Tomcat的常用安全管理规范:
- 如何修改tomcat的默认路径:
1、主配置文件是server.xml ,如何修改tomcat默认访问路径:
a、创建jsp目录和index.jsp页面:
[root@zabbix-node1 ~]# mkdir -p /var/wwwroot/jsp
[root@zabbix-node1 ~]# echo "jsp.test.com" > /var/wwwroot/jsp/index.jsp
b、在tomcat下的conf目录下,编辑server.xml文件:
在<Host></Host>之间加上以下代码:
[root@zabbix-node1 ~]# vi /usr/local/tomcat/conf/server.xml
<Context path="" docBase="/var/wwwroot/jsp/" crossContext="true" debug="0" reloadable="true" trusted="false" >
</Context>
注意:/usr/local/tomcat/webapps/ROOT/ 项目的绝对路径
c、tomcat的web.xml(在conf目录下),在该文件中找到
复制代码 代码如下:
[root@zabbix-node1 ~]# vi /usr/local/tomcat/conf/web.xml
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
注意:JSP存放目录在/var/wwwroot/jsp,要想http://localhost:8080/jsp打开可以访问到,那么只要把path="/jsp" , docBase="/var/wwwroot/jsp 就可以了。记住修改过的操作一定要重启tomcat才能生
d、访问测试:
二、修改默认监听的8005和8009端口:
1、我们看一下如何能通过8005端口关闭进程:
[root@zabbix-node1 ~]# vi /usr/local/tomcat/conf/server.xml //查看下面的内容
<Server port="8005" shutdown="SHUTDOWN">
[root@zabbix-node1 ~]# yum -y install telnet
[root@zabbix-node1 ~]# netstat -tunlp
2、我解决的方法:
a.修改端口8111
b.修改SHUTDOWN为别人猜不到的。
[root@zabbix-node1 ~]# vi /usr/local/tomcat/conf/server.xml
<Server port="8111" shutdown="yanyb-haha">
改完重启服务
[tomcat@zabbix-node1 ~]$ /etc/init.d/tomcat.sh restart
测试:
3、注稀掉默认的8009端口:
[root@zabbix-node1 ~]# vi /usr/local/tomcat/conf/server.xml
<!-- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> -->
改完重启服务
[tomcat@zabbix-node1 ~]$ /etc/init.d/tomcat.sh restart
[root@zabbix-node1 ~]# netstat -tunlp
三、server heaber重写:
1、首先我们来查看一下:
[root@zabbix-node1 ~]# curl --head http://www.jd.com/
HTTP/1.1 302 Moved Temporarily
Server: JDWS/2.0
Date: Thu, 23 Aug 2018 09:44:19 GMT
Content-Type: text/html
Content-Length: 157
Connection: keep-alive
Location: https://www.jd.com/
Strict-Transport-Security: max-age=3600
[root@zabbix-node1 ~]# curl --head http://www.baidu.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: Keep-Alive
Content-Length: 277
Content-Type: text/html
Date: Thu, 23 Aug 2018 09:50:44 GMT
Etag: "575e1f71-115"
Last-Modified: Mon, 13 Jun 2016 02:50:25 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
[root@zabbix-node1 ~]#
[root@zabbix-node1 ~]#
[root@zabbix-node1 ~]# curl --head http://192.168.91.133:8080/ //我的没有server,奇怪了。
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Thu, 23 Aug 2018 09:44:27 GMT
[root@zabbix-node1 ~]#
2、修改server.xml:
[root@zabbix-node1 ~]# vi /usr/local/tomcat/conf/server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
改为:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" server="YANYB" />
重启服务测试:
[tomcat@zabbix-node1 ~]$ /etc/init.d/tomcat.sh restart
[root@zabbix-node1 ~]# curl --head http://192.168.91.133:8080/
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Thu, 23 Aug 2018 09:49:24 GMT
Server: YANYB 《==========打一下广告
总结:
第一个连接器监听8080端口,负责建立HTTP连接。在通过浏览器访问Tomcat服务器的Web应用时,使用的就是这个连接器。
第二个连接器监听8009端口,负责和其他的HTTP服务器建立连接。在把Tomcat与其他HTTP服务器集成时,就需要用到这个连接器。