第 47 章 Apache Tomcat
本文共 11983 字,大约阅读时间需要 39 分钟。
47.1. Tomcat 安装与配置
47.1.1. Tomcat 6
解压安装
chmod +x jdk-6u1-linux-i586.bin./jdk-6u1-linux-i586.bin输入"yes"回车mv jdk1.6.0_01 /usr/local/ln -s /usr/local/jdk1.6.0_01/ /usr/local/java
/etc/profile.d/java.sh
例 47.1. /etc/profile.d/java.sh
################################################### Java environment################################################export JAVA_HOME=/usr/local/javaexport JRE_HOME=/usr/local/java/jreexport PATH=$PATH:/usr/local/java/bin:/usr/local/java/jre/binexport CLASSPATH="./:/usr/local/java/lib:/usr/local/java/jre/lib:/usr/local/memcached/api/java"export JAVA_OPTS="-Xms512m -Xmx1024m"
下载binary解压到/usr/local/
下载软件包
wget http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.13/bin/apache-tomcat-6.0.13.tar.gzwget http://archive.apache.org/dist/tomcat/tomcat-connectors/native/tomcat-native-1.1.10-src.tar.gzwget http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.23/tomcat-connectors-1.2.23-src.tar.gz
tar zxvf apache-tomcat-6.0.13.tar.gzmv apache-tomcat-6.0.13 /usr/local/ln -s /usr/local/apache-tomcat-6.0.13/ /usr/local/tomcat
tomcat-native
tar zxvf tomcat-native-1.1.10-src.tar.gzcd tomcat-native-1.1.10-src/jni/native./configure --with-apr=/usr/local/apache/bin/apr-1-config --with-java-home=/usr/local/java/makemake install
catalina.sh
CATALINA_OPTS="-Djava.library.path=/usr/local/apr/lib"JAVA_OPTS="-Xss128k -Xms128m -Xmx1024m -XX:PermSize=128M -XX:MaxPermSize=256m -XX:MaxNewSize=256m"
启动
startup.sh
47.1.1.1. tomcat-native
cd /usr/local/tomcat-6.0.18/bintar zxvf tomcat-native.tar.gzcd tomcat-native-1.1.14-src/jni/native./configure --with-apr=/usr/local/apr --with-java-home=/usr/java/jdk1.6.0_11make && make install
47.1.1.2. 启动脚本
例 47.2. /etc/init.d/tomcat
# cat /etc/init.d/tomcat#!/bin/bash# description: Tomcat Start Stop Restart# processname: tomcat# chkconfig: 234 20 80JAVA_HOME=/srv/javaCATALINA_HOME=/srv/apache-tomcat# Source function library.. /etc/init.d/functions# Source networking configuration.. /etc/sysconfig/networkif [ -f /etc/sysconfig/tomcat ]; then . /etc/sysconfig/tomcatfiprog=tomcatlockfile=/var/lock/subsys/$progpidfile=${PIDFILE-/var/run/$prog.pid}lockfile=${LOCKFILE-/var/lock/subsys/$prog}RETVAL=0OPTIONS="--pidfile=${pidfile}"start(){ # Start daemons. echo -n $"Starting $prog: " #daemon $prog $OPTIONS $CATALINA_HOME/bin/startup.sh RETVAL=$? echo [ $RETVAL -eq 0 ] && touch $lockfile return $RETVAL}stop() { echo -n $"Stopping $prog: "# killproc -p ${pidfile} -d 10 $httpd $CATALINA_HOME/bin/shutdown.sh RETVAL=$? echo [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}}case $1 in start) start ;; stop) stop ;; restart) start stop ;;esacexit 0 创建 /etc/init.d/tomcat 文件,复制并粘贴上面的启动脚本
vim /etc/init.d/tomcatchmod +x /etc/init.d/tomcatchkconfig --add tomcatchkconfig --level 234 tomcat onchkconfig --list tomcat
47.1.2. Tomcat 7
47.1.2.1. Server JRE
安装 Server JRE
cd /usr/local/src/tar zxvf server-jre-7u21-linux-x64.gzmv jdk1.7.0_21 /srv/ln -s /srv/jdk1.7.0_21 /srv/java
或者
curl -sS https://raw.github.com/netkiller/shell/master/java/server-jre.sh | bash
47.1.2.2. Tomcat
安装下面步骤安装Tomcat,注意不要使用root启动tomcat。这里使用www用户启动tomcat,这样的目的是让tomcat进程继承www用户权限。
cd /usr/local/src/wget http://ftp.cuhk.edu.hk/pub/packages/apache.org/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40.tar.gztar zxvf apache-tomcat-7.0.40.tar.gzmv apache-tomcat-7.0.40 /srv/ln -s /srv/apache-tomcat-7.0.40 /srv/apache-tomcatrm -rf /srv/apache-tomcat/webapps/*cat > /srv/apache-tomcat/bin/setenv.sh <<'EOF'export JAVA_HOME=/srv/javaexport JAVA_OPTS="-server -Xms512m -Xmx8192m -XX:PermSize=64M -XX:MaxPermSize=512m"export CATALINA_HOME=/srv/apache-tomcatexport CLASSPATH=$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$CATALINA_HOME/lib:export PATH=$PATH:$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$CATALINA_HOME/bin:EOFcp /srv/apache-tomcat/conf/server.xml{,.original}groupadd -g 80 wwwadduser -o --home /srv --uid 80 --gid 80 -c "Web Application" wwwchown www:www -R /srv/*su - www -c "/srv/apache-tomcat/bin/startup.sh" 或者运行下面脚本快速安装
curl -sS https://raw.github.com/netkiller/shell/master/apache/tomcat/install.sh | bash
47.1.3. Java 8 + Tomcat 8
安装Java 8
cd /usr/local/src/tar zxf server-jre-8u20-linux-x64.gz mv jdk1.8.0_20 /srv/ln -s /srv/jdk1.8.0_20 /srv/javacat >> /etc/profile.d/java.sh <<'EOF'export JAVA_HOME=/srv/javaexport JAVA_OPTS="-server -Xms512m -Xmx8192m"export CLASSPATH=$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$CATALINA_HOME/lib:export PATH=$PATH:$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$CATALINA_HOME/bin:EOF
![[注意]](http://www.netkiller.cn/graphics/note.png) | 注意 |
|---|---|
| Java 8 取消了 PermSize 与 MaxPermSize 配置项" |
cd /usr/local/src/wget http://ftp.cuhk.edu.hk/pub/packages/apache.org/tomcat/tomcat-8/v8.0.12/bin/apache-tomcat-8.0.12.tar.gztar zxf apache-tomcat-8.0.12.tar.gz mv apache-tomcat-8.0.12 /srv/ln -s /srv/apache-tomcat-8.0.12 /srv/apache-tomcatrm -rf /srv/apache-tomcat/webapps/*cp /srv/apache-tomcat/conf/server.xml{,.original}cat > /srv/apache-tomcat/bin/setenv.sh <<'EOF'export JAVA_HOME=/srv/javaexport JAVA_OPTS="-server -Xms512m -Xmx8192m"export CATALINA_HOME=/srv/apache-tomcatexport CLASSPATH=$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$CATALINA_HOME/lib:/srv/IngrianJCE/lib/ext/IngrianNAE-5.1.1.jarexport PATH=$PATH:$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$CATALINA_HOME/bin:EOF 启动 Tomcat
groupadd -g 80 wwwadduser -o --home /www --uid 80 --gid 80 -c "Web Application" wwwchown www:www -R /srv/apache-tomcat-*su - www -c "/srv/apache-tomcat/bin/startup.sh"
47.1.3.1. systemctl 启动脚本
curl -s https://raw.githubusercontent.com/oscm/shell/master/web/tomcat/systemctl.sh | bash
47.1.3.2. Session 共享
$ git clone https://github.com/chexagon/redis-session-manager.git$ cd redis-session-manager/$ mvn package$ ls target/redis-session-manager-with-dependencies-2.1.1-SNAPSHOT.jar redis-session-manager-with-dependencies-2.1.1-SNAPSHOT.jar$ cp target/redis-session-manager-with-dependencies-2.1.1-SNAPSHOT.jar /srv/apache-tomcat/apache-tomcat-8.5.11/lib/
如果Redis是 127.0.0.1 配置 conf/context.xml 加入下面一行,
完整的配置
例 47.3. Example /srv/apache-tomcat/conf
cat context.xmlWEB-INF/web.xml ${catalina.base}/conf/web.xml
47.1.3.2.1. test session
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>set session <%= session.getId() %> <% session.setAttribute("neo", "netkiller"); %>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>get session <%= session.getId() %> <%=(String)session.getAttribute("neo")%>
47.1.4. 防火墙配置
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
80 跳转 8080 方案
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
取消跳转
iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
查看规则
iptables -t nat -L
例 47.4. tomcat firewall
下面是完整的例子,仅供参考,复制到 /etc/sysconfig/iptables 文件中,重启iptables即可生效。
# cat /etc/sysconfig/iptables# Generated by iptables-save v1.4.7 on Mon Jul 22 15:58:35 2013*nat:PREROUTING ACCEPT [7:847]:POSTROUTING ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-port 8080COMMIT# Completed on Mon Jul 22 15:58:35 2013# Generated by iptables-save v1.4.7 on Mon Jul 22 15:58:35 2013*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [42303:3464247]-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT# Completed on Mon Jul 22 15:58:35 2013
47.1.5. 同时运行多实例
创建工作目录
mkdir /srv/apache-tomcat
每个端口一个目录
tar zxvf apache-tomcat-7.0.x.tar.gzmv apache-tomcat-7.0.x /srv/apache-tomcat/8080tar zxvf apache-tomcat-7.0.x.tar.gzmv apache-tomcat-7.0.x /srv/apache-tomcat/9090
修改 Server port="8006" 与 Connector port="9090"端口,不要出现重复。
启动tomcat然后观察catalina.log日志文件,确认每个进程都正确启动。
47.1.6. Testing file
创建测试文件
vim webapps/ROOT/index.jsp<%@ page contentType="text/html;charset=utf-8"%>helloworld! <%="It works!"%>
<%out.println("Hello World!
");%>
<%=new java.util.Date()%>
使用curl命令测试,测试结果类似下面结果。
$ curl http://192.168.6.9/index.jsphelloworld! It works!
Hello World!
Mon Jul 22 16:41:46 HKT 2013
47.1.7. mod_jk
mod_jk 安装
tar zxvf tomcat-connectors-1.2.23-src.tar.gzcd tomcat-connectors-1.2.23-src/native/./configure --with-apxs=/usr/local/apache/bin/apxsmakemake installchmod 755 /usr/local/apache/modules/mod_jk.so
httpd.conf 尾部加入
Include conf/mod_jk.conf
配置workers.properties
apache/conf/workers.properties# Define 1 real worker using ajp13worker.list=worker1# Set properties for worker1 (ajp13)worker.worker1.type=ajp13worker.worker1.host=127.0.0.1worker.worker1.port=8009worker.worker1.lbfactor=1worker.worker1.cachesize=128worker.worker1.cache_timeout=600worker.worker1.socket_keepalive=1worker.worker1.reclycle_timeout=300
mod_jk.conf
apache/conf/mod_jk.conf[chenjingfeng@d3010 Includes]$ cat mod_jk.conf# Load mod_jk moduleLoadModule jk_module modules/mod_jk.so# Where to find workers.propertiesJkWorkersFile /usr/local/apache/conf/workers.properties# Where to put jk logsJkLogFile /usr/local/apache/logs/mod_jk.log# Set the jk log level [debug/error/info]JkLogLevel error# Select the log formatJkLogStampFormat "[%a %b %d %H:%M:%S %Y] "# JkOptions indicate to send SSL KEY SIZE,JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories# JkRequestLogFormat set the request formatJkRequestLogFormat "%w %V %T"JkShmFile /usr/local/apache2/logs/mod_jk.shm# Send jsp,servlet for context * to worker named worker1JkMount /status/* worker1JkMount /*.jsp worker1JkMount /*.jsps worker1JkMount /*.do worker1JkMount /*Servlet worker1JkMount /jk/* worker1
分别测试apache,tomcat
47.1.8. mod_proxy_ajp
包含虚拟主机配置文件
# vi conf/httpd.conf# Virtual hostsInclude conf/extra/httpd-vhosts.conf
虚拟主机中配置ProxyPass,ProxyPassReverse
# vi conf/extra/httpd-vhosts.confServerName netkiller.8800.org ProxyPass /images ! ProxyPass /css ! ProxyPass /js ! ProxyPass /ajp ajp://localhost:8009/ajp ProxyPassReverse /ajp ajp://localhost:8009/ajp
反向代理和均衡负载模块
LoadModule proxy_module modules/mod_proxy.soLoadModule proxy_ajp_module modules/mod_proxy_ajp.soLoadModule proxy_balancer_module modules/mod_proxy_balancer.soProxyPass /admin balancer://tomcatcluster/admin lbmethod=byrequests stickysession=JSESSIONID nofailover=Off timeout=5 maxattempts=3ProxyPassReverse /admin balancer://tomcatcluster/adminBalancerMember ajp://localhost:8009 route=web1 BalancerMember ajp://localhost:10009 smax=10 route=web2 BalancerMember ajp://localhost:11009 route=web3 BalancerMember ajp://localhost:12009 smax=10 route=web4
47.1.9. RewriteEngine 连接 Tomcat
RewriteEngine OnRewriteRule ^/(.*) ajp://localhost:8009/ajp/$1 [P]RewriteRule ^/(.*\.(jsp|do|sevlet)) ajp://localhost:8009/ajp/$1 [P]
47.1.10. SSL 双向认证
首先我并不建议使用 tomcat 实现SSL双向验证,这个工作可以交给 Web 服务器完成。但有些场景可能需要,可以参考下面例子。
服务器端证书
keytool -genkey -v -alias serverKey -dname "CN=localhost" -keyalg RSA -keypass xxxxxx -keystore server.ks -storepass xxxxxx
客户端证书
keytool -genkey -v -alias clientKey -dname "CN=SomeOne" -keyalg RSA -keypass xxxxxx -keystore client.p12 -storepass xxxxxx -storetype PKCS12 keytool -export -alias clientKey -file clientKey.cer -keystore client.p12 -storepass xxxxxx -storetype PKCS12
导入客户端证书
keytool -import -v -alias clientKey -file clientKey.cer -keystore server.ks -storepass xxxxxx
如果希望在 Windows 浏览器中访问,下导入证书方式,双击 client.p12 文件,安装提示导入
配置 Tomcat ,编辑 server.xml 文件
原文出处:Netkiller 系列 手札
本文作者:陈景峯 转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。
你可能感兴趣的文章
php分享二十八:mysql运行中的问题排查
查看>>
关于EventSource的精华
查看>>
.NET领域最为流行的IOC框架之一Autofac
查看>>
IntelliJ IDEA使用记录
查看>>
所谓完整的linux系统包括哪些部分呢?【转】
查看>>
Swift中出现“no such module cocoa”的错误
查看>>
开关电源过流保护-打嗝模式
查看>>
使用 jQuery Deferred 和 Promise 创建响应式应用程序
查看>>
EasyUI中那些不容易被发现的坑——EasyUI重复请求2次的问题
查看>>
nodejs教程
查看>>
NestIn VS插件 visual studio 中将同类CS文件放在一起显示
查看>>
iOS开发基础知识--碎片44
查看>>
ConcurrentHashMap原理分析
查看>>
Move to Another Changelist
查看>>
dede自定义表单增加添加时间怎么弄
查看>>
linux sort命令
查看>>
PHP- 深入PHP、Redis连接
查看>>
大数据分析神兽麒麟(Apache Kylin)
查看>>
[LeetCode] Ternary Expression Parser 三元表达式解析器
查看>>
很认真的聊一聊程序员的自我修养
查看>>