学步园

There
are a few good articles out there documenting how to get a headless
GeoServer box up, and some great documentation out there for Ubuntu on
AWS, but nothing covered exactly what I was trying to do in one place,
so I thought I’d document the steps necessary to get GeoServer running
on Ubuntu 10.4 (Lucid Lynx) hosted on Amazon Web Services.

N.B.
 
At the end of this you should have an Amazon Machine Instance running GeoServer suitable for playing around with. What you will 
not 


have is a strongly secured performance optimised GeoServer box – hopefully that will be covered in a following post.

This post also assumes you already have an Amazon Web Services account.

Creating our instance

I’ve
tried doing this setup with the default Fedora AMIs from Amazon, but I
haven’t used Redhat in a few years, and I’m more familiar with Ubuntu,
so the first step is to get a trusted Ubuntu instance to start from.

First step – grab an AMI with Ubuntu 10.4 – Ubuntu’s 
Public Cloud Deployment documentation
 
lists the 
Amazon EC2 published AMI’s
 
– I’ll be using the 32bit EBS image on the US West Coast (ami-cb97c68e

)
, as I’m just wanting a small instance (the 64bit are larger, and cost
more), I may want to be able to stop the instance without loosing it
completely, and as I’m in New Zealand, I suspect the US West Coast will
have lower latency than Singapore.

So, let’s create our Instance. Head over to Amazon Web Services 
EC2 Console Dashboard
, and click 
Launch Instance
.

• In the 
  Choose an AMI
   
  tab, click 
  Community AMIs
  , and enter 
  ami-cb97c68e
   
  in the text box next to Viewing / All Images.
• Press 
  Enter
  , and the Ubuntu AMI 
  ami-cb97c68e
   
  should be listed. ClickSelect
  .
• The 
  Instance Details
   
  tab appears, you can leave the defaults selected here. Click 
  Continue
  .
• Under 
  Advanced Instance Options
  ,  you may want to click 
  Enable CloudWatch Monitoring for this instance
  , though note that this costs extra – you can leave this unchecked and add it later if you wish. Click 
  Continue
  .
• In the 
  Create Key Pair
   
  tab, either select a preexisting key pair, or create a new pair. I’ll creating a new key pair called 
  geoserver
   
  – enter 
  geoserver
  in the 
  name for keypair
   
  text box and click 
  Create and Download your Key Pair
  . Save the 
  .pem
   
  file to somewhere safe.
• In the 
  Configure Firewall
   
  tab, as we’ll be running GeoServer on top of Tomcat on port 8080, we’ll select 
  Create a new Security Group
  . Name the Group, and add the following ports: HTTP (TCP, 80), and SSH
  (TCP, 22). We’ll also need to add Tomcat (TCP, 8080), but we’ll need to
  set this up as a custom rule later on.
• Click 
  Continue
  , and we’ll be at the 
  Review
   
  tab. Check everything looks OK, and click 
  Launch
  . You can now click 
  Close
  , and click on the 
  x Security Group(s)
   
  link under 
  My resources
  .
• Select the 
  GeoServer
   
  security group we created earlier, and add the Tomcat rule (Connection Method: 
  Custom
  , Protocol: 
  TCP
  , From Port: 
  8080
  , To Port: 
  8080
  , Source (IP or Group): 
  0.0.0.0/0
  ). Click 
  Save
  .

Within
a few minutes, the machine should be up and running on the web. Now we
need to connect to it and do some installation.First we need to get the
public DNS address of the machine:

• Go back to the 
  EC2 Console Dashboard
  , and click on the 
  x Running Instance(s)
   
  link under 
  My Resources
  .
• Right-click your new instance, and select 
  Connect
  .
• In the popup that appears, the public DNS will be listed – something likeec2-184-72-xx-xx.us-west-1.compute.amazonaws.com
  .

Depending
on what platform you are using locally, there are two ways to connect.
(Well, actually there are loads, but I’ll focus on Windows and Ubuntu).

Connecting from an Ubuntu Linux box

• Locate your private key file, 
  geoserver.pem
• Use 
  chmod
   
  to make sure your key file isn’t publicly viewable, ssh won’t work otherwise:
chmod 400 geoserver.pem
• Connect to your instance using instance’s public DNS.
  ssh -i geoserver.pem ubuntu@ec2-
  184-72-xx-xx
  .us-west-1.compute.amazonaws.com
• Answer 
  yes 
  
  when warned about authenticity of the host and asked if you want to continue connecting.
• You should see something like this:

leigh@deep-thought:~$ ssh -i geoserver.pem ubuntu@ec2-184-72-xx-xx
.us-west-1.compute.amazonaws.com
The authenticity of host 'ec2-184-72-xx-xx
.us-west-1.compute.amazonaws.com (184.72.xx.xx)' can't be established.
RSA key fingerprint is f5:f5:0c:2e:77:9f:6a:82:3a:33:8c:99:5a:65:e2:09.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ec2-184-72-xx-xx
.us-west-1.compute.amazonaws.com,184.72.xx.xx' (RSA) to the list of known hosts.
Linux ip-10-160-43-6 2.6.32-305-ec2 #9-Ubuntu SMP Thu Apr 15 04:14:01 UTC 2010 i686 GNU/Linux
Ubuntu 10.04 LTS

Welcome to Ubuntu!
* Documentation: https://help.ubuntu.com/

System information as of Wed Jun 16 21:59:44 UTC 2010

System load: 0.06 Memory usage: 2% Processes: 54
Usage of /: 4.6% of 14.76GB Swap usage: 0% Users logged in: 0

Graph this data and manage this system at https://landscape.canonical.com/
---------------------------------------------------------------------
At the moment, only the core of the system is installed. To tune the
system to your needs, you can choose to install one or more
predefined collections of software by running the following
command:

sudo tasksel --section server
---------------------------------------------------------------------

0 packages can be updated.
0 updates are security updates.

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To run a command as administrator (user "root"), use "sudo ".
See "man sudo_root" for details.

ubuntu@ip-10-160-43-6:~$

Connecting from a Windows box using PuTTY.

• PuTTY
   
  doesn’t use 
  .pem
   
  files for authentication – instead we need to create a PuTTY private key file (.ppk
  ) using the PuTTY Key Generator (PuTTYgen). A guide to doing this can be found 
  here
  , but the steps required are.
  • Download and run 
    puttygen.exe
     
    from the PuTTY 
    download page
    .
  • Click 
    Conversions->Import Key Pair
    , and select your 
    .pem
     
    file. Click Save private key. You can password protect it at this point
    if you like, however in my humble opinion, you probably don’t need to if
    you treat this file with the same care as you would the 
    .pem
     
    file. We’ll save the file as 
    geoserver.ppk
    .
• Fire up PuTTY, and enter the public DNS in the 
  (Host Name or IP address)
   
  text box.
• In the Category tree, select 
  Connection->SSH->Auth
  , and 
  Browse 
  
  for the 
  Private key for authentication
  , selecting our newly created.ppk
  file.
• Go back to the 
  Session
   
  category and save this session if you like, and then click 
  Open
  .
• Click 
  Yes
   
  when warned about verifying the identity of the server, asked if you want to continue connecting.
• Login as the user 
  ubuntu
  .
• You should see something like the following:

login as: ubuntu
Authenticating with public key "imported-openssh-key"
Linux ip-10-160-43-6 2.6.32-305-ec2 #9-Ubuntu SMP Thu Apr 15 04:14:01 UTC 2010 i686 GNU/Linux
Ubuntu 10.04 LTS

Welcome to Ubuntu!
* Documentation: https://help.ubuntu.com/

System information as of Wed Jun 16 22:32:12 UTC 2010

System load: 0.99 Memory usage: 2% Processes: 56
Usage of /: 4.6% of 14.76GB Swap usage: 0% Users logged in: 1

Graph this data and manage this system at https://landscape.canonical.com/
---------------------------------------------------------------------
At the moment, only the core of the system is installed. To tune the
system to your needs, you can choose to install one or more
predefined collections of software by running the following
command:

sudo tasksel --section server
---------------------------------------------------------------------

0 packages can be updated.
0 updates are security updates.

Last login: Wed Jun 16 21:59:45 2010 from xx-xx-xx-xx.dsl.sta.inspire.net.nz
To run a command as administrator (user "root"), use "sudo ".
See "man sudo_root" for details.

ubuntu@ip-10-160-43-6:~$

Installing necessary packages

We’ve
now got a vanilla Ubuntu instance running, and we’re connected. Now
let’s install the packages necessary to get GeoServer up and running.

• From the terminal, execute the following:

• sudo apt-get install unzip lynx tomcat6 tomcat6-admin

• sudo vim /etc/default/tomcat6
  
  Find, uncomment and modify the following lines:

JAVA_OPTS="-Djava.awt.headless=true -Xmx512

m"
TOMCAT6_SECURITY=no

• sudo vim /var/lib/tomcat6/conf/tomcat-users.xml
  
  Modify to contain the following, substituting your own super strong
  password. Be sure to remove any comment block surrounding the<tomcat-users>
   
  section if one exists. 
  (Thanks to jvangeld)

<tomcat-users>
<role rolename="admin"/>
<role rolename="manager"/>
<role rolename="tomcat"/>
<user username="tomcat6

" password="some super strong password

" roles="admin,manager,tomcat"/>
</tomcat-users>

• sudo /etc/init.d/tomcat6 restart
• We’re now ready to login to Tomcat’s administration interface and install GeoServer.
• Download the Web Archive from GeoServer’s 
  Stable download page
  .
• Unzip the downloaded 
  .war.zip
   
  file.
• Browse
  to your new instance’s tomcat administration interface, e.g.

  http://ec2-184-72-xx-xx.us-west-1.compute.amazonaws.com:8080/manager/html

• Log in using the 
  tomcat6
   
  and 
  some super strong password
   
  username and password combination specified earlier.
• Under 
  WAR file to deploy
  , upload the unzipped 
  geoserver.war
   
  file you have just downloaded, and click 
  Deploy
  .
  • This
    file is about 40-50MB in size, so this step can take a while depending
    on your connection speed. You’re waiting to see both the message 
    OK
     
    in the top of the window, and 
    /geoserver
     
    being listed under the 
    Applications
     
    list on the 
    Tomcat Web Application Manager
    .
• Browse to your GeoServer instance, e.g. http://ec2-184-72-xx-xx.us-west-1.compute.amazonaws.com:8080/geoserver/web/
• To check things are OK, lets do a sanity check by clicking on 
  Layer Preview
   
  link in the left hand pane.
• At the bottom of the list of configured layers, there are some entries named 
  tasmania
  , 
  spearfish
   
  and 
  tiger-ny
  , next to which are someOpenLayers
   
  links. Click the 
  spearfish
   
  link, and you should get a simple OpenLayers interface showing some test data.
• Click on the 
  tiger-ny OpenLayers
   
  link, and you should get a simple map of New York…
  • …except
    you won’t – you’ll get a bunch of blank image tiles in an empty map.
    This threw me for a bit, so I had to delve into the GeoServer error log.
    You can skip to the solution below, but if you want to see where some
    of the error information is logged, see the steps below.
    • Open up a terminal session to the server if necessary, and type the following:
      

      vim /var/log/tomcat6/catalina.out

      You should see, near the bottom of the log file, some telltale entries like the following:

      16 Jun 23:29:42 ERROR [geoserver.ows] -
      org.vfny.geoserver.wms.WmsException: org.vfny.geoserver.wms.WmsException: 
      Rendering process failed
      
      at org.vfny.geoserver.wms.responses.GetMapResponse.execute(GetMapResponse.java:447)
      ...
      ...
      Caused by: java.lang.Error: 
      Probable fatal error:No fonts found.
      
      at sun.font.FontManager.getDefaultPhysicalFont(FontManager.java:1088)
      at sun.font.FontManager.initialiseDeferredFont(FontManager.java:960)

    • Google
       
      came to the 
      rescue
       
      – this being a headless server, it has no fonts installed.
    • In order to find out what fonts Java is expecting, type the following:
      

      vim /etc/java-6-openjdk/fontconfig.properties

    • This yields the following line amongst others:
      

      serif.plain.latin-1=DejaVu Serif

  • To install the missing DejaVu font:
    

    sudo apt-get install ttf-dejavu
    sudo /etc/init.d/tomcat6 restart

  • Try the New York map again, and you should get a map of Manhattan.

• Note
  that the maps being displayed are non-tiled, and generated every
  request. Click the small menu icon in the top left of the map to enable
  tiled mapping (taking advantage of local caching), and change the map
  canvas size.

Next steps

I’ve
kept this short so that it details the absolute minimum steps required
to get GeoServer up and running on an AWS Ubuntu instance.

So the next few bits – I need to get working are:

• Getting some base map data – ideally I’d like to get this fromOpenStreetMap
  ‘s OSM 
  export
   
  facility, probably using 
  osm2pgsgl
  . I haven’t got this working yet,  so in the meantime, I’ll probably download some Shapefiles from the great 
  koordinates
   
  repository, which has loads and loads of data, especially for New Zealand.
• Running direct from PostGIS is going to be a better solution than from Shapefiles, and more manageable.
• Then, I need to import some TFW raster files, probably using something like GDAL.
• Making use of GeoWebCache to pre-render and cache map tiles on the server.
• Last, but not least, securing and optimising the installation.

Hopefully I will write up these steps in the coming weeks.