Tomcat install

tomcat install part1

Tomcat install

Test Environment

  • Test OS : Windows 10
  • Test Version : apache tomcat 9

Pre-preparedness

Site Link :

http://tomcat.apache.org/

  1. tomcat download

    downloan link :

    https://tomcat.apache.org/download-90.cgi



    원하는 버전을 선택해서 다운로드.
  2. unzip

    설치할 위치에 압축파일 이동 후 해제

  3. tomcat 주요 디렉토리 구조

    E:\APP\WAS\TOMCAT9

    ├─bin #실행 관련 스크립트 위치

    └─startup.sh(bat)

    └─shutdown.sh(bat)

    └─catalina.sh(bat) #sh 실행시 환경변수값을 담고 있다.

    ├─conf #설정 파일

    │ └─server.xml #서버 설정

    │ └─web.xml

    ├─lib

    ├─logs

    ├─temp

    ├─webapps #기본 어플리케이션 위치

    └─work

tomcat 설치전에 원하는 자바 버전을 windows 환경변수에 설정.




0 Read More →

SSL Cipher setting

cipher

SSL Cipher setting

Test Environment

  • Test OS : CentOS 7.2
  • Test Version : IBM HTTPServer v8.5

Cipher setting

Apply the following command to the httpd.conf file.

LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443

NameVirtualHost *:443

<VirtualHost *:443>
    DocumentRoot /app/EAR/SSL
    SSLEnable
    SSLProtocolDisable SSLv2
    SSLProtocolDisable SSLv3
    SSLCipherSpec ALL NONE
    SSLCipherSpec ALL +TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    SSLCipherSpec ALL +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    SSLCipherSpec ALL +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
    SSLCipherSpec ALL +TLS_RSA_WITH_AES_256_CBC_SHA +TLS_RSA_WITH_AES_128_CBC_SHA
</VirtualHost>
KeyFile /SW/web/HTTPServer/key/key.kdb
SSLDisable

Confirm application with the command below.

-t -D DUMP_SSL_CONFIG: show parsed SSL vhost configurations
-t -D DUMP_SSL_CIPHERS: show all known SSL ciphers

To determine which SSL ciphers are enabled on your server, you can set LogLevel debug in your httpd.conf

0 Read More →

Set Non-Domain Access Processing

Set Non-Domain Access Processing

Set Non-Domain Access Processing

Test Environment

  • Test OS : CentOS 7.2
  • Test Version : IBM HTTPServer v8.5

apache httpd.conf setting

tip You can set it up on the web server of the Apache class.

Forward to the virtual host that is error-handling for non-domain specified.
The point is not to give a serverName value to a dummy virtual host.

Listen 80
Listen 4958

NameVirtualHost *:80
NameVirtualHost *:4958

<VirtualHost *:80>
    DocumentRoot /app/was/htdocs
    ErrorDocument 403 "해당 방식은 접근이 허용되지 않은 방식입니다."
    ErrorDocument 404 "해당 방식은 접근이 허용되지 않은 방식입니다."
    ErrorDocument 500 "해당 방식은 접근이 허용되지 않은 방식입니다."
</VirtualHost>

<VirtualHost *:4958>
    DocumentRoot /app/was/htdocs
    ErrorDocument 403 "해당 방식은 접근이 허용되지 않은 방식입니다."
    ErrorDocument 404 "해당 방식은 접근이 허용되지 않은 방식입니다."
    ErrorDocument 500 "해당 방식은 접근이 허용되지 않은 방식입니다."
</VirtualHost>

ProxyRequests Off
<VirtualHost *:80>
    ServerName test.apache.com
    ProxyPass / http://172.31.98.155/ Keepalive=on
    ProxyPassReverse / http://172.31.98.155/
   ProxyPreserveHost On
#LogLevel debug
   ErrorLog /app/was/HTTPServer/logs/test_proxy_error.log
   CustomLog /app/was/HTTPServer/logs/test_proxy_access.log combined
</VirtualHost>

<VirtualHost *:4958>
    ServerName test.httpserver.com
    ProxyPass / http://172.31.98.209/ Keepalive=on
    ProxyPassReverse / http://172.31.98.209/
    ProxyPreserveHost On
#LogLevel debug
    ErrorLog /app/was/HTTPServer/logs/http_proxy_error.log
    CustomLog /app/was/HTTPServer/logs/http_proxy_access.log combined
</VirtualHost>
, 0 Read More →

IBM HTTPServer - SSL Ciphers Check

How to check which ciphers are applied when using SSL

Test Environment
  • Test OS : CentOS 7.2
  • Test Version : IBM HTTPServer v8.5.0.0

Methods for checking ciphers for SSL set in web server

Check Options :
    [root@testServer11 bin]# ./apachectl -h
    Usage: /SW/web/HTTPServer/bin/httpd [-D name] [-d directory] [-f file]
                                        [-C "directive"] [-c "directive"]
                                        [-k start|restart|graceful|graceful-stop|stop]
                                        [-v] [-V] [-h] [-l] [-L] [-t] [-S]
 
    Options:
      -D name            : define a name for use in <IfDefine name> directives
      -d directory       : specify an alternate initial ServerRoot
      -f file            : specify an alternate ServerConfigFile
      -C "directive"     : process directive before reading config files
      -c "directive"     : process directive after reading config files
      -e level           : show startup errors of level (see LogLevel)
      -E file            : log startup errors to file
      -v                 : show version number
      -V                 : show compile settings
      -h                 : list available command line options (this page)
      -l                 : list compiled in modules
      -L                 : list available configuration directives
      -t -D DUMP_VHOSTS  : show parsed settings (currently only vhost settings)
      -S                 : a synonym for -t -D DUMP_VHOSTS
      -t -D DUMP_MODULES : show all loaded modules
      -M                 : a synonym for -t -D DUMP_MODULES
      -t -D DUMP_SSL_CONFIG: show parsed SSL vhost configurations
      -t -D DUMP_SSL_CIPHERS: show all known SSL ciphers
      -t                 : run syntax check for config files

Ciphers :

    [root@testServer11 bin]# ./apachectl -t -D DUMP_SSL_CIPHERS SSL    Ciphers:
    .
    .
    .
    SSL default cipher lists: SSL protocol SSLV2, FIPS    off, defaults =
    SSL protocol SSLV2, FIPS on, defaults =  SSL    protocol SSLV3, FIPS off, defaults =    TLS_RSA_WITH_AES_128_CBC_SHA(2F),TLS_RSA_WITH_AES_256_CBC_SHA(35b),SSL_RSA_WITH_RC4_128_SHA(35),SSL_RSA_WITH_RC4_128_MD5(34),SSL_RSA_WITH_3DES_EDE_CBC_SHA(3A)
    SSL protocol SSLV3, FIPS on, defaults =  SSL protocol TLSv10, FIPS    off, defaults =    TLS_RSA_WITH_AES_128_CBC_SHA(2F),TLS_RSA_WITH_AES_256_CBC_SHA(35b),SSL_RSA_WITH_RC4_128_SHA(35),SSL_RSA_WITH_RC4_128_MD5(34),SSL_RSA_WITH_3DES_EDE_CBC_SHA(3A)
    SSL protocol TLSv10, FIPS on, defaults =    TLS_RSA_WITH_AES_128_CBC_SHA(2F),TLS_RSA_WITH_AES_256_CBC_SHA(35b),SSL_RSA_WITH_3DES_EDE_CBC_SHA(3A)
    SSL protocol TLSv11, FIPS off, defaults =    TLS_RSA_WITH_AES_128_CBC_SHA(2F),TLS_RSA_WITH_AES_256_CBC_SHA(35b),SSL_RSA_WITH_RC4_128_SHA(35),SSL_RSA_WITH_RC4_128_MD5(34),SSL_RSA_WITH_3DES_EDE_CBC_SHA(3A)
    SSL protocol TLSv11, FIPS on, defaults =    TLS_RSA_WITH_AES_128_CBC_SHA(2F),TLS_RSA_WITH_AES_256_CBC_SHA(35b),SSL_RSA_WITH_3DES_EDE_CBC_SHA(3A)
    SSL protocol TLSv12, FIPS off, defaults =    TLS_RSA_WITH_AES_128_GCM_SHA256(9C),TLS_RSA_WITH_AES_256_GCM_SHA384(9D),TLS_RSA_WITH_AES_128_CBC_SHA256(3C),TLS_RSA_WITH_AES_256_CBC_SHA256(3D),TLS_RSA_WITH_AES_128_CBC_SHA(2F),TLS_RSA_WITH_AES_256_CBC_SHA(35b),SSL_RSA_WITH_3DES_EDE_CBC_SHA(3A)
    SSL protocol TLSv12, FIPS on, defaults =    TLS_RSA_WITH_AES_128_GCM_SHA256(9C),TLS_RSA_WITH_AES_256_GCM_SHA384(9D),TLS_RSA_WITH_AES_128_CBC_SHA256(3C),TLS_RSA_WITH_AES_256_CBC_SHA256(3D),TLS_RSA_WITH_AES_128_CBC_SHA(2F),TLS_RSA_WITH_AES_256_CBC_SHA(35b),SSL_RSA_WITH_3DES_EDE_CBC_SHA(3A)
    Syntax OK

Related Reference Links :

https://testssl.sh/openssl-iana.mapping.html
https://www.ssllabs.com/?_ga=2.136721654.755247565.1559195773-1774555605.1559022470


0 Read More →

JBoss - Start, Stop Shell

start-stop-shell-setting

start, stop shell setting

redhat

Test Environment

  • Test OS : CentOS 7.2
  • Test Version : JBoss EAP 6.4

shell

TIP Change password to input method when it comes with security

. ./config/config1.sh
start(){
        PID=`ps -ef | grep jboss | grep "=$NODE_NAME " | awk '{print $2}'`
        if [ e$PID != "e" ]
                then
                echo "###############################################"
                echo "JBOSS PID = $NODE_NAME $PID                    "
                echo "JBoss SERVER - $NODE_NAME is already RUNNING..."
                echo "###############################################"
        exit;
        fi
        echo "#######################"
        echo "   Starting JBoss EAP  "
        echo "#######################"
             nohup $JBOSS_HOME/bin/standalone.sh --server-config=standalone-ha.xml -Djboss.server.base.dir=$SERVER_HOME -bmanagement $SERVER_IP -b $SERVER_IP 1> /dev/null 2>&1 &

        sleep 5
        _up=`netstat -an | grep $CONTROLLER_PORT | grep -v grep | wc -l`
              if [[ "${_up}" != "0" ]]; then
                 echo "###############################################"
                 echo "JBoss Server is Up!! $NODE_NAME  And Running.!!"
                 echo "###############################################"
              else
                 echo "###############################################"
                 echo "JBoss Server is Down!! $NODE_NAME              "
                 echo "###############################################"
              fi;
}

stop(){
        echo "#######################"
        echo "    Stopping JBoss     "
        echo -e " password : \c "
        read PASSWORD
        echo "#######################"
        $JBOSS_HOME/bin/jboss-cli.sh -c --controller=$SERVER_IP:$CONTROLLER_PORT --connect command=:shutdown --user=$USER --password=$PASSWORD

#        $JBOSS_HOME/bin/jboss-cli.sh -c --controller=$SERVER_IP:$CONTROLLER_PORT --connect command=:shutdown --user=$USER --password=$PASSWD
}

status() {
                echo Checking JBoss Status..
                echo Wait for a while...
                        _up=`netstat -an | grep $CONTROLLER_PORT | grep -v grep | wc -l`
                        if [[ "${_up}" != "0" ]]; then
                                echo "###############################################"
                                echo "JBoss Server is Up!! $NODE_NAME  And Running.!!"
                                echo "###############################################"
                        else
                                echo "##################################"
                                echo "JBoss Server is Down!! $NODE_NAME "
                                echo "##################################"
                        fi;
}

case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  status)
        status
        ;;
  *)
        echo "Usage: jboss {start|stop|status}"
        exit 1
esac
exit 0

Config shell

Start reading the settings for the instance from the file below

#!/bin/sh
DATE=`date +%Y%m%d%H%M%S`

##### Configration File #####
#export CONFIG_FILE=standalone-full-ha.xml
export CONFIG_FILE=standalone-ha.xml
export JBOSS_HOME=/SW/was/JBoss
export USER=admin
export SERVER_HOME=/SW/was/JBoss/TEST/TESTServer11
export SERVER_IP=10.252.16.25
export LOG_PATH=/app/logs/was
export NODE_NAME=TESTServer11
export PORT_OFFSET=750
export JBOSS_USER=admin

##### Bind Address #####
#export BIND_ADDR=10.252.16.24
export MULTICAST_ADDR=230.1.0.1
export JMS_MULTICAST_ADDR=231.7.0.1
export MODCLUSTER_MULTICAST_ADDR=224.0.1.105
export MGMT_ADDR=10.252.16.25
export CONTROLLER_IP=$MGMT_ADDR
let CONTROLLER_PORT=9999+$PORT_OFFSET
export CONTROLLER_PORT

#export LAUNCH_JBOSS_IN_BACKGROUND=true
##### JBoss System module and User module directory #####
#export JBOSS_MODULEPATH=$JBOSS_HOME/modules:$JBOSS_HOME/modules.ext

# JVM Options : Server
export JAVA_OPTS="-server $JAVA_OPTS"

# JVM Options : Memory
export JAVA_OPTS=" $JAVA_OPTS -Xms1024m -Xmx2048m -XX:MaxPermSize=256m"
export JAVA_OPTS=" $JAVA_OPTS -XX:+PrintGCTimeStamps "
export JAVA_OPTS=" $JAVA_OPTS -XX:+PrintGCDetails "
export JAVA_OPTS=" $JAVA_OPTS -Xloggc:$LOG_PATH/log/gclog/gc_$DATE.log "
export JAVA_OPTS=" $JAVA_OPTS -XX:+UseParallelGC "
#export JAVA_OPTS=" $JAVA_OPTS -XX:+UseConcMarkSweepGC "
export JAVA_OPTS=" $JAVA_OPTS -XX:+ExplicitGCInvokesConcurrent "
export JAVA_OPTS=" $JAVA_OPTS -XX:-HeapDumpOnOutOfMemoryError "
export JAVA_OPTS=" $JAVA_OPTS -XX:HeapDumpPath=$LOG_PATH/heap/$NODE_NAME "

# Linux Large Page Setting
#export JAVA_OPTS=" $JAVA_OPTS  -XX:+UseLargePages "
#export JAVA_OPTS=" $JAVA_OPTS -verbose:gc"
export JAVA_OPTS=" $JAVA_OPTS -Djava.net.preferIPv4Stack=true"
export JAVA_OPTS=" $JAVA_OPTS -Dorg.jboss.resolver.warning=true"
export JAVA_OPTS=" $JAVA_OPTS -Dsun.rmi.dgc.client.gcInterval=3600000 "
export JAVA_OPTS=" $JAVA_OPTS -Dsun.rmi.dgc.server.gcInterval=3600000"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.modules.system.pkgs=org.jboss.byteman"
export JAVA_OPTS=" $JAVA_OPTS -Djava.awt.headless=true"
export JAVA_OPTS=" $JAVA_OPTS -DjvmRoute=$NODE_NAME "
export JDBCDRIVER=oracle.jdbc.pool.OracleConnectionPoolDataSource
export TOKEN_NODE=01

#for darwin
export JAVA_OPTS=" $JAVA_OPTS -Djboss.server.log.dir=$LOG_PATH/$NODE_NAME"
#export JAVA_OPTS=" $JAVA_OPTS -Djboss.server.base.dir=$DOMAIN_BASE/$SERVER_NAME"
#export JAVA_OPTS=" $JAVA_OPTS -Djboss.server.log.dir=$JBOSS_LOG_DIR"
#export JAVA_OPTS=" $JAVA_OPTS -Djboss.external.deployments=$EXTERNAL_DEPLOYMENT"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.socket.binding.port-offset=$PORT_OFFSET"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.node.name=$NODE_NAME"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.bind.address.management=$MGMT_ADDR"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.bind.address=$BIND_ADDR"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.bind_addr=$MULTICAST_ADDR"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.default.jgroups.stack=tcp"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.default.multicast.address=$MULTICAST_ADDR"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.messaging.group.address=$JMS_MULTICAST_ADDR"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.modcluster.multicast.address=$MODCLUSTER_MULTICAST_ADDR"
#export JAVA_OPTS=" $JAVA_OPTS -Dserver.mode=local"
# Use log4j in application
export JAVA_OPTS=" $JAVA_OPTS -Dorg.jboss.as.logging.per-deployment=false "
echo "Config OK"




0 Read More →

이 블로그 검색

Popular Posts

WEB&&WAS

OS

Reviews