由于官方仓库不能使用sun的java包,利用yum安装tomcat 时会默认安装openjdk 作为依赖包,但是openjdk并不好用。tomcat跟apache、php不同,它无需编译即可运行,故可不需要安装源码包,tar.gz包 和rpm包不存在内在性能问题。 并且tomcat 漏洞频出,如果手动安装的话,需要我们时刻维护它,而官方仓库中的tomcat 可以经常得到更新。
tomcat虽然简单,手动安装其实并不容易,常常考虑不周全,我见过很多人用root来运行tomcat,不多解释。
而rpm包很好的解决了这个问题。
下面的办法可以两全其美。
1、使用了sun的java
2、使用了仓库中的tomcat
环境centos 6 x64
下载并安装最新的sun jdk
# rpm -ivh jdk-7u25-linux-amd64.rpm
输出java 变量
# export JAVA_HOME=/usr/java/default
# export PATH=$PATH:$JAVA_HOME/bin
# export CLASSPATH=.:$JAVA_HOME/jre/lib:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jar
# cat > /etc/profile.d/java.sh /etc/tomcat/tomcat.conf
# echo JAVA_OPTS=\"-server -Xms256M -Xmx512M -XX:PermSize=64M -XX:MaxPermSize=128M\" >>/etc/tomcat/tomcat.conf
tomcat启用apr或NIO,关闭客户端DNS查询,优化性能
# rpm-ivh epel-release-6-7.noarch.rpm
# yum install tomcat-native apr apr-util --enablerepo=epel
apr 在安装后就会被tomcat自动启用,启动日志里会有“http-apr”字样。
使用NIO,修改/etc/tomcat/server.xml,
将
改为
其它优化,伪装header,禁用dns查询,gzip压缩
编辑/etc/tomcat/tomcat-users.xml,
在大约倒数第10行左右添加一个用户,以便登录tomcat manager
隐藏tomcat版本号和标识
cd /usr/share/tomcat/lib
mkdir -p org/apache/catalina/util
echo "server.info=Apache tomcat" > org/apache/catalina/util/ServerInfo.properties
启动tomcat
# chkconfig tomcat on
# /etc/init.d/tomcat start
查看进程
# ps aux |grep tomcat
tomcat 2052 0.8 13.9 1304208 142968 ? Sl 22:10 0:05 /usr/bin/java -Xmx512M -Xms256M -classpath .:/usr/java/default/jre/lib:/usr/java/default/lib:/usr/java/default/lib/tools.jar:/usr/share/tomcat6/bin/bootstrap.jar:/usr/share/tomcat6/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat6 -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat6/temp -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
root 2152 0.0 0.0 6420 592 pts/0 S+ 22:21 0:00 grep tomcat
如果没有防火墙,直接访问IP 加 8080端口即可看到tomcat的欢迎主页,侧边栏有tomcat manager。
页面测试
cat >/var/lib/tomcat/webapps/ROOT/test.jsp
EOF
访问http://your-ip:8080/test.jsp,应该能看到hello world
查看日志,没有发现异常
# cat /var/log/tomcat/catalina.out
Sep 02, 2013 10:23:04 PM org.apache.coyote.http11.Http11NioProtocol pause
INFO: Pausing Coyote HTTP/1.1 on http-8080
Sep 02, 2013 10:23:04 PM org.apache.coyote.ajp.AjpAprProtocol pause
INFO: Pausing Coyote AJP/1.3 on ajp-8009
Sep 02, 2013 10:23:05 PM org.apache.catalina.core.StandardService stop
INFO: Stopping service Catalina
Sep 02, 2013 10:23:05 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextDestroyed()
Sep 02, 2013 10:23:05 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextDestroyed()
Sep 02, 2013 10:23:05 PM org.apache.coyote.http11.Http11NioProtocol destroy
INFO: Stopping Coyote HTTP/1.1 on http-8080
Sep 02, 2013 10:23:06 PM org.apache.coyote.ajp.AjpAprProtocol destroy
INFO: Stopping Coyote AJP/1.3 on ajp-8009
Sep 02, 2013 10:23:08 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.22.
Sep 02, 2013 10:23:08 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
Sep 02, 2013 10:23:08 PM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector
INFO: Using a shared selector for servlet write/read
Sep 02, 2013 10:23:08 PM org.apache.coyote.http11.Http11NioProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Sep 02, 2013 10:23:08 PM org.apache.coyote.ajp.AjpAprProtocol init
INFO: Initializing Coyote AJP/1.3 on ajp-8009
Sep 02, 2013 10:23:08 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 827 ms
Sep 02, 2013 10:23:08 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Sep 02, 2013 10:23:08 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.24
Sep 02, 2013 10:23:08 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor host-manager.xml
Sep 02, 2013 10:23:09 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor manager.xml
Sep 02, 2013 10:23:09 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory ROOT
Sep 02, 2013 10:23:09 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory examples
Sep 02, 2013 10:23:10 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
Sep 02, 2013 10:23:10 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
Sep 02, 2013 10:23:10 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory sample
Sep 02, 2013 10:23:10 PM org.apache.coyote.http11.Http11NioProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Sep 02, 2013 10:23:10 PM org.apache.coyote.ajp.AjpAprProtocol start
INFO: Starting Coyote AJP/1.3 on ajp-8009
Sep 02, 2013 10:23:10 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 1350 ms
网上有很多教程修改tomcat的监听端口,有些误人子弟。修改端口分为两种情况。
1)高位端口(1024以上),这里以8088为例。
编辑文件/etc/tomcat/server.xml,将下列文本内容中的8080改为8088即可
2)低位端口
如果想让tomcat监听在1024以下的端口,比如80,如果你按照上面的方法修改成功了,几乎可以证明,你在用特权用户(root)身份运行tomcat 。这犯了安全大忌。
这个时候需要曲线救国,可以让iptables帮忙将80端口的请求重定向到本机的8080端口。
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
另一种更流行的方法是在tomcat前端加上nginx反向代理,或者叫tomcat的负载均衡集群,nginx额外还可以缓存静态文件,做动静分离。
示例配置文件/etc/nginx/conf.d/tomcat.conf,内容如下。
proxy_cache_path /var/cache/nginx/proxy_cache levels=1:2 keys_zone=static:10m inactive=1d max_size=1g;
upstream tomcat {
server 127.0.0.1:8080;
keepalive 16;
}
server {
listen 80;
server_name tomcat.example.com;
charset utf-8;
access_log /var/log/nginx/tomcat.access.log main;
root /usr/share/nginx/html;
index index.html index.htm index.jsp;
location / {
proxy_pass http://tomcat;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
location ~* ^.+\.(js|css|ico|gif|jpg|jpeg|png|html|htm)$ {
proxy_pass http://tomcat ;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache static;
proxy_cache_key $host$uri$is_args$args;
proxy_cache_valid 200 302 1d;
proxy_cache_valid 404 1m;
proxy_cache_valid any 1h;
add_header X-Cache $upstream_cache_status;
expires 7d;
}
location ~ /\.ht {
deny all;
}
}
反向代理的“坏处”是tomcat无法正确获得客户端地址,需要修改tomcat配置文件server.xml的日志配置
有时候,我们想给tomcat多开几个实例,每个实例监听不同的端口,其实tomcat配置文件支持多端口,也就是多加几个段,尽管与多实例有些区别,但效果上和多实例相同。
示例:
mkdir -p /usr/share/tomcat/webapps8081/ROOT
mkdir -p /usr/share/tomcat/webapps8082/ROOT
mkdir -p /etc/tomcat/Catalina
chown -R tomcat:tomcat /etc/tomcat/Catalina (tomcat 分别监听8080,8081,8082三个端口 ,配置文件/etc/tomcat/server.xml,注意字段 Service name 、Connect port、defaulthost、Host name、appBase)
tomcat目录下有upload目录,想要和程序分离?
解决方法,修改server.xml
添加一行 |
QQ群⑧:
YunVN网友
发表于 2018-11-30 07:51:11
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
悔悟卡
匿名卡
显身卡