2025
25.02
Goobi benötigt nun Openjdk 21 und Tomcat 10
Tomcat 10 ist ab Ubuntu-Version 24.04 als Paket enthalten. Die folgenden Punkte beziehen sich auf ein System, das für das Goobi workflow Update von Ubuntu Linux Server 22.04 auf 24.04 aktualisiert wurde.
Installation Java 21 und Tomcat 10
Installation Java 21 und Tomcat 10 mit Übernahme der Tomcat9-Config und setzen von Java 21 als Default:
systemctl disable --now tomcat9
apt install -y openjdk-21-jre-headless tomcat10
update-alternatives --set java /usr/lib/jvm/java-21-openjdk-amd64/bin/java
systemctl stop tomcat10.service
SYSTEMD_EDITOR=tee systemctl edit tomcat10 < /etc/systemd/system/tomcat9.service.d/override.conf
patch /etc/default/tomcat10 << "EOF"
@@ -6,11 +6,20 @@
# You may pass JVM startup parameters to Java here. If you run Tomcat with
# Java 8 instead of 9 or newer, add "-XX:+UseG1GC" to select a suitable GC.
# If unset, the default options will be: -Djava.awt.headless=true
-JAVA_OPTS="-Djava.awt.headless=true"
+#JAVA_OPTS="-Djava.awt.headless=true"
# To enable remote debugging uncomment the following line.
# You will then be able to use a Java debugger on port 8000.
#JAVA_OPTS="${JAVA_OPTS} -agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n"
+JAVA_OPTS="-Djava.awt.headless=true -Xmx4g -Xms4g"
+JAVA_OPTS="${JAVA_OPTS} -XX:+UseG1GC"
+JAVA_OPTS="${JAVA_OPTS} -XX:+ParallelRefProcEnabled"
+JAVA_OPTS="${JAVA_OPTS} -XX:+DisableExplicitGC"
+JAVA_OPTS="${JAVA_OPTS} -Djava.security.egd=file:/dev/urandom"
+JAVA_OPTS="${JAVA_OPTS} -Dfile.encoding='utf-8'"
+JAVA_OPTS="${JAVA_OPTS} --add-exports=java.desktop/sun.awt.image=ALL-UNNAMED"
+
+UMASK=0022
# Java compiler to use for translating JavaServer Pages (JSPs). You can use all
# compilers that are accepted by Ant's build.compiler property.
@@ -20,4 +29,4 @@
#SECURITY_MANAGER=true
# Whether to compress logfiles older than today's
-#LOGFILE_COMPRESS=1
+LOGFILE_COMPRESS=1
EOF
patch /etc/tomcat10/server.xml << "EOF"
@@ -65,49 +65,22 @@
AJP Connector: /docs/config/ajp.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
- <Connector port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443"
- maxParameterCount="1000"
- />
- <!-- A "Connector" using the shared thread pool-->
- <!--
- <Connector executor="tomcatThreadPool"
- port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443"
- maxParameterCount="1000"
- />
- -->
- <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
- This connector uses the NIO implementation. The default
- SSLImplementation will depend on the presence of the APR/native
- library and the useOpenSSL attribute of the AprLifecycleListener.
- Either JSSE or OpenSSL style configuration may be used regardless of
- the SSLImplementation selected. JSSE style configuration is used below.
- -->
- <!--
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="true"
- maxParameterCount="1000"
- >
- <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
- <SSLHostConfig>
- <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
- -->
- <!-- Define an AJP 1.3 Connector on port 8009 -->
- <!--
- <Connector protocol="AJP/1.3"
- address="::1"
- port="8009"
- redirectPort="8443"
- maxParameterCount="1000"
- />
- -->
+ <Connector address="127.0.0.1" port="8080" protocol="HTTP/1.1"
+ server=" "
+ connectionTimeout="20000"
+ maxThreads="400"
+ URIEncoding="UTF-8"
+ enableLookups="false"
+ disableUploadTimeout="true"
+ proxyName="VIEWER.EXAMPLE.ORG"
+ proxyPort="80" />
+
+ <Connector address="127.0.0.1" port="8009" protocol="AJP/1.3"
+ secretRequired="false"
+ connectionTimeout="20000"
+ maxThreads="400"
+ URIEncoding="UTF-8" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
@@ -150,9 +123,14 @@
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
+ <!--
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
+ -->
+ <Valve className="org.apache.catalina.valves.CrawlerSessionManagerValve"
+ crawlerUserAgents=".*[bB]ot.*|.*Yahoo! Slurp.*|.*Feedfetcher-Google.*|.*Apache-HttpClient.*|.*[Ss]pider.*|.*[Cc]rawler.*|.*nagios.*|.*Yandex.*|.*facebookexternalhit.*|.*bytedance.com.*|.*Turnitin.*|.*GoogleOther.*|.*python-requests.*|.*check_http.*"
+ sessionInactiveInterval="60"/>
</Host>
</Engine>
EOF
patch /etc/tomcat10/context.xml << "EOF"
@@ -28,4 +28,7 @@
<!--
<Manager pathname="SESSIONS.ser" />
-->
+
+ <!-- Set mode for the JSESSONID cookie. Google authentication needs "lax" -->
+ <CookieProcessor sameSiteCookies="strict" />
</Context>
EOF
Tomcat Context config:
mv /etc/tomcat9/Catalina/localhost/*.xml /etc/tomcat10/Catalina/localhost/
Die Speicherzuweisung aus der /etc/default/tomcat{9,10}
und die Connectoren aus der /etc/tomcat{9,10}/server.xml
sind abzugleichen und manuell anzupassen.
Alias anpassen:
sed .bash_aliases -re 's/^(alias cata=.*?)(tomcat9)(.*)/\1tomcat10\3/' -i
. ~/.bash_aliases
Sicherstellen, dass für den Benutzeraccount tomcat
ein sinnvoller Pfad zum Homeverzeichnis gesetzt ist, und dass dieser existiert:
mkdir /var/lib/tomcat/
chown tomcat: /var/lib/tomcat/
usermod -d /var/lib/tomcat tomcat
Rechte des Tomcat-Logs fixen (für Logrotate):
chown tomcat:adm /var/log/tomcat10/catalina.out
Ältere OpenJdk- und Tomcat-Versionen können nach Prüfung entfernt werden.
Zuletzt aktualisiert