Tomcat

This guide is for setting up Tomcat on FreeBSD and Debian with Tomcat versions 8 or 9, JDK 8, using Memcache for sessions, and supporting RemoteIpValve.

Configuration Variables (Defaults)

General Settings

• classpath_adds ('')
  • A list of JAR files to add, separated by colons (:).
• tomcat_java_version (11)
  • The Java version to use with Tomcat.
• tomcat_default_java_opts ('-Djava.awt.headless=true -Xms1024m -Xmx2g -Dlog4j2.formatMsgNoLookups=true')
  • Java command-line arguments.
• tomcat_java_gc_opts ('-XX:+UseConcMarkSweepGC' if Java < 9, '' else)
  • Override for Java garbage collection options.
• tomcat_java_opts ('')
  • Additional Java options for starting Tomcat.
• tomcat_lang_opts ('')
  • Extra Java command-line arguments.
• tomcat_http_port (8080)
  • The HTTP port to use.
• tomcat_ajp_port (8009)
  • The AJP port to use.
• tomcat_ajp_address (0.0.0.0)
  • The address for AJP to listen on.
• tomcat_keystore ('')
  • Path to the keystore file.
• tomcat_storepass ('')
  • Password for the keystore.
• tomcat_catalina_props ([])
  • Lines to add or replace in catalina.properties (will replace lines that match before ‘=‘).
• tomcat_apr_port ('')
  • If defined, the port for the APR connector.
• tomcat_apr_cert ('')
  • If defined with an X.509 certificate, HTTPS support will be activated with APR.
  • The certificate and key will be copied to the Tomcat config directory.
• tomcat_apr_key ('')
  • PEM key for the above certificate. Required for TLS with APR.
• jre_dir (depends on distribution)
  • Path to the JRE for Tomcat.
• tomcat_env_vars ({})
  • A dictionary of environment variables for Tomcat.
• tomcat_env_file ('')
  • A file containing environment variables to source.

(See defaults/main.yml for a complete list)

HTTP(S) Reverse Proxy Support

• proxies_ips_regex ('')

  • A regular expression that matches the IP addresses of the proxy (e.g., '^(127.0.0.1|::1)$' for localhost IPv4 and IPv6).

• If proxies_ips_regex is set, RemoteIpValve will be configured to support:

  • X-Forwarded-For
  • X-Forwarded-Proto (must be 'https' if SSL is enabled)

Memcache Sessions

If memcached_nodes is provided:

Sessions are shared between Memcache instances on each Tomcat host using the Memcached Session Manager.

• memcached_nodes should be filled like this:

  memcached_nodes: 'srv1:srv1.fqdn:11211,srv2:srv2.fqdn:11211'
  

  The node names (like srv1 and srv2) must match the inventory inventory_hostname.
• tomcat_memcached_sticky (True)
  • If set to false, allows non-sticky synchronous sessions.

(See templates/context.xml.j2 for details)

Web Application Deployment

• tomcat_webapps ([]) is a list describing the web applications to deploy:

  • key is the name of the app.
  • war is the WAR file to deploy in the webapps directory.
  • gitsrc will be cloned into gitdst if both are specified.
  • script is the command to run (as root) after the deployment (if any).

• tomcat_forced_deploy (False)

  • Forces Tomcat to stop before deploying and completely removes the apps directory.

• myapp ('')

  • If specified, only deploy this app (must match the webapp.key).