You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Initial configuration

Apache Geronimo provides a couple of configuration files where you can edit some of the parameter before starting the server. For instance, you can change the port numbers the server uses by updating the config-substitutions.properties file located in the <geronimo_home>/var/config directory. If you need to substitute one module with another you can use the artifact-aliases.properties or the client-artifact-aliases.properties files also available in the <geronimo_home>/var/config directory. In addition, you may also want to change the default user name and password and/or user groups. The files available in the <geronimo_home>/var/security directory allow you to make these changes.

Additional configuration changes can be made on the config.xml file available in the <geronimo_home>/var/config directory. The following sections cover more in detail how to make these changes.

Available configuration files

list all configuration files, provide a general overview and a link to the full blown document (one for each file)

<geronimo_home>/var/config

<geronimo_home>/var/log

<geronimo_home>/var/security

Others ...

{scrollbar}

Changing the default port numbers

INLINE

The config-substitutions.properties file lets you specify a totally new set of ports and define an automatic port offset for when you run multiple servers (or instances of the same server).

Other than that, you can define different variables and their substitution values in this file, which will be used when processing the corresponding config.xml. These substitution values can be overridden by environment variables and system properties by prefixing the property name with org.apache.geronimo.config.substitution.

For example, an entry such as hostName=localhost can be overridden by an environment variable or system property org.apache.geronimo.config.substitution.hostName=foo.

Although this section is focusing on changing these settings by updating a properties file, there is an alternative way by using the Geronimo administrative console which is explained in more detail under the Configuring the Web Container section. However, if you have port conflicts at start up time the Geronimo administrative console will not be available, so we have to focus on configuring the config-substitutions.properties file by choosing a new PortOffset value (the default is 0).

The following example shows the config-substitutions.properties file for the Tomcat distribution of Geronimo. The file provided with the Jetty distribution is nearly identical. Changes to the file should be made when the server is stopped.

config-substitutions.propertiessolid #Tue Dec 16 15:44:41 EST 2008 ORBPort=6882 AJPPort=8009 clusterNodeName=NODE MaxThreadPoolSize=500 ResourceBindingsNamePattern= Capacity=1000 SMTPHost=localhost StatelessPoolSize=10 StatelessTimeout=0 ResourceBindingsQuery=?\#org.apache.geronimo.naming.ResourceSource DerbyPort=1527 BMPPoolSize=10 COSNamingPort=1050 StatefulTimeout=20 webcontainer=TomcatWebContainer OpenEJBPort=4201 ORBSSLPort=2001 PortOffset=0 ORBHost=localhost JMXPort=9999 EndPointURI=http\://localhost\:8080 NamingPort=1099 DefaultWadiSweepInterval=36000 WebConnectorConTimeout=20000 BulkPassivate=100 MulticastDiscoveryPort=6142 HTTPSPort=8443 COSNamingHost=localhost MinThreadPoolSize=200 MulticastDiscoveryAddress=239.255.3.2 ReplicaCount=2 ServerHostname=0.0.0.0 ActiveMQPort=61616 ORBSSLHost=localhost SMTPPort=25 webcontainerName=tomcat6 ResourceBindingsNameInNamespace=jca\: StrictPooling=true JMXSecurePort=9998 DefaultWadiNumPartitions=24 AccessTimeout=30 HTTPPort=8080 clusterName=CLUSTER_NAME ClusterName=cluster1 ResourceBindingsFormat={groupId}/{artifactId}/{j2eeType}/{name} RemoteDeployHostname=localhost TmId=71,84,77,73,68

There are a number of reasons why you might want to use other port numbers than those provided by default. Most common startup problems are in fact associated with port conflicts. You can use monitoring utilities like Active Ports that will quickly tell you what application or process is using what port so you can customize Geronimo's ports accordingly. On Unix-like platforms, you can always use something like netstat -nao | grep -i list to get the ports in use along with what application is holding that port. Alternatively, you can use netstat -nab on a Windows platform.

Unable to render {include} The included page could not be found.
Changing the default port numbers Initial configuration Substituting one module with another

Changing the username and password

The default administration user name and password for the Geronimo Administrative Console and command line deployment tool is system and manager respectively. You can change these defaults directly from the Administration Console by accessing Security -> Console Realm and change the user name and password from the Console Realm Users portlet.

Alternatively, you can make the same changes by editing the users.properties and groups.properties files, both located in the <geronimo_home>/var/security directory.

Important

Access to the <geronimo_home>/var/security directory should be appropriately secured. Different operating systems offer different alternatives to securing files and directories. Most cases would involve restricting permission to specific user groups.

Passwords in users.properties file are encrypted by the server. Passwords can be changed using the Geronimo Administrative Console. They can also be changed using a text editor. While the server is stopped, simply edit the users.properties file. The password(s) will be encrypted the next time the server is started.

To prevent potential security exposures, we strongly recommend you update the default user names and passwords on your system.

By editing the properties files

Open the <geronimo_home>/var/security/groups.properties file and edit the contents of this file. Add any username that you require and save the file.

groups.properties
admin=user1,user2

Next, open the <geronimo_home>/var/security/users.properties file. You can change the password for the existing system account and/or add new users. When adding a new user, the username has to be the same as the one added to the groups.properties file.

users.properties
user1=password1
user2=password2

In this example, two users have been added, user1 and user2 and the default system account has been deleted. Both user1 and user2 can access the console and the command line deployment tools.

By modifying the security configuration from the Administrative Console

Log into the Geronimo Administration Console and click on Users and Groups on the console navigation panel. This will display the Console Realm Users and Console Realm Groups portlets.

  • Click on the Create New User link to add a new user. In the Actions section you can edit or delete existing users.
  • Click on Create New Group link to add new user to the group.
  • Once the new user name and password is added, log out of the console and try the new user name and password.

Visit the Administering security section for more details on all the security related settings.

Topology planning

In today's globalized world, modern organizations face a lot of opportunities and challenges every day. Many of these challenges can put an onus on the organization's IT infrastructure therefore its configuration is crucial. The Apache Geronimo application server supports small-to-medium-sized enterprise applications and provides robust, secure support for the latest Java EE specification. This section will highlight the different configuration options that can be used in your production environment.

Two-tier system

The figure below illustrates a client machine accessing an application hosted in the Geronimo server. Although the figure depicts only one client machine, several machines can be connected to the server and users on these machines can access the hosted Web applications using a standard Web browser.

The client-side application may vary ranging from being a simple command line user interface to a full-fledged user interface such as those created using popular client-side GUI technology. These applications can access the Web tier by connecting to the server using their own HTTP connections, or they can access business and EIS tier objects through the help of the Geronimo client application container.

Features of the Geronimo application client:

  • Separate from the Geronimo server.
  • Communication with the Geronimo server is over the network.
  • Provides mapping dependency management for the client application and reference resolution.

Three-tier system

Three tier architecture system is more scalable than two tier as it supports hundreds of users and organizations. It also increases flexibility and freedom.

Remote Apache HTTPd

The Apache Web server is the best, and most popular, HTTP server software in use on the Internet today. In your production environment using Geronimo with the Apache Web server would give you some rigorous advantages as given below.

  1. Clustering & load balancing
    Clustering allows an application server to support multiple nodes with failover, session data sharing, and load balancing across many network nodes. Load balancing of the application can be done with the help of inbuilt support of Apache server.

  2. SSL encoder
    The advantages of Web server proxies are that they offer a way to get server affinity for SSL-encrypted messages, without any extra hardware. But extensive SSL processing puts an extra load on the proxy. It will be handled by Apache server while Geronimo can handle business logic of the application.

  3. Application load sharing
    In many serving systems, web and application servers work together to handle all HTTP requests. Apache handles the request for static pages (including HTML, JPEG, and GIF files), while Geronimo handles requests for dynamic pages (JSPs or servlets) with the help of Tomcat/Jetty. Geronimo servers can also handle static pages, but in combined systems, they are usually configured to handle dynamic requests.

Summary

Using the Geronimo application server lets you build a secure enterprise infrastructure conforming to the latest standards and requirements. This article gave you an insight into custom configuration of the standard Geronimo installation, with several installation methods.

  • No labels