How to setup a production Tomcat 6
----------------------------------

Download (these were current versions when writing this)
    * Tomcat (6.0.32)
    * catalina-jmx-remote.jar if you want to enable fixed listen ports for
      JMX remote access (such as needed for VisualVM over SSH tunnel)
    * catalina-ws.jar + jaxrpc.jar + wsdl4j.jar to enable WebServices
      automatic injection in servlets and other container managed objects
    * tomcat-juli.jar + tomcat-juli-adapters.jar + log4j (1.2.15) or the
      smaller nlog4j (1.2.25) if you want to change the logging system

Extract main archive, optionally rename the directory according to your
naming scheme policy (for example: to tomcat6).

In bin/ apply the following change for Java detection:
    --- backup/setclasspath.sh	2010-07-25 09:50:09.000000000 +0200
    +++ bin/setclasspath.sh	2010-07-24 09:28:37.000000000 +0200
    @@ -30,6 +30,7 @@
	 fi
       else
	 JAVA_PATH=`which java 2>/dev/null`
    +    JAVA_PATH=`readlink -e "$JAVA_PATH" 2>/dev/null`
	 if [ "x$JAVA_PATH" != "x" ]; then
	   JAVA_PATH=`dirname $JAVA_PATH 2>/dev/null`
	   JRE_HOME=`dirname $JAVA_PATH 2>/dev/null`

and remove *.tar.gz source archives (or optionally build and install them
before).

Make a backup copy of conf directory to "backup" for reference and change
tracking purposes.

Copy this to conf/tomcat-users.xml (or edit manually)
    <?xml version="1.0" encoding="UTF-8"?>
    <tomcat-users>
	<role rolename="manager" />
	<role rolename="manager-gui" />
	<user username="tomcat" password="manager" roles="manager,manager-gui" />
    </tomcat-users>

Clean useless things for a production server:
    * In webapps/ remove doc/ and examples/
    * In lib/ remove tomcat-i18n-*.jar

Provision for distinct classloaders: make directories "server/classes",
"shared/classes" and "lib/classes".  Edit conf/catalina.properties to apply
the following patch:
    --- backup/catalina.properties	2011-02-02 20:06:47.000000000 +0100
    +++ conf/catalina.properties	2011-06-19 16:57:15.000000000 +0200
    @@ -47 +47,5 @@
    -common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar
    +common.loader=\
    +	${catalina.base}/lib/classes,\
    +	${catalina.base}/lib/*.jar,\
    +	${catalina.home}/lib/classes,\
    +	${catalina.home}/lib/*.jar
    @@ -60 +64,5 @@
    -server.loader=
    +server.loader=\
    +	${catalina.base}/server/classes,\
    +	${catalina.base}/server/*.jar,\
    +	${catalina.home}/server/classes,\
    +	${catalina.home}/server/*.jar
    @@ -74 +82,5 @@
    -shared.loader=
    +shared.loader=\
    +	${catalina.base}/shared/classes,\
    +	${catalina.base}/shared/*.jar,\
    +	${catalina.home}/shared/classes,\
    +	${catalina.home}/shared/*.jar

NB: skip this step if you plan to use your Tomcat with Eclipse
Move server libs out of application scope:
    * move lib/catalina*.jar and lib/tomcat*.jar to server/
      (don't touch lib/jasper*.jar and lib/*api.jar)

Change server logging to integrate [n]log4j:
    * Copy tomcat-juli.jar to bin/
    * Copy tomcat-juli-adapters.jar and [n]log4j*.jar to server/
	(select only one of nlog4j or log4j)
    * Copy log4j.xml to server/classes
Alternatively you can also redirect to other logging systems with SLF4J
directly from java.util.logging; Use jul-over-slf4j + slf4j-api +
slf4j-XXX (XXX = whatever logging kit you want) + a logging.properties setting.

Make the JSP part JavaEE 5 compatible: add JSTL 1.2 implementation
    * Copy jstl-1.2.jar to shared/ (for production only)
      or to lib/ (may be useful for some basic development configs -- Eclipse)

Adjust default run settings:
    Edit conf/context.xml change the line
	<Context>
    to
	<Context swallowOutput="true">
    and uncomment the <Manager.../> line
    Edit conf/server.xml comment out (<!--...-->) the line which contains
	<Listener ...AprLifecycleListener...
    (unless you installed the tomcat-native library)
    Edit conf/web.xml search <servlet-name>jsp add above next <init-param>
	<!-- custom -->
        <init-param>
            <param-name>mappedfile</param-name>
            <param-value>false</param-value>
        </init-param>
        <init-param>
            <param-name>trimSpaces</param-name>
            <param-value>true</param-value>
        </init-param>
	<!-- end custom -->

If you want to enable fixed-ports access to JMX in your running Tomcat,
add catalina-jmx-remote.jar to lib[server?]/ and add this to server.xml
after other listeners:
    <!--Force fixed ports for remote access; Requires jar file
      catalina-jmx-remote.jar to be in lib/.
      <Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
		rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002" />
    -->

If you want to enable JSR109 WebServices resolution in webapps, add
catalina-ws.jar and wsdl4j.jar and jaxrpc.jar to lib[shared?]/.

TODO places to add resources
    in conf/server.xml#Server/GlobalNamingResources/ or
    in conf/context.xml#Context/ or
    in conf/Catalina/localhost/<webapp>.xml or
    in webapps/<webapp>/META-INF/context.xml#Context/
TODO add a DataSource server resource and make it available to JNDI
    --- server.xml / GlobalResources ---
    <Resource name="ds1" type="javax.sql.DataSource" auth="Container"
	driverClassName="oracle.jdbc.OracleDriver"
	url="jdbc:oracle:thin:@DBHOST:1521:INSTNAME"
	username="USER" password="PWD"
	maxActive="150" maxIdle="25" minIdle="5"
	validationQuery="SELECT 1 FROM DUAL"
	validationQueryTimeout="5" testOnBorrow="true"
	testWhileIdle="true" numTestsPerEvictionRun="1"
	minEvictableIdleTimeMillis="30000" timeBetweenEvictionRunsMillis="60000"
    />
    --- context.xml ---
    <ResourceLink name="jdbc/ds1" global="ds1" type="javax.sql.DataSource"/>
    <!-- accessed with java:comp/env/jdbc/ds1 from webapp -->
    --- web.xml ---
    <resource-ref>
	<res-ref-name>jdbc/ds1
	<res-type>javax.sql.DataSource
	<res-auth>Container
TODO replace Tomcat's DBCP with another pool implementation
    objectweb-datasource.jar#org.objectweb.jndi.DataSourceFactory
    xapool.jar[1.5.0]#org.enhydra.jdbc.pool.StandardXAPoolDataSource
    DS' <Resource ... factory="org.objectweb.jndi.DataSourceFactory"/>
TODO add a mail/session resource
    <Resource name="mail/Session" type="javax.mail.Session" auth="Container"
	mail.smtp.host="SMTPHOST"
TODO add a JPA provider (e.g. Hibernate)
TODO add JTA support with OW2' JOTM
    jotm2.0.11.MR5/*.jar __EXCEPT__ log4j.jar and commons-logging.jar
    commons-logging-1.1.jar
    backport-util-concurrent-2.1.jar
    <Transaction factory="org.objectweb.jotm.UserTransactionFactory"
	jotm.timeout="60"/>
TODO replace JNDI with OW2' Carol
TODO extend mime mappings for Adobe and certificates
    web.xml#web-app/
	<mime-mapping>
		<extension>crt</extension>
		<mime-type>application/x-x509-ca-cert</mime-type>
	</mime-mapping>
	<mime-mapping>
		<extension>air</extension>
		<mime-type>application/vnd.adobe.air-application-installer-package+zip</mime-type>
	</mime-mapping>
TODO add SSL support
    conf/server.xml#.../Connector[port='8443']
	keystoreFile="conf/xxx.jks" keystorePass="yyy"