sudo apt-get install tomcat7
Open up global profile:
sudo nano /etc/profile
Add this to global profile:
export CATALINA_HOME##/usr/share/tomcat7
export CATALINA_BASE##/var/lib/tomcat7
For some reason, Tomcat does not add a link to the $CATALINA_HOME/lib folder in $CATALINA_BASE. So lets add this for our convenience, nothing more.
sudo ln -s /usr/share/tomcat7/lib /var/lib/tomcat7/lib
sudo apt-get install libapr1 libaprutil1 libapr1-dev libssl-dev make
Grab the latest version from http://tomcat.apache.org/download-native.cgi
Then wget it on your server and untar it.
cd jni/native
sudo ./configure --with-apr##/usr/bin/apr-1-config --with-java-home##$JAVA_HOME --with-ssl##yes --prefix##$CATALINA_HOME
sudo make && make install
You might need to do all the above as root user (and not just plain sudo).
Check that libtcnative* are now in /usr/share/tomcat7/lib
Then, open up your setenv.sh file:
sudo nano $CATALINA_HOME/bin/setenv.sh
and add the lines:
LD_LIBRARY_PATH##$LD_LIBRARY_PATH:$CATALINA_HOME/lib
export LD_LIBRARY_PATH
chmod the file:
chmod 751 setenv.sh
You will also need to allow the tomcat user access to the SSL files. This is done by adding the tomcat user to the ssl-cert group:
sudo usermod -a -G ssl-cert tomcat7
Also just double check the permissions on your private key are as follows:
sudo chown root:ssl-cert /etc/ssl/private/official-ssl.key
sudo chmod 640 /etc/ssl/private/official-ssl.key
Open up the server.xml file:
sudo nano /var/lib/tomcat7/conf/server.xml
Open up a port 8080 (http-alt) connector, and an SSL port 9090 connector. Open up these ports on your firewall.
<?xml version##'1.0' encoding##'utf-8'?>
<Server port##"8005" shutdown##"SHUTDOWN">
<Listener className##"org.apache.catalina.core.AprLifecycleListener" SSLEngine##"on"/>
<Listener className##"org.apache.catalina.core.JasperListener" />
<Listener className##"org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className##"org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className##"org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name##"UserDatabase" auth##"Container"
type##"org.apache.catalina.UserDatabase"
description##"User database that can be updated and saved"
factory##"org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname##"conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name##"Catalina">
<Connector port##"8080" protocol##"HTTP/1.1"
connectionTimeout##"20000"
URIEncoding##"UTF-8"
redirectPort##"9090" />
<Connector port##"9090" protocol##"org.apache.coyote.http11.Http11AprProtocol"
SSLEnabled##"true" scheme##"https" secure##"true"
maxThreads##"200"
SSLCACertificateFile##"/etc/ssl/custom/certs/official-www-mydomain-com-ad-inter.crt"
SSLCertificateFile##"/etc/ssl/custom/certs/official-www-mydomain-com.crt"
SSLCertificateKeyFile##"/etc/ssl/custom/keys/official-www-mydomain-com.key" />
<Engine name##"Catalina" defaultHost##"localhost">
<Realm className##"org.apache.catalina.realm.LockOutRealm">
<Realm className##"org.apache.catalina.realm.UserDatabaseRealm"
resourceName##"UserDatabase"/>
</Realm>
<Host name##"localhost" appBase##"webapps"
unpackWARs##"true" autoDeploy##"true">
<Valve className##"org.apache.catalina.valves.AccessLogValve" directory##"logs"
prefix##"localhost_access_log." suffix##".txt"
pattern##"%h %l %u %t %r %s %b" />
</Host>
</Engine>
</Service>
</Server>
Restart the service:
sudo /etc/init.d/tomcat7 restart
Check the ROOT app on Tomcat, https://mydomain.com:9090/