一、安装JDK
1、下载
wget http://download.oracle.com/otn-pub/java/jdk/8u65-b17/jdk-8u65-linux-x64.tar.gz
2、解压和安装
[root@www src]# tar zxf jdk-8u65-linux-x64.tar.gz
[root@www src]# mv jdk1.8.0_65 /usr/local/
3、设置环境变量
[root@www src]# vim /etc/profile.d/java.sh
JAVA_HOME=/usr/local/jdk1.8.0_65
JAVA_BIN=/usr/local/jdk1.8.0_65/bin
JRE_HOME=/usr/local/jdk1.8.0_65/jre
PATH=$PATH:/usr/local/jdk1.8.0_65/bin:/usr/local/jdk1.8.0_65/jre/bin
CLASSPATH=/usr/local/jdk1.8.0_65/jre/lib:/usr/local/jdk1.8.0_65/lib:/usr/local/jdk1.8.0_65/jre/lib/charsets
.jar
4、初始化
[root@www src]# . /etc/profile.d/java.sh //和source一样
[root@www src]# source /etc/profile.d/java.sh
[root@www src]# which java
/usr/local/jdk1.8.0_65/bin/java
[root@www jdk1.8.0_65]# export PATH JAVA_HOME JAVA_BIN JRE_HOME CALSSPATH
5、查看版本
[root@www src]# java -version
java version “1.8.0_65”
Java(TM) SE Runtime Environment (build 1.8.0_65-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.65-b01, mixed mode)
二、安装Tomcat
1、下载
[root@www src]# wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-8/v8.0.30/bin/apache-tomcat-8.0.30.tar.gz
2、解压和安装
[root@www src]# tar zxf apache-tomcat-8.0.30.tar.gz
[root@www src]# mv apache-tomcat-8.0.30 /usr/local/tomcat
[root@www src]# ls /usr/local/tomcat/
bin conf lib LICENSE logs NOTICE RELEASE-NOTES RUNNING.txt temp webapps work
3、拷贝启动脚本
[root@www src]# cd /usr/local/tomcat/
[root@www tomcat]# cp -v bin/catalina.sh /etc/init.d/tomcat
`bin/catalina.sh’ -> `/etc/init.d/tomcat’
4、设置开机启动
[root@www tomcat]# chmod 755 /etc/init.d/tomcat
[root@www tomcat]# chkconfig –add tomcat
service tomcat does not support chkconfig //服务不支持
解决:
[root@www tomcat]# vim /etc/init.d/tomcat //在开头加入以下内容
#!/bin/sh
# chkconfig: 2345 63 37
# description: tomcat server init script
# Source Function Library
. /etc/init.d/functions
JAVA_HOME=/usr/local/jdk1.8.0_65
CATALINA_HOME=/usr/local/tomcat
[root@www tomcat]# chkconfig –add tomcat
[root@www tomcat]# chkconfig tomcat on
5、启动Tomcat
[root@www jdk1.8.0_65]# /etc/init.d/tomcat start
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/local/jdk1.8.0_65/jre
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
Tomcat started.
查看tomcat进程
[root@www ~]# ps aux |grep tomcat
root 3835 2.1 7.8 2722304 78704 pts/1 Sl 02:26 0:05 /usr/local/jdk1.8.0_65/jre/bin/java -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/local/tomcat/endorsed -classpath /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tomcat -Dcatalina.home=/usr/local/tomcat -Djava.io.tmpdir=/usr/local/tomcat/temp org.apache.catalina.startup.Bootstrap start
root 3867 0.0 0.0 103248 884 pts/1 S+ 02:30 0:00 grep tomcat
[root@www ~]# /etc/init.d/tomcat stop
[root@www ~]# /etc/init.d/tomcat start
6、访问测试
在浏览器输入http://192.168.1.21:8080
三、Tomcat的配置和优化
1、修改监听端口
(1)停止之前安装nginx的进程,避免80端口被占用
[root@www ~]# /etc/init.d/nginx stop
Stopping Nginx: [ OK ]
[root@www ~]# chkconfig nginx off
(2)修改tomcat监听端口为80
[root@www ~]# cd /usr/local/tomcat/conf/
[root@www conf]# ls
Catalina catalina.properties logging.properties tomcat-users.xml web.xml
catalina.policy context.xml server.xml tomcat-users.xsd
[root@www conf]# vim server.xml
找到69行
69 <Connector port=”8080″ protocol=”HTTP/1.1″
修改为
69 <Connector port=”80″ protocol=”HTTP/1.1″
(3)重启tomcat
[root@www conf]# /etc/init.d/tomcat stop
[root@www conf]# /etc/init.d/tomcat start
(4)查看监听端口
[root@www conf]# netstat -nlp | grep java
tcp 0 0 :::80 :::* LISTEN 4673/java
tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN 4673/java
tcp 0 0 :::8009 :::* LISTEN 4673/java
访问测试http://192.168.1.21/
2、虚拟主机配置
tomcat的默认网站根目录是/usr/local/tomcat/webapps/ROOT/
(1)增加虚拟目录配置
[root@www conf]# vim server.xml
<Host name=”localhost” appBase=”webapps”
unpackWARs=”true” autoDeploy=”true”>
<!– SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html –>
<!–
<Valve className=”org.apache.catalina.authenticator.SingleSignOn” />
–>
<!– Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern=”common” –>
<Valve className=”org.apache.catalina.valves.AccessLogValve” directory=”logs”
prefix=”localhost_access_log” suffix=”.txt”
pattern=”%h %l %u %t "%r" %s %b” />
<Context path=”/xuni” docBase=”/data/tomcatweb” debug=”0″ reloadable=”true” crossContext=”true”/> //虚拟主机配置
</Host>
path=”/xuni” –虚拟目录
docBase=”/data/tomcatweb” –实际目录
(2)创建虚拟目录
[root@www ~]# mkdir -p /data/tomcatweb
创建测试页面
[root@www ~]# vim /data/tomcatweb/111.jsp
<html><body><center>
Now time is: <%=new java.util.Date()%>
</center></body></html>
[root@www ~]# /etc/init.d/tomcat stop
[root@www ~]# /etc/init.d/tomcat start
[root@www ~]# ps aux |grep tomcat
root 5872 34.7 7.6 2722304 76924 pts/1 Sl 04:46 0:04 /usr/local/jdk1.8.0_65/jre/bin/java -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/local/tomcat/endorsed -classpath /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tomcat -Dcatalina.home=/usr/local/tomcat -Djava.io.tmpdir=/usr/local/tomcat/temp org.apache.catalina.startup.Bootstrap start
root 5896 0.0 0.0 103248 884 pts/1 S+ 04:46 0:00 grep tomcat
[root@www ~]# netstat -nlp |grep java
tcp 0 0 :::80 :::* LISTEN 5872/java
tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN 5872/java
tcp 0 0 :::8009 :::* LISTEN 5872/java
访问测试:
[root@www ~]# curl http://192.168.1.21/xuni/111.jsp
<html><body><center>
Now time is: Mon Dec 21 04:48:19 CST 2015
</center></body></html>
[root@www ~]# curl -x192.168.1.21:80 localhost/xuni/111.jsp
<html><body><center>
Now time is: Mon Dec 21 04:48:56 CST 2015
</center></body></html>
四、限制主机访问Tomcat
1、修改server.xml
[root@www conf]# vim server.xml
<Host name=”localhost” appBase=”webapps”
unpackWARs=”true” autoDeploy=”true”>
<Valve className=”org.apache.catalina.valves.AccessLogValve” directory=”logs”
prefix=”localhost_access_log” suffix=”.txt”
pattern=”%h %l %u %t "%r" %s %b” />
<Context path=”/xuni” docBase=”/data/tomcatweb” debug=”0″ reloadable=”true” crossContext=”true”/>
//允许192.168.1.0网段访问,拒绝192.168.1.218访问
<Valve className=”org.apache.catalina.valves.RemoteAddrValve”
allow=”192.168.1.*” deny=”192.168.1.218″/>
</Host>
2、访问测试
[root@www ~]# curl http://192.168.1.21 -I
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Sun, 20 Dec 2015 21:37:32 GMT
在192.168.1.218下访问
[root@sh ~]# curl http://192.168.1.21 -I
HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Date: Sun, 20 Dec 2015 21:38:01 GMT
五、配置用户WEB网站
1、创建用户及页面
[root@www ~]# useradd admin1
[root@www ~]# useradd admin2
[root@www ~]# su – admin1
[admin1@www ~]$ pwd
/home/admin1
[admin1@www ~]$ mkdir public_html
[admin1@www ~]$ echo “admin1” >public_html/index.html
[admin1@www ~]$ ll
total 4
drwxrwxr-x 2 admin1 admin1 4096 Dec 21 05:54 public_html
[admin1@www ~]$ chmod 711 /home/admin1
[admin1@www ~]$ ll /home/admin1/public_html/index.html
-rw-rw-r– 1 admin1 admin1 7 Dec 21 05:54 /home/admin1/public_html/index.html
2、配置server.xml
[root@www conf]# vim server.xml
在host中增加以下内容
<Listener className=”org.apache.catalina.startup.UserConfig”
directoryName=”public_html” homeBase=”/home”
userClass=”org.apache.catalina.startup.PasswdUserDatabase”/>
3、访问用户admin1的网页,在浏览器输入http://192.168.1.21/~admin1
六、配置Tomcat服务器支持CGI
CGI是通用网关接口功能
1、安装perl软件
[root@www ~]# yum -y install perl
2、编辑/usr/local/tomcat/conf/web.xml文件
[root@www ~]# vim /usr/local/tomcat/conf/web.xml
369 <servlet>
370 <servlet-name>cgi</servlet-name>
371 <servlet-class>org.apache.catalina.servlets.CGIServlet</servlet-class>
372 <init-param>
373 <param-name>debug</param-name>
374 <param-value>0</param-value>
375 </init-param>
376 <init-param>
377 <param-name>cgiPathPrefix</param-name>
378 <param-value>WEB-INF/cgi</param-value>
379 </init-param>
380 <load-on-startup>5</load-on-startup>
381 </servlet>
417 <servlet-mapping>
418 <servlet-name>cgi</servlet-name>
419 <url-pattern>/cgi-bin/*</url-pattern>
420 </servlet-mapping>
3、编辑/usr/local/tomcat/conf/context.xml文件,增加privileged配置
<?xml version=’1.0′ encoding=’utf-8′?>
<Context privileged=”true”>
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
</Context>
4、创建CGI测试页面
[root@www ~]# mkdir /usr/local/tomcat/webapps/ROOT/WEB-INF/cgi/test.cgi
#!/usr/bin/perl
print “Content-type:text/plain/n/n”;
print “Hello cgi/n”;
#
[root@www ~]# chmod 711 usr/local/tomcat/webapps/ROOT/WEB-INF/cgi/test.cgi
5、测试cgi
[root@www ~]# /etc/init.d/tomcat stop
[root@www ~]# /etc/init.d/tomcat start
七、配置管理Tomcat服务器
1、配置/usr/local/tomcat/conf/tomcat-users.xml文件,可以配置tomcat管理用户,定义角色及角色中包含的用户和密码,修改后内容如下
[root@www ~]# vim /usr/local/tomcat/conf/tomcat-users.xml
<?xml version=’1.0′ encoding=’utf-8′?>
<tomcat-users xmlns=”http://tomcat.apache.org/xml”
xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”
xsi:schemaLocation=”http://tomcat.apache.org/xml tomcat-users.xsd”
version=”1.0″>
<role rolename=”manager-gui”/>
<user username=”kiven” password=”kiven” roles=”manager-gui”/>
//用户为kiven,密码为kiven,属于角色manager-gui
</tomcat-users>
2、访问测试,打开tomcat首页,点击页面右上角【Manager App】
访问【Server Status】
3、配置Host Manager,可以管理tomcat虚拟主机
(1)编辑/usr/local/tomcat/webapps/manager/WEB-INF/web.xml文件
在</web-app>行添加以下内容
<security-role>
<description>
The role that is required to access to the Host Manager pages
</description>
<role-name>admin-gui</role-name>
</security-role>
</web-app>
(2)编辑/usr/local/tomcat/conf/tomcat-users.xml文件
<?xml version=’1.0′ encoding=’utf-8′?>
<tomcat-users xmlns=”http://tomcat.apache.org/xml”
xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”
xsi:schemaLocation=”http://tomcat.apache.org/xml tomcat-users.xsd”
version=”1.0″>
<role rolename=”manager-gui”/>
<user username=”kiven” password=”kiven” roles=”manager-gui”/>
<role rolename=”admin-gui”/>
<user username=”alice” password=”alice” roles=”admin-gui”/>
</tomcat-users>
(3)访问Host manager
八、配置https网站
1、生成服务器端证书文件,证书有效期为36500天
[root@www ~]# keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/tomcat.keystore -validity 36500
Enter keystore password: //6位密钥库口令
Re-enter new password:
What is your first and last name? //名字,可以是服务器网站名称
[Unknown]: hm
What is the name of your organizational unit? //组织单位名称
[Unknown]: it
What is the name of your organization? //组织名称
[Unknown]: redhat
What is the name of your City or Locality? //城市
[Unknown]: shanghai
What is the name of your State or Province? //省市
[Unknown]: shanghai
What is the two-letter country code for this unit? //国家或地区代码
[Unknown]: CN
Is CN=hm, OU=it, O=redhat, L=shanghai, ST=shanghai, C=CN correct?
[no]: y
Enter key password for <tomcat>
(RETURN if same as keystore password):
2、配置/usr/local/tomcat/conf/server.xml文件
<?xml version=’1.0′ encoding=’utf-8′?>
……
<Service name=”Catalina”>
<Connector port=”80″ protocol=”HTTP/1.1″
connectionTimeout=”20000″
redirectPort=”8443″ />
<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS” keystoreFile=”/etc/tomcat.keystore”
keystorePass=”741616710″/>
<Connector port=”8009″ enableLookups=”false” protocol=”AJP/1.3″ redirectPort=”8443″ />
</Service>
3、配置/usr/local/tomcat/conf/web.xml文件,在</web-app>行上面增加以下内容
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
<security-constraint>
</web-app>
4、重启tomcat服务
[root@www ~]# /etc/init.d/tomcat stop
[root@www ~]# /etc/init.d/tomcat start
[root@www ~]# netstat -anlp |grep 8443
tcp 0 0 :::8443 :::* LISTEN 8372/java
5、访问https网站
6、修改https监听端口为默认的端口443
原创文章,作者:carmelaweatherly,如若转载,请注明出处:https://blog.ytso.com/198015.html