tomcat与tomcat证书域名部署

于 2021-11-08 16:36:50 发布
阅读量1.2k 收藏 3
点赞数 1
分类专栏: linux 基础知识 文章标签: tomcat linux java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/jialiu111111/article/details/121210851
版权
本文详细介绍了在Linux环境下如何安装和配置Tomcat,包括Java环境的设置、Tomcat的安装、Apache APR库的优化、多项目部署、HTTPS证书配置以及日志切割。此外,还提供了启动脚本的创建和HTTP自动跳转HTTPS的安全配置方法。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

tomcat 单实例部署

1.安装java
mkdir /data

wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u141-b15/336fa29ff2bb4ef291e347e091f7f4a7/jdk-8u141-linux-x64.tar.gz" 
tar xzf jdk-8u141-linux-x64.tar.gz
mv jdk-8u141-linux-x64 jdk8
mv jdk8 /data
#tomcat在启动的时候session引起的随机数问题导致的,Tocmat的Session
sed -i 's/securerandom.source=file:\/dev\/urandom/securerandom.source=file:\/dev\/.\/urandom/g' /data/jdk8/jre/lib/security/java.security
#添加java环境变量
vi /etc/profile.d/java.sh 
export JAVA_HOME=/data/jdk8
export CLASSPATH=.:${JAVA_HOME}/jre/lib/rt.jar:${JAVA_HOME}/lib/tools.jar
export PATH=$PATH:${JAVA_HOME}/bin
#加载环境变量
source /etc/profile.d/java.sh

#2.安装tomcat
wget https://downloads.apache.org/tomcat/tomcat-8/v8.5.72/bin/apache-tomcat-8.5.72.tar.gz.sha512
tar -zxvf apache-tomcat-8.5.72.tar.gz
rm -rf apache-tomcat-8.5.72.tar.gz 
mv apache-tomcat-8.5.72 tomcat

#3.apr启动优化
yum -y install openssl gcc gcc-c++ wget apr-devel openssl-devel
cd /home/tomcat/bin
mkdir /usr/local/apr
tar -zxvf tomcat-native.tar.gz -C /usr/local/apr

cd /usr/local/apr/tomcat-native-1.2.31-src/native/

./configure --prefix=/usr/local/apr

make && makeinstall

#apr优化路径与tomcat正确时间设置
sed '11iJAVA_OPTS="$JAVA_OPTS -Djava.library.path=/usr/local/apr/lib"' -i /home/tomcat/bin/catalina.sh
sed '11iJAVA_OPTS="	-Duser.timezone=GMT+08"' -i /home/tomcat/bin/catalina.sh

rm -rf docs examples host-manager manager
 
vi /home/tomcat/conf/server.xml 
      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->

        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
	    
		<Context path="" docBase="/home/applications/huaniupaipai-h5" reloadable="true" 
		   caseSensitive="false" debug="0"></Context> 	

      </Host>
    </Engine>
  </Service>
</Server>

 
./catalina.sh start

tomcat同一个端口部署多个项目

比如:有tomcatA下有 web1这个项目和有web2这个项目。
能通过设置实现如下的访问吗?
访问web1: http://localhost:8080/web1
访问web2: http://localhost:8080/web2

tomcat https证书访问配置

80端口访问tomcat
server.xml将Connector port="8080"更改为80即可-->重启tomcat-->完成端口更改-->下次直接输入localhost:80即可
编辑 <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"

               redirectPort="8443" />

为<Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"

               redirectPort="8443" />

因为80是http请求的默认端口,所以设置此处即可实现域名直接访问

https请求配置:

打开tomcat下conf目录下的server.xml文件,接8080以下增加配置
并修改证书访问路径为下:
    <Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" />
     <Connector port="443"
     protocol="org.apache.coyote.http11.Http11NioProtocol"
     SSLEnabled="true"
     scheme="https"
     secure="true"
     keystoreFile="/usr/local/tomcat/conf/cert/你的证书名.pfx"
     keystoreType="PKCS12"
     keystorePass="你的证书密码"
     clientAuth="false"

 SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"     ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>

     <Context path="" docBase="/home/applications/huaniupaipai-h5" reloadable="true" 
		   caseSensitive="false" debug="0"></Context>
      </Host>



然后,将文件中涉及到的8443端口改为443端口(443为https下默认请求端口)

tomcat多实例安装配置

wget https://dlcdn.apache.org/tomcat/tomcat-8/v8.5.72/bin/apache-tomcat-8.5.72.tar.gz
tar -zxvf apache-tomcat-8.5.72.tar.gz          
mv apache-tomcat-8.5.72.tar.gz tomcat
mkdir -p /home/applications/app/frontapp      
cd /usr/local/tomcat 
mv conf/ logs/ temp/ webapps/ work/ /home/applications/app/frontapp

vim /home/applications/app/frontapp/conf/server.xml
<Server port="5020" shutdown="SHUTDOWN">
 <Connector port="5021" protocol="HTTP/1.1"
<Connector port="5022" protocol="AJP/1.3" redirectPort="8443" />
<Context path="" docBase="/home/applications/caipiao/frontapp" debug="0" reloadable="true" crossContext="true"/>
	<Valve className="org.apache.catalina.valves.RemoteIpValve" />
mkdir -p  /home/applications/app/frontapp
vim index.html
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Welcome Page</title>
</head>
<body>
	Welcome Page
</body>

制作启动脚本
mkdir -p /home/applications/app.sh
vim frontapp.sh
#!/bin/bash
#__author__:tangshupei

export CATALINA_HOME=/usr/local/tomcat
#export CATALINA_BASE=${1%/}
export CATALINA_BASE=/home/applications/app/frontapp

case $1 in
start)
	TOMCAT_ID=`ps aux |grep "java"|grep "Dcatalina.base=$CATALINA_BASE "|grep -v "grep"|awk '{ print $2}'`
	if [ -n "$TOMCAT_ID" ] ; then
		echo -e  "\033[31mtomcat(${TOMCAT_ITOMCAT_ID}) still running now , please shutdown it firest\033[0m";
		exit 2;
	fi
	TOMCAT_START_LOG=`$CATALINA_HOME/bin/startup.sh`
	if [ "$?" = "0" ]; then
		echo -e "\033[31m$0 \n$CATALINA_BASE start succeed\033[0m"
		sleep 2s
	else
		echo -e "\033[31m$0 \n$CATALINA_BASE  start failed\033[0m"
		echo $TOMCAT_START_LOG
	fi
	;;
stop)
	TOMCAT_ID=`ps aux |grep "java"|grep "Dcatalina.base=$CATALINA_BASE "|grep -v "grep"|awk '{ print $2}'`
	if [ -n "$TOMCAT_ID" ] ; then
		TOMCAT_STOP_LOG=`$CATALINA_HOME/bin/shutdown.sh`
	else
		echo -e "\033[31mTomcat instance not found : $CATALINA_BASE\033[0m"
		exit
	fi
	if [ "$?" = "0" ]; then
		echo -e "\033[31m$0 \n$CATALINA_BASE stop succeed\033[0m"
		sleep 2s
	else
		echo -e "\033[31m$0 \n$CATALINA_BASE stop failed\033[0m"
		echo $TOMCAT_STOP_LOG
	fi
	;;
reload)
	$0 stop
	sleep 10s
	$0 start
	;;
*)
	
	echo -e  "\n\033[31mUsage: $0 start|stop|reload\033[0m"
;;
esac
exit 0

如果服务启动不了检查server.xml 里的目录路径肯定是搞错了

catalina.out 日志切割

https://www.linuxidc.com/Linux/2016-07/133539.htm

https://blog.csdn.net/woshiji594167/article/details/80923795

1# wget  https://files.cnblogs.com/files/crazyzero/cronolog-1.6.2.tar.gz
2# tar -zxf cronolog-1.6.2.tar.gz
3# cd  cronolog
4# ./configure 
5# make && make install

# which cronolog  验证安装是否成功
# /usr/local/sbin/cronolog       

# vi bin/catalina.sh

6

# vi bin/catalina.sh

找到下面这行

      org.apache.catalina.startup.Bootstrap "$@" start \
      >> "$CATALINA_OUT" 2>&1 &

修改为
	   org.apache.catalina.startup.Bootstrap "$@" start 2>&1 \
      | /usr/local/sbin/cronolog "$CATALINA_BASE"/logs/catalina.%Y-%m-%d.out >>/dev/null &
类似这样的行有2处,第一处是tomcat时带“-security”参数的启动,第二处是默认tomcat启动方式,也就是else下面的那部分,我们只修改这里。

另外还要把touch “$CATALINA_OUT"这行注释掉。
	  touch "$CATALINA_OUT"
// 修改为(即屏蔽此行)
# touch "$CATALINA_OUT"

完整的修改如下:
  #touch "$CATALINA_OUT"
  if [ "$1" = "-security" ] ; then
    if [ $have_tty -eq 1 ]; then
      echo "Using Security Manager"
    fi
    shift
    eval $_NOHUP "\"$_RUNJAVA\"" "\"$LOGGING_CONFIG\"" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
      -Djava.endorsed.dirs="\"$JAVA_ENDORSED_DIRS\"" -classpath "\"$CLASSPATH\"" \
      -Djava.security.manager \
      -Djava.security.policy=="\"$CATALINA_BASE/conf/catalina.policy\"" \
      -Dcatalina.base="\"$CATALINA_BASE\"" \
      -Dcatalina.home="\"$CATALINA_HOME\"" \
      -Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \
	   org.apache.catalina.startup.Bootstrap "$@" start 2>&1 \
      | /usr/local/sbin/cronolog "$CATALINA_BASE"/logs/catalina.%Y-%m-%d.out >>/dev/null &

  else
    eval $_NOHUP "\"$_RUNJAVA\"" "\"$LOGGING_CONFIG\"" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
      -Djava.endorsed.dirs="\"$JAVA_ENDORSED_DIRS\"" -classpath "\"$CLASSPATH\"" \
      -Dcatalina.base="\"$CATALINA_BASE\"" \
      -Dcatalina.home="\"$CATALINA_HOME\"" \
      -Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \
	   org.apache.catalina.startup.Bootstrap "$@" start 2>&1 \
      | /usr/local/sbin/cronolog "$CATALINA_BASE"/logs/catalina.%Y-%m-%d.out >>/dev/null &

  fi

HTTP 自动跳转 HTTPS 的安全配置(可选)

如果您需要将 HTTP 请求自动重定向到 HTTPS。您可以通过以下操作设置:

  1. 编辑 /usr/*/conf 目录下的 web.xml 文件,找到 </welcome-file-list> 标签。
  2. 请在结束标签 </welcome-file-list> 后面换行,并添加以下内容
<login-config>
    <!-- Authorization setting for SSL -->
    <auth-method>CLIENT-CERT</auth-method>
    <realm-name>Client Cert Users-only Area</realm-name>
    </login-config>
    <security-constraint>
    <!-- Authorization setting for SSL -->
    <web-resource-collection>
    <web-resource-name>SSL</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值