Giters

acrosby / docker-tomcat

A feature full (SSL over APR, etc.) Apache Tomcat running in Docker

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Tomcat on Docker

A feature full Tomcat (SSL over APR, etc.) running in Docker.

Versions

8.0

tl;dr

Quickstart

$ docker run \
    -d \
    -p 80:8080 \
    -p 443:8443 \
    axiom/docker-tomcat

Production

$ docker run \
    -d \
    -p 80:8080 \
    -p 443:8443 \
    -v /path/to/your/ssl.crt:/opt/tomcat/conf/ssl.crt \
    -v /path/to/your/ssl.key:/opt/tomcat/conf/ssl.key \
    -v /path/to/your/tomcat-users.xml:/opt/tomcat/conf/tomcat-users.xml \
    --name tomcat \
    axiom/docker-tomcat

Configuration

Ports

Tomcat runs with two ports open

  • 8080 - HTTP
  • 8443 - HTTPS

Map the ports to local ports to access outside of the Docker ecosystem:

$ docker run \
    -p 80:8080 \
    -p 443:8443 \
    ... \
    axiom/docker-tomcat

JVM

By default, the JVM is run with the following options:

  • -server - server optimized jvm
  • -d64 - 64-bit jvm
  • -Xms4G - reserve 4g of RAM
  • -Xmx4G - use a max of 4g of RAM
  • -XX:MaxPermSize=256m - increase perm size
  • -XX:+HeapDumpOnOutOfMemoryError - nice log dumps on out of memory errors
  • -Djava.awt.headless=true - headless (no monitor)

A custom JVM options file may be used but must export JAVA_OPTS at the end and include any already defined JAVA_OPTS, like so:

#!/bin/sh
NORMAL="-server -d64 -Xms16G -Xmx16G"  # More memory
MAX_PERM_GEN="-XX:MaxPermSize=128m"    # Less Perm
HEADLESS="-Djava.awt.headless=true"    # Still headless
JAVA_OPTS="$JAVA_OPTS $NORMAL $MAX_PERM_GEN $HEADLESS"
export JAVA_OPTS

Mount your own javaopts.sh:

$ docker run \
    -v /path/to/your/javaopts.sh:/opt/tomcat/bin/javaopts.sh \
    ... \
    axiom/docker-tomcat

Users

By default, Tomcat will start with a single admin user account. The password is equal to the user name.

You need to mount your own tomcat-users.xml file with different SHA1 digested passwords. If not, anyone who reads this document and knows your server address will have admin Tomcat privileges.

Mount your own tomcat-users.xml:

$ docker run \
    -v /path/to/your/tomcat-users.xml:/opt/tomcat/conf/tomcat-users.xml \
    ... \
    axiom/docker-tomcat

SSL

By default, Tomcat will start with a self-signed certificate valid for 3650 days. This certificate does not change on run, so if you are serious about SSL, you should mount your own private key and certificate files.

Mount your own ssl.crt and ssl.key:

$ docker run \
    -v /path/to/your/ssl.crt:/opt/tomcat/conf/ssl.crt \
    -v /path/to/your/ssl.key:/opt/tomcat/conf/ssl.key \
    ... \
    axiom/docker-tomcat

If you want to disable SSL altogether, you will need to mount a custom setup.xml:

$ docker run \
    -v /path/to/your/setup.xml:/opt/tomcat/conf/setup.xml \
    ... \
    axiom/docker-tomcat

About

A feature full (SSL over APR, etc.) Apache Tomcat running in Docker

Languages

Language:Shell 100.0%