Keeping updated version
Remove the default application
Delete all files in the webapps directory, but also to two profiles and host-manager.xml manager.xml management pages have deleted these two files in the tomcat conf directory / Catalina / localhost directory installation.
Service down the right use of ordinary users to run tomcat
Hide tomcat version
lib / catalina.jar modified serverinfo field org / apache / catalina / util / ServerInfo.properties file
Configuration parameters connector
<Connector
port="9689"
executor="tomcatThreadPool"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
connectionTimeout="20000"
maxConnections="5000"
redirectPort="8443"
enableLookups="false"
acceptCount="100"
maxPostSize="10485760"
compression="on"
disableUploadTimeout="true"
compressionMinSize="50"
acceptorThreadCount="2"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/javascript"
URIEncoding="utf-8"
/>
Configure thread pool
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="800" minSpareThreads="100" prestartminSpareThreads="true" maxQueueSize="100"/>
Management port shutdown
Tomcat provides the ability to connect through port 8005 to perform Socket shut down the service, which in a production environment is extremely dangerous. By modifying the server.xml configuration file to disable the administration port:
<Server Port = "8005" the shutdown = "SHUTDOWN"> changed to <Server port = "- 1" shutdown = "SHUTDOWN">
Administration AJP connector port
Tomcat server establishes a connection with the client is connected via Connector assembly, Connector component responsible for receiving client requests and sends the Tomcat server response result to the client. By default, Tomcat in server.xml configure two connectors, for use AJP, and used to bind apache, using http. When using http, it proposed to prohibit the AJP port access. Disable way is to comment the line in server.xml:
<-! <Connector Port = "8329" Protocol = "AJP / 1.3" redirectPort = "8443" /> ->
WAR package deploy automatically shut down, shut down tomcat automatically extract &&&&&& (closed after deployment projects need to manually extract the war package)
The default Tomcat opened to heat the WAR deployment. I propose to close automatically deployed to prevent malicious Web site after WAR replaced due to hanging horse. Close the WAR automatic deployment in the manner of modifying server.xml
<Host name = "localhost" appBase = "webapps" unpackWARs = "true" autoDeploy = "true"> into <Host name = "localhost" appBase = "webapps "unpackWARs =" false "autoDeploy = " false ">
Custom Error Pages
By custom error pages, you can prevent information leakage when an unhandled exception occurs caused. Custom error page mode, the edit web.xml, add the following on the label:
<error-Page>
<error-code> 404 </ error-code>
<LOCATION> /error.html </ LOCATION>
</ Page-error>
<error-Page>
<error-code> 400 </ error-code>
<LOCATION> /error.html </ LOCATION>
</ error-Page>
<-error Page>
<error-code> 500 < / error-code>
<LOCATION> /error.html </ LOCATION>
</ error-Page>
Tomcat JVM memory settings
In a production environment, tomcat is prone to bad memory settings JVM memory overflow, the solution is: Modify (catalina.bat when modifying the windows system files) catalina.sh file in Tomcat. In catalina.sh file, found cygwin = false, this line was added in front of the parameters, as follows:
the JAVA_OPTS = '- Server -Xms2048m -Xmx2048m -XX: 512M the NewSize = -XX: MaxNewSize -XX = 1024M: PermSize = 256M -XX: MaxPermSize = 512m '
Reference: https: //blog.csdn.net/ThinkWon/article/details/102744033