Deploying a production environment under Centos6.3 using Tomcat-6.0.43 non-root users

First, install Tomcat

Download Link:

Http://mirrors.cnnic.cn/apache/tomcat/tomcat-6/v6.0.43/bin/apache-tomcat-6.0.43.zip

Http://apache.fayea.com/tomcat/tomcat-7/v7.0.57/bin/apache-tomcat-7.0.57.zip

Http://apache.fayea.com/tomcat/tomcat-8/v8.0.15/bin/apache-tomcat-8.0.15.zip

1. Upload the downloaded Tomcat package, unzip and copy it to the directory you need to install, and create a new soft link to the Tomcat directory.

Unzip apache-tomcat-6.0. . Zip  CP  -R apache-tomcat-6.0.    /usr/local/tomcat-6.0.  /usr/local/tomcat-LN-S 6.0.    /user/local/tomcat

2. The new Tomcat user is used to start Tomcat, primarily from security considerations, after all, root user permissions are too large,,,

# Groupadd Tomcat   -s/bin/bash-G Tomcat Tomcat #添加tomcat用户到tomcat用户组 #
chown -R tomcat:tomcat/usr/local/Tomcat #设置目录权限 #

3. Add a random startup script

VI /etc/rc.local

Add the following on the last side:

----------------------------------------------------------------

# tomcat Random Start command (SU space Tomcat space-C space ' path ')

su ' /usr/local/tomcat/bin/startup.sh '  su'/usr/local/tomcat/bin/catalina.sh start'  #也可

---------------------------------------------------------------

Reboot try, JSP with root boot unsafe problem solved.

# su ' /usr/local/tomcat/bin/shutdown.sh '  #tomcat Stop the command.
# su-tomcat-c '/usr/local/tomcat/bin/catalina.sh stop '  #也可

Second, port forwarding

The non-root user does not actually have permission to bind Port 80. Under Linux, ports below 1024 are root-specific,

When Tomcat is installed by default with user Tomcat, the port is changed to Gen

will produce an error: Java.net.BindException:Permission denied:80.

The workaround is (two types):
1. Modify the port of the application, consider the deployment of more applications, abandon this fairly simple approach.
2.Iptables Port Forwarding function
The first step is to change the Tomcat port (Server.xml) back from 80 to 8080.
In the second step, 80 to 8080 forwarding is implemented via the Iptables port, and the command is:

 the 8080 # service Iptables save# service iptables Restart

In this way, the user accesses port 80 and port 8080 in fact to 8080 ports.

Iii. increase View TOMCA Run status script

VI /usr/local/tomcat/bin/catalina. SH

Add an else judgment to the else code snippet about 475 rows or so

 elif[" $"="version"] ; Then      "$_runjava"   -classpath"$CATALINA _home/lib/catalina.jar"  Org.apache.catalina.util.ServerInfo elif[" $"="Status"] ; Then      PSAx--width= +|grep "[O]rg.apache.catalina.startup.bootstrap Start"|awk '{printf $ "}'|WC|awk '{print $}'>/tmp/Tomcat_process_count.txtRead Line </tmp/Tomcat_process_count.txt     if[$line-GT0]; Then         Echo-N"TOMCATD (PID"         PSAx--width= +|grep "[O]rg.apache.catalina.startup.bootstrapStart"awk ' {printf $" "} '         Echo ") is running ..."     Else         Echo "Tomcat is stopped"     fi Else

OK, so you can see Tomcat running status, if your SH script is good, you can add a restart command restart.

Iv. increase tomcat running memory to prevent program reporting anomalies [java.lang.OutOfMemoryError:PermGen space]

VI /usr/local/tomcat/bin/catalina. SH

At the beginning of the script execution, set the following configuration:

java_opts= "-server-xms2048m-xmx2048m-xss1024x768k-xx:permsize=m-xx: maxnewsize=m-xx:maxpermsize=1024x768m-djava.awt.headless=true "

The red font should be increased or decreased as appropriate, depending on the actual configuration of your server.

Reference:

Http://www.linuxidc.com/Linux/2012-09/70481.htm

Http://www.cnblogs.com/ebs-blog/archive/2010/10/14/2167288.html

http://blog.csdn.net/cnfixit/article/details/7030666

http://blog.csdn.net/wuyigong111/article/details/17410661

Http://wenku.baidu.com/link?url=yZXEqZFAG4WNVhiAOoh4uHy_eQ5FV3JSiNPRa9zbAZ1Wj3hNS6h2upCv0TgCqAcJnqNnxqAf5nRpYD _5r_-4jjra4mdnkqqzwuvwg4gambg

Deploying a production environment under Centos6.3 using Tomcat-6.0.43 non-root users