正经活儿都干不完,为啥要有黑客来捣乱!!!!!
Tomcat非Root账号启动
好吧,之前tomcat一直以root启动的,现在要用tomcat账号启动,步骤如下:
- 新建用户tomcat,该用户不能登录
useradd tomcat -s '/sbin/nologin'
chown -R tomcat:tomcat /usr/local/tomcat/
chmod -R 744 /usr/local/tomcat
- 将/usr/local/tomcat/bin/startup.sh、shutdown.sh更名
mv /usr/local/tomcat/bin/startup.sh /usr/local/tomcat/bin/startup_.sh
mv /usr/local/tomcat/bin/shutdown.sh /usr/local/tomcat/bin/shutdown_.sh
新建脚本startup.sh、shutdown.sh
startup.sh
#!/bin/bash
usermod -s /bin/bash tomcat
su - tomcat -c /usr/local/tomcat_web/bin/startup_.sh
usermod -s /sbin/nologin tomcat
shutdwon.sh
#!/bin/bash
usermod -s /bin/bash tomcat
su - tomcat -c /usr/local/tomcat_web/bin/shutdown_.sh
usermod -s /sbin/nologin tomcat
授予执行权限
chmod +x startup.sh
chmod +x shutdown.sh
- 加入开机自启
/usr/local/tomcat/bin/startup.sh >> /etc/rc.local
报错:
- Caused by: java.net.SocketException: Permission denied,查看端口,发现80端口起不来
原因:非root用户不能监听1024以上的端口号,这个tomcat服务器就没办法绑定在80端口下。请设置成8081,然后配置iptables自动跳转到80. :(
- 在server.xml中配置8081端口
- 配置本机自动跳转
方法1:命令行下执行
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8081
service iptables save //这条命令是为了将上述配置写到配置文件中
方法2:修改配置文件 /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Sun Nov 13 17:05:03 2022
*nat
:PREROUTING ACCEPT [429:45167]
:POSTROUTING ACCEPT [1:60]
:OUTPUT ACCEPT [1:60]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8081
COMMIT
注意位置,然后重启iptables,让配置生效
方案3:防火墙是firewalld,不是iptables
将server-1 10.10.7.1:80端口 转发 至 server-1 10.10.7.1:8081
操作命令如下:
# firewall-cmd --list-all
# firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8081 --zone=public --permanent
# firewall-cmd --reload
# firewall-cmd --list-all
移除 将本地端口80 转发10.10.7.1 的8081端口
# firewall-cmd -remove-forward-port=port=80:proto=tcp:toport=8081:toaddr=10.10.7.1 --zone=public --permanent
配置Tomcat自启动,Centos7
- 创建tomcat.service
vi /lib/systemd/system/tomcat.service
tomcat.service中添加配置信息
[Unit]
Description=tomcat
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/local/tomcat/bin/startup.sh
ExecStop=/usr/local/tomcat/bin/shutdown.sh
ExecReload=/bin/kill -s HUP $MAINPID
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
保存 退出
- 设置
systemctl enable tomcat.service #(设置开机自启动)
systemctl status tomcat.service #(查看服务当前状态)
systemctl start tomcat.service #(启动tomcat服务)
systemctl stop tomcat.service #(停止tomcat服务)
systemctl restart tomcat.service #(重新启动服务)
systemctl reload tomcat.service #(重新加载配置)
systemctl enable tomcat.service #(设置开机自启动)
systemctl disable tomcat.service #(停止开机自启动)