How do I add a question to this page?
Anyone may edit this page to add their own content. That is why this page is part of a Wiki and not a hardcoded static file in the FAQ.
However, do not add questions without answers to this page. If you have a question about how to do something in Tomcat which has not been addressed yet, ask the tomcat-user list. Once you've figured out how to fix your problem, come back and update the Wiki to allow the rest of us to benefit from what you've learned!
How do I contribute to Tomcat's documentation?
Download the source bundle or grab the source XML file from Subversion repository. If you are not familiar with Subversion, see http://www.apache.org/dev/contributors.html.
The docs are in the webapps/docs subdirectory. They are in XML format and get processed into the HTML documentation as part of the Tomcat release.
Edit the documentation XML file(s) as you wish. The xdocs format is self-explanatory: use normal HTML markup, and add <section> or <subsection> tags as you see fit. Look at the existing docs as examples. Make sure you use valid XML markup.
If you're interested in previewing your changes, you will need to follow the directions for building Tomcat yourself. The docs will be generated in the webapps/docs directory just like with any normal Tomcat distributions.
Open a Bugzilla enhancement item with the explanation of your enhancements, and attach a svn diff or diff -u format of your patch. We will evaluate and commit your patch as needed.
Note, that the Tomcat web site is updated with every release, so that documentation changes will not be visible until next Tomcat release. It is possible to view documentation for unreleased versions of Tomcat 7 and Tomcat 6, that is published by ASF Buildbot. See links on the buildbot page on Apache Tomcat web site.
How do I set up and run Tomcat on Macintosh OS X?
How do I set up and run Tomcat on Solaris 10?
How do I set up another tomcat service on Windows, sharing the same Tomcat Home ?
This script sets up a a tomcat base directory and calls tomcat5.exe to create a windows service which will use the tomcat home given for the binaries and tomcat base you create See TomcatCreateWindowsService
How do I install Tomcat as a service under Unix?
Create a shell program to start Tomcat automatically. Each UNIX varies in how it starts up automatic services, but there are two main variants:
BSD::In a typical BSD system, there are a series of start up scripts in /etc starting with rc.. Look for, or create, a file called /etc/rc.local and enter the appropriate instructions to start up Tomcat there as a shell script.
System V::In a typical UNIX System V setup, there is a directory containing startup scripts, and other directories which contain links to these startup scripts. Create the appropriate startup script for your setup, then create the appropriate links.For more information on each, check your system documentation.
It also makes a lot of sense to use the JavaServiceWrapper .
How to run Tomcat without root privileges?
The best way is to use jsvc, available as part of the commons-daemon project.
One way is to put Apache httpd with mod_jk before your Tomcat servers, and use ports >=1024 in the Tomcat(s). However, if httpd is not needed for some other reason, this is the most inefficient approach.
Another method is to use SetUID scripts (assuming you have the capability) to do this. Here's how I do it.
Create a file called foo.c with this content (replace "/path/startupscript" with the tomcat startup script):
#include <unistd.h> #include <stdlib.h>int main( int argc, char *argv ) <
- if ( setuid( 0 ) != 0 ) perror( "setuid() error" ); printf( "Starting $
Run the following as root (replacing tmp with whatever you want the startup script
to be and replacing XXXXX with whatever group you want to be able to start and stop tomcat:
gcc tmp.c -o tmp chown root:XXXXX tmp chmod ugo-rwx tmp chmod u+rwxs,g+rx tmp
Now members of the tomcat group should be able to start and stop tomcat. One caveat though, you need to ensure that that your tomcat startup script is not writable by anyone other than root, otherwise your users will be able to insert commands into the script and have them run as root (very big security hole).
- A another way is to use Iptables to redirect Port 80 and 443 to user ports (>1024)
* /sbin/iptables -A FORWARD -p tcp --destination-port 443 -j ACCEPT
* /sbin/iptables -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 443 --to-ports 8443
* /sbin/iptables -A FORWARD -p tcp --destination-port 80 -j ACCEPT
* /sbin/iptables -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 80 --to-ports 8080
/sbin/iptables-save or /etc/init.d/iptables save
BSD-based Unix systems such as Mac OS X use a tool similar to iptables, called ipfw (for Internet Protocol Fire Wall). This tool is similar in that it watches all network packets go by, and can apply rules to affect those packets, such as "port-forwarding" from port 80 to some other port such as Tomcat's default 8080. The syntax of the rules is different than iptables, but the same idea. For more info, google and read the man page. Here is one possible rule to do the port-forwarding:
Yet another way is to use authbind (part of Debian- and CentOS based distributions) which allows a program that would normally require superuser privileges to access privileged network services to run as a non-privileged user. The article at http://java-notes.com/index.php/installing-tomcat-with-http-port-80-on-linux discusses how to install and configure the authbind package with Tomcat 6.0 on Linux.
How to create native launchers for Tomcat
How do I rotate catalina.out?
Honestly, the first question is "why are you rotating catalina.out"? Tomcat logs very little to catalina.out so the usual culprit is web applications that stupidly send output to System.out or System.err. If that's the case, what you ought to do is set swallowOutput="true" on the application's <Context> configuration. That will send the output to a file configured (default) by conf/logging.properties. Once you've done that, get the application fixed to use a real logger, or at least use ServletContext .log().
If you've decided that you still absolutely positively need to rotate catalina.out, there is something that you have to understand: catalina.out is created by your shell's output redirection, just like when you type "ls -l > dir_listing.txt". So rotating the file needs to be done carefully.
You can't just re-name the file or you'll find that Tomcat will continue logging to the file under the new name. You also can't delete catalina.out and re-create it, or you'll never get anything logged to catalina.out after that, unless you restart Tomcat.
There are really only two ways to properly rotate catalina.out, and they both have downsides.
Rotate catalina.out using logrotate (or similar)
To use a tool like logrotate. you'll want to use the "copytruncate" configuration option. This will copy catalina.out to another file (like catalina.out.[datestamp]) and then truncates catalina.out to zero-bytes. There is a major downside to this if catalina.out is seeing a lot of action: some log messages written to the log file during the copy/truncate procedure may be lost.
Rotate catalina.out using rotatelogs or chronolog (or similar)
To use a tool like Apache httpd's rotatelogs or chronolog. you'll have to modify Tomcat's catalina.sh (or catalina.bat) script to change the output redirection from a redirect to a pipe. The existing code in catalina.sh looks like this:
You'll need to change that to something which looks more like this:
This will be somewhat similar for catalina.bat, but the actual launch command will look different.
Also note that there are currently two places in catalina.sh (and catalina.bat) where Tomcat is launched, depending upon whether you are using a security manager or not. You should read the whole catalina.sh (or catalina.bat) file to make sure you have handled every case where Tomcat is launched.Source: wiki.apache.org