1 Preparing the OS account
For security reasons, the production system never agrees to use the root account to execute Tomcat with the principle of least privilege. To do this, create a new account tomcat and set the login password.
Useradd tomcatpasswd Tomcat
2 Configure firewall Release 8080port and do 80port mapping
Create a new file named Tomcat.xml under the/etc/firewalld/services/folder, such as the following:
<?XML version= "1.0" encoding= "Utf-8"?
><service> <short>tomcat webserver</short> <description>https is a modified HTTP Used to serve Web pages if security is important. Examples is sites that require logins like stores or web mail. This option isn't required for viewing pages locally or developing WEB pages. You need the HTTPD package installed for this option to be useful.</description> <port protocol= "tcp" port= "8 080 "/></service>
This service is then added to the firewall rules
Firewall-cmd--reload firewall-cmd--add-service=tomcat firewall-cmd--permanent--add-service=tomcat
Because a non-root user cannot listen on port 1023 below, a workaround is used here. is to use FIREWALLD for port forwarding before packets are routed. Forwarding all TCP packets destined for 80 to 8080 is possible.
Firewall-cmd--add-forward-port=port=80:proto=tcp:toport=8080firewall-cmd--permanent--add-forward-port=port=80: proto=tcp:toport=8080
Tomcat then listens to 80 and 80,802 ports at the same time.
Subsequent steps are performed in the context of the Tomcat account.
3 installing JDK and Tomcat with Tomcat user Green
Tomcat really is very concise, belongs to the pure green software, download directly down the decompression is complete installation. A little configuration can be executed smoothly, detailed configuration steps to see the $catalina_home/running.txt file, said very clearly. The rationale is that Tomcat has done a script bin/catalina.sh that controls start and stop. The only prerequisite for this script to execute smoothly is to know the JDK installation path. Tomcat officially recommends creating a new bin/setevn.sh file and setting the environment variable to java_home. Because the setenv.sh is actively read in the catalina.sh file itself. The startup script will voluntarily set CLASSPATH and other environment variables, such as Catalina_home, according to Java_home. No direct user participation is required.
It can then be started by bin/catalina.sh start. Disable Tomcat by bin/catalina.sh stop.
Centos7+tomcat Production System Deployment