Installing Mango in Tomcat 6/Ubuntu 9.04

This message was edited 4 times. Last update was at 03/10/2009 04:25:01

I have used Tomcat mostly on Windows but I decide that I will start to use it on my Ubuntu LInux. But I had some installation problems to install Mango in my Computer.
Some properties of running Tomcat in Ubuntu

Tomcat runs as user tomcat6, so you have to set permissions for that user

Tomcat can be installed directly from Ubuntu package, which means automatic and better support for updates and patches

I had some problems installing Mango in Ubuntu Linux 9.04. Here are some notes which I wrote of installation process after it was complete:
Easiest way to install Tomcat 6 to Ubuntu Linux is to download aplication using Package manager or from the command line using apt-get. Every command should be given in the root console or using sudo command.

Note that it installs Tomcat 6 into /usr/share/tomcat6 and it runs on TCP port 8080.
Webapps should be in /var/lib/tomcat6/webapps
Be sure that you give rights to tomcat6 user to /etc/tomcat6 and /var/lib/tomcat6 directories.
Initially tomcat6 user cannot write to the /etc/tomcat6 directory. Administration webapps may need write access to this directory.
Then just copy unzipped mango package under /var/lib/tomcat6/webapps directory.

It also needs permission for tomcat6 user to /var/lib/tomcat6. Otherwise you will get exceptions from Derby db.

Important file in Ubuntu is the Tomcat 6 default setting file /etc/default/tomcat6 in Ubuntu 9.04. There are some very important environment variables to setup like TOMCAT6_USER, CATALINA_BASE and JAVA_HOME.

Many thanks for sharing this information jupepe.

Just a note about Derby access to /var/lib/tomcat6. This access is required by default because of the "db.url" setting in the WEB-INF/classes/env.properties file, which out of the box is "~/../../bin/mangoDB" (where "~" in this context means the Mango application directory). The database is stored outside of the webapp directory structure so that it doesn't accidentally get deleted when Mango gets upgraded. (The recommended basic upgrade process is to delete the entire app directory and replace with the new version so that any assets that were deleted do not cause conflicts.)

This default setting can be changed to anywhere else. But, of course, that "anywhere else" will still need to grant the tomcat user write access.

This message was edited 3 times. Last update was at 09/10/2009 06:52:10

Besides the problem mentioned above, I still had one other, preventing Mango from starting up. Checking /var/log/tomcat6/localhost.TODAY.log (under Ubuntu, using java-6-openjdk), I had the following exception:

The solution was to put a file named 60mango.policy into /etc/tomcat6/policy.d (followed by a "sudo /etc/init.d/tomcat6 restart") with the following content:

"AllPermission" might be too much, but since this was not on a production machine, but on my private laptop, I didn't care. (My Mango installation is under "/var/lib/tomcat6/webapps/mango". Edit accordingly.)

Other tweaks:

In /etc/tomcat6/context.xml:
Tomcat now follows symlinks.

In /etc/tomcat6/server.xml:
Forces Tomcat to listen only on 127.0.0.1 and not on all interfaces. I got hacked by killfexcepshell roughly in one hour, because Tomcat listened also on my public IP address, plus I was using no (or only the default?) passwords.

So be sure to harden your installation with something like this, in /etc/tomcat6/tomcat-users.xml:

And if you have the following error in your /var/log/tomcat6/catalina.TODAY.log:
then according to this message you can try disabling the Java security manager:

/etc/default/tomcat6
Of course I don't understand the consequences, still, it solved my problem. Be careful, i.e. don't try this anywhere else than at home!

Or rather, don't try this anywhere but on Ubuntu.

Fedora installations around here have always worked out of the box (except for that fexshell thing... it would be nice if the app manager was turned off by default). But, as always, thanks for sharing.

Did you download Tomcat using a package management tool, or did you download and install manually from Apache? Maybe Ubuntu makes a number of security changes "for your protection" in their distribution.

I used apt (apt-get install tomcat6).

Hi,

if you want to use serial communication (i.e. /dev/ttyS* or /dev/ttyUSB*) you must add the user tomcat6 (for tomcat6) to the group dialout in the file /etc/groups.

To disable the security manager set TOMCAT6_SECURITY=no.

In my installation I got a ClassNotFoundException from the derby classloader - it works without security manager well.

Arne

Hint:

Http receiver on Debian (5.0) and Ubuntu (09.10) use IPV6 when logging in to localhost, so the whitelist never matches.

Workaround: use 127.0.0.1 instead of localhost.

Solution: add IPV6 capabilities to whitelist in mango

Arne