Installation Checklist for Production

Java Install

Create a user named tomcat, who does not have root privileges. Do all your work as user tomcat.

In $TOMCAT_HOME/bin
1. Create a setenv.sh shell script, and set the Tomcat startup options, with max memory (1500m) for 32-bit systems, and 4096m or more for 64-bit systems:
2. If you are using WMS, clean up java.util.prefs messages:
  1. Add this option to JAVA_OPTS: "-Djava.util.prefs.systemRoot=$CATALINA_HOME/content/thredds/javaUtilPrefs"
  2. Create a directory at $TOMCAT_HOME/content/thredds/javaUtilPrefs/.systemPrefs and make it writeable by the tomcat user

Buy a real certificate from a certificate authority, so browsers wont say things like "this is not a legitimate business" when users come to your web site.

Otherwise, create a self-signed certificate with $JAVA_HOME/bin//keytool -genkey -alias tomcat -keyalg RSA -keystore $TOMCAT_HOME/conf/keystore

Modify $TOMCAT_HOME/conf/server.xml
1. Use digest passwords by adding <Realm className="org.apache.catalina.realm.MemoryRealm" digest="SHA" /> inside the Host element.
2. Enable SSL by uncommenting the SSL Connector listening on port 8443, and adding keystoreFile="$TOMCAT_HOME/conf/keystore"
3. Enable compression by adding compression="1000" compressableMimeType="text/html,text/xml,text/plain,application/octet-stream" to 8080 Connector.
4. Enable access logging by uncommenting the AccessLogValve and change the prefix and suffix and pattern attributes.

Create a password digest for yourself with $TOMCAT_HOME/bin/digest.sh -a SHA yrPassword

Modify $TOMCAT_HOME/conf/tomcat-users.xml
1. Add roles "manager", "tdsConfig" and "tdsMonitor".
2. Add yourself as a user with those three roles, using your password digest.

Modify $TOMCAT_HOME/webapps/manager/WEB-INF/web.xml
1. Make sure the manager is only run under SSL by adding <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint>

Download the latest thredds.war file, and put it into $TOMCAT_HOME/webapps.
Start/restart Tomcat so that it has a chance to create initial files. Make sure you run as user tomcat.
Modify $TOMCAT_HOME/content/thredds/catalog.xml for your site, as in this example.
Modify $TOMCAT_HOME/content/thredds/threddsConfig.xml for your site
1. Add the Server Information
2. Most common other thing needed is to enable optional services like WMS.
Restrict web crawlers

When installing a new thredds.war, everything in {tomcat_home}/webapps/ is overwritten. However, nothing in {tomcat_home}/content/ is overwritten.

Undeploy the thredds application. This will delete {tomcat_home}/webapps/thredds.war and everything in the expanded directory {tomcat_home}/webapps/thredds/*.
Deploy the new thredds.war file, either 1) from a file already on the server or 2) by uploading from your local machine. This will recreate thredds.war and the expanded directory and restart thredds..
Shutdown tomcat.
Clean up {tomcat_home}/logs and {tomcat_home}/content/thredds/logs as needed.
Make any changes to web.xml or anything under {tomcat_home}/webapps/thredds/
Restart tomcat.

Shutdown tomcat,
Delete {tomcat_home}/webapps/thredds.war and everything in the expanded directory {tomcat_home}/webapps/thredds/*
Put the new war file into the webapps directory
Restart tomcat
thredds.war is now expanded into webapps/thredds directory, so now change web.xml if needed.
Stop and restart tomcat again.

If you have access logging on (and you should), zip up the access logs: {tomcat_home}/logs/access.* and copy them to an archive directory.
Zip up the servlet logs: {tomcat_home}/content/thredds/logs/threddsServlet.* and copy them to an archive.

make sure all files are owned by tomcat.
examine {tomcat_home}/logs/catalina.out for unexpected errors
use tdsMonitor to examine failed requests. report any 500 status errors to Unidata.

Last changed July 2011. Send comments to THREDDS support.