EasyApache 4 Tomcat Private Instances
By Jithin on January 10th, 2019
Recently, cPanel/WHM implemented a new version of Apache Tomcat with Easyapache 4 for users and is available in cPanel/WHM version 76 and later. Previously the Tomcat was only available in EasyApache 3 and now they stopped support for EasyApache 3. So cPanel added Tomcat support in their latest version 76. There is a lot of difference between Tomcat in EasyApache 3 and EasyApache 4.
1) EasyApache 3 handles Tomcat differently than EasyApache 4. EasyApache 4 provides Tomcat 8.5, rather than Tomcat 7.
2) Tomcat existed as a shared service and all applications ran as the tomcat user in EasyApache 3. The server created a container within a shared server.xml file
3) In EasyApache 4, Tomcat runs as a per-user private instance and allows the user to configure their instance themselves. Tomcat runs as the individual user, rather than as the tomcat user.
The main advantages of Tomcat Private Instances are that Tomcat runs as the individual user rather than the tomcat user. This will increase security and places management of the Tomcat instance in the user’s control but may affect your server’s performance due to the memory requirements. The user can stop and start services, and manage their Tomcat configuration to suit their needs. Please note that users need SSH access to manage Tomcat.
Jailshell user considerations
The default Jailshell permissions only allow users to view their current session’s processes. So users cannot see the status of their previously started Tomcat service. If they attempt to restart an already active service with Ubic, the system will launch a duplicate process. So we need the root access to fix this issue. Contact system administrator and do one of the following action to fix this issue.
1) Assign normal shell for the user.
2) The system administrator can select Always mount a full /proc under the Jailed /proc mount method option of the System section of WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings). If you enable this functionality, a jail shelled user can see all running processes. This can allow the Jailshell user to break out of their shell.
Manage service as a user
We can use the cpuser_service manager and Ubic subsystem to manage services in Tomcat. You must add Ubic path to your .bashrc file. To do this, please follow the below given steps:
1) Login to the server through SSH as a user.
2) Open the .bashrc file with your favourite text editor and add the following line at the end of the file.
export PATH=$(dirname $(readlink /usr/local/cpanel/3rdparty/bin/perl)):$PATH
3) Now we can manage Tomcat services by using Ubic. To check the status, run the following command.
$ ubic status ea-tomcat85
Here is the sample output
ubic status ea-tomcat85
4) To restart Tomcat service, run the following command.
$ ubic restart ea-tomcat85
5) To stop tomcat service, run the following command.
$ ubic stop ea-tomcat85
6) To start Tomcat service, run the following command.
$ ubic start ea-tomcat85
If you need any further help, please do reach our support department.