Installing Tomcat
Apache Tomcat is the recommended servlet container to use with uPortal 4. While uPortal 4 requires a Servlet 3.0-compatible servlet container and another servlet container may be used, most uPortal implementers deploy to Apache Tomcat. Choosing Tomcat 7.x will likely allow uPortal adopters to get the best advice from the community.
Installing Apache Tomcat
Linux/Unix Installation
1. Download Apache Tomcat 7.x
2. Untar the package as follows:
tar -zxvf apache-tomcat-7.0.42.tar.gz
3.Optionally rename your install to something more meaningful:
mv apache-tomcat-7.0.42 uportal-tomcat
4.Set your environment variables:
export JAVA_HOME=/path/to/your/java export TOMCAT_HOME=/path/to/your/tomcat
5.Test your Tomcat installation
a. First, start Tomcat
$TOMCAT_HOME/bin/startup.sh
b. Go to http://localhost:8080/
You should see the Apache Tomcat Welcome screen
c. Shutdown Tomcat
TOMCAT_HOME/bin/shutdown.sh
Windows Installation
1. Download Apache Tomcat 7.x for Windows
2. Unzip the download into a suitable directory. For example, you may unzip the file into the C:\ directory. This will create a directory like C:\apache-tomcat-7.x containing your Tomcat files.
3. You will need to create two environment variables CATALINA_HOME and JAVA_HOME
CATALINA_HOME : C:\apache-tomcat-7.x JAVA_HOME : C:\Program Files\Java\jdk1.x
For Windows (different versions may vary) you can create these environment variables by doing the following: right-click 'My Computer' select properties and then the Advanced tab. Then click Environment Variables and under System variables click New. From here, you can enter the name and value for CATALINA_HOME and again for JAVA_HOME if it's not already created.
4. Start Tomcat. Try starting up Tomcat by running the C:\apache-tomcat-6.x\bin\startup.bat batch file. Point your browser to http://localhost:8080 and you should see the default Tomcat home page (see above image). To shutdown the server run C:\apache-tomcat-6.x\bin\shutdown.bat batch file.
Configuring Tomcat for uPortal
Shared Libraries
uPortal places libraries in CATALINA_BASE/shared/lib The default Tomcat 7 download does not enable libraries to be loaded from this directory.
- To resolve this you must edit CATALINA_BASE/conf/catalina.properties and change the line that begins "shared.loader=" to the following:
shared.loader=${catalina.base}/shared/lib/*.jar
Warning!
Be absolutely certain the shared.loader
property is configured exactly as shown. An extra space character at the end of the line can prevent it from working as intended, which is very difficult to troubleshoot.
Shared Sessions
Jasig portlets, as well as many other popular JSR-168 and JSR-286 portlets, rely on the ability to share user session data between the portal web application and portlet applications.
To enable this feature for Tomcat 7.0, add the sessionCookiePath="/" to CATALINA_BASE/conf/context.xml.
<Context sessionCookiePath="/">
JVM Heap Configuration
uPortal requires a larger than standard PermGen space and more heap than may be allocated by default. A good conservative set of heap settings are -XX:MaxPermSize=384m -Xmx1024m
. To add these, create a file called either setenv.sh
(Linux/Mac) or setenv.bat
(Windows) in your CATALINA_HOME/bin
directory and add the configuration as follows:
JAVA_OPTS="$JAVA_OPTS -XX:+PrintCommandLineFlags -XX:MaxPermSize=384m -Xms1024m -Xmx1024m -Djsse.enableSNIExtension=false"
Required file permissions
Several uPortal webapps write to their deployed webapps folder to add dynamic content to the portal (altering the Respondr Dynamic Skin and managing Attachments uploaded to uPortal are two use cases). Insure the process Tomcat is running as has write access to CATALINA_BASE/webapps/* directories. Typically this is done by having the same account tomcat is running as be the same account you use to build and deploy uPortal.
GZipping HTML (optional but STRONGLY SUGGESTED unless doing it with Apache httpd or external appliance)
Browser-side performance may be improved by GZip-ping downloaded content where appropriate. uPortal 4 already GZips some CSS and JavaScript. uPortal does not, however, GZip the uPortal page itself.
GZipping of HTML content can be performed via Tomcat. To enable this functionality, set compression="on" in the in-use Tomcat connector, and optionally set the list of compressable mime types. More information about this feature can be found in the Tomcat configuration page.
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" compression="on" compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/javascript"/> <!-- I added application/javascript to the default Tomcat 7 compressableMimeType value. You can optionally specify compressionMinSize or leave it at it's default value of 2048 bytes. -->
If you are fronting Tomcat wtih Apache or other hardware systems, you may want to do the compression in Apache or those systems instead.
Tomcat 7 parallel startup (optional)
Tomcat 7.0.23+ can be configured to have multiple webapps start up in parallel, reducing server startup time. Set the startStopThreads attribute of a Host to a value greater than one. See http://wiki.apache.org/tomcat/HowTo/FasterStartUp for more details and other suggestions.
HTTP Session Timeout
To set the duration of HTTP sessions modify CATALINA_BASE/conf/web.xml and change the session-timeout element to the number of minutes desired. Tomcat's default is 30 minutes.
<session-config> <session-timeout>30</session-timeout> </session-config>
Further Tomcat Configurations
JVM settings
Disabling SSLv3
Some sites have chosen to disable SSLv3 on their CAS server due to various vulnerabilities. That can cause problems with the CAS client used in uPortal being unable to establish an HTTPS connection to the CAS server to validate the service ticket and throwing an exception
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
One solution is to set the protocols used by Java when making SSL connections. You can do this by adding the following property to JAVA_OPTS (or CATALINA_OPTS if using that):
Oracle Java7: -Dhttps.protocols="TLSv1,TLSv1.1,TLSv1.2"
Your CAS server must be configured to use one of the mentioned protocols or the handshake will fail. If your test CAS server is publicly accessible, you can view which protocols it supports by entering its domain name into https://www.ssllabs.com/ssltest/.
If you run into troubles, refer to https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https and other resources to help diagnose the issue.