Re: Tomcat in a multiuser webhost environment
Hi, nobody knows how to solve it, or is it too simple for an answer? best regards, Hans Hello all! Is this list a closed one? I tried to post a message to the list, without being subscribed, but that failed (I think so, I couldn´t see the mail on the archives) I will go on directly to my problems: I am running an Apache 1.3.x and I have all my virtual hosts under /home/web/host[anyhostnaming] Now I need a servlet and a JSP Engine, therefore I want to use the Tomcat 4.x. But my users should be able to define their own contexts for the tomcat. So my questions are: - how to configure the apache and tomcat to forward all JSP and servlet request from apache to tomcat. - how should I setup tomcat to make it possible, that only a defined list of users are able to use jsp/servlet? - how to setup tomcat or must I setup the apache (if forwarding the servlet/jsp request from apache to tomcat), that users are able to define their own contexts? Is it a security problem? I thought about something like a distributed web.xml in a defined location in the users home dirs. - Is it possible to limit the maximum used resources (load, memory ) of tomcat? Or even better per user basis? many thanks, and best regards, Hans -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat in a multiuser webhost environment
I have done alot of work with Apache 1.3/Tomcat 4.1.X setting up virtual hosting in a web hosting environment. Please see my attached document. Regards, Glenn Hans Kaiser wrote: Hi, nobody knows how to solve it, or is it too simple for an answer? best regards, Hans Hello all! Is this list a closed one? I tried to post a message to the list, without being subscribed, but that failed (I think so, I couldn´t see the mail on the archives) I will go on directly to my problems: I am running an Apache 1.3.x and I have all my virtual hosts under /home/web/host[anyhostnaming] Now I need a servlet and a JSP Engine, therefore I want to use the Tomcat 4.x. But my users should be able to define their own contexts for the tomcat. So my questions are: - how to configure the apache and tomcat to forward all JSP and servlet request from apache to tomcat. - how should I setup tomcat to make it possible, that only a defined list of users are able to use jsp/servlet? - how to setup tomcat or must I setup the apache (if forwarding the servlet/jsp request from apache to tomcat), that users are able to define their own contexts? Is it a security problem? I thought about something like a distributed web.xml in a defined location in the users home dirs. - Is it possible to limit the maximum used resources (load, memory ) of tomcat? Or even better per user basis? many thanks, and best regards, Hans -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Web Hosting with Tomcat 4 and Apache Overview There are a number of configuration issues and security concerns which must be addressed when setting up Apache and Tomcat 4 for virtual hosting of customer sites in a web hosting environment. The major conerns are: 1. Delegating to untrusted customers maintenance of their applications without compromising server security. 2. Configuring Apache and Tomcat for virtual hosting. 3. Surviving poorly written web applications installed by customers. This includes fault tolerance and identifying which customer's web application is causing problems. 4. Mimimize the amount of hand holding or config changes the apache and tomcat system administrators have to make. This is written based on my experiences setting up this type of hosting environment on Sun Solaris hardware. Some of this will be specific to Solaris, but in general should work for almost any flavor of Unix. Unix accounts and groups The user tomcat was created for running tomcat, it should be created similar to the nobody account used for running Apache. The tomcat user is assigned to the group tomcat. The tomcat user is a member of group user. The group tomcat was created as the group the user tomcat is assigned to. The group user was created, this is the group customer ftp accounts are assigned to. The tomcat account is a member of this group so that both customers and tomcat can write files in directories assigned to group user. Each customer has their own ftp account which is in group user. There is a webmaster administrator shell account. This account is for your virtual host administrator. The webmaster account is assigned to group user and is also a member of group tomcat. Directory layout The layout of directories is designed to make it as easy as possible for customers to maintain their own web space content and applications. Here is an example of how I do it: The customer is assigned an FTP account which has permission to read their virtual host directory and write to a subset of that. For example, a customer may be assigned the following directory: /export/home/www.customer.com root:other 755 Within that directory are sub directories which the customer can read and/or write. Listed are the directory names, ownership, and mode. www webmaster:user 2775 -- Apache document root directory. Customer and tomcat can both read/write directories and files. logs root:other 755 --- Directory where apache access_log and error_log are placed. We also rotate these logs weekly and use bzip2 to compress any log files older than 5 weeks. Log files less than 5 weeks old are left uncompressed so that they can be used by web statistic software like Analog. Customer can read files in this directory but not write files. tomcat tomcat:tomcat 755 Directory used for the tomcat work and tomcat virtual host logs. Only tomcat can write in this directory. Customer can read files in this directory. tomcat/work tomcat:tomcat 755 - Tomcat work directory for virtual host. Only tomcat can write files. Customer can read files. This allows customer to review java source files generated during a JSP
Re: Tomcat in a multiuser webhost environment
Answers are intermixed. Hans Kaiser [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] 08/03/02 09:52 AMcc: Please respond toSubject: Re: Tomcat in a multiuser webhost environment Tomcat Users List Hi, nobody knows how to solve it, or is it too simple for an answer? best regards, Hans Hello all! Is this list a closed one? I tried to post a message to the list, without being subscribed, but that failed (I think so, I couldn´t see the mail on the archives) I will go on directly to my problems: I am running an Apache 1.3.x and I have all my virtual hosts under /home/web/host[anyhostnaming] Now I need a servlet and a JSP Engine, therefore I want to use the Tomcat 4.x. But my users should be able to define their own contexts for the tomcat. So my questions are: - how to configure the apache and tomcat to forward all JSP and servlet request from apache to tomcat. You could use mod_webapp or mod_jk. mod_jk gives you more control over what Apache forwards to Tomcat. mod_webapp will forward everything under a particular directory to Tomcat. With mod_jk you could direct Apache to forward requests with certain url patterns to Tomcat. Generally /servlet/ and *.jsp. - how should I setup tomcat to make it possible, that only a defined list of users are able to use jsp/servlet? If you are using Apache as the webserver, then you could do this easily by telling Apache to forward only certain requests to Tomcat. Using mod_jk as a connector would help in this case. - how to setup tomcat or must I setup the apache (if forwarding the servlet/jsp request from apache to tomcat), that users are able to define their own contexts? Is it a security problem? I thought about something like a distributed web.xml in a defined location in the users home dirs. Allowing users to create their own contexts, which amounts to modifying the server.xml file, isn't a good idea. You wouldn't want user stepping on each other's toes as well as violating the security of your system. I'd suggest you seek alternate methods. One way is to use the Listener class UserConfig. Assuming that every user has a home directory, Tomcat will be able to map a request starting with a ~ and a username to a directory, usually public_html, under the user's home directory. See http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/host.html for further details. I think with Tomcat 4.1.7, you can seperate the Context entries from the main server.xml file. I haven't used Tomcat 4.1.7. But I think you could define Contexts in some other file. And then add that file to the webapps directory. This way you could seperate Contexts for each user which probably gives you finer control. User's could define their own Contexts and then forward them to you to add the files to the webapps directory. - Is it possible to limit the maximum used resources (load, memory ) of tomcat? Or even better per user basis? I don't think you could limit the amount of resources on a per user basis. At the serer level, I guess you could specify the stack and heap size when Tomcat starts. many thanks, and best regards, Hans -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Tomcat in a multiuser webhost environment
Hello all! Is this list a closed one? I tried to post a message to the list, without being subscribed, but that failed (I think so, I couldn´t see the mail on the archives) I will go on directly to my problems: I am running an Apache 1.3.x and I have all my virtual hosts under /home/web/host[anyhostnaming] Now I need a servlet and a JSP Engine, therefore I want to use the Tomcat 4.x. But my users should be able to define their own contexts for the tomcat. So my questions are: - how to configure the apache and tomcat to forward all JSP and servlet request from apache to tomcat. - how should I setup tomcat to make it possible, that only a defined list of users are able to use jsp/servlet? - how to setup tomcat or must I setup the apache (if forwarding the servlet/jsp request from apache to tomcat), that users are able to define their own contexts? Is it a security problem? I thought about something like a distributed web.xml in a defined location in the users home dirs. - Is it possible to limit the maximum used resources (load, memory ) of tomcat? Or even better per user basis? many thanks, and best regards, Hans -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
