How to Install Tomcat on Ubuntu and Enable HTTPS / SSL

Tutorials, tips and tricks.

Moderator: moderators

How to Install Tomcat on Ubuntu and Enable HTTPS / SSL

Postby seanpkeown » Wed Dec 01, 2010 12:22 pm

Update
12-9-2010 - Added some extra notes + how to fix transcoding with Ubuntu
12-10-2010 - Added code to copy ffmpeg and lame to transcoding folder + improved look
1-1-2010 - Updated some links to run as user instead of root and also a better init file.
1-31-2010 - Fixed some Typos

Well after creating this walk-though for windows i've seen a few people asking how to do this for Ubuntu so here it is. I hope it works :)
The same walk through for windows. http://forum.subsonic.org/forum/viewtopic.php?t=4247


I've been doing my best to keep this simple but it keeps growing as people suggest more. In the end all we are doing is installing java + tomcat and then copying the subsonic.war file to a folder.



Ok lets start out by opening a terminal and type in the following commands.
  1. First we'll need to install Java.
    Code: Select all
    sudo apt-get install openjdk-6-jre

  2. Next we'll need to install tomcat so lets change to the download directory.
    Code: Select all
    cd /home/username/Downloads
  3. Then Download Tomcat
    Code: Select all
    wget http://apache.deathculture.net//tomcat/tomcat-6/v6.0.29/bin/apache-tomcat-6.0.29.tar.gz
  4. Next Uzip the tar file.
    Code: Select all
    tar xvzf apache-tomcat-6.0.29.tar.gz
  5. Then move the tomcat folder.
    Code: Select all
    sudo mv apache-tomcat-6.0.29 /usr/local/tomcat6

  6. Next we are going to setup tomcat to show it where the java directory is and the startup.
    Code: Select all
    sudo vi /etc/init.d/tomcat6

  7. Then press i to insert and type the following.
    Code: Select all
    # Tomcat auto-start
    #
    # description: Auto-starts tomcat
    # processname: tomcat
    # pidfile: /var/run/tomcat.pid

    export JAVA_HOME=/usr/lib/jvm/java-6-openjdk

    case $1 in
    start)
            sh /usr/local/tomcat6/bin/startup.sh
            ;;
    stop)   
            sh /usr/local/tomcat6/bin/shutdown.sh
            ;;
    restart)
            sh /usr/local/tomcat6/bin/shutdown.sh
            sh /usr/local/tomcat6/bin/startup.sh
            ;;
    esac   
    exit 0


  8. Then press shift+Q and a colen will pop up. type w and enter to save.
  9. Then type q! and enter to quit.
  10. If you want to verify the file then type the following and it will allow you to read the file you just created.
    Code: Select all
    cat /etc/init.d/tomcat6
  11. Next change the security permissions required to execute the file.
    Code: Select all
    sudo chmod 755 /etc/init.d/tomcat6
  12. Then Link the startup and shutdown.
    Code: Select all
    sudo ln -s /etc/init.d/tomcat6 /etc/rc1.d/K99tomcat

    Code: Select all
    sudo ln -s /etc/init.d/tomcat6 /etc/rc2.d/S99tomcat

    Code: Select all
    sudo ln -s /etc/init.d/tomcat6 /etc/rc0.d/K99tomcat

    Code: Select all
    sudo ln -s /etc/init.d/tomcat6 /etc/rc6.d/K99tomcat
  13. To restart tomcat type the following
    Code: Select all
    sudo /etc/init.d/tomcat6 restart

  14. Then browse to http://127.0.0.1:8080 from ubuntu or http://x.x.x.x:8080 from another computer. The tomcat page should now show up. If it doesn't then try a reboot.
  15. Next, time to install Subsonic.
  16. Make sure that you're still in the download directory.
    Code: Select all
    cd /home/username/Downloads
  17. Then download Subsonic.
    Code: Select all
    wget http://sourceforge.net/projects/subsonic/files/subsonic/4.2/subsonic-4.2-war.zip/download
  18. Lets then unzip subsonic.war
    Code: Select all
    unzip subsonic-4.2-war.zip
  19. Next Move subsonic.war to webapps.
    Code: Select all
    sudo mv subsonic.war /usr/local/tomcat6/webapps

  20. Next Stop the tomcat Service
    Code: Select all
    sudo /etc/init.d/tomcat6 stop
  21. Wait a couple seconds then start the tomcat service.
    Code: Select all
    sudo /etc/init.d/tomcat6 start


  22. you should now be able to browse to
    then browse to http://127.0.0.1:8080/subsonic from ubuntu or http://x.x.x.x:8080/subsonic from another computer.
  23. don't forget transcoding.
    Code: Select all
    sudo apt-get install lame flac faad vorbis-tools ffmpeg

    Code: Select all
    sudo cp /usr/bin/ffmpeg /var/subsonic/transcode

    Code: Select all
    sudo cp /usr/bin/lame /var/subsonic/transcode

  24. Next Lets setup the Encryption. First you will need to change the values in red and possibly your java location if you have a different version installed.

    >>sudo /usr/lib/jvm/java-6-openjdk/bin/keytool -genkey -alias tomcat -keyalg RSA -dname "CN=domainname, OU=Subsonic, O=Loving Music Inc, L=City, S=State, C=US" -validity 3650 -keystore /usr/local/tomcat6/tomcat.ks -storepass secretpassword -keypass secretpassword<< Code is in between the arrows.


    Code Meaning
    CN=commonName "Domain Name"
    OU=organizationUnit "Department or Division"
    O=organizationName "Company Inc"
    L=localityName "City Name"
    S=stateName "State Name"
    C=country "Country Code i.e US"


  25. Next lets configure tomcat to enable SSL


    Code: Select all
    sudo vi /usr/local/tomcat6/conf/server.xml

  26. Then press i to insert and type the following and use the delete key to delete text.
  27. First find and remove the <!-- and --> from the code.

    Code: Select all
    <!--       
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS" />
    -->

  28. And then add the following two lines keystoreFile="tomcat.ks", keystorePass="secretpassword" and modify the protocol="org.apache.coyote.http11.Http11Protocol" to the code making it look like the example below. Don't forget to put your secret password that you used keystorePass="secretpassword".
  29. The Connector Port is the port that you will be logging into. Example https://localhost:8443/subsonic non-encrypted it will be on http://localhost:8080/subsonic by default

    Code: Select all
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    keystoreFile="tomcat.ks"
    keystorePass="secretpassword"
    clientAuth="false" sslProtocol="TLS" />

  30. Then press shift+Q and a colen will pop up. type w and enter to save.
  31. Then type q! and enter to quit.
  32. To view the file after you are done type the following.
    Code: Select all
    cat /usr/local/tomcat6/conf/server.xml

  33. Then stop tomcat.
    Code: Select all
    sudo /etc/init.d/tomcat6 stop
  34. Wait and then start tomcat back up.
    Code: Select all
    sudo /etc/init.d/tomcat6 start




-------------------------------------------------------------------------------------------------------------------------------------

Optional Additions to Tomcat If you want your http port to auto forward to https then add the following to /usr/local/tomcat6/conf/web.xml and from now on when you browse to your website http://whatever/subsonic it will forward to https://whatever/subsonic

Put this code in between <web-app> code below </web-app>

Code: Select all
<security-constraint>
     <web-resource-collection>
        <web-resource-name>Protected Context</web-resource-name>
          <url-pattern>/*</url-pattern>
     </web-resource-collection>
  <!-- auth-constraint goes here if you require authentication -->
     <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
     </user-data-constraint>
</security-constraint>


-------------------------------------------------------------------------------------------------------------------------------------

Mapping a drive to windows

Code: Select all
sudo mkdir -p /mnt/music

Code: Select all
sudo mount -t cifs //serverip/sharename -o username=johndoe,password=johnspassword /mnt/music


If you want to keep this share on reboot.
Code: Select all
sudo vi /etc/fstab


Then enter the following code in fstab
Code: Select all
//serverip/sharename /mnt/music cifs username=johndoe,password=johnspassword 0 0


-------------------------------------------------------------------------------------------------------------------------------------

How Run Tomcat without Root Privileges.

Here are a couple other links but this is my own modification so feel free to let me know if i need to change anything.Site 1Site 2

1st. Create a limited user. Example: subsonicuser
2nd. Create a limted group. Example: subsonicgroup < don't forget to link the usernames to the group.

Code: Select all
sudo vi /etc/init.d/tomcat6


Don't forget to set TOMCAT_HOME - JAVA_HOME - USERNAME

Code: Select all
#!/bin/bash
# Tomcat auto-start
#
# description: Auto-starts tomcat
# processname: tomcat
# pidfile: /var/run/tomcat.pid
RETVAL=$?
TOMCAT_HOME=/usr/local/tomcat6
export JAVA_HOME=/usr/lib/jvm/java-6-sun-1.6.0.22
USERNAME=subsonicuser

case $1 in
start)
       if [ -f $TOMCAT_HOME/bin/startup.sh ];
          then
       echo $"Starting Tomcat"
            /bin/su $USERNAME $TOMCAT_HOME/bin/startup.sh
        fi
        ;;
stop)
        if [ -f $TOMCAT_HOME/bin/shutdown.sh ];
          then
       echo $"Stopping Tomcat"
            /bin/su $USERNAME $TOMCAT_HOME/bin/shutdown.sh
        fi
       ;;
restart)
echo $"Restarting Tomcat"
/bin/su $USERNAME $TOMCAT_HOME/bin/shutdown.sh
/bin/su $USERNAME $TOMCAT_HOME/bin/startup.sh
;;
esac
exit $RETVAL



[*]Then press shift+Q and a colen will pop up. type w and enter to save.
[*]Then type q! and enter to quit.

[*]If you want to verify the file then type the following and it will allow you to read the file you just created.
Code: Select all
cat /etc/init.d/tomcat6

[*]Next change the security permissions required to execute the file.
Code: Select all
sudo chmod 755 /etc/init.d/tomcat6

Code: Select all
sudo chown yourusername:subsonicgroup -R /usr/local/tomcat6

Code: Select all
sudo chmod -R 775 /usr/local/tomcat6

Code: Select all
sudo chown yourusername:subsonicgroup -R /var/subsonic

Code: Select all
sudo chmod -R 775 /var/subsonic


You will need to do the following command on any folder that you would like to share with the subsonicgroup

Then do a reboot.

To verify this try the top command or install htop sudo apt-get install htop then use the command htop
-------------------------------------------------------------------------------------------------------------------------------------







Note: Problems that might crop up.


Problems with subsonic page loading or being slow

    First try a reboot.


-------------------------------------------------------------------------------------------------------------------------------------

Problems with slowness or Jukebox mode not playing music.

    Try installing sun-java6-jdk vs the java-6-openjdk Thanks gygys

    Ubuntu 10.03 or below try

    Code: Select all
    sudo update-alternatives --config java


    Ubuntu 10.04 or above the Sun JDK is hidden away.

    Code: Select all
    sudo add-apt-repository "deb http://archive.canonical.com/ lucid partner"

    Code: Select all
    sudo apt-get update

    Code: Select all
    sudo apt-get install sun-java6-jdk


    Code: Select all
    sudo update-alternatives --config java


    Then select java-6-sun

    Next we'll need to fix the Java location in the following file.

    Code: Select all
    sudo vi /etc/init.d/tomcat6


    Then press i and change the JAVA_HOME.

    Code: Select all
    export JAVA_HOME=/usr/lib/jvm/java-6-sun


    Then press shift+Q and a colen will pop up. type w and enter to save.
    Then type q! and enter to quit.

    Then do a reboot.

-------------------------------------------------------------------------------------------------------------------------------------

Subsonic won't play WMA files. Well then give this a shot. Thanks drifter

    I hope that you already installed lame and ffmpeg which is explained above in the walkthrough.

    1st.) Change to the downloads directory
    Code: Select all
    cd /home/username/Downloads


    2nd.) create a script called wma2mp3
    Code: Select all
    sudo vi wma2mp3


    3rd.) Then Enter the following code you will need to press i to insert the code.

    Code: Select all
    #!/bin/bash
    ffmpeg -i "$1" -f wav -ab "$2" - 2>/dev/null | /var/subsonic/transcode/lame -b "$2" - -
    #


    Then press shift+Q and a colen will pop up. type w and enter to save.
    Then type q! and enter to quit.


    4th.) move the wma2pm3 script to the transcode folder
    Code: Select all
    sudo mv wma2mp3 /var/subsonic/transcode


    5th.) convert the script to an executable
    Code: Select all
    sudo chmod 755 /var/subsonic/transcode/wma2mp3


    6th.) log into subsonic > Settings > Transcoding

    Name = wma > mp3
    Convert From = wma
    Convert to = mp3
    Step 1 = wma2mp3 %s %b


-------------------------------------------------------------------------------------------------------------------------------------




Well it's not the prettiest walk though but it should work.. Let me know if there is anything that i need to change.

Enjoy,
Sean K
Last edited by seanpkeown on Tue Feb 01, 2011 1:43 am, edited 31 times in total.
seanpkeown
 
Posts: 100
Joined: Tue Jun 09, 2009 10:41 pm

Thanks

Postby john.doe » Sun Dec 05, 2010 11:02 pm

thanks a lot for this tutorial, worked perfect on 64bit Maverick.
john.doe
 
Posts: 9
Joined: Tue Oct 12, 2010 9:22 am

Postby mvo » Wed Dec 08, 2010 3:14 am

Hi,
Thanks for the tutorial. I've followed it and I'm having issues with the subsonic portion. I believe it's with the web.xml. I'm receiving this message when going to https://localhost:8080/subsonic
Code: Select all
HTTP Status 404 -

type Status report

message

description The requested resource () is not available.

Apache Tomcat/6.0.29


The examples on the tomcat page (localhost:8080) work fine, it's just when accessing https://localhost:8443/subsonic or http://localhost:8080/subsonic. I'm using Ubuntu 10.04 32-bit.

Any help would be greatly appreciated.
mvo
 
Posts: 13
Joined: Wed Dec 08, 2010 3:09 am

Postby zyrus » Wed Dec 08, 2010 1:42 pm

@seanpkeown
Also thanks for the tutorial, helped me to finally getting ssl on ubuntu.

@mvo
I also have this issue. Just execute following command, this will remove a lock-file from subsonic, that prevents the start:
Code: Select all
sudo rm /var/subsonic/db/subsonic.lck


Only problem is, that subsonic always recreates this file so everytime you restart tomcat you will have the same problem again.
For now i solved it by deleting this file every 15min. via cron. But of course you can do it manually every time, tomcat needs to be restarted.[/b]
zyrus
 
Posts: 4
Joined: Wed Nov 24, 2010 6:53 pm

Postby mvo » Wed Dec 08, 2010 3:14 pm

zyrus wrote:@seanpkeown
Also thanks for the tutorial, helped me to finally getting ssl on ubuntu.

@mvo
I also have this issue. Just execute following command, this will remove a lock-file from subsonic, that prevents the start:
Code: Select all
sudo rm /var/subsonic/db/subsonic.lck


Only problem is, that subsonic always recreates this file so everytime you restart tomcat you will have the same problem again.
For now i solved it by deleting this file every 15min. via cron. But of course you can do it manually every time, tomcat needs to be restarted.[/b]


Thanks for the tip, I'll give that a try.

I was reading and I'll try restarting as this post mentioned. I did have 4.2-beta1 installed prior to 4.2.
http://forum.subsonic.org/forum/viewtop ... e&start=23
mvo
 
Posts: 13
Joined: Wed Dec 08, 2010 3:09 am

Postby seanpkeown » Thu Dec 09, 2010 12:32 am

Hey guys thanks for trying the tutorial out. To be honest i didn't have any problems with subsonic starting but then again i didn't do much testing either.

I installed subsonic 4.2 on Ubuntu 10.10 "Maverick" using vmware. Let me know if your able to get subsonic going. I read that 3.7 beta was having problems starting. http://forum.subsonic.org/forum/viewtopic.php?t=1817&highlight=subsonic+lck I'll check to see if my virtual machine is experiencing the same problem.

Thanks,
~ Sean K
seanpkeown
 
Posts: 100
Joined: Tue Jun 09, 2009 10:41 pm

Postby mvo » Thu Dec 09, 2010 6:05 am

I was able to resolve my issue by restarting the server. Works great now. Is it possible to change the port it uses though? I'd like to avoid 8080 and 8443.

Also, what's the difference between using Tomcat for SSL and just enabling SSL through Apache2 and using port 443?

I will have to configure my apache to redirect http://localhost:8080/subsonic to https://localhost:8443/subsonic so the user doesn't have to input the "s" in https. That way I can also use name.subsonic.org and have it redirect to https.

Is there a performance lost when using SSL? I kinda notice a slower response but I'm not sure if it's just me or if that's because of SSL.

Thanks for your help again.
mvo
 
Posts: 13
Joined: Wed Dec 08, 2010 3:09 am

Postby seanpkeown » Thu Dec 09, 2010 11:45 pm

mvo wrote:I was able to resolve my issue by restarting the server. Works great now. Is it possible to change the port it uses though? I'd like to avoid 8080 and 8443.

Also, what's the difference between using Tomcat for SSL and just enabling SSL through Apache2 and using port 443?

I will have to configure my apache to redirect http://localhost:8080/subsonic to https://localhost:8443/subsonic so the user doesn't have to input the "s" in https. That way I can also use name.subsonic.org and have it redirect to https.

Is there a performance lost when using SSL? I kinda notice a slower response but I'm not sure if it's just me or if that's because of SSL.

Thanks for your help again.



Hi mvo,

If you want your http port to auto forward to https then add the following to /usr/local/tomcat6/conf/web.xml

Code: Select all
sudo vi /usr/local/tomcat6/conf/web.xml


Code: Select all
   <security-constraint>
     <web-resource-collection>
        <web-resource-name>Protected Context</web-resource-name>
          <url-pattern>/*</url-pattern>
     </web-resource-collection>
  <!-- auth-constraint goes here if you require authentication -->
     <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
     </user-data-constraint>
</security-constraint>



Then press shift+Q and a colen will pop up. type w and enter to save.
Then type q! and enter to quit.




To change your ports type to following command.

Code: Select all
sudo vi /usr/local/tomcat6/conf/server.xml



Edit this line to change HTTP don't forget the redirectport to HTTPS

Code: Select all
<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />



Edit this line to change HTTPS.

Code: Select all
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="tomcat.ks"
keystorePass="secretpassword"
clientAuth="false" sslProtocol="TLS" />



Then press shift+Q and a colen will pop up. type w and enter to save.
Then type q! and enter to quit.


Then restart the tomcat service or the computer.



I also heard that apache can be more secure because it's severing your sites. But the down fall is that apache pulls the sites from tomcat so it gets handled a couple times before it gets to you slowing the page down. I just use tomcat by itself since it can serve up the pages along with encrypting the pages as well. Also encryption has the chance to slow your pages down since it has to encrypt and decrypt the data but i haven't noticed it happening on my system.
seanpkeown
 
Posts: 100
Joined: Tue Jun 09, 2009 10:41 pm

Postby mvo » Fri Dec 10, 2010 2:52 pm

Thanks for the info seanpkeown, much appreciated.
mvo
 
Posts: 13
Joined: Wed Dec 08, 2010 3:09 am

Postby schitonk » Sat Dec 11, 2010 5:12 am

thanks for this. got https working in openfiler with this tutorial as well. only difference being the java version and moving ports around in httpd.conf and ssl.conf.
schitonk
 
Posts: 15
Joined: Fri Dec 10, 2010 4:01 pm

Postby paradym3 » Sun Dec 12, 2010 7:59 am

Thank you for the guide! People taking time to do things like this help make Subsonic so much better and serve the new users very well.

Craig
paradym3
 
Posts: 19
Joined: Thu Jun 17, 2010 11:07 pm
Location: San Francisco

Postby seanpkeown » Wed Dec 15, 2010 12:01 am

paradym3 wrote:Thank you for the guide! People taking time to do things like this help make Subsonic so much better and serve the new users very well.

Craig


Thanks for letting me know that the tutorial worked. Was a little worried that i would have mistyped a couple things causing people to crash their system but no complaints so far.. :P
seanpkeown
 
Posts: 100
Joined: Tue Jun 09, 2009 10:41 pm

Cannot access Tomcat externally.

Postby aadam12 » Fri Dec 31, 2010 2:42 pm

Thank your for this EXCELLENT tutorial.

I am currently running Subsonic on Tomcat (on Ubuntu Maverick Meerkat). However, I cannot access Subsonic from outside my local network.

- I have port forwarded ports 8080 and 8433 on my 2wire router.
- I did a portscan from http://www.pcflank.com and 8080 is open, 8433 is stealth.
- I have set up Tomcat to redirectport to HTTPS which works fine internally.

However, from outside my home network, when I type http://my.routers.ip.address:8080 or https://my.routers.ip.address:8433 I get a timeout error and cannot reach subsonic.

I had no problems when I originally installed subsonic from the .deb file running on port 4040 but I wanted to add https for security.

Is there something that I need to configure in Tomcat?
User avatar
aadam12
 
Posts: 25
Joined: Fri Dec 31, 2010 2:00 pm

Re: Cannot access Tomcat externally.

Postby seanpkeown » Sat Jan 01, 2011 8:15 pm

aadam12 wrote:Thank your for this EXCELLENT tutorial.

I am currently running Subsonic on Tomcat (on Ubuntu Maverick Meerkat). However, I cannot access Subsonic from outside my local network.

- I have port forwarded ports 8080 and 8433 on my 2wire router.
- I did a portscan from http://www.pcflank.com and 8080 is open, 8433 is stealth.
- I have set up Tomcat to redirectport to HTTPS which works fine internally.

However, from outside my home network, when I type http://my.routers.ip.address:8080 or https://my.routers.ip.address:8433 I get a timeout error and cannot reach subsonic.

I had no problems when I originally installed subsonic from the .deb file running on port 4040 but I wanted to add https for security.

Is there something that I need to configure in Tomcat?


I think that this problem has to do with subsonic.org and how the script is wrote to redirect you to your home. This can be fixed by turning off the auto redirect to https which will still force you to type https. I plan to put this in the requested features for sindre.

I agree and wish that this part worked. I'll let you know if i hear anything.

~ Sean K
seanpkeown
 
Posts: 100
Joined: Tue Jun 09, 2009 10:41 pm

Postby aadam12 » Sat Jan 01, 2011 10:04 pm

Thank you Sean K. I've gone back to the .deb install of subsonic for now. When I have time, I'll reinstall it on Tomcat and leave out the http-->https step. I'll let you know if I am still having issues.
User avatar
aadam12
 
Posts: 25
Joined: Fri Dec 31, 2010 2:00 pm

Next

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 3 guests