Tuesday, January 22, 2013

The cat named Tom needs some food

I can't count how often I installed Apache Tomcat for testing and development purposes. More interesting customers often already have their own Application Servers running as part of their infrastructure. So I had not that often to configure a Tomcat application container for production purposes. This article explains the production configuration of Apache Tomcat (6/7).

So here are the steps:

  1. Configure the ports by editing the server.xml file.  (Shutdown port, Connector port, AJP port, SSL port)
  2. Add a manager role by editing the tomcat-users.xml file. The syntax is: <role rolename="admin"/> <role rolename="manager"/> <user usrname="$uname" roles="manager, admin" password="$upwd"/>. This allows you to access the Tomcat Manager application.
  3.  Most important tweak the memory settings because Java apps are quite hungry. You can do this by editing the batch or shell script which is named "setenv". Here an example for the JAVA_OPTS: -server -Xss1024K -Xms1G -Xmx2G -XX:MaxPermSize=128M -XX:NewSize=512m -XX:+UseConcMarkSweepGC  -XX:+CMSIncrementalMode -XX:CMSInitiatingOccupancyFraction=80 . This reserves 1GB-2GB memory for the JVM by also changing the garbage collection behavior a bit. (The explainations are available here: http://www.oracle.com/technetwork/java/javase/tech/vmoptions-jsp-140102.html)
  4. Make sure that the directory listings are disabled by editing the default web.xml file. It defines a default servlet which has a parameter which is named 'listings'. The parameter value should be 'false'.
  5. You could use a Valve to restrict the access to specific IP-s or hosts (http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html) but I think this is more a task of a firewall.
  6. I usually use specific users for specific services. So I would use a user named 'tomcat' as the installation owner who also runs it. It's not recommended to run Tomcat as an Administrator or the Root user. This means to run it on ports >1000, which can be solved by putting an Apache HTTP server in front of it.
  7. Use GZip compression by editing the server.xml file again. There should be at least one Connector defined. Here an example: <Connector port="8080" URIEncoding="UTF-8" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" compression="on" compressableMimeType="text/html,text/xml,text/plain,application/xml/>. It means basically that resources are compressed on side of the server before they will be transfered to the client. This can help to increase the performance.
Any further recommendations for the production usage of Apache Tomcat? Feel free to reply to this post!


  1. A question which raised was: "What happens if Tomcat is installed as a service on Windows?". In this case you can't set the properties by using the setenv script. You can use the tomcat6.exe file in order to add parameters. Here an example:

    tomcat6.exe //US//%SERVICE_NAME% --StartPath "E:\Alfresco" --Startup auto --JvmOptions "-Xms128M;-Xmx1024M;-Dalfresco.home=E:\Alfresco;-Dcom.sun.management.jmxremote;-Dcatalina.base=%CATALINA_BASE%;-Dcatalina.home=%CATALINA_HOME%;-Djava.endorsed.dirs=%CATALINA_HOME%\endorsed" --StartMode jvm --StopMode jvm


    tomcat6.exe //US//%SERVICE_NAME% ++JvmOptions "-XX:MaxPermSize=512m;-XX:-DisableExplicitGC;-Djava.io.tmpdir=%CATALINA_BASE%\temp;-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager;-Djava.util.logging.config.file=%CATALINA_BASE%\conf\logging.properties"

    Alfresco uses these settings when using the default installer (4.1.2 EE). The script serviceinstall.bat calls the sertvice.bat script, which updates the service parameters.

    You can double check the parameters by using regedit. The key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\alfrescoTomcat\Parameters should contain some values.

  2. As mentioned above, Tomcat's connection port can be configured. The configuration is part of the block. Such a connector can be configured to allow multiple connections by also using multi threading. The right values may improve Tomcat's performance again.