Learn about Apache Tomcat including installation, how-to, tuning, integration, and security.
Learn how to install Tomcat and some of the cloud hosting option to deploy your Tomcat applications. There are two parts to this blogpost – the first part talks about how to install Apache Tomcat on Ubuntu by yourself, and the second part talks about the best hosting platforms available to host Tomcat applications. What…
A step-by-step guide to setup HTTP2 in Apache Tomcat Full HTTP2 support is added to the latest version of Tomcat 9.x. HTTP/2 is fast, much faster than HTTP/1.1. If you directly serve the content to the browser (without going through a web server) from Tomcat then implementing HTTP/2 can drastically reduce the application load time…
Apache Tomcat getting stuck while starting Lately, I was working on Tomcat 9 and encountered an issue. It was getting stuck at the following stage during startup. 22-Sep-2018 03:06:00.347 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/root/apache-tomcat-9.0.12/temp 22-Sep-2018 03:06:00.347 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The APR based Apache Tomcat Native library which allows optimal performance in production environments…
A step-by-step guide to set up SSL/TLS certificate in Tomcat server. One of the essential tasks for securing Tomcat is to configure SSL certificate, so web application is accessible over HTTPS. There are many ways to achieve this. You can terminate SSL at a load balancer Implement SSL at CDN level Use web servers like…
Injecting HTTP Response with the secure header can mitigate most of the web security vulnerabilities. If you are managing production environment or payment related application, then you will also be asked by security/penetration testing team to implement necessary HTTP header to comply with PCI-DSS security standard. Having secure header instruct browser to do or not…
Over the weekend, I was playing around with JBoss Application Server on CentOS 7. I installed 7.1.1, and when I tried to start, it was hung at starting. [[email protected] bin]# ./standalone.sh ========================================================================= JBoss Bootstrap Environment JBOSS_HOME: /home/chandan/Downloads/jboss-as-7.1.1.Final JAVA: java JAVA_OPTS: -server -XX:+UseCompressedOops -XX:+TieredCompilation -Xms64m -Xmx512m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djboss.modules.system.pkgs=org.jboss.byteman…
JMX (Java Management Extension) is a very powerful technology, which lets you administer, monitor and configure Tomcat MBeans. If you are a Tomcat administrator, then you should be familiar with how to enable JMX in tomcat to monitor Heap Memory, Threads, CPU Usage, Classes, and configure various MBeans. In this article, I will talk about…
Procedure to download & install Tomcat 7 on Linux environment Tomcat installation is one of the most straightforward installations I have come across. However, if you don’t know then don’t worry. You will learn how to install Tomcat 7 and get up and running in just 5 minutes. In this article, I will explain how…
Necessary configuration to log in to Tomcat Manager Tomcat manager is essential for administrative tasks. However, by default, it’s not functional. There are few things you must do for tomcat manager to work. Let’s see how… As a best practice – take a backup of configuration file before modification so you can roll-back when something…
Prevent Apache Tomcat from XSS (Cross-site-scripting) attacks According to Microsoft Developer Network, HttpOnly & Secure is an additional flag included in the Set-Cookie HTTP response header. Using HttpOnly in Set-Cookie helps in mitigating the most common risk of an XSS attack. This can be either done within an application by developers or implementing the following…
