Running Tomcat Automatically At Linux Startup

A potential drawback of installing Tomcat from a binary distribution instead of using a Linux-packaged version is that you’ll have to do some extra legwork to make Tomcat start automatically when Linux boots up.  To make this process easy and pain-free, follow this simple guide.

Step 1 – Create A Tomcat-Specific User and User Group

It’s a bad idea to run Tomcat as the root user, especially if you’re going to be starting Tomcat automatically.  It’s much more secure to create a new group and user specifically to run Tomcat.  You can do so with the following commands (in this example, we have created a user group named tomcat, and a user named tomcat with the password tomcat; you can certainly be more creative if you wish):

$ groupadd tomcat
$ useradd -s /sbin/nologin -g tomcat -d /path/to/tomcat tomcat

$ useradd -r -s /sbin/nologin tomcat

-r for system user
$ passwd tomcat

-r, –system
Create a system account.

System users will be created with no aging information in /etc/shadow, and their
numeric identifiers are chosen in the SYS_UID_MIN-SYS_UID_MAX range, defined in
/etc/login.defs, instead of UID_MIN-UID_MAX (and their GID counterparts for the
creation of groups).

Note that useradd will not create a home directory for such an user, regardless
of the default setting in /etc/login.defs (CREATE_HOME). You have to specify the
-m options if you want a home directory for a system account to be created.

-s, –shell SHELL
The name of the user’s login shell. The default is to leave this field blank,
which causes the system to select the default login shell specified by the SHELL
variable in /etc/default/useradd, or an empty string by default.


useradd -m -d /home/thenewuser -s /bin/bash -c "the new user" -U thenewuser

-c “message” : extra information about the user.

-U thenewuser : Create a group with the same name as the user, and add the user to this group.

-N : the -N argument tells the system not to create a group having the user’s name

-m, –create-home are same: Create the user’s home directory if it does not exist.

-d, –home HOME_DIR : The new user will be created using HOME_DIR as the value for the user’s login directory.
if -d is not used the default homedirectory will be /home/thenewuser

-m -d /data/thenewuser : the -m argument creates the /data/thenewuser homedirectory, specified by the -d argument.

-M : the -M argument tells the system not to create a home directory

-s /bin/bash : the -s is used for specifing the user’s default shell, /bin/bash in this case.

-s or –shell are same.

-s /sbin/nologin : The /sbin/nologin for Fedora and /usr/sbin/nologin for Debian are two shells that return you a polite message like “this account is not available” and do not allow you to log into the system. This message can be customized.

-s /bin/false : Is an old shell used to deny a user’s login. The /bin/false exits immediatly when false exists. The user accounts with /bin/false or /bin/true as their default shells are locked.

-s /sbin/nologin belongs to unix-linux while /bin/false part of GNU Coreutils. These shells must be listed in the /etc/shells file, to work.

The users with /sbin/nologin (or /usr/sbin/nologin) can connect through ssh or ftp, but the users with /bin/false are completely locked out from the system.

with useradd -D : You can also view the default parameters set for new user to be created using

# useradd -D

Step 2 – Adjust Ownership For New Users And Groups

Now that you have created a user to run Tomcat, you’ll need to give them access to the correct directories.  Use the following commands, substituting your own usernames and groups as necessary:

# chown -R tomcat.tomcat /path/to/tomcat
# chmod 775 /path/to/tomcat/webapps
The first gives ownership of the Tomcat directories to the Tomcat user, and the second gives the user write access for the webapps directory.

Step 3 – Relay Traffic For Non-Root Tomcat User

When running Tomcat as a user other than the root user, you will not be able to bind to port 80, which is where Tomcat listens for HTTP requests.  To get around this, you can use Netfilter, which is packaged with all major Linux distributions:

# iptables -t nat -I PREROUTING -p tcp –dport 80 -j REDIRECT –to-ports 8080
# iptables -t nat -I OUTPUT -p tcp –dport 80 -j REDIRECT –to-ports 8080
To preserve these rules through re-boot, save them with the “ip-tables-save” command, and then follow the procedure appropriate for your Linux distribution (for most distributions, this means editing the iptables init script; Debian users should load the configuration via a script called by if-up.d or pre-up.d).

Step 3 – Create A Custom init Script

To start Tomcat at Linux boot time, we’ll need to create an init script that calls the and scripts included with Tomcat.

The actual creation of this script is outside the scope of this article, but there are many useful resources available online.  All you need to know in order to use the basic init script format to call Tomcat is how the and scripts work.

For more information about these scripts, visit our Tomcat Start page, which includes a simple, step-by-step guide to Tomcat’s three start-up shell scripts.

like :

chmod 774 /opt/apache-tomcat-8.0.12-1/ -Rf

export JAVA_OPTS=”-agentlib:hprof=cpu=samples,file=/var/log/cpuTest.log”



/bin/su -s /bin/bash $TOMCAT_OWNER -c $CATALINA_HOME/bin/




Create bootable USB stick from ISO in Mac OS X

Convert the ISO to UDRW format

Mac OS X provides all the tools needed to convert the ISO image to UDRW. The following command will convert the ISO image to the UDRW format.

hdiutil convert -format UDRW -o destination_file.img source_file.iso

You will notice that the destination_file.img from the command will create the file destination_file.img.dmg really. This is because the hdiutil program automatically adds the dmg file extension. This is not a problem as the file extension won’t affect the format of the image.

Prepare the USB stick

Check your USB stick and make a backup if there is any important data on it, as the next steps are going to delete everything on it.

To prepare the USb stick we are going to delete all the partitions on the stick and create an empty partition. To do this we need to know the device name of the USB stick. Open a terminal and execute the following command:

$ diskutil list

You will see a list of disks and partitions. The goal is to identify the USB stick in this output. Depending on your system configuration your output might look different from this one. This appears to show 3 physical discs but it does not. The /dev/disk1 is a virtual disk created because of the partition encryption (FileVault 2) I enabled in Mac OS X.

#:                       TYPE NAME                    SIZE       IDENTIFIER
0:      GUID_partition_scheme                        *500.1 GB   disk0
1:                        EFI                         209.7 MB   disk0s1
2:          Apple_CoreStorage                         399.5 GB   disk0s2
3:                 Apple_Boot Recovery HD             650.0 MB   disk0s3
5:                 Apple_Boot Boot OS X               134.2 MB   disk0s5
#:                       TYPE NAME                    SIZE       IDENTIFIER
0:                  Apple_HFS MacOSX                 *399.2 GB   disk1
#:                       TYPE NAME                    SIZE       IDENTIFIER
0:      GUID_partition_scheme                        *2.0 GB     disk2
1:       Microsoft Basic Data UNTITLED 1              2.0 GB     disk2s1

As shown in the output above, the connected USB stick is a small 2.0 GB drive with a FAT partition on it. We are now going to remove this partition in the next step. For the following steps we will need the name of the disk which in this case is “/dev/disk2”.

With the following command the data on the disk (your USB stick) will be deleted!

$ diskutil partitionDisk /dev/disk2 1 "Free Space" "unused" "100%"

With this command the USB stick was re-partitioned to have 1 partition without formatting and 100% of the size of the stick. If you check it again with “diskutil list” you will see the changes already, also the USB stick will no longer be shown in the Finder.

Copy the image to the USB stick

Now we can copy the disk image we created to the USB stick. This is done via the dd(1)command. This command will copy the image to the disk (substitute the appropriate disk name for your USB stick here, as with the re-partitioning command):

$ sudo dd if=destination_file.img.dmg of=/dev/disk2 bs=1m

The dd command does not show any output before it has finished the copy process, so be patient and wait for it to complete.

$ diskutil eject /dev/disk2

To eject the USB stick, use the above command. After this is done, the bootable USB stick is ready to be used.

Original link

IspConfig migration from one server to other.

Usefull link 

You need to backup /var/vmail, /var/www (or the place where you stored the websites), the ispconfig database, all mysql databases of the websites incl. the “mysql” database, the users and passwords in /etc/passwd and /etc/group. Make sure that you backup the directories with preserved permoissions.

We must backup:
c. /var/www (web content)
b. /var/vmail (mail content)
a. /etc/passwd and /etc/group (users)
d. MySQL databases (is it better to stop mysql and tar.gz the /var/lib/mysql?)
e. All /etc/
f. /var/log

MY migration script


#database root password
export username=
export password=
NOW=$(date +”%d-%m-%Y”)

ssh root@IP_OLD rm -rf /root/BACKUP_SERVER/vmail.tar.gz
ssh root@IP_OLD tar -zcvf /root/BACKUP_SERVER/vmail.tar.gz /var/vmail
scp root@IP_OLD:/root/BACKUP_SERVER/vmail.tar.gz ./BACKUP_SERVER/
tar -zxvf vmail.tar.gz
cd ..
rm -rf /var/vmail
mv ./BACKUP_SERVER/var/vmail /var/

ssh root@IP_OLD rm -rf /root/BACKUP_SERVER/www.tar.gz
ssh root@IP_OLD tar -zcvf /root/BACKUP_SERVER/www.tar.gz /var/www
scp root@IP_OLD:/root/BACKUP_SERVER/www.tar.gz ./BACKUP_SERVER/
tar -zxvf www.tar.gz
cd ..
rm -rf /var/www
mv ./BACKUP_SERVER/var/www /var/

ssh root@IP_OLD rm -rf /root/BACKUP_SERVER/log.tar.gz
ssh root@IP_OLD tar -zcvf /root/BACKUP_SERVER/log.tar.gz /var/log
scp root@IP_OLD:/root/BACKUP_SERVER/log.tar.gz ./BACKUP_SERVER/
tar -zxvf log.tar.gz
cd ..
rm -rf /var/log
mv ./BACKUP_SERVER/var/log /var/

ssh root@IP_OLD rm -rf /root/BACKUP_SERVER/opt.tar.gz
ssh root@IP_OLD tar -zcvf /root/BACKUP_SERVER/opt.tar.gz /var/opt
scp root@IP_OLD:/root/BACKUP_SERVER/opt.tar.gz ./BACKUP_SERVER/
tar -zxvf opt.tar.gz
cd ..
rm -rf /var/opt
mv ./BACKUP_SERVER/var/opt /var/

export NOW

array=(mydb1 mydb2)
for DATABASE in “${array[@]}”



echo “COPY FILE”

mysql -u $username -p”$password” -e “DROP DATABASE IF EXISTS $DATABASE”

mysql -u $username -p”$password” -e “CREATE DATABASE $DATABASE”

echo “RESTORE”
mysql -u $username -p”$password” $DATABASE < ./BACKUP_SQL/$DATABASE$NOW.sql

echo “FINE”

export password=”


array=( pgdb1 pgdb2 )

for DATABASE in “${array[@]}”



echo “COPY FILE”


dropdb –host –port 5432 –username “postgres” –no-password $DATABASE

createdb –host –port 5432 –username “postgres” –no-password $DATABASE

pg_restore –host -U postgres -d $DATABASE –verbose ./BACKUP_SQL/$DATABASE$NOW.backup

Steps to Perform SSH Login Without Password Using ssh-keygen & ssh-copy-id

ssh-keygen creates the public and private keys. ssh-copy-id copies the local-host’s public key to the remote-host’s authorized_keys file. ssh-copy-id also assigns proper permission to the remote-host’s home, ~/.ssh, and ~/.ssh/authorized_keys.

Step 1: Create public and private keys using ssh-key-gen on local-host

jsmith@local-host$ [Note: You are on local-host here]

jsmith@local-host$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Pess enter key]
Your identification has been saved in /home/jsmith/.ssh/id_rsa.
Your public key has been saved in /home/jsmith/.ssh/
The key fingerprint is:
33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith@local-host

Step 2: Copy the public key to remote-host using ssh-copy-id

jsmith@local-host$ ssh-copy-id -i ~/.ssh/ remote-host
jsmith@remote-host's password:
Now try logging into the machine, with "ssh 'remote-host'", and check in:


to make sure we haven't added extra keys that you weren't expecting.

Note: ssh-copy-id appends the keys to the remote-host’s .ssh/authorized_key.

Step 3: Login to remote-host without entering the password

jsmith@local-host$ ssh remote-host
Last login: Sun Nov 16 17:22:33 2008 from
[Note: SSH did not ask for password.]

jsmith@remote-host$ [Note: You are on remote-host here]

The above 3 simple steps should get the job done in most cases.

How to create custom service for Centos 7

Create a script like :


Description = FaradCrmService

After =


ExecStart = /var/opt/jdk1.8.0_91/bin/java -jar /root/software/fia/farad-1.5.4.RELEASE.jar


WantedBy =

Put the script into -> /usr/lib/systemd/system/farad.service

create a symbolic link like this : ln -s /usr/lib/systemd/system/farad.service /etc/systemd/system/

enable the service : systemctl enable farad.service

start the service : service farad start

if modify the script, reload it with : systemctl daemon-reload

check it status : systemctl status farad.service

Apache not start : device: AH01760: failed to create lock (client_lock)

This’s very likely that Apache leaving a bunch of stray semaphore sets
lying around after an attempted restart of apache.

you can use the following commands to check:
#ipcs -s | grep apache

and use the following to kill:
ipcs -s | grep apache | awk ‘ { print $2 } ‘ | xargs -n 1 ipcrm -s

use the username you starts apache (e.g., specified by “User” directive)
instead of ‘apache’ in the commands.

Device: AH01760: failed to create lock (client_lock) – all nonce-count checking, one-time nonces, and MD5-sess algorithm disabled

Now, in almost all cases, Apache should start properly. If it doesn’t, you may just be completely out of available semaphores. You may want to increase your available semaphores, and you’ll need to tickle your kernel to do so. Add this to /etc/sysctl.conf:

And then run sysctl -p to pick up the new changes.


Apache Httpd web page authentication

this command for create user and password access file:
htpasswd -c /etc/httpd/conf/.htpasswd xxxx

chown root:apache /etc/httpd/conf/.htpasswd
chmod 640 /etc/httpd/conf/.htpasswd

Is possible generate the row to add to the file /etc/httpd/conf/.htpasswd from here

htpasswd [ -c ] [ -i ] [ -m | -B | -d | -s | -p ] [ -C cost ] [ -D ] [ -v ] passwdfile username

htpasswd -b [ -c ] [ -m | -B | -d | -s | -p ] [ -C cost ] [ -D ] [ -v ] passwdfile username password

htpasswd -n [ -i ] [ -m | -B | -d | -s | -p ] [ -C cost ] username

htpasswd -nb [ -m | -B | -d | -s | -p ] [ -C cost ] username password


In my vhost configuration file:

RewriteEngine On
DocumentRoot /usr/local/sendmailanalyzer/www
Options ExecCGI
AddHandler cgi-script .cgi
DirectoryIndex sa_report.cgi
<Directory “/usr/local/sendmailanalyzer/www”>
AuthType Basic
AuthName “Restricted Content”
AuthUserFile /etc/httpd/conf/.htpasswd
Require valid-user

# Apache 2.4
# Require all granted
#Require host

# Apache 2.2
Order deny,allow
#Allow from all
#Allow from
#Allow from ::1
# Allow from


How to test if the email address exists

Source Link

To check if user entered email really exists go through the following in command prompt on windows / terminal on mac. The commands you type in are in green and the server response is in blue. Please refer to MAC & PC screenshots towards the end of this post.

Step 1 – Find mail exchanger or mail server of

nslookup -q=mx
Non-authoritative answer: mail exchanger = 0 mail exchanger = 0

Step 2 – Now we know the mail server address so let us connect to it. You can connect to one of the exchanger addresses in the response from Step 1.

telnet 25
Connected to
Escape character is ‘^]’.

helo hi

mail from: <>
250 2.1.0 Ok

rcpt to: <>
550 5.1.1 <>: Recipient address rejected: User unknown in virtual alias table

221 2.0.0 Bye

Screenshots – MAC Terminal & Windows

MAC email verification
Windows email verification


1) the 550 response indicates that the email address is not valid and you have caught a valid but wrong email address. This code can be on the server and called on AJAX when user tabs out of the email field.  The entire check will take less than 2 seconds to run and you can make sure that the email is correct.
2) If email was present the server will respond with a 250 instead of 550
3) There are certain servers with a CATCH ALL email and this means all email address are accepted as valid on their servers (RARE but some servers do have this setting).
4) Please do not use this method to continuously to check for availability of gmail / yahoo / msn accounts etc as this may cause your IP to be added to a blacklist.
5) This is to supplement the standard email address javascript validation.