Bare-bones Instructions For Standing Up A TDS Production Server
Prior To Installation
- Purchase a certificate from a certificate authority for your TDS domain/host.
- Create a dedicated user/group for running the Tomcat server.
Install Java
Install And Configure Tomcat
- Install Tomcat
- Create a
setenv.sh
file in${tomcat_home}/bin
to set JVM options and the TDS$CONTENT_ROOT
. - Make the following modifications to
${tomcat_home}/conf/server.xml
:- Enable digested password support by modifying the
UserDatabaseRealm
. - Enable TLS/SSL in tomcat using you CA certificate.
- Enable Compression in the Tomcat connectors.
- Modify the Tomcat AccessLogValve log format and changed the prefix and suffix and pattern attributes for the access log file.
- Enable digested password support by modifying the
- Create a digested password using the algorithm specified in the
UserDatabaseRealm
of the${tomcat_home}/conf/server.xml
file. - Make the following modifications to
${tomcat_home}/conf/tomcat-users.xml
:- Create roles for manager-gui,
tdsConfig
and tdsMonitor. - Create a user with the digested password with access to the
manager-gui
,tdsConfig
, andtdsMonitor
roles.
- Create roles for manager-gui,
- If you choose to use the Tomcat
manager
application, modify the deployment descriptor (${tomcat_home}/webapps/manager/WEB-INF/web.xml
) to force access to occur only via HTTPS. - Remove all unused web applications from the
${tomcat_home}/webapps
directory. - Modify the permissions of
${tomcat_home}
to restrict access.
Deploying The TDS
- Download the TDS WAR file.
- If needed, rename the WAR file to
thredds.war
. - Deploy the
thredds.war
file to the${tomcat_home}/webapps
directory. - Start/restart Tomcat so that it has a chance to create initial files in
${tomcat_home}/content/thredds
. - Modify
${tomcat_home}/content/thredds/catalog.xml
for your site. - Modify
${tomcat_home}/content/thredds/threddsConfig.xml
for your site in the following manner:- Add the needed information to the
ServerInformation
element. - Enable any other optional services like WMS or WCS.
- Add the needed information to the
Continued Maintenance
- Be sure to periodically check to make sure you are running the latest supported versions of Java, Tomcat and the TDS.
- If you have enabled access logging (and you should), zip up the unused access logs in
${tomcat_home}/logs/
and archive them off to another directory. - Likewise, zip up the unused TDS servlet logs in
${tomcat_home}/content/thredds/logs
and archive them as well. - Manually rotate Tomcat’s
catalina.out
log file when it grows too large.
Upgrading The TDS
Important:
When installing a new
thredds.war
, everything in ${tomcat_home}/webapps/thredds
is overwritten. However, nothing in ${tomcat_home}/content/
is overwritten.
Upgrading Tomcat
Important:
If you are using the Tomcat
manager
application, you will need to modify the deployment descriptor to enable access via HTTPS only.