CentOS7部署Tomcat服务器
环境准备
- 主机
inet1 | inet2 | 系统 | 配置 |
---|---|---|---|
192.168.72.131 | 202.207.240.131 | CentOS7.5.1804 | MEM:1G CPU:1C/1P DISK:15G |
- 创建相关目录
mkdir -p /server/tools
mkdir -p /server/scripts
mkdir -p /application
- 关闭安全组件
安装JDK
下载JDK
地址:https://www.oracle.com/java/technologies/downloads/
下载好后,将该jdk上传到/server/tools目录下
解压并安装
cd /server/tools
tar xzf jdk-8u333-linux-x64.tar.gz
mkdir -p /application
mv jdk1.8.0_333 /application
ln -s /application/jdk1.8.0_333 /application/jdk
配置环境变量
echo 'JAVA_HOME=/application/jdk' >>/etc/profile
echo 'CLASSPATH=$JAVA_HOME/lib' >>/etc/profile
echo 'PATH=$PATH:$JAVA_HOME/bin' >>/etc/profile
echo 'export PATH JAVA_HOME CLASSPATH' >>/etc/profile
配置好环境变量后,执行source使其生效并检查jdk是否配置成功
# 使环境变量生效
source /etc/profile
# 测试jdk是否成功
java -version
安装Tomcat
下载Tomcat
地址:https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.55/bin/apache-tomcat-8.5.55.tar.gz
下载好后,将该软件包上传到/server/tools目录下
解压并安装
cd /server/tools
tar xzf apache-tomcat-8.5.55.tar.gz
mkdir -p /application
mv apache-tomcat-8.5.55 /application
ln -s /application/apache-tomcat-8.5.55 /application/tomcat
至此,java开发和运行环境配置完成,安装目录主要有以下内容
测试tomcat
/application/tomcat/bin/startup.sh # 启动tomcat
/application/tomcat/bin/shutdown.sh # 关闭tomcat
浏览器输入地址: 192.168.72.131:8080 出现以下页面也表示tomcat配置成功
加入systemd服务
注意:添加systemd配置文件之前,先将tomcat服务关闭
-
启动脚本
#!/bin/bash #Author:Wjz #Blog:https://blog.csdn.net/weixin_51720652 #Time:2022-07-11 11:51:08 #Name:tomcat.sh #Description:start or stop the tomcat [ -f /etc/init.d/functions ] && source /etc/init.d/functions JAVA_HOME=/application/jdk CLASSPATH=$JAVA_HOME/lib PATH=$PATH:$JAVA_HOME/bin export PATH JAVA_HOME CLASSPATH case "$1" in start) /bin/sh /application/tomcat/bin/startup.sh if [ $? -ne 0 ];then action "tomcat starting" /bin/false else action "tomcat starting" /bin/true fi ;; stop) /bin/sh /application/tomcat/bin/shutdown.sh if [ $? -ne 0 ];then action "tomcat stoping" /bin/false else action "tomcat stoping" /bin/true fi ;; *) echo "Usage:$0 start|stop" esac
-
service配置文件
[Unit] Description=apache tomcat 8.5.55 After=network.target [Service] Type=forking ExecStart=/bin/sh /server/scripts/tomcat.sh start ExecStop=/bin/sh /server/scripts/tomcat.sh stop [Install] WantedBy=multi-user.target
Tomcat详细介绍
目录结构
[root@web02 tools]# cd /application/tomcat/
[root@web02 tomcat]# ll
总用量 124
drwxr-x--- 2 root root 4096 7月 12 10:59 bin
-rw-r----- 1 root root 19318 5月 6 2020 BUILDING.txt
drwx------ 3 root root 254 7月 12 10:59 conf
-rw-r----- 1 root root 5408 5月 6 2020 CONTRIBUTING.md
drwxr-x--- 2 root root 4096 7月 12 10:59 lib
-rw-r----- 1 root root 57011 5月 6 2020 LICENSE
drwxr-x--- 2 root root 197 7月 12 10:59 logs
-rw-r----- 1 root root 1726 5月 6 2020 NOTICE
-rw-r----- 1 root root 3255 5月 6 2020 README.md
-rw-r----- 1 root root 7136 5月 6 2020 RELEASE-NOTES
-rw-r----- 1 root root 16262 5月 6 2020 RUNNING.txt
drwxr-x--- 2 root root 30 7月 12 10:59 temp
drwxr-x--- 7 root root 81 5月 6 2020 webapps
drwxr-x--- 3 root root 22 7月 12 10:59 work
-
bin tomcat的管理命令 startup.sh shutdown.sh catalina.sh
- catalina.sh是startup.sh和shutdown.sh都会调用的命令
- 以后对于tomcat优化(jvm优化 设置最大内存 最小内存) 和配置
-
conf 配置文件
- server.xml tomcat的主配置文件
- web.xml tomcat的补充配置文件(增加插件的时候使用)
- tomcat-users.xml tomcat的管理端配置文件
-
lib 库文件
-
logs 日志
- catalina.out tomcat的核心日志 详细(缺点是持续增加,持续变大,没有日志切割)
- catalina.2020-27-12.log catalina.out的切割日志
- localhost_access_log.2022-07-12.txt tomcat的访问日志
-
webapps tomcat的站点目录
配置tomcat的管理功能
- 首先,修改conf目录下的tomcat-user.xml,添加角色和用户
<role rolename="admin-gui"/>
<role rolename="host-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="admin" roles="admin-gui, host-gui, manager-gui"/>
- 修改webapp/host-manager/META-INF/context.xml 和 webapp/manager/META-INF/context.xml文件
注释掉以上限制只能本机访问的部分
<?xml version="1.0" encoding="UTF-8"?>
<Context antiResourceLocking="false" privileged="true" >
<!--<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
<Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>
jpress部署
数据库准备
安装好数据库,进行相关用户、库的配置
MariaDB [(none)]> create database jpress charset=utf8;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on jpress.* to 'jpress'@'%' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> select user,host from mysql.user;
+--------+-----------+
| user | host |
+--------+-----------+
| jpress | % |
| root | 127.0.0.1 |
| root | ::1 |
| | localhost |
| root | localhost |
| | web02 |
| root | web02 |
+--------+-----------+
7 rows in set (0.00 sec)
MariaDB [(none)]> grant all privileges on jpress.* to 'jpress'@'192.168.72.%' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> drop user ''@'localhost';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> drop user ''@'web02';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> select user,host from mysql.user;
+--------+--------------+
| user | host |
+--------+--------------+
| jpress | % |
| root | 127.0.0.1 |
| jpress | 192.168.72.% |
| root | ::1 |
| root | localhost |
| root | web02 |
+--------+--------------+
6 rows in set (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
# 验证jpress用户登录数据库
[root@web02 tools]# mysql -ujpress -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 5.5.68-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
项目部署
-
将 jpress.war放入 /application/tomcat/webapp/ 目录下,重启tomcat服务
-
浏览器输入 http://192.168.72.132:8080/jpress 访问
- 重启服务,登录测试发文章
说明:
文章的内容放在数据库中
MariaDB [jpress]> select * from jpress_content;
+----+-------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------+---------+-------+---------+-----------+-----------+--------------+--------+---------+-----------+-------+----------------+---------------+------------+---------------------+---------------------+-------------+------+------+------+---------------+------------------+---------+
| id | title | text | thumbnail | module | style | user_id | parent_id | object_id | order_number | status | vote_up | vote_down | price | comment_status | comment_count | view_count | created | modified | slug | flag | lng | lat | meta_keywords | meta_description | remarks |
+----+-------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------+---------+-------+---------+-----------+-----------+--------------+--------+---------+-----------+-------+----------------+---------------+------------+---------------------+---------------------+-------------+------+------+------+---------------+------------------+---------+
| 1 | HTML 教程 | <pre class="brush:html;toolbar:false"><!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>php中文网</title>
</head>
<body>
<h1>我的第一个标题</h1>
<p>我的第一个段落。</p>
</body>
</html><br><br><img src="/jpress/attachment/20220712/936db8689017447abeab43a5fde1693a.jpg" alt="" width="640" height="1010"></pre> | NULL | article | NULL | 1 | NULL | NULL | 0 | normal | 0 | 0 | 0.00 | NULL | 0 | 0 | 2022-07-12 13:59:13 | 2022-07-12 13:59:13 | HTML_教程 | NULL | NULL | NULL | NULL | NULL | NULL |
+----+-------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------+---------+-------+---------+-----------+-----------+--------------+--------+---------+-----------+-------+----------------+---------------+------------+---------------------+---------------------+-------------+------+------+------+---------------+------------------+---------+
1 row in set (0.00 sec)
MariaDB [jpress]>
图片放在项目所在目录下 /application/tomcat/webapp/jpress/
数据库配置文件 /application/tomcat/webapp/jpress/WEB-INF/classes目录下
[root@web02 ~]# cd /application/tomcat/webapp/jpress/WEB-INF/classes
-bash: cd: /application/tomcat/webapp/jpress/WEB-INF/classes: 没有那个文件或目录
[root@web02 ~]# cd /application/tomcat/webapps/jpress/WEB-INF/classes/
[root@web02 classes]# ls
db.properties ehcache.xml jpress.properties language.properties log4j.properties
db-simple.properties io language_en_US.properties language_zh_CN.properties
[root@web02 classes]# cat db.properties
#Auto create by JPress
#Tue Jul 12 13:53:41 CST 2022
db_name=jpress
db_host_port=3306
db_tablePrefix=jpress_
db_host=localhost
db_password=123456
db_user=jpress
Tomcat主配置文件
<Server port="8005" shutdown="SHUTDOWN">
<!-- shutdown 端口 连接到这个端口并输入后边的 SHUTDOWN 把tomcat关闭-->
<!-- tomcat 管理端 -->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- tomcat 最大的连接线程数 -->
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
<!-- tomcat web功能配置 端口 8080 -->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- tomcat web功能配置 端口 8009 ajp 工作方式 与apache配合 -->
<Connector protocol="AJP/1.3"
address="::1"
port="8009"
redirectPort="8443" />
<!-- tomcat 虚拟主机配置部分
Host name ===== server_name
appBase ===== root
unpackWARs: 自动解压
utoDeploy: 自动部署
-->
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<!-- tomcat的访问日志格式 -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
Tomcat多主机配置
多准备两份 tomcat目录
[root@web02 tools]# tar xzf apache-tomcat-8.5.55.tar.gz
[root@web02 tools]# cp -a apache-tomcat-8.5.55 tomcat_8081
[root@web02 tools]# cp -a apache-tomcat-8.5.55 tomcat_8082
[root@web02 tools]# ls
apache-tomcat-8.5.55 apache-tomcat-8.5.55.tar.gz jdk-8u333-linux-x64.tar.gz tomcat_8081 tomcat_8082
[root@web02 tools]# cd tomcat_8081
[root@web02 tomcat_8081]# ls
bin BUILDING.txt conf CONTRIBUTING.md lib LICENSE logs NOTICE README.md RELEASE-NOTES RUNNING.txt temp webapps work
修改对应目录的tomcat的端口
[root@web02 tools]# sed -i 's|8080|8081|g' tomcat_8081/conf/server.xml
[root@web02 tools]# sed -i 's|8005|8006|g' tomcat_8081/conf/server.xml
[root@web02 tools]# sed -i 's|8009|8010|g' tomcat_8081/conf/server.xml
[root@web02 tools]# sed -i 's|8080|8082|g' tomcat_8082/conf/server.xml
[root@web02 tools]# sed -i 's|8005|8007|g' tomcat_8082/conf/server.xml
[root@web02 tools]# sed -i 's|8009|8011|g' tomcat_8082/conf/server.xml
mv tomcat_808* /application/
分别启动对应tomcat服务
[root@web02 tools]# cd
[root@web02 ~]# ls /application/
apache-tomcat-8.5.55 jdk jdk1.8.0_333 tomcat tomcat_8081 tomcat_8082
[root@web02 ~]# /application/tomcat_8081/bin/startup.sh
Using CATALINA_BASE: /application/tomcat_8081
Using CATALINA_HOME: /application/tomcat_8081
Using CATALINA_TMPDIR: /application/tomcat_8081/temp
Using JRE_HOME: /application/jdk
Using CLASSPATH: /application/tomcat_8081/bin/bootstrap.jar:/application/tomcat_8081/bin/tomcat-juli.jar
Tomcat started.
[root@web02 ~]# /application/tomcat_8082/bin/startup.sh
Using CATALINA_BASE: /application/tomcat_8082
Using CATALINA_HOME: /application/tomcat_8082
Using CATALINA_TMPDIR: /application/tomcat_8082/temp
Using JRE_HOME: /application/jdk
Using CLASSPATH: /application/tomcat_8082/bin/bootstrap.jar:/application/tomcat_8082/bin/tomcat-juli.jar
Tomcat started.
[root@web02 ~]#
Tomcat监控
-
简单命令
-
现成脚本
show-busy-java-threads.sh
-
Zabbix监控
-
自定义监控(jmap -heap pid 自定义监控项)
-
通过jmx
-
tomcat需要开启监控功能
# 修改 catalina.sh CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=12345 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=10.0.0.17" #说明: CATALINA_OPTS="$CATALINA_OPTS #修改tomcat启动参数 -Dcom.sun.management.jmxremote #开启tomcat远程管理功能 -Dcom.sun.management.jmxremote.port=12345 #远程管理功能 除了12345端口 还会生成2个随机端口 开放所有端口(单独设置 安全组规则) -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=10.0.0.7 #指定本地的ip地址
-
-
通过ipmi
-
通过snmp
-
-
jps java版本的ps命令(只显示java进程)
jps jps -l jps -lv jps -lvm
-
jmap 导出jvm的使用情况
[root@web02 ~]# jmap -heap 8625 Attaching to process ID 8625, please wait... Debugger attached successfully. Server compiler detected. JVM version is 25.333-b02 using thread-local object allocation. Mark Sweep Compact GC Heap Configuration: MinHeapFreeRatio = 40 MaxHeapFreeRatio = 70 MaxHeapSize = 255852544 (244.0MB) NewSize = 5570560 (5.3125MB) MaxNewSize = 85262336 (81.3125MB) OldSize = 11206656 (10.6875MB) NewRatio = 2 SurvivorRatio = 8 MetaspaceSize = 21807104 (20.796875MB) CompressedClassSpaceSize = 1073741824 (1024.0MB) MaxMetaspaceSize = 17592186044415 MB G1HeapRegionSize = 0 (0.0MB) Heap Usage: New Generation (Eden + 1 Survivor Space): capacity = 14811136 (14.125MB) used = 11099968 (10.58575439453125MB) free = 3711168 (3.53924560546875MB) 74.94339394358407% used Eden Space: capacity = 13172736 (12.5625MB) used = 11052976 (10.540939331054688MB) free = 2119760 (2.0215606689453125MB) 83.90797477456468% used From Space: capacity = 1638400 (1.5625MB) used = 46992 (0.0448150634765625MB) free = 1591408 (1.5176849365234375MB) 2.8681640625% used To Space: capacity = 1638400 (1.5625MB) used = 0 (0.0MB) free = 1638400 (1.5625MB) 0.0% used tenured generation: capacity = 32727040 (31.2109375MB) used = 20437544 (19.490760803222656MB) free = 12289496 (11.720176696777344MB) 62.44849518929912% used 20655 interned Strings occupying 1887088 bytes.
-
jstack 导出java进程信息
-
故障案例:系统负载过高,发现tomcat占用cpu较高
- jps /top /htop 精确定位哪个java进程导致
- jstack导出java进行信息
- catalina.out日志
- jmap导出 jvm信息 通过mat进行分析
Tomcat优化
-
jvm优化
-
tomcat安全优化
-
修改8005 端口 SHUTDOWN指令也需要改掉(一定做)
-
修改ajp端口 8009(一定做)
-
关闭tomcat管理功能(一定要做)
-
降权启动【监牢模式】(最好做)
把服务以普通用户的身份运行
-
文件访问列表控制(一定要做)
-
版本信息隐藏(一定要做)
-
访问限制(实际工作一定要做)
-
启停脚本权限收回
-
日志(http_reference 页面跳转来源)
-
-
优化体系
故障案例
相关知识补充
日志切割
logroate + 系统定时任务 实现对日志的定时切割
[root@web02 tomcat]# cat /etc/logrotate.d/syslog
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
missingok
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}