docker部署带有账户密码的Tomcat
1 背景说明
使用Docker构建的Jeklins默认为JDK11,此时需要构建带有JDK11版本及Tomcat8版本的Docker镜像。可以在CentOS7的基础上,使用JDK11以及Tomcat8官方的安装包对原有的镜像进行构建。
构建有如下要求:
- Tomcat大版本为8.x
- JDK大版本为11
- 构建的镜像应该有账户和密码,便于后续管理
2 准备工作
1)下载Tomcat8
下载地址:https://tomcat.apache.org/download-80.cgi
详细版本为:apache-tomcat-8.5.78.tar.gz
2)下载JDK11
下载地址:https://www.oracle.com/java/technologies/javase/jdk11-archive-downloads.html
详细版本:jdk-11.0.13_linux-x64_bin.tar.gz
注意:官网下载需要登录,自己注册一个Oracle账户即可
3)准备挂载目录
宿主机使用/usr/local/webapps
挂载Tomcat中的webapps
sudo mkdir -p /usr/local/webapps
本机解压Tomcat后将webapps下的内容拷贝到Linux宿主机的/usr/local/webapps
目录下
注意修改webapps/manager/META-INF/context.xml
,注释掉远程访问的限制
修改后的内容如下
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<Context antiResourceLocking="false" privileged="true" >
<CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
sameSiteCookies="strict" />
<!--<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />-->
<Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>
4)准备tomcat-users.xml
本地将Tomcat解压文件conf目录下的tomcat-users.xml
文件拷贝出来,添加用户信息
在tomcat-users
下添加如下角色以及tomcat用户,密码也为tomcat
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<!-- ..... -->
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager-script"/>
<role rolename="manager-gui"/>
<role rolename="manager-status"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<user username="tomcat" password="tomcat" roles="manager-gui,manager- script,tomcat,admin-gui,admin-script"/>
</tomcat-users>
5)上传所需资料
依据个人习惯将所需资料上传到构建镜像的目录下,我这里上传到/server/docker-file/tomcat85_jdk11
下
所需的资料有
- apache-tomcat-8.5.78.tar.gz
- jdk-11.0.13_linux-x64_bin.tar.gz
- context.xml
- 修改后的
tomcat-users.xml
3 编写Dockerfile
在上传文件的目录下编写Dockerfile
FROM centos:7
MAINTAINER zyx
# 定义root密码
RUN echo "root:123321" | chpasswd
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& echo 'Asia/Shanghai' >/etc/timezone
# 创建两个新目录来存储jdk文件和tomcat文件
RUN mkdir /usr/local/java /usr/local/tomcat
# 将jdk压缩文件复制到镜像中,它将自动解压缩tar文件
ADD jdk-11.0.13_linux-x64_bin.tar.gz /usr/local/java/
ADD apache-tomcat-8.5.78.tar.gz /usr/local/tomcat/
# 修改文件夹名称
RUN mv /usr/local/java/jdk-11.0.13 /usr/local/java/jdk11
RUN mv /usr/local/tomcat/apache-tomcat-8.5.78 /usr/local/tomcat/tomcat8
# 修改tomcat配置文件添加tomcat用户以及外部访问权限
# COPY context.xml /usr/local/tomcat/tomcat8/webapps/manager/META-INF/context.xml
COPY tomcat-users.xml /usr/local/tomcat/tomcat8/conf/tomcat-users.xml
# 配置环境变量
ENV JAVA_HOME /usr/local/java/jdk11
ENV CATALINA_HOME /usr/local/tomcat/tomcat8
ENV CATALINA_BASE /usr/local/tomcat/tomcat8
ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin
# 创建tomcat的用户 ,并自动创建用户目录, 指定tomcat用户使用bash
RUN groupadd -g 1002 tomcat
RUN useradd -d /usr/local/tomcat -u 1002 -g tomcat -s /bin/bash tomcat
# 设置tomcat用户的密码
RUN echo "tomcat:tomcat" | chpasswd
# 将工作目录切换到 /webapp/tomcat8/, 之后的操作, 的基础目录为 /webapp/tomcat8/
WORKDIR /usr/local/tomcat/tomcat8/
# 修改 /webapp/tomcat8/ 目录的拥有者为tomcat. (默认的拥有者为root)
RUN chown -R tomcat:tomcat /usr/local/tomcat/tomcat8/
# chmod +x
RUN chmod +x /usr/local/tomcat/tomcat8/bin/*
RUN chmod 766 /usr/local/tomcat/tomcat8/logs
# 将当前操作者的身份从root切换为tomcat, 后续所有操作, 都将是以tomcat身份运行
USER tomcat
# 容器监听 8080端口
EXPOSE 8080
# 配置容器启动后执行的命令
ENTRYPOINT /usr/local/tomcat/tomcat8/bin/startup.sh && tail -f /usr/local/tomcat/tomcat8/logs/catalina.out
# 启动时运行tomcat
CMD ["/usr/local/tomcat/tomcat8/bin/catalina.sh", "run"]
# VOLUME 指定了临时文件目录为/tmp
# 其效果是在主机 /var/lib/docker 目录下创建了一个临时文件,并链接到容器的/tmp
VOLUME /tmp
4 构建镜像并启动
1)构建镜像
在Dockerfile文件所在目录下构建镜像
docker build -t zyx/tomcat85_jdk11:1.0 .
2)启动容器
- 将webapps挂载到宿主机的
/usr/local/webapps
目录下 - 这里使用宿主机的9000端口映射到容器的8080端口
docker run -id --name=mytomcat -p 9000:8080 \
-v /usr/local/webapps:/usr/local/tomcat/tomcat8/webapps \
zyx/tomcat85_jdk11:1.0
5 测试登录
使用 http://yourIP:9000/ 浏览,点击manager webapp
输入刚才设置的账户和密码tomcat/tomcat
可以查看到管理页面
6 参考资料
https://blog.csdn.net/qq_44620333/article/details/121626332
https://cloud.tencent.com/developer/article/1615580