Install Java and Apache Tomcat (Ubuntu)

Installation and Configuration > Installing ThingWorx > Ubuntu Installation > PostgreSQL > Install Java and Apache Tomcat (Ubuntu)

1. If you are using AzureSQL for your database, go to Using Azure SQL Server as the Persistence Provider. Perform the steps in that section to set up the database, and you will be referred back to this section.

2. If you are using MSSQL for your database, go to Using MSSQL as the Persistence Provider . Perform the steps in that section to set up the database, and you will be referred back to this section.

3. Update Ubuntu packages:

$ sudo apt-get update

4. Install and Configure Network Time Protocol (NTP) settings for time synchronization:

$ sudo apt-get install ntp

The default configuration for NTP is sufficient. For additional configuration information about NTP (beyond the scope of this documentation), refer to the following resources:

• Time Synchronization with NTP

• How do I use pool.ntp.org?

5. Edit AUTHBIND properties to allow Tomcat to bind to ports below 1024:

$ sudo apt-get install authbind

6. Download the Java JDK tar file from Oracle’s website, or run the following

wget -c --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.tar.gz

7. Extract tar file:

$ tar -xf jdk-8uxxx-linux-x64.tar.gz

8. Create the directory by moving the JDK to /usr/lib/jvm:

If the directory is not empty, a warning message will display.

$ sudo mkdir -p /usr/lib/jvm
$ sudo mv jdk1.8.0_xxx/ /usr/lib/jvm/

9. Add alternatives to the system:

$ sudo update-alternatives --install "/usr/bin/java" "java" "/usr/lib/jvm/jdk1.8.0_xxx/bin/java" 1
$ sudo update-alternatives --install "/usr/bin/keytool" "keytool" "/usr/lib/jvm/jdk1.8.0_xxx/bin/keytool" 1

10. Change access permissions:

$ sudo chmod a+x /usr/bin/java
$ sudo chmod a+x /usr/bin/keytool

11. Change owner:

$ sudo chown -R root:root /usr/lib/jvm/jdk1.8.0_xxx/

12. Configure master links:

$ sudo update-alternatives --config java
$ sudo update-alternatives --config keytool

Nothing to configure is a normal response to this command and is not an error. Additional executables in /usr/lib/jvm/jdk1.8.0_xxx/bin/ can be installed using the previous set of steps.

13. Verify Java version:

$ java -version

This should return something similar to the following (build specifics may be different):

java version "1.8.0_xxx"
Java(TM) SE Runtime Environment (build 1.8.0_xxx-bxx)
Java HotSpot(TM) 64-Bit Server VM (build xx.xx-bxx, mixed mode)

14. Download Apache Tomcat: The steps in this process use Tomcat 8.5.xx, where xx is replaced with the version you are using.

$ wget http://archive.apache.org/dist/tomcat/tomcat-8/v8.5.xx/bin/apache-tomcat-8.5.xx.tar.gz

Best practice includes verifying the integrity of the Tomcat file by using the signatures or checksums for each release. Refer to Apache’s documentation for more information.

15. Extract tar file:

$ tar -xf apache-tomcat-8.5.xx.tar.gz

16. Create and change the owner for /usr/share/tomcat8.5 and move Tomcat to the following location. Add user and group to the system:

$ sudo mkdir -p /usr/share/tomcat8.5
$ sudo mv apache-tomcat-8.5.xx /usr/share/tomcat8.5/8.5.xx
$ sudo addgroup --system tomcat8.5 --quiet -force-badname
$ sudo adduser --system --home /usr/share/tomcat8.5/ --no-create-home --ingroup tomcat8.5 --disabled-password --force-badname --shell /bin/false tomcat8.5
$ sudo chown -R tomcat8.5:tomcat8.5 /usr/share/tomcat8.5

17. Define environment variables in /etc/environment:

$ export JAVA_HOME=/usr/lib/jvm/jdk1.8.0_xxx
$ export CATALINA_HOME=/usr/share/tomcat8.5/8.5.xx

18. Change directory to $CATALINA_HOME:

$ cd $CATALINA_HOME

19. Change owner and access permissions of bin/, lib/, and webapps/:

$ sudo chown -Rh tomcat8.5:tomcat8.5 bin/ lib/ webapps/
$ sudo chmod 775 bin/ lib/ webapps/

20. Change owner and access permissions of usr/share/tomcat8.5/8.5xx:

sudo chown -R tomcat8.5:tomcat8.5 /usr/share/tomcat8.5/8.5.xx
sudo chmod -R 775 /usr/share/tomcat8.5/8.5.xx

21. Change owner and access permissions of conf/:

$ sudo chown -Rh root:tomcat8.5 conf/
$ sudo chmod -R 650 conf/

22. Change access permissions of logs/, temp/, and work/:

$ sudo chown -R tomcat8.5:adm logs/ temp/ work/
$ sudo chmod 760 logs/ temp/ work/

23. Create self-signed certificate:

$ sudo $JAVA_HOME/bin/keytool -genkey -alias tomcat8.5 -keyalg RSA -keystore $CATALINA_HOME/conf/.keystore

24. Follow the instructions to complete the certificate creation process.

◦ Set the keystore password.

◦ Follow the prompts to set up your security certificate.

◦ Set the tomcat8.5 user password to the same as the keystore password:

$ sudo chown root:tomcat8.5 $CATALINA_HOME/conf/.keystore
$ sudo chmod 640 $CATALINA_HOME/conf/.keystore

25. Uncomment the Manager element in $CATALINA_HOME/conf/context.xml to prevent sessions from persisting across restarts:

For security reasons, it is critical that you disable the AJP connector, if not already done so by default, by performing the following step.

26. In the location of the Tomcat installation, open conf/server.xml and search for the following line. If found, comment it out and save the file:

In Apache Tomcat 9.0 and later, the rejectIllegalHeader attribute defaults to true. Manually modifying the conf/web.xml file to set this attribute to false is not recommended or supported by PTC.

If you receive an error that the directory doesn’t exist, use the following commands to ensure port 443 works:

sudo touch /etc/authbind/byport/443
sudo chmod 700 /etc/authbind/byport/443
sudo chown tomcat8.5:tomcat8.5 /etc/authbind/byport/443

27. Define a user in $CATALINA_HOME/conf/tomcat-users.xml:

sudo vi $CATALINA_HOME/conf/tomcat-users.xml

<user username="<Tomcat user name> " password="<Tomcat password> " roles="manager"/>

28. Determine uid of tomcat8.5 user:

$ id -u tomcat8.5

29. Using this number, create an ID file in /etc/authbind/byuid/:

Change the <uid> to the number that was returned in the previous step.

$ sudo touch /etc/authbind/byuid/<uid>
sudo vi /etc/authbind/byuid/<uid>

30. Edit the file from the step above and paste in the following:

0.0.0.0/0:1,1023

31. Change owner and access permissions of /etc/authbind/byuid/<uid>:

$ sudo chown tomcat8.5:tomcat8.5 /etc/authbind/byuid/<uid>
$ sudo chmod 700 /etc/authbind/byuid/<uid>

32. Modify $CATALINA_HOME/bin/startup.sh to always use authbind:

sudo vi $CATALINA_HOME/bin/startup.sh

Comment the following in the file:

#exec "$PRGDIR"/"$EXECUTABLE" start "$@"

33. Add the following to the end of the file:

exec authbind --deep "$PRGDIR"/"$EXECUTABLE" start "$@"

34. In /etc/init.d, create tomcat8.5 file:

$ sudo touch /etc/init.d/tomcat8.5

35. Edit the file and enter the following contents:

$ sudo vi /etc/init.d/tomcat8.5

CATALINA_HOME=/usr/share/tomcat8.5/8.5.xx

case $1 in
start)
/bin/su -p -s /bin/sh tomcat8.5 $CATALINA_HOME/bin/startup.sh
;;

stop)
/bin/su -p -s /bin/sh tomcat8.5 $CATALINA_HOME/bin/shutdown.sh
;;

restart)
/bin/su -p -s /bin/sh tomcat8.5 $CATALINA_HOME/bin/shutdown.sh
/bin/su -p -s /bin/sh tomcat8.5 $CATALINA_HOME/bin/startup.sh
;;

esac
exit 0

36. Change access permissions of etc/init.d/tomcat8.5 and create symbolic links:

$ sudo chmod 755 /etc/init.d/tomcat8.5
$ sudo ln -s /etc/init.d/tomcat8.5 /etc/rc1.d/K99tomcat
$ sudo ln -s /etc/init.d/tomcat8.5 /etc/rc2.d/S99tomcat

37. Set up Tomcat as a service to start on boot. Build JSVC if it is not already installed on your system. If it is already installed, skip and go to the next step:

$ sudo apt-get install gcc

38. Set up the Tomcat service on boot:

$ cd /usr/share/tomcat8.5/8.5.xx/bin/
$ sudo tar xvfz commons-daemon-native.tar.gz
$ cd commons-daemon-*-native-src/unix
$ sudo ./configure --with-java=$JAVA_HOME
$ sudo apt-get install make
$ sudo make
$ sudo cp jsvc ../..

39. Create the Tomcat service file:

sudo touch /etc/systemd/system/tomcat8.5.service

40. Open /etc/systemd/system/tomcat8.5.service in a text editor (as root):

sudo vi /etc/systemd/system/tomcat8.5.service

a. Paste the following in the Tomcat service file:

In the example below, set values for -Xms and -Xmx to 75% of the available OS memory (for example, 12GB for a 16GB RAM system). Refer to JVM Tuning for additional information.

[Unit]
Description=Apache Tomcat Web Application Container
After=network.target

[Service]
Type=forking
PIDFile=/var/run/tomcat.pid
Environment=CATALINA_PID=/var/run/tomcat.pid
Environment=JAVA_HOME=/usr/lib/jvm/jdk1.8.0_xxx
Environment=CATALINA_HOME=/usr/share/tomcat8.5/8.5.xx
Environment=CATALINA_BASE=/usr/share/tomcat8.5/8.5.xx
Environment=CATALINA_OPTS=

ExecStart=/usr/share/tomcat8.5/8.5.xx/bin/jsvc \
-Dcatalina.home=${CATALINA_HOME} \
-Dcatalina.base=${CATALINA_BASE} \
-Djava.awt.headless=true -Djava.net.preferIPv4Stack=true -Dserver -Dd64 -XX:+UseNUMA \
-XX:+UseG1GC -Dfile.encoding=UTF-8 \
-Djava.library.path=${CATALINA_BASE}/webapps/Thingworx/WEB-INF/extensions \
-Xms=<75% of available OS memory> \
-Xmx=<75% of available OS memory> \
-cp ${CATALINA_HOME}/bin/commons-daemon.jar:${CATALINA_HOME}/bin/bootstrap.jar:${CATALINA_HOME}/bin/tomcat-juli.jar \
-user tomcat8.5 \
-java-home ${JAVA_HOME} \
-pidfile /var/run/tomcat.pid \
-errfile ${CATALINA_HOME}/logs/catalina.out \
-outfile ${CATALINA_HOME}/logs/catalina.out \
$CATALINA_OPTS \
org.apache.catalina.startup.Bootstrap

[Install]
WantedBy=multi-user.target

b. If the Tomcat service doesn't automatically start after reboot and you receive following error, on executing sudo systemctl enable tomcat8.5.service:

update-rc.d: error: tomcatx.x Default-Start contains no runlevels, aborting.

Then the following step is required:

Remove the tomcat8.5 file located at /etc/init.d and rerun following command:

sudo systemctl enable tomcat8.5.service

41. Create a new file in the tomcat /bin file named setenv.sh:

cd $CATALINA_HOME/bin
sudo touch setenv.sh
sudo vi setenv.sh
CATALINA_OPTS="$CATALINA_OPTS -Djava.library.path=/usr/share/tomcat8.5/8.5.xx/webapps/Thingworx/WEB-INF/extensions"

42. In the location of the Tomcat installation, open CATALINA_HOME/conf/web.xml. Replace the default error page (default is stacktrace) by adding the following into the web.xml file. Place the following within the web-app tag (after the welcome-file-list tag ). A well-configured web application will override this default in CATALINA_HOME/webapps/APP_NAME/WEB-INF/web.xml so it won't cause problems.

<error-page><exception-type>java.lang.Throwable</exception-type><location>/error.jsp</location></error-page>

43. In the location of the Tomcat installation, open CATALINA_HOME/conf/server.xml. Add the following inside the <Host> </Host> tags:

44. Remove all the Tomcat webapps located in /<path_to_tomcat>/webapps/. Removing these apps prevents unnecessary access to Tomcat, specifically in the context that would allow users to view other users' cookies.

45. PTC strongly recommends the use of TLS when running ThingWorx. For detailed instructions on setting up TLS, refer to this technical support article.

46. If your application requires a specific cipher suite, refer to the following documentation for configuration information:

◦ https://www.jamf.com/jamf-nation/articles/384/configuring-supported-ciphers-for-tomcat-https-connections

47. (OPTIONAL STEP) To increase the default cache settings that affect static file caching, add the following line within the <context></context> tags in the $CATALINA_HOME/conf/context.xml file:

Increasing this setting improves performance and avoids the following message in Tomcat:

WARNING: Unable to add the resource at [/Common/jquery/jquery-ui.js] to the cache because there was insufficient free space available after evicting expired cache entries - consider increasing the maximum size of the cache

48. H2 and Azure SQL: Go to Install ThingWorx.

49. PostgreSQL: Go to Install and Configure PostgreSQL.

Was this helpful?