2.0Tonmcat高级配置和jDK的安装配置

一、安装JDK

1、下载

wget http://download.oracle.com/otn-pub/java/jdk/8u65-b17/jdk-8u65-linux-x64.tar.gz

2、解压和安装

[root@www src]# tar zxf jdk-8u65-linux-x64.tar.gz
[root@www src]# mv jdk1.8.0_65 /usr/local/

3、设置环境变量

[root@www src]# vim /etc/profile.d/java.sh

JAVA_HOME=/usr/local/jdk1.8.0_65
JAVA_BIN=/usr/local/jdk1.8.0_65/bin
JRE_HOME=/usr/local/jdk1.8.0_65/jre
PATH=$PATH:/usr/local/jdk1.8.0_65/bin:/usr/local/jdk1.8.0_65/jre/bin
CLASSPATH=/usr/local/jdk1.8.0_65/jre/lib:/usr/local/jdk1.8.0_65/lib:/usr/local/jdk1.8.0_65/jre/lib/charsets
.jar

4、初始化

[root@www src]# . /etc/profile.d/java.sh //和source一样
[root@www src]# source /etc/profile.d/java.sh

[root@www src]# which java
/usr/local/jdk1.8.0_65/bin/java

[root@www jdk1.8.0_65]# export PATH JAVA_HOME JAVA_BIN JRE_HOME CALSSPATH

5、查看版本

[root@www src]# java -version
java version "1.8.0_65"
Java(TM) SE Runtime Environment (build 1.8.0_65-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.65-b01, mixed mode)

二、安装Tomcat

1、下载

[root@www src]# wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-8/v8.0.30/bin/apache-tomcat-8.0.30.tar.gz

2、解压和安装

[root@www src]# tar zxf apache-tomcat-8.0.30.tar.gz

[root@www src]# mv apache-tomcat-8.0.30 /usr/local/tomcat
[root@www src]# ls /usr/local/tomcat/
bin conf lib LICENSE logs NOTICE RELEASE-NOTES RUNNING.txt temp webapps work

3、拷贝启动脚本

[root@www src]# cd /usr/local/tomcat/
[root@www tomcat]# cp -v bin/catalina.sh /etc/init.d/tomcat
`bin/catalina.sh' -> `/etc/init.d/tomcat'

4、设置开机启动

[root@www tomcat]# chmod 755 /etc/init.d/tomcat
[root@www tomcat]# chkconfig --add tomcat
service tomcat does not support chkconfig //服务不支持

解决：

[root@www tomcat]# vim /etc/init.d/tomcat //在开头加入以下内容

#!/bin/sh
# chkconfig: 2345 63 37
# description: tomcat server init script
# Source Function Library
. /etc/init.d/functions
JAVA_HOME=/usr/local/jdk1.8.0_65
CATALINA_HOME=/usr/local/tomcat

[root@www tomcat]# chkconfig --add tomcat
[root@www tomcat]# chkconfig tomcat on

5、启动Tomcat

[root@www jdk1.8.0_65]# /etc/init.d/tomcat start
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/local/jdk1.8.0_65/jre
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
Tomcat started.

查看tomcat进程
[root@www ~]# ps aux |grep tomcat
root 3835 2.1 7.8 2722304 78704 pts/1 Sl 02:26 0:05 /usr/local/jdk1.8.0_65/jre/bin/java -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/local/tomcat/endorsed -classpath /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tomcat -Dcatalina.home=/usr/local/tomcat -Djava.io.tmpdir=/usr/local/tomcat/temp org.apache.catalina.startup.Bootstrap start
root 3867 0.0 0.0 103248 884 pts/1 S+ 02:30 0:00 grep tomcat

[root@www ~]# /etc/init.d/tomcat stop

[root@www ~]# /etc/init.d/tomcat start

6、访问测试

在浏览器输入http://192.168.1.21:8080

三、Tomcat的配置和优化

1、修改监听端口

（1）停止之前安装nginx的进程，避免80端口被占用

[root@www ~]# /etc/init.d/nginx stop
Stopping Nginx: [ OK ]
[root@www ~]# chkconfig nginx off

（2）修改tomcat监听端口为80

[root@www ~]# cd /usr/local/tomcat/conf/
[root@www conf]# ls
Catalina catalina.properties logging.properties tomcat-users.xml web.xml
catalina.policy context.xml server.xml tomcat-users.xsd

[root@www conf]# vim server.xml

找到69行

69

修改为

69

（3）重启tomcat

[root@www conf]# /etc/init.d/tomcat stop

[root@www conf]# /etc/init.d/tomcat start

（4）查看监听端口

[root@www conf]# netstat -nlp | grep java
tcp 0 0 :::80 :::* LISTEN 4673/java
tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN 4673/java
tcp 0 0 :::8009 :::* LISTEN 4673/java

访问测试http://192.168.1.21/

2、虚拟主机配置

tomcat的默认网站根目录是/usr/local/tomcat/webapps/ROOT/

（1）增加虚拟目录配置

[root@www conf]# vim server.xml

unpackWARs="true" autoDeploy="true">





prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
//虚拟主机配置

path="/xuni" --虚拟目录

docBase="/data/tomcatweb" --实际目录

（2）创建虚拟目录

[root@www ~]# mkdir -p /data/tomcatweb

创建测试页面

[root@www ~]# vim /data/tomcatweb/111.jsp

[root@www ~]# /etc/init.d/tomcat stop
[root@www ~]# /etc/init.d/tomcat start

[root@www ~]# ps aux |grep tomcat
root 5872 34.7 7.6 2722304 76924 pts/1 Sl 04:46 0:04 /usr/local/jdk1.8.0_65/jre/bin/java -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/local/tomcat/endorsed -classpath /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tomcat -Dcatalina.home=/usr/local/tomcat -Djava.io.tmpdir=/usr/local/tomcat/temp org.apache.catalina.startup.Bootstrap start
root 5896 0.0 0.0 103248 884 pts/1 S+ 04:46 0:00 grep tomcat
[root@www ~]# netstat -nlp |grep java
tcp 0 0 :::80 :::* LISTEN 5872/java
tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN 5872/java
tcp 0 0 :::8009 :::* LISTEN 5872/java

访问测试：

[root@www ~]# curl http://192.168.1.21/xuni/111.jsp

[root@www ~]# curl -x192.168.1.21:80 localhost/xuni/111.jsp

四、限制主机访问Tomcat

1、修改server.xml

[root@www conf]# vim server.xml

unpackWARs="true" autoDeploy="true">

prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />

//允许192.168.1.0网段访问，拒绝192.168.1.218访问
allow="192.168.1.*" deny="192.168.1.218"/>



2、访问测试

[root@www ~]# curl http://192.168.1.21 -I
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Sun, 20 Dec 2015 21:37:32 GMT
在192.168.1.218下访问

[root@sh ~]# curl http://192.168.1.21 -I
HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Date: Sun, 20 Dec 2015 21:38:01 GMT

五、配置用户WEB网站

1、创建用户及页面

[root@www ~]# useradd admin1
[root@www ~]# useradd admin2

[root@www ~]# su - admin1
[admin1@www ~]$ pwd
/home/admin1
[admin1@www ~]$ mkdir public_html
[admin1@www ~]$ echo "admin1" >public_html/index.html
[admin1@www ~]$ ll
total 4
drwxrwxr-x 2 admin1 admin1 4096 Dec 21 05:54 public_html
[admin1@www ~]$ chmod 711 /home/admin1
[admin1@www ~]$ ll /home/admin1/public_html/index.html
-rw-rw-r-- 1 admin1 admin1 7 Dec 21 05:54 /home/admin1/public_html/index.html

2、配置server.xml

[root@www conf]# vim server.xml

在host中增加以下内容

directoryName="public_html" homeBase="/home"
userClass="org.apache.catalina.startup.PasswdUserDatabase"/>

3、访问用户admin1的网页，在浏览器输入http://192.168.1.21/~admin1

六、配置Tomcat服务器支持CGI

CGI是通用网关接口功能

1、安装perl软件

[root@www ~]# yum -y install perl

2、编辑/usr/local/tomcat/conf/web.xml文件

[root@www ~]# vim /usr/local/tomcat/conf/web.xml

369
370 cgi
371 org.apache.catalina.servlets.CGIServlet
372
373 debug
374 0
375
376
377 cgiPathPrefix
378 WEB-INF/cgi
379
380 5
381

417
418 cgi
419 /cgi-bin/*
420

3、编辑/usr/local/tomcat/conf/context.xml文件，增加privileged配置

privileged="true">
WEB-INF/web.xml
${catalina.base}/conf/web.xml

4、创建CGI测试页面

[root@www ~]# mkdir /usr/local/tomcat/webapps/ROOT/WEB-INF/cgi/test.cgi

#!/usr/bin/perl
print "Content-type:text/plain\n\n";
print "Hello cgi\n";
#
[root@www ~]# chmod 711 usr/local/tomcat/webapps/ROOT/WEB-INF/cgi/test.cgi

5、测试cgi

[root@www ~]# /etc/init.d/tomcat stop
[root@www ~]# /etc/init.d/tomcat start

七、配置管理Tomcat服务器

1、配置/usr/local/tomcat/conf/tomcat-users.xml文件，可以配置tomcat管理用户，定义角色及角色中包含的用户和密码，修改后内容如下

[root@www ~]# vim /usr/local/tomcat/conf/tomcat-users.xml

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">

//用户为kiven，密码为kiven，属于角色manager-gui

2、访问测试，打开tomcat首页，点击页面右上角【Manager App】

访问【Server Status】

3、配置Host Manager，可以管理tomcat虚拟主机

（1）编辑/usr/local/tomcat/webapps/manager/WEB-INF/web.xml文件

在行添加以下内容

The role that is required to access to the Host Manager pages

admin-gui

（2）编辑/usr/local/tomcat/conf/tomcat-users.xml文件

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">

（3）访问Host manager

八、配置https网站

1、生成服务器端证书文件，证书有效期为36500天

[root@www ~]# keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/tomcat.keystore -validity 36500
Enter keystore password: //6位密钥库口令
Re-enter new password:
What is your first and last name? //名字，可以是服务器网站名称
[Unknown]: hm
What is the name of your organizational unit? //组织单位名称
[Unknown]: it
What is the name of your organization? //组织名称
[Unknown]: redhat
What is the name of your City or Locality? //城市
[Unknown]: shanghai
What is the name of your State or Province? //省市
[Unknown]: shanghai
What is the two-letter country code for this unit? //国家或地区代码
[Unknown]: CN
Is CN=hm, OU=it, O=redhat, L=shanghai, ST=shanghai, C=CN correct?
[no]: y

Enter key password for
(RETURN if same as keystore password):

2、配置/usr/local/tomcat/conf/server.xml文件

......

connectionTimeout="20000"
redirectPort="8443" />

maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/etc/tomcat.keystore"
keystorePass="741616710"/>

3、配置/usr/local/tomcat/conf/web.xml文件，在行上面增加以下内容

SSL
/*


CONFIDENTIAL

4、重启tomcat服务

[root@www ~]# /etc/init.d/tomcat stop
[root@www ~]# /etc/init.d/tomcat start
[root@www ~]# netstat -anlp |grep 8443
tcp 0 0 :::8443 :::* LISTEN 8372/java

5、访问https网站

6、修改https监听端口为默认的端口443