in the previous section, we deployed Tomcat service, you can see that this service is really easy to deploy, but only if you want to learn the basics of the previous command. Today, I plan to give you a little bit more on the basis of the last section, to talk about the security and optimization of Tomcat service! Why don't we just set up the service so that we can do security and optimization? The theory is to deploy the service well, but for our servers to run more secure and more stable! It is necessary to do security optimization !
in the last section we know JDK is a Java Virtual Machines ( JVM ), since it is a virtual machine, then he has the concept of memory, in Java in the virtual machine they are memory, but the name is not the same, what is called? See below:
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7D/49/wKiom1bky37zM6GbAAChHaXbeKA912.png "title=" QQ picture 20160313092602.png "alt=" Wkiom1bky37zm6gbaachhaxbeka912.png "/>
JVM Optimization parameter name interpretation 650) this.width=650; "src=" Http://img.baidu.com/hi/ldw/w_0005.gif "alt=" w_0005.gif "/>
1. Method Area
also known as " permanent Generation", "non-heap" it is used to store virtual machine loaded class information, constants, static variables, is the memory area shared by each thread. The default minimum value is 16MBand themaximum value is 64MBto pass -xx:permsize and -xx: The MaxPermSize parameter limits the size of the method area.
2.java Heap
also calledGCHeap isJavaThe largest chunk of memory in memory managed by a virtual machine is also an area of memory shared by each thread,JVMcreated at startup. This memory area holds object instances and arrays.(AllNewthe Object). Its size by-xms (Minimum Value)and the-xmx (Maximum Value)parameter settings,-xmsto beJVMminimum memory requested at startup, default toof the operating system physical memory1/64but less than1G,-xmxto beJVMmaximum memory that can be requested, default to physical memory Quarterbut less than1GNote that in practice do not exceed4G,Danger! Greater than4GThere is a problem when garbage collection occurs.
3. Program Counter
It functions as the line number indicator of the bytecode executed by the current thread
4.java Stack
described is the Java method executes the memory model, the advantage is that the access speed is faster than the heap, only this registers, the stack data can be shared. Shortcomings lack flexibility. Default parameter, cannot move.
5. Local method Stack
is basically similar to a virtual machine stack, except that the virtual machine stack is performed for a virtual machine Java method Service, and the local method stack is the Native method Service.
Optimization reasons
JDK The default set of environment default parameters for the installation is for the development environment, not for the production environment, its memory and thread configuration, the default is very low, easy to become a performance bottleneck.
Optimized parameter configuration criteria
Configuring the Parameters
-xms Initial Heap Size
-xmx Maximum Heap Size
The general settings are: -xms=-xmx
The advantage is to avoid every GC , the heap size is adjusted to reduce system memory allocation.
Young generation
studies have shown that most of the objects are ephemeral, and are born with them. Therefore, for the young generation in the GC to take the replication collection algorithm;
the configuration method is: -xmn256m represents the young generation size
the configuration criteria are: his size is Xms Half of
Inside of him is divided into 3 Area:
a Eden , all new objects will exist in the the area
two x Survivor to implement the replication algorithm.
Eden The area is usually originally assigned to the place of the object, Survivor differentiated into S0 and the S1 Two areas of equal size.
Durable generation
configuration parameters are -xx:permsize Set Persistent Generations (Perm gen) Initial value
-xx:maxpermsize Set Persistent generation maximum value
the standard for configuring durable generations is -xx:permsize The value is equal to -xx:maxpermsize because persistent generations of adjustments can also cause heap memory to be triggered GC (garbage collection)
his role is to store Class,method meta-Information, one-version settings 128M is sufficient, the principle of setting is to reserve 30% of space.
JVM Memory Garbage collection ( GC )
GC He's a memory management mechanism . , JVM is to collect the garbage by some algorithms first.
The garbage collection algorithms are:
Reference counting algorithm
Based on the search algorithm
JVM garbage collection algorithm:
1. Copying Algorithms
2. tag Cleanup algorithm
3. Tag collation compression algorithm
The garbage collector is mainly used for the new generation and the old age.
The Common garbage collector has
Parallel
Parnew
Serial
Cms
Turn on the recycle device
-xx:+useparallelgc
Log format
-xx:parallelgcthreads=20-xloggc:/var/log/gc/gc_log "
This article is to understand the above diagram, and then everyone according to the graph in their own actual production environment to do the corresponding parameter configuration, the standard according to the above benchmark do it! is not also very simple Ah!
Here's a look at our Tomcat optimization 650) this.width=650; "src=" Http://img.baidu.com/hi/ldw/w_0032.gif "alt=" w_0032.gif "/>
Tomcat default parameters are developed for the development environment, not for production environments, especially memory and thread configurations, which are low by default and are prone to performance bottlenecks.
Optimization parameters in a detailed
1 . Change <serverport= "8005" shutdown= "shutdown" debug= "0" > label
<server port= "8050" shutdown= "AABB" debug= "0"; prevent hackers from scanning
2. change <connectorport= "8009" protocol= "ajp/1.3" redirectport= " 8443"/> label
<connector port= "8090" protocol= "ajp/1.3" redirectport= "8443"/> preventing hackers from invading
3. lowering the right to run Tomcat
Don't Root User Startup Tomcat
4. Change the site Directory
in the Server.xml under Add
<contextpath= "" docbase= "/home/webapps/sp2p_web" reloadable= "true" ></Context>
5. Delete The files under the default WebApp
This is to prevent the software from leaking
6. version information hiding
Modify Conf/web.xml, redirect 403 , 404 as well - and other error pages.
not in Tomcat In a Web project Web. XML in the configuration:
<!--403 No Access -
<error-page>
<error-code>403</error-code>
<location>/page/error/403.jsp</location>
</error-page>
<!--404 not found The resource accessed does not exist -
<error-page>
<error-code>404</error-code>
<location>/page/error/404.jsp</location>
</error-page>
<!-- Internal Server Error -
<error-page>
<error-code>500</error-code>
<location>/page/error/500.jsp</location>
</error-page>
7. disabling DNS queries
Modify Server.xml in the file Connector elements, modifying properties enablelookups parameter Values : enablelookups= "false"
8. Set the session Expiration Time
Conf\web.xml specified by parameters in:
<session-timeout>60</session-timeout>
9.APR plug-in improvement Tomcat Performance
Tomcat can use APR to provide superior scalability and performance for better integration of local server technologies .
Our actual production in accordance with the above standards for security optimization can be, note I here to remind you, when you on the real machine, consider the current local simulation environment to do a good test no problem in the configuration parameters moved to the real machine on the top! 650) this.width=650; "src=" Http://img.baidu.com/hi/ldw/w_0014.gif "alt=" W_0014.gif "/>
This article from "Lele Run" blog, please be sure to keep this source http://10851431.blog.51cto.com/10841431/1750468
Security and optimization of JVM and Tomcat under Linux