Initial configuration
Apache Geronimo provides a couple of configuration files where you can edit some of the parameter before starting the server. For instance, you can change the port numbers the server uses by updating the config-substitutions.properties
file located in the <geronimo_home>/var/config directory. If you need to substitute one module with another you can use the artifact-aliases.properties
or the client-artifact-aliases.properties
files also available in the <geronimo_home>/var/config directory. In addition, you may also want to change the default user name and password and/or user groups. The files available in the <geronimo_home>/var/security directory allow you to make these changes.
Additional configuration changes can be made on the config.xml
file available in the <geronimo_home>/var/config directory. The following sections cover more in detail how to make these changes.
Available configuration files
list all configuration files, provide a general overview and a link to the full blown document (one for each file)
<geronimo_home>/var/config
- artifact_aliases.properties
- client_artifact_aliases.properties
- config-substitutions.properties
- config.xml
- jsr88-configurer-config.xml
- offline-deployer-config.xml
<geronimo_home>/var/log
<geronimo_home>/var/security
Others ...
Changing the default port numbers
The config-substitutions.properties
file lets you specify a totally new set of ports and define an automatic port offset for when you run multiple servers (or instances of the same server).
org.apache.geronimo.config.substitution
.
For example, an entry such as hostName=localhost
can be overridden by an environment variable or system property org.apache.geronimo.config.substitution.hostName=foo
.
Although this section is focusing on changing these settings by updating a properties file, there is an alternative way by using the Geronimo administrative console which is explained in more detail under the Configuring the Web Container section. However, if you have port conflicts at start up time the Geronimo administrative console will not be available, so we have to focus on configuring the config-substitutions.properties
file by choosing a new PortOffset value (the default is 0).
The following example shows the config-substitutions.properties
file for the Tomcat distribution of Geronimo. The file provided with the Jetty distribution is nearly identical. Changes to the file should be made when the server is stopped.
There are a number of reasons why you might want to use other port numbers than those provided by default. Most common startup problems are in fact associated with port conflicts. You can use monitoring utilities like Active Ports that will quickly tell you what application or process is using what port so you can customize Geronimo's ports accordingly. On Unix-like platforms, you can always use something like netstat -nao | grep -i list
to get the ports in use along with what application is holding that port. Alternatively, you can use netstat -nab
on a Windows platform.
Changing the username and password
The default administration user name and password for the Geronimo Administrative Console and command line deployment tool is system and manager respectively. You can change these defaults directly from the Administration Console by accessing Security -> Console Realm and change the user name and password from the Console Realm Users portlet.
Alternatively, you can make the same changes by editing the users.properties
and groups.properties
files, both located in the <geronimo_home>/var/security
directory.
Important
Access to the <geronimo_home>/var/security
directory should be appropriately secured. Different operating systems offer different alternatives to securing files and directories. Most cases would involve restricting permission to specific user groups.
Passwords in users.properties
file are encrypted by the server. Passwords can be changed using the Geronimo Administrative Console. They can also be changed using a text editor. While the server is stopped, simply edit the users.properties
file. The password(s) will be encrypted the next time the server is started.
To prevent potential security exposures, we strongly recommend you update the default user names and passwords on your system.
By editing the properties files
Open the <geronimo_home>/var/security/groups.properties
file and edit the contents of this file. Add any username that you require and save the file.
admin=user1,user2
Next, open the <geronimo_home>/var/security/users.properties
file. You can change the password for the existing system account and/or add new users. When adding a new user, the username has to be the same as the one added to the groups.properties
file.
user1=password1 user2=password2
In this example, two users have been added, user1 and user2 and the default system account has been deleted. Both user1 and user2 can access the console and the command line deployment tools.
By modifying the security configuration from the Administrative Console
Log into the Geronimo Administration Console and click on Users and Groups on the console navigation panel. This will display the Console Realm Users and Console Realm Groups portlets.
- Click on the Create New User link to add a new user. In the Actions section you can edit or delete existing users.
- Click on Create New Group link to add new user to the group.
- Once the new user name and password is added, log out of the console and try the new user name and password.
Visit the Administering security section for more details on all the security related settings.
Topology planning
In today's globalized world, modern organizations face a lot of opportunities and challenges every day. Many of these challenges can put an onus on the organization's IT infrastructure therefore its configuration is crucial. The Apache Geronimo application server supports small-to-medium-sized enterprise applications and provides robust, secure support for the latest Java EE specification. This section will highlight the different configuration options that can be used in your production environment.
Two-tier system
The figure below illustrates a client machine accessing an application hosted in the Geronimo server. Although the figure depicts only one client machine, several machines can be connected to the server and users on these machines can access the hosted Web applications using a standard Web browser.
The client-side application may vary ranging from being a simple command line user interface to a full-fledged user interface such as those created using popular client-side GUI technology. These applications can access the Web tier by connecting to the server using their own HTTP connections, or they can access business and EIS tier objects through the help of the Geronimo client application container.
Features of the Geronimo application client:
- Separate from the Geronimo server.
- Communication with the Geronimo server is over the network.
- Provides mapping dependency management for the client application and reference resolution.
Three-tier system
Three tier architecture system is more scalable than two tier as it supports hundreds of users and organizations. It also increases flexibility and freedom.
Remote Apache HTTPd
The Apache Web server is the best, and most popular, HTTP server software in use on the Internet today. In your production environment using Geronimo with the Apache Web server would give you some rigorous advantages as given below.
- Clustering & load balancing
Clustering allows an application server to support multiple nodes with failover, session data sharing, and load balancing across many network nodes. Load balancing of the application can be done with the help of inbuilt support of Apache server.
- SSL encoder
The advantages of Web server proxies are that they offer a way to get server affinity for SSL-encrypted messages, without any extra hardware. But extensive SSL processing puts an extra load on the proxy. It will be handled by Apache server while Geronimo can handle business logic of the application.
- Application load sharing
In many serving systems, web and application servers work together to handle all HTTP requests. Apache handles the request for static pages (including HTML, JPEG, and GIF files), while Geronimo handles requests for dynamic pages (JSPs or servlets) with the help of Tomcat/Jetty. Geronimo servers can also handle static pages, but in combined systems, they are usually configured to handle dynamic requests.
Summary
Using the Geronimo application server lets you build a secure enterprise infrastructure conforming to the latest standards and requirements. This article gave you an insight into custom configuration of the standard Geronimo installation, with several installation methods.