temp Using JRE_HOME: /usr/java/jdk1.7.0_60 Using CLASSPATH: /usr/share/apache-tomcat-8.0.8/bin/bootstrap.jar:/usr/share/apache-tomcat-8.0.8/bin/tomcat-juli.jarWe should review the Catalina.out log located at /usr/share/apache-tomcat-8.0.8/logs/catalina.out and check for any errors.
[root@srv6 init.d]# more /usr/share/apache-tomcat-8.0.8/logs/catalina.outWe can now access the Tomcat Manager page at:
http://yourdomain.com:8080 or http://yourIPaddress:8080 and we should see the Tomcat home page.
Tomcat 8 contains a number of changes that offer finer-grain roles.
For security reasons, no users or passwords are created for the Tomcat manager roles by default. In a production deployment, it is always best to remove the Manager application.
To set roles, user name(s) and password(s), we need to configure the tomcat-users.xml file located at $CATALINA_HOME/conf/tomcat-users.xml.
In the case of our installation, $CATALINA_HOME is located at /usr/share/apache-tomcat-8.0.8.
By default the Tomcat 8 tomcat-users.xml file will have the elements between the
New roles for Tomcat 8 offer finer-grained access and The following roles are now available:
We can set the manager-gui role, for example as below
<tomcat-users> <role rolename="manager-gui"/> <user username="tomcat" password="secret" roles="manager-gui"/> </tomcat-users>
Caution should be exercised in granting multiple roles so as not to under-mind security.
Getting the right heap memory settings for your installation will depend on a number of factors.
For simplicity, we will set our inital heap size, Xms, and our maximum heap size, Xmx, to the same value of 128 Mb
Simliarly, there are several approaches you can take as to where and how you set your JAVA_OPTS
Again, for simplicity, we will add our JAVA_OPTS memory parameters in our Catalina.sh file.
So, open the Catalina.sh file located under /usr/share/apache-tomcat-8.0.8/bin with a text editor or vi.
Since we are using 128 Mb for both initial and maximum heap size, add the following line to Catalina.sh
I usually just add this in the second line of the file so it looks as so:
#!/bin/sh JAVA_OPTS="-Xms128m -Xmx128m" # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at
In our Tomcat configuration above, we are running Tomcat as Root.
For security reasons, it is always best to run services with the only those privileges that are necessary.
There are some who make a strong case that this is not required, but it's always best to err on the side of caution.
To run Tomcat as non-root user, we need to do the following:
1. Create the group 'tomcat':
[root@srv6 ~]# groupadd tomcat2. Create the user 'tomcat' and add this user to the tomcat group we created above.
[root@srv6 ~]# useradd -s /bin/bash -g tomcat tomcatThe above will create a home directory for the user tomcat in the default user home as /home/tomcat
If we want the home directory to be elsewhere, we simply specify so using the -d switch.
[root@srv6 ~]# useradd -g tomcat -d /usr/share/apache-tomcat-8.0.8/tomcat tomcatThe above will create the user tomcat's home directory as /usr/share/apache-tomcat-8.0.8/tomcat
3. Change ownership of the tomcat files to the user tomcat we created above:
[root@srv6 ~]# chown -Rf tomcat.tomcat /usr/share/apache-tomcat-8.0.8/Note: it is possible to enhance our security still further by making certain files and directories read-only. This will not be covered in this post and care should be used when setting such permissions.
4. Adjust the start/stop service script we created above. In our new script, we need to su to the user tomcat:
#!/bin/bash # description: Tomcat Start Stop Restart # processname: tomcat # chkconfig: 234 20 80 JAVA_HOME=/usr/java/jdk1.7.0_60 export JAVA_HOME PATH=$JAVA_HOME/bin:$PATH export PATH CATALINA_HOME=/usr/share/apache-tomcat-8.0.8/bin case $1 in start) /bin/su tomcat $CATALINA_HOME/startup.sh ;; stop) /bin/su tomcat $CATALINA_HOME/shutdown.sh ;; restart) /bin/su tomcat $CATALINA_HOME/shutdown.sh /bin/su tomcat $CATALINA_HOME/startup.sh ;; esac exit 0
Note: the following applies when you are running Tomcat in "stand alone" mode with Tomcat running under the minimally privileged user Tomcat we created in the previous step.
To run services below port 1024 as a user other than root, you can add the following to your IP tables:
[root@srv6 ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 [root@srv6 ~]# iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080
Be sure to save and restart your IP Tables.
As an alternative to running Tomcat on port 80, if you have Apache in front of Tomcat, you can use mod_proxy as well as ajp connector to map your domain to your Tomcat application(s) using an Apache vhost as shown below.
While Tomcat has improved it's 'standalone performance', I still prefer to have Apace in front of it for a number of reasons.
In your Apache config, be sure to set KeepAlive to 'on'. Apache tuning, of course, is a whole subject in itself...
Example 1: VHOST with mod_proxy:
<VirtualHost *:80> ServerAdmin email@example.com ServerName yourdomain.com ServerAlias www.yourdomain.com ProxyRequests Off ProxyPreserveHost On <Proxy *> Order allow,deny Allow from all </Proxy> ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/ ErrorLog logs/yourdomain.com-error_log CustomLog logs/yourdomain.com-access_log common </VirtualHost>
Example 2: VHOST with ajp connector and mod_proxy:
<VirtualHost *:80> ServerAdmin firstname.lastname@example.org ServerName yourdomain.com ServerAlias www.yourdomain.com ProxyRequests Off ProxyPreserveHost On <Proxy *> Order allow,deny Allow from all </Proxy> ProxyPass / ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/ ErrorLog logs/yourdomain.com-error_log CustomLog logs/yourdomain.com-access_log common </VirtualHost>
In both vhost examples above, we are "mapping" the domain to Tomcat's ROOT directory.
If we wish to map to an application such as yourdomain.com/myapp, we can add some rewrite as shown below.
This will rewrite all requests for yourdomain.com to yourdomain.com/myapp.
Example 3: VHOST with rewrite:
<VirtualHost *:80> ServerAdmin email@example.com ServerName yourdomain.com ServerAlias www.yourdomain.com RewriteEngine On RewriteRule ^/$ myapp/ [R=301] ProxyRequests Off ProxyPreserveHost On <Proxy *> Order allow,deny Allow from all </Proxy> ProxyPass / ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/ ErrorLog logs/yourdomain.com-error_log CustomLog logs/yourdomain.com-access_log common </VirtualHost>
Related Tomcat Posts
Learn More About Apache Tomcat 8 Apache Tomcat Foundation Tomcat 8