Project environment
系统平台:
CentOS Linux release 7.4.1708 (Core) 内核 3.10.0-693.el7.x86_64 最小化安装
Configure the jdk environment
Go to oracle official website to download the component Java SE Development Kit 8u162 that meets the project requirements
http://download.oracle.com/otn-pub/java/jdk/8u162-b12/0da788060d494f5095bf8624735fa2f1/jdk-8u162-linux-x64.tar.gz
# cd /usr/local/
# tar xvf jdk-8u162-linux-x64.tar.gz -C /usr/local/
# ln -sv jdk1.8.0_162/ javajdk
# vim /etc/profile.d/java.sh
export JAVA_HOME=/usr/local/javajdk
export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH
export CLASSPATH=$JAVA_HOME/lib:$JAVA_HOME/jre/lib
# source /etc/profile.d/java.sh
# java -version
java version "1.8.0_162"
configure tomcat
Go to the official website to download the appropriate version
http://apache.mirrors.pair.com/tomcat/tomcat-9/v9.0.7/bin/apache-tomcat-9.0.7.tar.gz
# tar xvf apache-tomcat-9.0.7.tar.gz -C /usr/local/
# cd /usr/local/
# mv apache-tomcat-9.0.7/ tomcat-9.0.7
# ln -sv tomcat-9.0.7/ tomcat
Configure tomcat environment variables
# vim /etc/profile.d/tomcat.sh
export CATALINA_BASE=/usr/local/tomcat
export PATH=$CATALINA_BASE/bin:$PATH
Configure tomcat to start at startup
Method 1: Via catalina.sh
Directly call $CATALINA_HOME/bin/startup.sh to start tomcat, call $CATALINA_HOME/bin/shutdown.sh to shut down tomcat
The tomcat process is opened and maintained by the root user, which is flawed from a security point of view.
# vim /usr/local/tomcat/bin/catalina.sh
在第二行写入
JAVA_HOME=/usr/local/javajdk
CATALINA_BASE=/usr/local/tomcat
# echo "/usr/local/tomcat/bin/catalina.sh start" >> /etc/rc.local
# chmod +x /etc/rc.local > 这一步很重要
Method 2: Run as a daemon
Running tomcat in daemon mode can make tomcat unaffected by the terminal and will not stop running due to exiting the terminal. You can let tomcat run as a normal user, and you can let tomcat run automatically when the system starts.
Jsvc is a toolkit developed for Java applications, and its goal is to convert the normal running of Java applications to run as a Unix daemon. This way, applications can be started/stopped easily.
Commons-daemon-native.tar.gz or http://commons.apache.org/proper/commons-daemon/download_daemon.cgi in the bin/ directory where tomcat is installed
# cd /usr/local/tomcat-9.0.7/bin/
# tar xvf commons-daemon-native.tar.gz
# cd commons-daemon-1.1.0-native-src/unix/
# ./configure
# make
# cp jsvc /usr/local/tomcat/bin/
Create a Tomcat user
# useradd -r -s /sbin/nologin tomcat
# chown -R tomcat /usr/local/tomcat/
Script to configure startup with systemd
# vim /usr/lib/systemd/system/tomcat.service
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target
[Service]
Type=forking
EnvironmentFile=/usr/local/tomcat/conf/tomcat.conf
ExecStart=/usr/local/tomcat/bin/daemon.sh start
ExecStop=/usr/local/tomcat/bin/daemon.sh stop
SuccessExitStatus=143
User=tomcat
Group=tomcat
[Install]
WantedBy=multi-user.target
参数配置文件
# vim /usr/local/tomcat/conf/tomcat.conf
JAVA_HOME="/usr/local/javajdk"
CATALINA_BASE="/usr/local/tomcat"
CATALINA_HOME="/usr/local/tomcat"
TOMCAT_USER="tomcat"
#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3" > 调优使用
之后可以使用以下方式管理了
# systemctl status tomcat 状态
# systemctl start tomcat 启动
# systemctl stop tomcat 停止
可以看到是以jsvc进行运行
# ss -nltp|grep 8080
LISTEN 0 100 :::8080 :::* users:(("jsvc",pid=2953,fd=49))
Configure tomcat web management
# cd /usr/local/tomcat/conf/
# cp tomcat-users.xml{,.bak}
# vim tomcat-users.xml
role definition
1、Server Status
View read-only server status
2、Manager App
Manage apps, including start, stop, reload, undeploy of war package services, and configure session expiration time
The following role functions need to be enabled
manager-gui 允许访问html接口(即URL路径为/manager/html/*)
manager-script 允许访问纯文本接口(即URL路径为/manager/text/*)
manager-jmx 允许访问JMX代理接口(即URL路径为/manager/jmxproxy/*)
manager-status 允许访问Tomcat只读状态页面(即URL路径为/manager/status/*)
3、Host Manager
Manage and configure the Tomcat server
The following role functions need to be enabled
manager-gui 允许访问html接口(即URL路径为/manager/html/*)
admin-gui 允许访问html接口
admin-script 允许访问纯文本接口
###
The definition format of 4 roles and 5 functions is as follows
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
Add the username and password format, and authorize the access role as follows
<user username="用户名" password="密码" roles="这里是角色如:admin-gui,manager-gui"/>
<user username="tomcat" password="123abc" roles="admin-gui,manager-gui"/>
In addition to password restrictions, it is also possible to restrict access to the Manager web application by remote IP addresses or hosts, especially hosts on the public network, by adding or . Reference URL https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Remote_Address_Filter
以下2行看需要设置
# vim /usr/local/tomcat/webapps/manager/META-INF/context.xml
# vim /usr/local/tomcat/webapps/host-manager/META-INF/context.xml
添加允许访问的IP范围,否则只能本机访问
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192\.168\.10\.\d+" />
<Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.f
ilters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>
Modify the file size allowed to be uploaded by tomcat
Units are bytes
<multipart-config>
<!-- 50MB max -->
<max-file-size>52428800</max-file-size>
<max-request-size>52428800</max-request-size>
<file-size-threshold>0</file-size-threshold>
</multipart-config>
The above configuration needs to restart the tomcat service to take effect