Portal Upgrades: Tomcat and Apache
If your environment requires the latest versions of Tomcat and Apache to comply with security standards, use the following instructions to update to the latest versions. These upgrades are required only if you must satisfy security audit requirements. The Tomcat and Apache upgrades are independent—that is, you can do one without the other.
To simplify the upgrade process, these upgrades should be done after the upgrade.
Note: These upgrade instructions apply to the standard, default Portal environments. If you have a multi-tenancy environment (for example, services providers) or if there are multiple tomcat instances for the Data Receiver, you may have to contact APTARE Global Support Services to assist in customizing the instructions.
Upgrading to Tomcat 7
1. Login to the Customer Portal to retrieve the distribution files that are used in these instructions:
2. Copy the Tomcat 7 binary distribution (apache-tomcat-7.0.42.tar.gz) to your Linux Portal server.
3. Copy the Tomcat 7 configuration files (tomcat7files.tar.gz) required for the upgrade.
4. Untar the Tomcat binary distribution into: /opt
cd /opt
gtar –zxvf <path>/ apache-tomcat-7.0.42.tar.gz
5. Untar the new Tomcat 7 configuration files into: /tmp
cd /tmp
gtar –zxvf <path>/tomcat7files.tar.gz
6. Run the preparetomcat7 script.
sh /tmp/tomcat7files/preparetomcat7
If no errors are reported, proceed to the next step.
7. Run the switchtomcat shell script.
sh /tmp/tomcat7files/switchtomcat
8. Upgrade should be complete. Verify that you can login to the Portal.
Upgrading to Apache 2.4.6
Instructions cover both http and https environments.
http
These instructions apply to http only.
1. Login to the Customer Portal to retrieve the distribution files that are used in these instructions:
2. Copy the Apache binary distribution (httpd-2.4.6ES4.tar.gz) to your Linux Portal server.
3. Untar the distribution into /opt on the Portal server.
cd /opt
gtar –zxvf <path>/httpd-2.4.6ES4.tar.gz
4. On the Portal server, copy the current working Apache 2.2.20 httpd.conf and workers.properties files into the 2.4.6 conf directory:
cp /opt/apache/conf/httpd.conf /opt/apache/conf/workers.properties /opt/httpd-2.4.6/conf
5. Edit the /opt/httpd-2.4.6/conf/httpd.conf file and make the updates shown in bold.
a. After “LoadModule jk_module modules/mod_jk.so” add the following lines, shown in bold:
LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule dir_module modules/mod_dir.so
LoadModule filter_module modules/mod_filter.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule alias_module modules/mod_alias.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule status_module modules/mod_status.so
b. Comment out the following line:
# AddOutputFilterByType DEFLATE text/html text/plain text/xml
c. Comment out the following lines:
<Files *.nocache.*>
ExpiresActive on
ExpiresDefault "now"
Header merge Cache-Control "public, max-age=0, must-revalidate"
</Files>
<Files *.cache.*>
ExpiresActive on
ExpiresDefault "now plus 1 year"
</Files>
d. Add the <IfModule mod_filter> block shown in bold, after the “<IfModule dir_module>” block:
<IfModule dir_module>
DirectoryIndex index.jsp index.html
</IfModule>
<IfModule mod_filter>
AddOutputFilterByType DEFLATE text/html text/plain text/xml
</IfModule>
e. Comment out the DefaultType:
# DefaultType text/plain
f. Comment out NameVirtualHost:
# NameVirtualHost *
6. Check the syntax of the httpd.conf file.
7. Switch Apache versions, using the following commands.
/opt/aptare/bin/apache stop
rm /opt/apache
ln –s /opt/httpd-2.4.6 /opt/apache
/opt/aptare/bin/apache start
/opt/apache/bin/apachectl -t
Note: The following message should display:
Syntax: OK.
If not, correct errors in /opt/apache/conf/httpd.conf
/opt/aptare/bin/apache start
https
These instructions apply to https only.
1. Login to the Customer Portal to retrieve the distribution files that are used in these instructions:
2. Copy the Apache binary distribution (httpd-2.4.6ES4.tar.gz) to your Linux Portal server.
3. Untar the distribution into /opt on the Portal server.
cd /opt
gtar –zxvf <path>/httpd-2.4.6ES4.tar.gz
4. On the Portal server, copy the current working Apache 2.2.20 httpd.conf and workers.properties files into the 2.4.6 conf directory:
cp /opt/apache/conf/httpd.conf /opt/apache/conf/workers.properties /opt/httpd-2.4.6/conf
Note: Be sure to copy the server certificates to the new http_2.4.6 location.
5. Edit the /opt/httpd-2.4.6/conf/httpd.conf file and make the updates shown in bold.
a. After “LoadModule jk_module modules/mod_jk.so” add the following lines, shown in bold:
LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule dir_module modules/mod_dir.so
LoadModule filter_module modules/mod_filter.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule alias_module modules/mod_alias.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_expires.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule status_module modules/mod_status.so
b. Comment out the following line:
# AddOutputFilterByType DEFLATE text/html text/plain text/xml
• if there is a Browsermatch entry remove it
c. Comment out the following lines:
<Files *.nocache.*>
ExpiresActive on
ExpiresDefault "now"
Header merge Cache-Control "public, max-age=0, must-revalidate"
</Files>
<Files *.cache.*>
ExpiresActive on
ExpiresDefault "now plus 1 year"
</Files>
<IfModule alias_module>
d. Add the following lines shown in bold, after the “<IfModule dir_module>” section:
<IfModule dir_module>
DirectoryIndex index.jsp index.html
</IfModule>
<IfModule mod_filter>
AddOutputFilterByType DEFLATE text/html text/plain text/xml
</IfModule>
e. Comment out the DefaultType:
# DefaultType text/plain
f. Comment out NameVirtualHost:
# NameVirtualHost *
6. Switch Apache versions:
/opt/aptare/bin/apache stop
rm /opt/apache
ln –s /opt/httpd-2.4.6 /opt/apache
7. Check syntax of the httpd.conf file:
/opt/apache/bin/apachectl -t
Note: The following message should display:
Syntax OK
If not, correct errors in /opt/apache/conf/httpd.conf
8. Start Apache
/opt/aptare/bin/apache start