# firewall-cmd --permanent --add-port=8080/tcp
# firewall-cmd --permanent --add-port=80/tcp
# firewall-cmd --permanent --add-port=443/tcp
# firewall-cmd --permanent --add-port=3306/tcp
# firewall-cmd –reload
# systemctl status firewalld
It is highly recommended that the local Linux firewall be used to restrict access to the MySQL server. Only hosts requiring connectivity to the MySQL server should be granted network access. MySQL listens on TCP port 3306 by default.
For example: If the CentOS firewall is enabled,
then a rule allowing access to the MySQL server on port 3306/tcp from host e.g.
10.2.1.10 can be added.
# firewall-cmd --permanent --zone=trusted --add-source=10.2.1.10/32
# firewall-cmd --permanent --zone=trusted --add-port=3306/tcp
# firewall-cmd --reload
# firewall-cmd --permanent --zone=trusted --add-source=10.2.1.10/32
# firewall-cmd --permanent --zone=trusted --add-port=3306/tcp
# firewall-cmd --reload
Note: If you would like to install
a different release of Oracle Java 8 JDK, go to the Oracle Java 8 JDK Downloads Page, accept the
license agreement, and copy the download link of the appropriate Linux .gz
package. Start by creating a new directory “java” at /usr
# mkdir /usr/java
# cd /usr/java
# wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u65-b17/jdk-8u65-linux-x64.tar.gz
Unpack jdk-8u65-linux-x64.tar.gz in the /usr/java directory using tar -xzf:
# cd /usr/java
# wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u65-b17/jdk-8u65-linux-x64.tar.gz
Unpack jdk-8u65-linux-x64.tar.gz in the /usr/java directory using tar -xzf:
# tar -xzf jdk-8u65-linux-x64.tar.gz
This will create the directory /usr/java/jdk1.8.0_65.
This will be our JAVA_HOME.
We can now set JAVA_HOME and put Java into the path of our users.
We can now set JAVA_HOME and put Java into the path of our users.
To set it for your current session, you can issue the
following from the CLI:
# JAVA_HOME=/usr/java/jdk1.8.0_65
# export JAVA_HOME
# PATH=$JAVA_HOME/bin:$PATH
# export PATH
# export JAVA_HOME
# PATH=$JAVA_HOME/bin:$PATH
# export PATH
To set the JAVA_HOME permanently,
however, we need to add below to the ~/.bash_profile of the user (in this case,
root). We can also add it /etc/profile and then source it to give to all users.
# cd /
# cd root
# vi .bash_profile
# cd root
# vi .bash_profile
Add the below:
JAVA_HOME=/usr/java/jdk1.8.0_65
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
Save the file
JAVA_HOME=/usr/java/jdk1.8.0_65
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
Save the file
Once you have added the above to ~/.bash_profile, you
should log out, then log back in and check that the JAVA_HOME is set correctly.
# echo $JAVA_HOME
# /usr/java/jdk1.8.0_65
3) Download and extract Tomcat 8.0.28
# java –version
# yum install net-tools unzip wget
We will install Tomcat 8 under /usr/share. Switch to the /usr/share directory:
# cd /usr/share
# wget http://apache.cc.uoc.gr/tomcat/tomcat-8/v8.0.28/bin/apache-tomcat-8.0.28.tar.gz
# tar -xzf apache-tomcat-8.0.28.tar.gz
This will create the directory /usr/share/apache-tomcat-8.0.28
# /usr/java/jdk1.8.0_65
3) Download and extract Tomcat 8.0.28
# java –version
# yum install net-tools unzip wget
We will install Tomcat 8 under /usr/share. Switch to the /usr/share directory:
# cd /usr/share
# wget http://apache.cc.uoc.gr/tomcat/tomcat-8/v8.0.28/bin/apache-tomcat-8.0.28.tar.gz
# tar -xzf apache-tomcat-8.0.28.tar.gz
This will create the directory /usr/share/apache-tomcat-8.0.28
4) Configure
Tomcat to Run as a Service.
We will now see how to run Tomcat as a service and
create a simple. Change to the /etc/init.d directory and create a script called
'tomcat' as shown below.
# cd /etc/init.d
# vi tomcat
# vi tomcat
Copy paste the Script:
#!/bin/bash
# description: Tomcat Start Stop Restart
# processname: tomcat
# chkconfig: 234 20 80
JAVA_HOME=/usr/java/jdk1.8.0_65
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
CATALINA_HOME=/usr/share/apache-tomcat-8.0.28
# description: Tomcat Start Stop Restart
# processname: tomcat
# chkconfig: 234 20 80
JAVA_HOME=/usr/java/jdk1.8.0_65
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
CATALINA_HOME=/usr/share/apache-tomcat-8.0.28
case $1 in
start)
sh $CATALINA_HOME/bin/startup.sh
;;
stop)
sh $CATALINA_HOME/bin/shutdown.sh
;;
restart)
sh $CATALINA_HOME/bin/shutdown.sh
sh $CATALINA_HOME/bin/startup.sh
;;
esac
exit 0
start)
sh $CATALINA_HOME/bin/startup.sh
;;
stop)
sh $CATALINA_HOME/bin/shutdown.sh
;;
restart)
sh $CATALINA_HOME/bin/shutdown.sh
sh $CATALINA_HOME/bin/startup.sh
;;
esac
exit 0
The above
script is simple and contains all of the basic elements you will need to get
going. As you can see, we are simply
calling the startup.sh and shutdown.sh scripts located in the Tomcat bin
directory (/usr/share/apache-tomcat-8.0.28/bin).
CATALINA_HOME is the Tomcat home directory (/usr/share/apache-tomcat-8.0.28)
Now, set the permissions for your script to make it executable:
CATALINA_HOME is the Tomcat home directory (/usr/share/apache-tomcat-8.0.28)
Now, set the permissions for your script to make it executable:
# chmod 755 tomcat
We now use the
chkconfig utility to have Tomcat start at boot time. In my script above, I am
using chkconfig: 234 20 80. 2345 are the run levels and 20 and 80 are the stop
and start priorities respectively. You
can adjust as needed.
# chkconfig --add tomcat
# chkconfig --level 234 tomcat on
# chkconfig --level 234 tomcat on
Verify it:
# chkconfig --list tomcat
Now, let's test our script. Start Tomcat:
# service tomcat start
# service tomcat start
We can now access the Tomcat Manager page at: http://YourIPaddress:8080 and we should see
the Tomcat home page.
5) Setup Tomcat User account:
Finally we need to create user accounts to secure and access admin/manager pages.
Edit conf/tomcat-users.xml file in your editor and paste inside
For example we use username: admin and password: P@ssw0r%.
Be sure to use a strong password
# cd /usr/share/apache-tomcat-8.0.28/conf# vi tomcat-users.xml
Add the following:
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<user username="admin" password=" P@ssw0r%" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-gui,admin-script"/>
Save the File
6) Manage Memory Usage Using JAVA_OPTS.
Open the Catalina.sh file located under /usr/share/apache-tomcat-8.0.28/bin
with a text editor or vi. Since
we are using 512 Mb for both initial and maximum heap size, add the following
line to Catalina.sh
# cd /usr/share/apache-tomcat-8.0.28/bin
# vi catalina.sh
# vi catalina.sh
Add the following line to Catalina.sh, JAVA_OPTS="-Xms512m –Xmx512m"
#!/bin/sh
JAVA_OPTS="-Xms512m –Xmx512m"
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
JAVA_OPTS="-Xms512m –Xmx512m"
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
7) Install MySQL
Centos 7, comes with MariaDB instead of MySQL.
MariaDb is an open source equivalent to MySQL. You need to add the
MySQL-community repo:
# sudo rpm -Uvh
http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
And then you can install MySQL like you normally
do.
# yum install mysql mysql-server
# systemctl start mysqld
# /usr/bin/mysql_secure_installation
# systemctl start mysqld
# /usr/bin/mysql_secure_installation
Give it a new root password. Press YES on all Messages
- Set root password? [Y/n] Y
- Remove anonymous users? [Y/n] Y
- Disallow root login remotely? [Y/n] Y
- Remove test database and access to it? [Y/n] Y
- Reload privilege tables now? [Y/n] Y
# systemctl enable mysqld.service
8) MySQL configure character set to UTF-8
We need to
edit my.cnf to support utf8
# vi /etc/my.cnf
Add the bellow
# vi /etc/my.cnf
Add the bellow
character-set-server = utf8 skip-character-set-client-handshakeSave the file
#
#
systemctl restart mysqld #
mysql -u root –pmysql> status;
# check them like this Server characterset: utf8 Db characterset: utf8 Client characterset: utf8 Conn. characterset: utf8