jump to navigation

Setting up an Open Geospatial Consortium Service server August 8, 2007

Posted by grimmeister in Geoinformatics.


Our web server that we were using for OGC WFS and SOS decided to die on Monday – two disks in the RAID 5 array went to disk heaven (where I presume there is no I/O, after all, one does not expect to work in a heaven). We received this event with mixed emotions. All our services went down (big headache), but this was the long-needed opportunity to get off of Gentoo and on to Ubuntu. Gentoo is great, but the extra understanding and attention needed to maintain it is lacking in our workgroup. So, for better or for worse, it was decided to rebuild the server with Ubuntu Feisty, hoping that the extra attention that Ubuntu pays to Sun Java would pay off when it came to running Java-based webservices. While on the topicof ubuntu, I just love this xkcd irreverance:

xkcd genius again!

So, we got Ubuntu, Sun’s JDK 1.5 and Tomcat 5.5 installed easily. Of course, Tomcat did not immediately run. That would be too simple.

Enlisting the help of a few good websites (http://www.kintespace.com/rasxlog/?p=468;


http://ubuntuforums.org/showpost.php?p=2611681&postcount=1), I managed to get Tomcat grafting in a shortish time. This is significant, ‘cos I am clearly not what could be called a skilled sysadmin, and frankly, Tomcat fills me with fear 🙂

sun jdk
tomcat 5.5

1)Given that sun jdk installed, make sure its jvm is the default jvm
sudo update-alternatives --config java
choose the sun option

I also added the var JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun/ to the /etc/profile file but no idea if it has any useful effect

2)Tomcat is a bit quirky on Ubuntu

2.1)if not installed, do:
sudo apt-get install tomcat5.5 tomcat5.5-admin tomcat5.5-webapps

2.2)Configure Tomcat for the Java JDK. Edit /etc/default/tomcat5 uncommenting this line:

2.3)Set some permissions:
cd /var/lib/tomcat5.5/
sudo chown -R tomcat55:tomcat55 logs work
sudo chown tomcat55:tomcat55 /usr/share/tomcat5.5

2.4)Change service port to 8080 (default is 8180) in /etc/tomcat5.5/server.xml

2.5)Change the users and passwords for working with tomcat, tomcat admin and tomcat manager in /var/lib/tomcat5.5/conf/tomcat-users.xml
Advice seems to be to get a separate admin user with roles {admin, manager,tomcat}

2.6) Fix the catalina.out problem – it is trying to set the logfile as a pipe, rather make it a regular file to get tomcat to start
cd /var/log/tomcat5.5/
sudo rm catalina.out
sudo touch catalina.out
sudo chown tomcat55:nogroup catalina.out
sudo chmod uo-wrx catalina.out

/etc/init.d/tomcat5.5 start -> Tomcat now runs as a daemon

So, now to the OGC use cases!

1) We need to have the ability to serve OGC standard WFS, WMS and potentially WCS. We know the Geoserver tool, we like it, and dammit, I have just taken the time to install Tomcat, so sure as anything I am going to be using a servlet…

2) We need to serve Sensor Observation Service Offerings. There are now a number of implementations of the SOS, some richer than others at this early stage. We are familiar with the 52North SOS implementation and have worked with 52North developers on several occasions.

I’ll save my experiences with installing the SOS for another day, when I am feeling strong. Geoserver, however, is pretty easy to install and run.

1.1) Download the .war file in a zip file from the Geoserver website. We are using 1.5.1. Extract .war file

1.2) Deploy the .war file from the Tomcat Manager page. This will take place okay, but Geoserver will not be able to start, for Tomcat on Ubuntu is by default tightly locked down.

1.3) Follow the instructions at http://docs.codehaus.org/display/GEOSDOC/4+GeoServer+in+Production+Environment, which tell one to create a file called, in our case, ‘geoserver.policy’ in the /etc/tomcat-5.5/policy.d directory and populate it as follows:
grant codeBase "file:/var/lib/tomcat5.5/webapps/geoserver/WEB-INF/classes/-" {
permission java.security.AllPermission;
grant codeBase "file:/var/lib/tomcat5.5/webapps/geoserver/WEB-INF/lib/-" {
permission java.security.AllPermission;

This is supposed to get Geoserver working after Tomcat is restarted, but it does not. Instead a ServletException is thrown when one tries to access the Geoserver servlet. The key is to open the /etc/tomcat5.5/policy.d/04webapps.policy document and add a line to it granting looser security permissions:
permission java.security.AllPermission;

Then restart Tomcat and voila! the joys of Geoserver are yours to experience. I find the administration of Geoserver almost ridiculously intuitive once the servlet is running. It just takes a bit of time to set your spatial data hosting environment up



1. Andrea Aime - October 10, 2007

Thanks a lot for the detailed install instructions. I took the liberty of linking it from the “GeoServer in production environment” page in our wiki:

Thanks a lot for sharing with us your findings 🙂

2. grimmeister - October 10, 2007

With pleasure Andrea and many thanks for all the work on Geoserver – it is a great product indeed!

3. Tim Bowden - November 14, 2007

I had a similar problem,with tomcat5.5 on Ubuntu 7.10. I tried your fixes, but they didn’t work for me. I’ve now got it working, though I’m not sure exactly how! I removed all java apart from java-1.5.0-sun (strictly speaking, I removed all and re-installed java-1.5.0-sun). I did several rounds of apt-get install and remove tomcat5.5 (with various combinations of other tomcat components. Also installed ant-optional; no idea if it helped) but each time it was broken. tomcat started and bound to the port, but returned an empty web page. After manually cleaning all remaining traces out after each apt-get remove –purge tomcat5.5* (there were some really strange things left behind- recursive symlinks in etc/tomcat5.5 etc) I did a final apt-get install tomcat5.5* and surprisingly enough, a new package was downloaded that wasn’t previously needed for some reason- libcommons-fileupload-java. All was then sweet as far as tomcat was concerned.

4. Cédric Briançon - November 21, 2007

Hi, thanks for the tips given 🙂
I just want to give you 2 small errors I’ve corrected on my version of geoserver.policy :
1) webapps is badly written in your quote 🙂
2) you need a “;” after the closing brace for each grant

Thanks again 🙂

5. grimmeister - November 21, 2007

Thanks Cedric, corrected…

6. SEWilco - April 10, 2008

Because Ubuntu Tomcat is oriented toward certain kinds of web apps, the Tomcat from Apache may be better. But the standard Tomcat does not mention a /etc/tomcat-5.5/policy.d directory.

7. SEWilco - April 11, 2008

Looks like in the Tomcat 6 downloaded from Apache the geoserver.policy file should go in the “conf” directory (also known as $CATALINA_HOME/conf)

8. Mike Pumphrey - May 13, 2008

Hi there. Just wanted to let you know that the GeoServer homepage has moved to geoserver.org.

9. Revisiting Geoserver on Ubuntu « SouthernTip - July 28, 2008

[…] July 28, 2008 Posted by grimmeister in Geoinformatics. trackback After a year or so of running Geoserver 1.5.x in a prototyping environment, I have run through the process of getting Geoserver 1.6.4 running in […]

10. Andres Herrera - March 8, 2009

Thanks, for your help !

11. seiti.eti.br » SIG – Sistema de Informação Geográfica - October 23, 2009

[…] o deploy. Talvez seja preciso editar as polĂ­ticas de sistema para que tudo funcione, como pode ser visto no Southern Tip […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: