PlanetJ corporation

 

Optimizing Tomcat for Web Applications

* Tomcat *

Tomcat Security and Optimization Document

ã PlanetJ Corporation

1821 Kelson Place, Escondido CA 92029

Phone 760-432-0600 • Fax  760-432-0600

 

Table of Contents

Introduction to Tomcat                                    3

Increase Maximum Memory Used  3

Changes to web.xml configuration file  5

Administering Tomcat:  8

Changing Port Settings    12

Secure Application Files in Tomcat  13

SSL:  16

Other Security Considerations                  16

References    16

 

 

 

Chapter

1

Introduction

Introduction to Tomcat:

WebSphere has gained significant market share in Web application development space.  A powerful, easy to use, and free alternative to WebSphere is Apache’s Tomcat.  Tomcat is open source and is the reference implementation for Sun’ servlet standard.  Tomcat has proven itself as production quality and is used by many companies. Tomcat installation on Window servers is an automated and easy process however the default installation places Tomcat into development mode.  The advantage of development mode is that changes to JSPs, class, and JAR files are automatically incorporated at runtime without the need to restart the application server.  The drawback is that performance suffers in development mode.  Once you have created your WOW application and are ready to serve it to the public, the following steps should be taken to optimize Tomcat. 

Step 1

Increase Maximum Memory Used

Tomcat ships with the maximum amount of memory set to 64MB, which is not large enough to operate most large web applications.  We recommend increasing the maximum amount of memory to 80% of the total RAM available on your server.  This can be done as shown below.

 First, open Tomcat by going to the Start Menu-Programs-Apache Tomcat-Start Tomcat.

After Tomcat has started you should see the Tomcat icon in the lower right hand corner as shown below. 

To access the Tomcat properties allowing changes to the maximum memory, right click on the icon and select properties. This is also the way to stop the server by clicking on Shutdown: Tomcat instead of properties.

The properties screen below has the Java VM tab selected.  Inside the Java Options we will add the increased min and max memory allocation settings.

The minimum value can be anything but should start with at least 64-100MB. The maximum memory should be up to 80% of your computers RAM. For example, if you have 512MB of RAM then you should set the maximum memory to around 400MB. To change the memory specifications you need to add this code to the Java Options text area:

-Xms100m -Xmx400m

 

 

 

Step 2

 Changes to web.xml configuration file:

The web.xml is the document that defines default values for all web applications loaded into each instance of Tomcat.  As each application is deployed, this file is processed, followed by the “/WEB-INF/web.xml” deployment descriptor from your own applications. The web.xml is located in Apache Software Foundation-Tomcat-conf folder shown below.