Centos7+tomcat Production System Deployment

Source: Internet
Author: User
Tags least privilege

1 Preparing the OS account

For security reasons, the production system never agrees to use the root account to execute Tomcat with the principle of least privilege. To do this, create a new account tomcat and set the login password.

Useradd tomcatpasswd Tomcat
2 Configure firewall Release 8080port and do 80port mapping

Create a new file named Tomcat.xml under the/etc/firewalld/services/folder, such as the following:

<?

XML version= "1.0" encoding= "Utf-8"?

><service> <short>tomcat webserver</short> <description>https is a modified HTTP Used to serve Web pages if security is important. Examples is sites that require logins like stores or web mail. This option isn't required for viewing pages locally or developing WEB pages. You need the HTTPD package installed for this option to be useful.</description> <port protocol= "tcp" port= "8 080 "/></service>

This service is then added to the firewall rules

Firewall-cmd--reload firewall-cmd--add-service=tomcat firewall-cmd--permanent--add-service=tomcat

Because a non-root user cannot listen on port 1023 below, a workaround is used here. is to use FIREWALLD for port forwarding before packets are routed. Forwarding all TCP packets destined for 80 to 8080 is possible.

Firewall-cmd--add-forward-port=port=80:proto=tcp:toport=8080firewall-cmd--permanent--add-forward-port=port=80: proto=tcp:toport=8080

Tomcat then listens to 80 and 80,802 ports at the same time.

Subsequent steps are performed in the context of the Tomcat account.

3 installing JDK and Tomcat with Tomcat user Green

Tomcat really is very concise, belongs to the pure green software, download directly down the decompression is complete installation. A little configuration can be executed smoothly, detailed configuration steps to see the $catalina_home/running.txt file, said very clearly. The rationale is that Tomcat has done a script bin/catalina.sh that controls start and stop. The only prerequisite for this script to execute smoothly is to know the JDK installation path. Tomcat officially recommends creating a new bin/setevn.sh file and setting the environment variable to java_home. Because the setenv.sh is actively read in the catalina.sh file itself. The startup script will voluntarily set CLASSPATH and other environment variables, such as Catalina_home, according to Java_home. No direct user participation is required.

It can then be started by bin/catalina.sh start. Disable Tomcat by bin/catalina.sh stop.

Centos7+tomcat Production System Deployment

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.