Saturday, June 29, 2013

Remove a user from Roller database

I was trying to find a way to remove a user from a Roller blog server. The Roller Web interface seemed a bit confusing, and didn't give me a clue how to remove a user. This led me to try to remove the user directly from the Roller database. I connected to the remote Roller database using SSH and OpenOffice/LibreOffice Base, as shown in the previous post. Now I have a direct access to Roller tables and records in the remote MySQL database.

I opened every table and only found two tables that seem related to user records. They are rolleruser and userrole. To remove a user, I did these things as follows.

  1. Remove the record from the userrole database that are related to the user you want to remove.
  2. Remove the record from the rolleruser database that are related to the user you want to remove.

Warning: directly manipulating Roller database may screw your blog(s). Luckily, I am just starting to set up a Roller blog server, so I don't have many blog posts there yet. Check your blog on the Web after you removed the user from database.

Use a remote MySQL database through a SSH tunnel with OpenOffice / LibreOffice Base

MySQL is used in many database applications, and it is sometimes necessary to work with a MySQL database remotely using a Desktop database application, such as OpenOffice / LibreOffice Base. MySQL uses TCP/IP port 3306, but this port may be blocked from Internet access for security reasons. In that case, we should create a SSH tunnel to the remote MySQL port 3306. Setting up Putty to do so is illustrated below.

  1. In PuTTY Configuration, select Connection, SSH, Tunnels from the Category area.
  2. Type 3306 for Source port.
  3. Type localhost:3306 for Destination.
  4. Click the Add button.
  5. Back to the Session category, type in the Host Name, and click the Open button.
  6. Keep PuTTY open while you work on your MySQL database.

Download a Zip package containing mysql-connector-java-5.1.25-bin.jar. Place the JAR file somewhere, for example, in the classes folder of OpenOffice/LibreOffice. Then, start OpenOffice Writer because staring Base will directly open the Database Wizard without first setting up the MySQL/J connector. Add the "Class Path" to mysql-connector-java by using "Advanced Options" window.


Now start OpenOffice Base. Connect to an existing database: MySQL. Connect using JDBC. Type in the database name and enter "localhost" for Server. Enter username and password if necessary. Then, click Next/OK to connect to the database.

Friday, June 28, 2013

Create a SSL certificate chain with OpenSSL

SSL certificates are necessary for initiating secure communication on the Internet or engaging in safe commercial transactions. A free software tool, openssl, can be used to create a self-signed digital certificate for personal or intranet use, as shown in this post. However, if you want to run an Internet business involving online sales, you eventually need to purchase a SSL certificate from well-known commercial SSL certificate issuers, for example, VeriSign, Thawte and Comodo. In any case, the open-source tool, OpenSSL can be used to facilitate SSL certificate creation.

One commonly used type of SSL file formats is a certificate chain, which combines information on the root certificate authority, the intermediate certificate authority, your public certificate and your private key into a single file. Such a certificate chain can be stored in a secure location for various future uses. For instance, you can later convert it into a public certificate or a private key in PEM format. To create such a file, use an OpenSSL command like this:

openssl pkcs12 -export -in /etc/ssl/myserver.crt -inkey /etc/ssl/private/myserver.key -out myserver.pfx -name tomcat -CAfile ca-bundle.pem -caname StartCom -chain

For detailed information on the command options used, read this OpenSSL pkcs12 manual. The command shown above produces a certificate chain in binary PKCS #12 format. To convert it into a human-readable PEM format, run an OpenSSL command like this.

openssl pkcs12 -in myserver.pfx -out myserver.pem -nodes -nokeys

The resulting file can be used with Apache HTTPD server and Apache Tomcat. However, you need to additionally specify a private key file because I used -nokeys option above to exclude the private key from the PEM certificate chain.

Also Read

35 Free Blogging Software Platforms

WordPress and Movable Type are not the only blogging platforms, and there are many other blogging engines that deserve your consideration. Below I list all the blogging software I have found on the Internet — in the alphabetical order. Most of them are free or open-source as far as I know. Each has its own strengths and unique features so you decide which one is best for you based on your criteria.

They are not desktop applications. However, they are meant to be installed on server machines running Linux or Windows Server 2008/2012. To install and use these server applications, you may need to have some knowledge about the underlying server OS and some level of experience with the programming language, such as PHP, that was used to develop the application.

  1. AnchorCMS
    Anchor is a super-simple, lightweight blog system, made to let you just write.
  2. b2evolution
    A powerful blog/CMS engine, b2evolution is free, open-source software (GPL), runs on virtually any web server featuring PHP + MySQL and is available in several languages.
  3. Blog:CMS
    Includes state-of-the-art weblog, forum, wiki engine, news aggregator (atom / rss), and photo gallery.
    is a blog engine written in the .NET language.
  5. ByteFlow
    Byteflow is a blog engine written in Python using Django.
  6. Chyrp
    Chyrp is a blogging engine designed to be very lightweight while retaining functionality. It is powered by PHP and has very powerful theme and extension engines, so you can personalize it however you want.
  7. DasBlog
    dasBlog is a blogging application that doesn't require a database! It runs on ASP.NET 2.0 and up and is developed in C#. It has a rich templating engine, easy to develop macros and lots of great features.
  8. Dotclear
    Dotclear is an open-source web publishing software created in 2002 by Olivier Meunier. The project's purpose is to provide a user-friendly tool allowing anyone to publish on the web, regardless of their technical skills. Dotclear is a free software primarily designed for its users and regularly improved by their contributions.
  9. EggBlog
    is a free php & mysql blog software package, allowing you to create your own online website, journal or weblog (blog) using your own web-space. The package includes a forum and photo album.
  10. FlatPress
    FlatPress is a blogging engine that saves your posts as simple text files. Forget about SQL! You just need some PHP
  11. Habari
    Habari is a next-generation publishing platform and application framework all-in-one.
  12. LifeType
    Open source, PHP/MySQL powered blogging platform, LifeType includes news, a wiki, an online demo and support forums.
  13. LiveStreet CMS
    LiveStreet is a free (GPLv2) engine for blog and social networks. The project has been implemented with the OOP on PHP5 + MySQL5 and is built on the principle of the MVC model, which makes it possible to change both the logic engine, and appearance with ease.
  14. Mango Blog
    Mango Blog is a free and open source ColdFusion blogging software product.
  15. MightyLemon
    is a blog engine, built on Django.
  16. movable type
    is a professional publishing platform, written in Perl.
  17. Nibbleblog
    Nibbleblog iss a powerful engine for creating blogs, all you need is PHP to work. Very simple to install and configure
  18. Nucleus CMS
    Nucleus CMS is a light, extensible blog CMS, written in PHP.
  19. Open Blog
    An open source blogging application written in CodeIgniter.
  20. Oxite
    Oxite is an open source, web standards compliant, blog engine built on ASP.NET MVC.
  21. pebbles
    Pebble is a lightweight, open source, Java EE blogging tool. It's small, fast and feature-rich with unrivalled ease of installation and use. Blog content is stored as XML files on disk and served up dynamically, so there's no need to install a database.
  22. PivotX
    PivotX s a powerful, flexible, open-source blog CMS, written in PHP, and uses MySQL or flat files as its database.
  23. PluXml
    PluXml is a script for creating a Web site or blog. No programming knowledge or database is needed. It runs on PHP.
  24. Pritlog
    PRITLOG is an extremely simple, small and powerful blog system. It does not use or need a MYSQL database and fully works based on SQLite.
  25. PyroCMS
    PyroCMS is used by individuals, small & medium-sized businesses, and large organizations worldwide to easily create & build a variety of websites & web-enabled applications.
  26. roller
    Apache Roller is a full-featured, multi-user and group-blog server suitable for blog sites large and small. It runs as a Java web application.
  27. sBLOG
    sBLOG is a web log written in PHP, using MySQL as data storage. Comes with an installer-script for easy installation.
  28. Serendipity
    Serendipity is a PHP-powered weblog application which gives the user an easy way to maintain an online diary, weblog or even a complete homepage.
  29. Sharetronix
    Sharetronix is the world's favorite opensource microblogging platform. Sharetronix enables people to exchange ideas and multimedia in real-time.
  30. Storytlr
    Storytlr is an open source lifestreaming and micro blogging platform. You can use it for a single user or it can act as a host for many people all from the same installation.
  31. Subtext
    Subtext is a blog publishing system written in C# on ASP.NET. All data is stored in a Microsoft SQL Server database.
  32. Textpattern
    Textpattern is a free open-source content management system unlike any other; it allows you to easily create, edit and publish content and make it beautiful in a professional, standards-compliant manner.
  33. WordPress
    WordPress is web software you can use to create a beautiful website or blog. It is the most popular blogging platform in use.
  34. Zikula
    No matter what your needs, Zikula can provide the solution. Whether it is a corporate presence with ecommerce, a simple blog or a community portal, Zikula can do it all.
  35. Zine
    Zine is a personal publishing platform a.k.a. weblog engine written in Python. It's Open Source, free and developed with a focus on security and usability.

As you can see, this list is quiet long, but there are still many blogging platforms that are not mentioned here. I think the list will continue to grow as new blogging engines are being developed every now and then. To choose the right blogging application for you, you should consider the supported OS (Windows or Linux), required software (PHP, MySQL, django, etc.), and the programming language used (PHP or ASP.NET). As for me, I like something that works on Linux without requiring PHP. It would take quite some time to try each and every one of them.

Also Read

Wednesday, June 26, 2013

My Selection of Java Web Applications for Tomcat

Here's the list of Web applications that I have installed on my several instances of Apache Tomcat.

I think I can consolidate some of these applications by installing a super-application, such as XWiki.

Also Read

Use Squirrel SQL to copy database

There are so many choices for relational database, and it is sometimes necessary to convert database from one vendor format to another. For instance, you may want to convert Oracle database to MySQL, or vice versa. In case you need to convert database, there are many tools out there, but Squirrel SQL can do it and more. To install Squirrel SQL, download and run the universal Java-based installer like this.

java -jar squirrel-sql-3.5.0-install.jar

IzPack installer will show on the screen. You can install Squirrel SQL anywhere; in /usr/local or your home directory. If you run the installer as root, Squirrel SQL will be installed in /usr/local/squirrel-sql-3.5.0. Next, select all optional plugins and translations as you may need them later.

Source Database Session: Apache Derby

In this example, the source database is Apache Derby and resides on a local server at I started the Derby network server as follows.

java -jar derbyrun.jar server start

Since Derby network server only accepts connection from localhost, I had to create a SSH tunnel to the remote host.

ssh -L 1527: joe@

I started Squirrel SQL by running I modified Apache Derby Client driver because somehow Squirrel SQL couldn't find the driver. I added the following information in the "Change Driver" dialog.

  • Extra Class Path: /home/joe/db-derby-

Next, I created an alias for the source database. I entered the following information at the "Add Alias" dialog.

  • Name: Source DB
  • Driver: Apache Derby Client
  • URL: jdbc:derby://
  • User Name: user4873
  • Password: xogehiak

Click the Test button to make sure database can be connected to using the entered information. Then, click OK. Click the Connect button to open a new database session.

Target Database Session: HSQLDB

The target database is HSQLDB and located in localhost. I started HSQLDB server like this.

java -cp hsqldb.jar org.hsqldb.Server -database.0 file:/home/joe/ametysdb -dbname.0 ametysdb

Again I had to modify HSQLDB Server driver because Squirrel DB couldn't find the driver. I entered the class path to hsqldb.jar.

  • Extra Class Path: /home/joe/hsqldb.jar

Then, I created another alias with the following information.

  • Name: Target DB
  • Driver: HSQLDB Server
  • URL: jdbc:hsqldb:hsql://localhost:9001/ametysdb
  • User Name: SA
  • Password:

I clicked Test to verify the information and clicked OK. This creates another database session.

Copying database

Basically, copying database in this context means copying all existing tables from one database to another. Select all tables in the source database session, right-click the selection and click "Copy Table". Then, switch to the target database session. Right-click the node where the tables will be copied to. Select "Paste Table" from the right-click menu. See the diagrams in this page. Copying progress will be shown. After successful copy, close both sessions, shut down both database servers, and then test your newly converted database.

Tuesday, June 25, 2013

First time using Lenya

I have been using Ametys CMS, but Ametys kept crashing on Windows, due to out-of-memory problems. That made me consider other CMS that are less memory-intensive than Ametys. In this regard, I think Apache Lenya is a fairly good choice for a lightweight Java CMS. Lenya works with any Java application server, such as Tomcat. I recently built Apache Lenya and uploaded it to Google Drive. It is available for public download.

To use my Lenya package, put the WAR file inside Tomcat's webapps directory, or manually extract the contents of the WAR file into a new empty folder in webapps using unzip. Then, open with a text editor, and insert the following line.

<property name="pubs.root.dirs" value="lenya/pubs"/>

Assuming Lenya was extracted to webapps/apache-lenya-2.0.4 directory automatically by Tomcat, point your browser to:

On the left side of the Lenya welcome page, click "Create Publication" and create your first publication. If you named it "xxx", then you can access and author this publication by visiting "". Use "lenya" and "levy" as username and password. If you find it hard to access your publication, try the following URL (replace xxx with your publication ID).

To view the published pages, you have to add a live component to the URL.

Also note that by default lenya submits a page for review, and alice publishes the page.

Also Read

Friday, June 21, 2013

Simple iptables script to build firewall for a Linux Web site

If you operate your own Web site or lease a virtual private server from a Web hosting company, you should be aware that your Website may not have adequate firewall protection — because you are in full charge of your site unless you buy a managed hosting service. You have maximum freedom to set up and run your VPS in whatever way you want, but it's also your responsibility to secure your site from possible online exploitations (known as cyber-attacks). Following is a simple script for setting up a minimal firewall for your Web server. It is meant to be used on Linux servers, not Windows. The script requires iptables, so install iptables before running the script.


# Load connection-tracking module if you need to use FTP.
modprobe nf_conntrack_ftp

# Flush all the current rules.
iptables -F

# Set the default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP

# Create a chain which blocks new connections, except those coming from inside.
iptables -X FIREWALL
iptables -N FIREWALL

# Block port scanners
iptables -A FIREWALL -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j DROP

# Just drop anything else 
iptables -A FIREWALL -p tcp --syn -j DROP
iptables -A FIREWALL -p udp -j DROP
iptables -A FIREWALL -j DROP

# "localhost" can bypass anything.
iptables -A INPUT -i lo -j ACCEPT

# Accept all packets that pass over interfaces other than eth0
# Here eth0 is the network interface your Web server uses to serve the Internet
iptables -A INPUT -m state --state NEW ! -i eth0 -j ACCEPT

# Accept packets whose state is established or related.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Protect against pings of death.
# Reject ICMP packets that are more than 1 ping per second.
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

# Allow SSH connections so we can remotely administer the site.
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 22 -j ACCEPT

# Allow Web traffic
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# When a packet reaches the end of INPUT chain,
# it shall jump to the FIREWALL chain and get trashed.
iptables -A INPUT -j FIREWALL

I believe this script is much simpler than most available iptables scripts. This script only leaves TCP/IP ports 22, 80, 443 open, but you can add additional open ports by inserting rules into the INPUT chain as shown above. On Debian or Ubuntu systems, you can automatically start this script by placing it in the /etc/network/if-up.d directory. Name it "firewall" or something else you prefer. Remember to make it executable by running "chmod +x firewall" To run the script manually, type:


I need to continuously improve or update the script, so I gladly await any reader comments.

Port Scanning with Nmap

Nmap is a valuable tool for hackers and anti-hackers alike. Hackers use nmap in preparation of hacking Web sites on the Internet. Conversely, we can also use nmap to see which services (daemons in Linux) are open to public access. The idea is simple. The more ports we open to the Internet, the more likely the Web site is to become vulnerable to hacking. Therefore, you should keep the number of open ports on your site minimal.

Installing Nmap

On Debian or Ubuntu, use apt-get to install nmap like this.

apt-get install nmap

There's a Windows build of nmap available for download from nmap site.

Stealth TCP scanning with NMAP

This is my favorite type of port scanning. It uses TCP SYN/ACK handshake and scans TCP ports without opening TCP connections, so you are not logged in the remote site's access logs (theoretically). This method uses the -sS option, but since it's the default anyway, you don't even have to specify it.

nmap -Pn -A

The -Pn option disables ping. It's used when we are sure the site is online. The -A option displays comprehensive additional information, such as the OS, versions of software installed and traceroute.

Exhaustive Scanning with -p-

If you add -p- option, then the scan will test all TCP ports from 1 to 65535. This will result in a longer scan, around 15 minutes or longer.

nmap -Pn -A -p-

Such an exhaustive scanning is necessary to find any existing backdoor or detect rootkit / spyware activity.

Thursday, June 20, 2013

Integrate Tomcat into Apache using proxy method

Normally, Apache web server functions as the main Web server, and Tomcat works behind Apache to handle JSP requests and serve Java-based Web applications. mod_jk used to be the standard way of hooking up Tomcat with Apache, but nowadays people use mod_proxy more. So, in this post, let me show how I integrated Apache 2 and Tomcat on Debian Linux.

Installing Apache and Tomcat

I am assuming you already installed Apache Web server and Tomcat. If not, install them with this command:

apt-get install apache2-mpm-event tomcat7

Enabling mod_proxy_http in Apache

Use a2enmod to enable mod_proxy and mod_proxy_http modules for Apache.

a2enmod proxy
a2enmod proxy_http

VirtualHost settings in Apache

Go to the /etc/apache2/sites-available directory and create a new file for your Tomcat-powered website. In the following examples, replace "" with your full Web site name.

cd /etc/apache2/sites-available

Then, open the newly-created file with a text editor (vim, jed, nano, etc.) and type the following contents into the text file "".

<VirtualHost *:80>
ProxyPass / http://localhost:8080
ProxyPassReverse / http://localhost:8080

Enabling your new Web site

Use the command a2ensite to enable the settings for your Web site you just created.

a2ensite default

Restart Apache.

/etc/init.d/apache2 restart

Proxy settings in Tomcat

There's not much to do about Tomcat except adding two attributes into the HTTP/1.1 connector like this.

<Connector port="8080" ...

That's it. Restart Tomcat.

/etc/init.d/tomcat7 restart

Now, every time visitors come to your home page at "", they will see the pages as rendered by Tomcat (actually, http://localhost:8080).

Wednesday, June 19, 2013

Installing Apache on Debian and Ubuntu Linux

Apache web server is the most widely used open-source HTTP server in the world. According to the recent survey from Netcraft, Apache powers 53% of Web sites worldwide, followed by Microsoft IIS (17%) and NGINX (15%).

Installation of Apache web server on Debian / Ubuntu

With Apache, you can run Web sites on the Internet or host Web applications for your office. To install Apache on Debian or Ubuntu, run the following command:

apt-get install libaprutil1-dbd-sqlite3 apache2-mpm-event

Besides apache2-mpm-event, there are other models of Apache, for example, apache2-mpm-worker, apache2-mpm-prefork and apache2-mpm-itk. They are different in the way they handle the traffic and manage the load. I personally favor apache2-mpm-event which is a hybrid event-driven model (read this).

Also Read

Friday, June 14, 2013

Compiling Apache Commons Daemon for Linux and *BSD

I am manually installing the latest version of Tomcat on my Debian Linux server without using its package management system (dpkg). I downloaded Tomcat 7.0.41 from the Tomcat 7.0 download page. Then I unpacked the Tomcat tarball (apache-tomcat-7.0.41.tar.gz) into the /usr/local directory because it seems like a proper place for manually installed software.

tar xzf ~/apache-tomcat-7.0.41.tar.gz

Tomcat requires JDK or JRE to run, so make sure it is installed already. Since we need JDK to compile Apache Commons Daemon, we should install JDK. Later, we can remove JDK and install JRE. Tomcat will work fine with JRE, but some sophisticated Web applications, such as OpenCMS, requires JDK instead of JRE. On Debian, we can use apt-get to install JDK.

apt-get install openjdk-7-jdk

On OpenBSD, we can use pkg_add to install JDK.

pkg_add -i -v jdk

Once we have both Java and Tomcat installed on the system, we need to find a way to start Tomcat automatically on every boot. It is recommended to use Apache Commons Deamon for this purpose. Tomcat is distributed with the source code for the Daemon. In the bin directory of Tomcat, we find a tarball called commons-daemon-native.tar.gz. Let's compile Apache Commons Daemon. This will produce an executable file jsvc for Linux and *BSD which can be used to start any program or Java application in daemon mode. First, unpack the Commons Daemon tarball into your HOME or a temporary location.

tar xzf commons-daemon-native.tar.gz

Then, define an environment variable JAVA_HOME to point to the JDK directory. The configure script in the source uses this variable to find JDK.

export JAVA_HOME=/usr/local/jdk-1.6.0

I think libcap-dev should be installed along with gcc and make.

apt-get install gcc make libcap-dev

Go to the unix subfolder and run the configure script. This assumes that gcc and GNU make are already on your system.

cd commons-daemon-1.0.15-native-src/unix

Then, run make.


This will produce jsvc. Copy it to the bin directory of Tomcat.

cp jsvc /usr/local/apache-tomcat-7.0.41/bin

Starting Tomcat with jsvc needs a bit of tweaking. First, learn about its command parameters.

jsvc --help

Run jsvc to start Tomcat as daemon as shown below. Then, use lynx or Firefox to check Tomcat at If that works, we can turn it into a script. On Debian Linux and OpenBSD, I would put into /etc/rc.local something like this:

export JAVA_HOME=/usr/local/jdk-1.6.0
/usr/local/tomcat-7.0.41/bin/jsvc -classpath /usr/local/tomcat-7.0.41/bin/bootstrap.jar:/usr/local/tomcat-7.0.41/bin/tomcat-juli.jar -outfile /tmp/catalina.out -errfile /tmp/catalina.err -Dcatalina.home=/usr/local/tomcat-7.0.41 -Dcatalina.base=/home/tomcat7 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.util.logging.config.file=/home/tomcat7/conf/ -pidfile /tmp/ -user tomcat7 org.apache.catalina.startup.Bootstrap

You may notice that my settings are peculiar in a way. Basically, I create a user "tomcat7" and use its HOME directory as CATALINA_BASE. The jsvc command is run with -user parameter so it will start Tomcat as the specified user (tomcat7). To stop Tomcat, run jsvc like this:

JAVA_HOME=/usr/local/jdk-1.6.0 /usr/local/tomcat-7.0.41/bin/jsvc -classpath /usr/local/tomcat-7.0.41/bin/bootstrap.jar:/usr/local/tomcat-7.0.41/bin/tomcat-juli.jar -stop -pidfile /tmp/ org.apache.catalina.shutdown

Also Read

Tuesday, June 11, 2013

Getting Liferay Enterprise Portal to work on Linux and *BSD

Liferay is currently the top-ranking Java-based CMS (content management system). It is primarily geared toward business enterprises, and has many useful features for team collaboration. However, it can be used in many situations, including a media contents portal. Liferay community editions are packaged in many bundled forms, including a Tomcat bundle, a Geronimo bundle and such. Let's download a Tomcat bundle "". We are going to take only the Liferay bits from the package and deploy Liferay onto our existing Tomcat installation.

  1. Install JRE and Tomcat if you haven't. On Debian, it is done as follows:

    apt-get install openjdk-7-jre tomcat7
  2. Set JAVA_OPTS variable in the script. This file is located in /usr/local/tomcat/bin directory in OpenBSD. If doesn't exist there, create it. However, JAVA_OPTS variable should be specified in /etc/default/tomcat7 in Debian. The following is the suggested value of JAVA_OPTS:

    JAVA_OPTS="-Dfile.encoding=UTF8 -Djava.awt.headless=true -Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false -Duser.timezone=GMT -Xmx1024m -XX:MaxPermSize=256m -XX:+UseConcMarkSweepGC"
  3. Copy every file from liferay-portal-6.1.1-ce-ga2/tomcat-7.0.27/lib/ext to the local Tomcat folder.

    cp liferay-portal-6.1.1-ce-ga2/tomcat-7.0.27/lib/ext/* /var/lib/tomcat7/lib
  4. Copy all the directories from liferay-portal-6.1.1-ce-ga2/tomcat-7.0.27/webapps to the local Tomcat folder.

    mv liferay-portal-6.1.1-ce-ga2/tomcat-7.0.27/webapps/* /var/lib/tomcat7/webapps
  5. Create a text file webapps/ROOT/META-INF/context.xml and write the following in it.

    <Context crossContext="true">
  6. From liferay-portal-6.1.1-ce-ga2/tomcat-7.0.27/conf, copy these files to the local Tomcat folder.

    • catalina.policy
  7. Find every line containing "<Connector" in server.xml and append URIEncoding="UTF-8".

  8. Unpack the Liferay package. Copy files from liferay-portal-6.1.1-ce-ga2/data/hsql to some directory.

    mkdir /var/lib/tomcat7/work/Liferay
    cp liferay-portal-6.1.1-ce-ga2/data/hsql/* /var/lib/tomcat7/work/Liferay
  9. Restart Tomcat.

Wednesday, June 5, 2013

Set up Yanel on Debian Linux Tomcat

After building Yanel from source, follow the steps below to deploy and configure Yanel for Tomcat on Debian Linux.

  1. Adjust the value of JAVA_OPTS= environment variable in /etc/default/tomcat7 to ensure smooth operation of Yanel.

    JAVA_OPTS="-Djava.awt.headless=true -Dorg.xml.sax.parser=org.apache.xerces.parsers.SAXParser -Xms128m -Xmx256m -XX:MaxPermSize=128m -XX:+UseConcMarkSweepGC"
  2. Copy or move the directory build/webapps/yanel to /var/lib/tomcat7/webapps directory. If you want to make it the default application, rename it to ROOT.

    mv /usr/src/wyona-yanel-1.0.0-src/build/webapps/yanel /var/lib/tomcat7/webapps/ROOT
  3. Copy or move the directory src/realms to /var/lib/tomcat7 directory. You can put it anywhere you like. Just remember to edit realms.xml accordingly.

  4. Enter Tomcat webapps directory. Then, go to Yanel WEB-INF/classes directory and edit some files to configure Yanel. Some of the files that you may edit include:

    • realms.xml
  5. Restart Tomcat.

    /etc/init.d/tomcat7 restart

Set up Lenya on Debian Linux

Apache Lenya is an open-source content management system based on Java and XML technology. I compiled Lenya following this post. It was tricky to take only the Web application part out of the source tree after compilation. In the end, I figured it out after going through the source directories.

Simply copy or move the directory apache-lenya-2.0.4-src/build/lenya/webapp to Tomcat's webapps directory. You can rename it to ROOT if you want to make it the default Web application. Remember to stop Tomcat first.

/etc/init.d/tomcat7 stop
rm -rf /var/lib/tomcat7/webapps/ROOT
mv apache-lenya-2.0.4-src/build/lenya/webapp /var/lib/tomcat7/webapps/ROOT

There are some more things that need to be done. First, adjust the value of JAVA_OPTS in /etc/default/tomcat7. I got the -Dorg.xml.sax.parser= part from the script in Lenya source.

JAVA_OPTS="-Djava.awt.headless=true -Dorg.xml.sax.parser=org.apache.xerces.parsers.SAXParser -Xms32m -Xmx256m -XX:MaxPermSize=128m -XX:+UseConcMarkSweepGC"

Then, copy files from webapps/ROOT/WEB-INF/lib/endorsed to /var/lib/tomcat7/lib.

cp /var/lib/tomcat7/webapps/ROOT/WEB-INF/lib/endorsed/* /var/lib/tomcat7/lib

Restart Tomcat.

/etc/init.d/tomcat7 restart

Use Lenya at

Tuesday, June 4, 2013

Compile Tomcat Native Library on Debian Linux

To compile Tomcat native library, I installed some additional packages.

apt-get install gcc libapr1-dev libssl-dev make openjdk-7-jdk

I set JAVA_HOME environment variable.

export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-i386

I downloaded the tarball from It was located in / directory. I unpacked the tarball and compiled it as follows.

cd /usr/src
tar xzvf tomcat-native-1.1.27-src.tar.gz
cd tomcat-native-1.1.27-src/jni/native
./configure --with-apr=/usr/bin/apr-1-config
make install

Then, I copied the library like this.

cd .libs
mv* /usr/lib

Then, I ran ldconfig.


I uncommented the following line in /etc/tomcat7/server.xml.

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

I restarted Tomcat.

/etc/init.d/tomcat7 restart

I hope Tomcat native library will boost Tomcat performance.

Ametys Installation on Debian and Ubuntu Linux

Ametys is a Web CMS (content management system) powered by Java language. This step-by-step guide seeks to help install Ametys on Debian-based Linux, such as Ubuntu. Apache HTTPD server is not needed, although MySQL is recommended for database.

Ametys is made of two parts: CMS and SITE. CMS is used to edit Web pages while SITE is used to present and display Web pages. In this guide, CMS and SITE will run from a single Tomcat instance on the same machine, but each of them will use a different port. CMS will use the new custom port 8081, and SITE will use the default port 8080.

  1. Install Tomcat and MySQL.

    apt-get update
    apt-get install libmysql-java mysql-server tomcat7
  2. Adjust the value of JAVA_OPTS in /etc/default/tomcat7 for smooth operation of Ametys.

    JAVA_OPTS="-Djava.awt.headless=true -Xmx256m -XX:MaxPermSize=128m -XX:+UseConcMarkSweepGC"
  3. Add the following section to /etc/tomcat7/server.xml so that Tomcat will have a new connector at port 8081.

    <Service name="Ametys">
      <Connector port="8081" protocol="HTTP/1.1" connectionTimeout="20000"
                 URIEncoding="UTF-8" redirectPort="8443" />
        <Engine name="Ametys" defaultHost="localhost">
          <Host name="localhost"  appBase="ametys"></Host>

    Then, create Ametys directory in /etc/tomcat7 and /var/lib/tomcat.

    mkdir /etc/tomcat7/Ametys
    mkdir /var/lib/tomcat7/ametys
    chown tomcat7:tomcat7 /etc/tomcat/Ametys /var/lib/tomcat7/ametys
  4. Download and unpack Ametys deployment package ( in this way.

    • The cms directory from the package becomes:
    • The site directory from the package becomes:

    Remember to change the ownership of the ROOT directories to tomcat7.

  5. Create a database for Ametys. Log in to MySQL server.

    mysql -u root -p

    Type the following SQL commands. Make up names for the database, username and password if you want.

    GRANT ALL ON ametysdb.* TO ametys@'%' IDENTIFIED BY 'webcms';
    GRANT ALL ON ametysdb.* TO ametys@localhost IDENTIFIED BY 'webcms';

    Run the SQL scripts found in /var/lib/tomcat7/ametys/ROOT/WEB-INF/scripts/mysql.

    for f in *.sql; do mysql -u root -p ametysdb < $f ; done
  6. Create /var/lib/tomcat7/lib if it doesn't exist. Then, put mysql-connector-java-5.1.16.jar there.

    ln -s /usr/share/java/mysql-connector-java-5.1.16.jar /var/lib/tomcat7/lib
  7. Configure CMS by opening http://localhost:8081/_admin in Firefox.

  8. Configure SITE by opening http://localhost:8080/_admin in Firefox.

  9. Create contents by visiting http://localhost:8081. Then, view your Web site at http://localhost:8080. Stay tuned for more information.

Sunday, June 2, 2013

Generate OAuth signing key for Ametys

I was reading the Tomcat log file "catalina.out" to find any problem running Ametys CMS. I came across these lines.

Jun 02, 2013 10:36:56 AM org.apache.shindig.gadgets.oauth.OAuthModule$OAuthStoreProvider loadDefaultKey
WARNING: Couldn't load OAuth signing key.  To create a key, run:
  openssl req -newkey rsa:1024 -days 365 -nodes -x509 -keyout testkey.pem \
     -out testkey.pem -subj '/CN=mytestkey'
  openssl pkcs8 -in testkey.pem -out oauthkey.pem -topk8 -nocrypt -outform PEM

Then edit and add these lines:

I thought I should follow the instruction from the error log. It's actually about creating a SSL private key. In OpenBSD, I ran the following command:

openssl req -newkey rsa:1024 -days 365 -nodes -x509 -keyout testkey.pem -out testkey.pem -subj '/CN=ametyskey'

Then I executed this command.

openssl pkcs8 -in testkey.pem -out oauthkey.pem -topk8 -nocrypt -outform PEM

Now I have testkey.pem and oauthkey.pem. I placed these files in webapps/cms/WEB-INF/lib directory. I also created with the following contents.


I still have to see how this will help Ametys running.

Also Read

About This Blog

KBlog logo This blog seeks to provide useful information to people, based on the author's knowledge and experience. Thanks for visiting the blog and posting your comments.

© Contents by KBlog

© Blogger template by Emporium Digital 2008

Follow by Email

Total Pageviews