Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Apache Tomcat is the recommended servlet container to use with uPortal 4. While uPortal 4 requires a Servlet 3.0-compatible servlet container and another servlet container may be used, most uPortal implementers deploy to Apache Tomcat. Choosing Tomcat 7.x will likely allow uPortal adopters to get the best advice from the community.

Installing Apache Tomcat

Linux/Unix Installation

1. Download Apache Tomcat 7.x

2. Untar the package as follows:

tar -zxvf apache-tomcat-7.0.42.tar.gz

3.Optionally rename your install to something more meaningful:

mv apache-tomcat-7.0.42 uportal-tomcat

4.Set your environment variables:

export JAVA_HOME=/path/to/your/java
export TOMCAT_HOME=/path/to/your/tomcat

5.Test your Tomcat installation

a. First, start Tomcat

$TOMCAT_HOME/bin/startup.sh

b. Go to http://localhost:8080/

You should see the Apache Tomcat Welcome screen

c. Shutdown Tomcat

TOMCAT_HOME/bin/shutdown.sh
Windows Installation

1. Download  Apache Tomcat 7.x for Windows

2. Unzip the download into a suitable directory. For example, you may unzip the file into the C:\ directory. This will create a directory like C:\apache-tomcat-7.x containing your Tomcat files.

3. You will need to create two environment variables CATALINA_HOME and JAVA_HOME

 CATALINA_HOME : C:\apache-tomcat-7.x
 JAVA_HOME : C:\Program Files\Java\jdk1.x

For Windows (different versions may vary) you can create these environment variables by doing the following: right-click 'My Computer' select properties and then the Advanced tab. Then click Environment Variables and under System variables click New. From here, you can enter the name and value for CATALINA_HOME and again for JAVA_HOME if it's not already created.

4. Start Tomcat. Try starting up Tomcat by running the C:\apache-tomcat-6.x\bin\startup.bat batch file. Point your browser to http://localhost:8080 and you should see the default Tomcat home page (see above image). To shutdown the server run C:\apache-tomcat-6.x\bin\shutdown.bat batch file.

Configuring Tomcat for uPortal 

Shared Libraries

uPortal places libraries in CATALINA_BASE/shared/lib The default Tomcat 7 download does not enable libraries to be loaded from this directory.

  1. To resolve this you must edit CATALINA_BASE/conf/catalina.properties and change the line that begins "shared.loader=" to the following:
Enabling shared libraries in CATALINA_BASE/conf/catalina.properties
shared.loader=${catalina.base}/shared/lib/*.jar

Warning!

Be absolutely certain the shared.loader property is configured exactly as shown. An extra space character at the end of the line can prevent it from working as intended, which is very difficult to troubleshoot.

Shared Sessions

Jasig portlets, as well as many other popular JSR-168 and JSR-286 portlets, rely on the ability to share user session data between the portal web application and portlet applications.

To enable this feature for Tomcat 7.0,  add the sessionCookiePath="/" to CATALINA_BASE/conf/context.xml.

Example Tomcat 7.0 Connector Configuration
<Context sessionCookiePath="/">

JVM Heap Configuration

uPortal requires a larger than standard PermGen space and more heap than may be allocated by default. A good conservative set of heap settings are -XX:MaxPermSize=384m -Xmx1024m. To add these, create a file called either setenv.sh (Linux/Mac) or setenv.bat (Windows) in your CATALINA_HOME/bin directory and add the configuration as follows:

setenv.sh or setenv.bat
JAVA_OPTS="$JAVA_OPTS -XX:+PrintCommandLineFlags -XX:MaxPermSize=384m -Xms1024m -Xmx1024m -Djsse.enableSNIExtension=false"

Required file permissions

Several uPortal webapps write to their deployed webapps folder to add dynamic content to the portal (altering the Respondr Dynamic Skin and managing Attachments uploaded to uPortal are two use cases).  Insure the process Tomcat is running as has write access to CATALINA_BASE/webapps/* directories.  Typically this is done by having the same account tomcat is running as be the same account you use to build and deploy uPortal.

Tomcat 7 parallel startup (optional)

Tomcat 7.0.23+ can be configured to have multiple webapps start up in parallel, reducing server startup time.  Set the startStopThreads attribute of a Host to a value greater than one.  See http://wiki.apache.org/tomcat/HowTo/FasterStartUp for more details and other suggestions.

GZipping HTML (optional)

Browser-side performance may be improved somewhat by GZip-ping downloaded content where appropriate. uPortal 4 already GZips CSS and JavaScript. uPortal does not, however, GZip the uPortal page itself.

GZipping of HTML content can be performed via Tomcat. To enable this functionality, set compression="on" in the in-use Tomcat connector, and set the list of compressable mime types. More information about this feature can be found in the Tomcat configuration page.

Example GZip Configuration
<Connector port="8080" protocol="HTTP/1.1"
    connectionTimeout="20000" redirectPort="8443"
    compression="on" compressableMimeType="text/html,text/xml,text/plain"/>

Further Tomcat Configurations

JVM settings
Disabling SSLv3

Some sites have chosen to disable SSLv3 on their CAS server due to various vulnerabilities.  That can cause problems with the CAS client used in uPortal being unable to establish an HTTPS connection to the CAS server to validate the service ticket and throwing an exception
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

One solution is to set the protocols used by Java when making SSL connections.  You can do this by adding the following property to JAVA_OPTS (or CATALINA_OPTS if using that):
Oracle Java7: -Dhttps.protocols="TLSv1,TLSv1.1,TLSv1.2"

Your CAS server must be configured to use one of the mentioned protocols or the handshake will fail.  If your test CAS server is publicly accessible, you can view which protocols it supports by entering its domain name into https://www.ssllabs.com/ssltest/.

If you run into troubles, refer to https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https and other resources to help diagnose the issue.

Having problems with these instructions?

Please send us feedback at uportal-user@lists.jasig.org

  • No labels