| Info |
|---|
Apache Tomcat is the recommended servlet container to use with uPortal 4. While uPortal 4 requires a Servlet 3.0-compatible servlet container and another servlet container may be used, most uPortal implementers deploy to Apache Tomcat. Choosing Tomcat 7.x will likely allow uPortal adopters to get the best advice from the community. |
| Warning | ||
|---|---|---|
| ||
There's something off about uPortal logout / session invalidation in Tomcat 7.0.47+. If you want to be running a recent Tomcat 7, try Tomcat 7.0.42 instead. |
Installing Apache Tomcat
Linux/Unix Installation
...
| No Format | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
shared.loader=${catalina.base}/shared/lib/*.jar |
...
| Code Block | ||
|---|---|---|
| ||
JAVA_OPTS="$JAVA_OPTS -XX:+PrintCommandLineFlags -XX:MaxPermSize=384m -Xms1024m -Xmx1024m -Djsse.enableSNIExtension=false" |
...
Required file permissions
Several uPortal webapps write to their deployed webapps folder to add dynamic content to the portal (altering the Respondr Dynamic Skin and managing Attachments uploaded to uPortal are two use cases). Insure the process Tomcat is running as has write access to CATALINA_BASE/webapps/* directories. Typically this is done by having the same account tomcat is running as be the same account you use to build and deploy uPortal.
Tomcat 7 parallel startup (optional)
Tomcat 7.0.23+ can be configured to have multiple webapps start up in parallel, reducing server startup time. Set the startStopThreads attribute of a Host to a value greater than one. See http://wiki.apache.org/tomcat/HowTo/FasterStartUp for more details and other suggestions.
GZipping HTML (optional)
Browser-side performance may be improved somewhat by GZip-ping downloaded content where appropriate. uPortal 4 already GZips CSS and JavaScript. uPortal does not, however, GZip the uPortal page itself.
...
Disabling SSLv3
Some sites have chosen to disable SSLv3 on their CAS server due to various vulnerabilities. That can cause problems with the CAS client used in uPortal being unable to establish an HTTPS connection to the CAS server to validate the service ticket and throwing an exception
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
One solution is to set the protocols used by Java when making SSL connections. You can do this by adding the following property to JAVA_OPTS (or CATALINA_OPTS if using that):
Oracle Java7: -Dhttps.protocols="TLSv1,TLSv1.1,TLSv1.2"
Your CAS server must be configured to use one of the mentioned protocols or the handshake will fail. If your test CAS server is publicly accessible, you can view which protocols it supports by entering its domain name into https://www.ssllabs.com/ssltest/.
If you run into troubles, refer to https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https and other resources to help diagnose the issue.
| Info | ||
|---|---|---|
| ||
Additional References |
...