Tomcat Server.xml Configuration Detailed

Since Tomcat is based on Java, in fact the configuration methods in various Linux distributions are very much the same, but I see in the Arch Linux environment to build a Tomcat article less, so in the arch Linux practice once and then come to this article. This article assumes that you do not know much about Tomcat, and that the main text will be on Tomcat's configuration.

1. Install Java JDK

In the extra source of Arch Linux there are jdk7-openjdk and openjdk6, can be directly used Pacman installation, as to choose which one can be determined depending on the situation. I installed the OpenJDK 7:

$ sudo pacman-s jdk7-openjdk

2. Install Tomcat

Similarly, the extra source already has Tomcat version 5, 6, 7, depending on the situation, I am installing Tomcat 6 here.

$ sudo pacman-s tomcat6

By default, the Tomcat 6 installation path is/USR/SHARE/TOMCAT6, which lists the role of the main directory (the arrow indicates the actual location of the directory link):

• /USR/SHARE/TOMCAT6: The program home directory, which is also the location that the variable $CATALINA _home points to, in the case of a single Tomcat instance, is also the location where the variable $CATALINA _base.
• Conf-/etc/tomcat6: Configuration file directory.
• Lib-/usr/share/java/tomcat6: share the jar package directory, which is used both for Tomcat and for Web applications.
• Logs-/var/log/tomcat6: Log directory is helpful for finding errors and viewing access records.
• WebApps-/var/lib/tomcat6/webapps: The Default Web application directory, Tomcat 6 comes with several sample programs, which are described below.

You can now try to start the Tomcat service:

$ sudo/etc/rc.d/tomcat Start

Depending on the Java runtime being installed, there may be errors at startup, check the value of the Tomcat_java_home variable inside the configuration file of the startup script/etc/conf.d/tomcat6, and the Java runtime in my installation should be in/opt/java (with $ wh Ich java can be seen), so it will:

TOMCAT_JAVA_HOME=/USR/LIB/JVM/JAVA-7-OPENJDK change to the following: Tomcat_java_home=/opt/java

Restart the Tomcat service:

$ sudo/etc/rc.d/tomcat6 Restart

Generally there should be no problem, open any browser and enter "Http://localhost:8080″" in the Address bar, if you see the Tomcat that the service has been installed properly and can function properly.

3. Understanding the WebApps Catalogue

This directory is located under the installation directory of TOMCAT6 and the actual content is located in/var/lib/tomcat6/webapps. Each directory in the WebApps directory corresponds to a Web application, such as the access address of the Docs directory is Http://localhost:8080/docs, and the access address of the manager directory is http://localhost:8080/ Manager, where the more special is the root directory, the corresponding access address is exactly the root directory of the site, that is, http://localhost:8080/.

The sample program that comes with Tomcat can be accessed individually, where both the manager and Host-manager applications have settings that require login authentication to access, and the way to increase the logged-in user is to edit the configuration file under the Tomcat installation directory conf/ Tomcat-users.xml (actually also file/etc/tomcat6/tomcat-users.xml), add the following lines:

<role rolename= "Manager-gui"/><role rolename= "Admin-script"/><role rolename= "Admin-gui"/>< User Username= "Tomcat" password= "Tomcat" roles= "Manager-gui,admin-script,admin-gui"/>

Then restart the Tomcat service, which means you can log in with the username Tomcat and password tomcat and access the manager and Host-manager two applications.

Each Java Web application has the following directory structure :

• /index.html directly accessed by visitors, such as static images and CSS stylesheets.
• /web-inf/visitors cannot access the resources directly.
• The Java source code for the/web-inf/classes application is compiled with the class file.
• The configuration file for the/web-inf/web.xml application.
• /web-inf/lib the package referenced by the application.

Of course not all are necessary, you can even create a directory, such as "Hello", and then only create a index.html file inside (content casually), that can be accessed through http://localhost:8080/hello/index.html. (This is not a Web application, of course, this method is for testing purposes only)

Below, use Apache Maven to create a simple Web application that creates a skeleton of the Web application in the user directory by executing the following command:

$ MVN archetype:generate

In the interactive interface,

Choose a number or Apply filter: Enter 174, which is the creation of the Maven-archetype-webapp type project. Choose Version: Enter 5, which is version 1.0. Define value for property ' groupId ': Enter Org.test. Define value for property ' Artifactid ': Enter demo. Define value for property ' version ': Enter 1.0. Define value for the ' package ': Enter Org.test.demo Confirm Properties configuration: Direct carriage return

The above-mentioned MAVEN knowledge is not covered in this article, if unfamiliar, you can refer to the free Chinese e-book "Maven in Action", incidentally, Maven is one of the most common tools for building and managing Java projects.

You should now see a directory called demo, which you can then use to package your project with Maven:

$ CD Demo $ MVN Package

The result of the package is the file./target/demo.war, copy this file to the WebApps directory:

$ sudo cp target/demo.war/var/lib/tomcat6/webapps/

Since the site that Tomcat created by default automatically deploys the application, the file Demo.war that you just copied to the WebApps directory will be automatically decompressed, and the WebApps directory should find a directory with the name demo, which you can now try to access in the browser http:/ /localhost:8080/demo, you should see "Hello world!" This is the result of running the WEB application that you just created with Maven.

It is important to note that the war files formed after the Java Web application is packaged are not necessarily extracted to run, which will be described in the next section of the configuration.

4. Know the main configuration file of Tomcat Server.xml

This file is located within the Conf directory under the Tomcat 6 installation directory, and the actual content is located in/etc/tomcat6/server.xml.

As the file's extension shows, this is a file in XML format and you will see the following structure when you open it:

<server port= "8005" shutdown= "shutdown" >    <service name= "Catalina" >        <executor .../>        <connector .../> <connector ....        />        <engine name= "Catalina" ... >            
A four-storey structure composed of Server->service->engine->host->context , from the inner layer to the outer layers:

 
 

  
  
 
   
Context: A Web application, a context that is for a Web application.
 
   
Host: The virtual host, such as www.dog.com, corresponds to a virtual host, api.dog.com for another virtual host. A host is used to define a virtual host. (So-called "a virtual host " can be simply understood as "a website ")
 
   
Engine: A set of virtual hosts . For example, www.dog.com and api.dog.com can form a set of virtual host collections.
 
   
Service: A set of Engine collections , including the definition of thread pool Executor and connector Connector.
 
  
 
 
Configuration of the CONNECTOR
A Connector is a port open to the outside, a simple understanding is that most of the network service programs will encounter the Ipaddress:port combination, such as 192.168.0.10:8080 is a port, of course, Connector The content that can be defined in the Connector is much richer, that is, there are many attributes that can be added to this XML node. Here is a list of commonly used:

 
 

  
  

  
enablelookups: (default=true) whether to allow the reverse resolution of the guest's IP address , when your application uses Request.getremotehost () if only the IP address is required, Disabling this is recommended to save time in reverse domain name resolution.
  
  

  
maxpostsize: (default=2097152 is 2MB) the maximum allowable POST upload data size (in bytes), for the general web site, such as have written comments to write the article site, the default 2MB is enough, However, if the site has a picture or even file upload function, you need to depend on the specific situation.
  
  

  
protocol: The type of connector , Tomcat 6 has the following options 
   
 
    
Org.apache.coyote.http11.Http11Protocol: Abbreviated as "Http/1.1″, this is the default connector, a guest network connection requires a thread, and the concurrency performance is relatively low."
 
    
Org.apache.coyote.http11.Http11NioProtocol:NIO Connector, a non-blocking socket working mode connector, a good concurrency performance, pure Java implementation.
 
    
Org.apache.coyote.http11.Http11AprProtocol:APR Connector, the so-called APR is the Web service program used by the most servers on the network Apache Http server used by the library, Tomcat Recommended for use in production environments, as detailed below.
 
   
  
  

  
redirectport: When a user accesses a non-HTTPS resource and the resource requires HTTPS access, Tomcat automatically redirects to the HTTPS port, and typically HTTPS uses TCP 443 port, so the general value of "443 ″.
  
  

  
sslenabled: (default=false), sets whether the current connector uses secure SSL transport, if set to "true", you should set the following two properties: Scheme= "https" (default=http) can be set to HTTP or HTTPS. Secure= "true" (Default=false).
  
  

  
adress: The IP address that the connector is bound to, when there are multiple IP addresses for a server, you can specify one of the required bindings, and the default setting does not set the value of the property to all IP addresses that bind the current server.
  
  

  
Compressablemimetype: (default= "Text/html,text/xml,text/plain") specifies the type of resource that requires gzip compression.
  
  

  
compression: (Default=off) Whether gzip compression is enabled , you can take a value of On/off/force, set to on to enable gzip compression for the resource type specified by the Compressablemimetype property.
  
  

  
connectiontimeout: (default= "60000″) when the guest network is connected, the server waits for the first line of the request header to appear . The unit is in milliseconds.
  
  

  
Executor: Specifies the name of the thread pool used by the current connector and, if specified, ignores other settings for the number of threads, such as MaxThreads.
  
  

  
maxthreads: (default=200) The maximum number of threads that can be created.
  
  

  
port= "80″: Bind Port .
  
  

  
keepalivetimeout: (default=connectiontimeout) The time that a guest maintains a network connection after a request is completed.
 
 
A simple Connector definition is as follows:
<connector port= "protocol=" http/1.1 "               connectiontimeout=" 60000 "           redirectport=" 443 "/>
Configuration of the EXECUTOR
The Executor is used to define the shared thread pool. By default, each Connector produces its own thread pool, and if you want multiple Connector to share a thread pool, you can define a thread pool first, such as:
<executor name= "Tomcatthreadpool" nameprefix= "catalina-exec-" maxthreads= "4" minsparethreads=        
Then modify the above Connector configuration, add the Executor property, the modified configuration is as follows:
<connector executor= "Tomcatthreadpool"               port= "               " protocol= "http/1.1" connectiontimeout= "60000" redirectport= "443"/>
Configuration of HOST
A host configuration is a virtual host, such as the following is a simple host configuration:
The role of the Host configuration node's various properties:

 
  

  
   
 
    
Name: Set the domain name of the virtual host, such as localhost for the name of the machine, the actual application should fill in the specific domain name, such as www.dog.com or dog.com, of course, if the virtual host is for internal personnel access, you can also directly fill the server IP address, such as 192.168.1.10.
 
    
Autodeploy: If automatic deployment is allowed, the default value is true, which means that Tomcat automatically detects file changes under the AppBase directory and automatically applies to the running WEB application.
 
    
Unpackwars: Sets whether to automatically expand the war compression package before running the WEB application, the default value is true.
 
    
appBase: Sets the path to the WEB application group. As mentioned earlier, a virtual host can be made up of multiple Web applications, so the directory where appBase points to should be the directory that prepares the set of Web applications, not the directory itself for a particular Web application (even if the virtual host consists of only one Web application). The value of the AppBase property can be relative to the Tomcat installation directory, or it can be an absolute path, note that the path must be access by Tomcat, and that Tomcat installed through the Arch Linux source runs through the Tomcat user, thus creating a new AppBase directory, you can use the Chown command to change the owner of the directory.
 
   
 
  
The following example shows how to create a new virtual host www.dog.com:
Under Directory/var/lib/tomcat6, you can see the WebApps directory created by default when Tomcat is installed, and the documentation for managing the virtual hosts we are creating is also created in/VAR/LIB/TOMCAT6:
$ sudo mkdir dog
Then create the directory root in the dog directory and create the file index.html (content) in ROOT.
Now change the owner and all groups of the catalog to Tomcat:
$ sudo chown-r tomcat:tomcat dog
Then add the following host node under the host node of the Server.xml:
Restarting the TOMCAT service will allow you to access the newly created virtual host via address http://www.dog.com in your browser, and of course you must first add www.dog.com to 127.0.0.1 parsing records in the/etc/hosts file as follows:
127.0.0.1    www.dog.com
Sometimes a virtual host may bind multiple domain names at the same time, such as www.dog.com and dog.com, which can be implemented by adding an Alias in the host configuration node, such as:
<Alias>dog.com</Alias>
In the above example, <valve classname=./> Configures the location of the guest's access log and the file name.
Configuration of ENGINE
The default Engine node is as follows:
defaulthost= "localhost" ></Engine>
This should not be narrated, where Defaulthost is used to specify the name of the virtual host that Tomcat chooses by default when there is no corresponding virtual host. Consider the following scenario:
If there are 3 domains DNS resolution to your server, such as dog.com, Www.dog.com, api.dog.com, currently you only configure the virtual host dog.com and www.dog.com, then when there is a visitor through the api.dog.com When you access your server, TOMCAT returns the results of running one of the virtual hosts based on the settings of Defaulthost. The actual application of Defaulthost should be set as your main domain name, such as www.dog.com.
5. Multi-site configuration: Set up multiple host nodes
Sometimes we need to run multiple sites on a single server, which is easy to do with Tomcat, assuming we're going to build the two sites of Www.dog.com and www.cat.com.
First of all to determine that your two domain name DNS has been able to correctly resolve to your server, because here we are doing experiments, so you can add domain name resolution in this machine. To modify the/etc/hosts file, add the following two lines:
127.0.0.1    www.cat.com127.0.0.1    www.dog.com
Then, in the/var/lib/tomcat6 directory, create two directories named Cat and Dog, and then create a directory with the name root in each directory and create the name index.html file in ROOT (the content is random). Then change the owner and all groups of the catalog cat and dog to Tomcat, referring to the previous section, which is not mentioned here.
Now edit the Tomcat Master Profile Server.xml, and then add the following two new host nodes under the default host node:
In the Host node, you can add the attributes you want or Alias and Value child nodes according to the instructions in the previous section. Restart the Tomcat service and you should now be able to navigate through the two sites in the browser via http://www.dog.com and http://www.cat.com, respectively.
6. Using NIO connectors
The default connector concurrency performance is not very good, if the site's concurrent access is not a big deal, or in the corporate intranet this may not be realized (because the intranet may be completed within 1 seconds per request), when the environment is replaced by the Internet, It is possible that each client request will be transferred over a few seconds or even a few 10 seconds in the network, which will cause "many visitors to connect simultaneously" and, when all the threads of the Tomcat connector are occupied, the latter (the visitor) will be stuck outside the door. Therefore, it is best to change the default connector into a NIO connector (non blocking Java connector) in the real world. The method is simple, as long as you change the Protocol property value of the Connector node to "Org.apache.coyote.http11.Http11NioProtocol", such as the original:
<connector port= "protocol=" http/1.1 "redirectport=" 443 "/>"           
Modified to:
<connector port= "protocol=" Org.apache.coyote.http11.Http11NioProtocol "redirectport=" 443 "/>"           
Then restart the Tomcat server.
7. Add SSL Certificate for website
Sometimes the website may involve important business data, the transmission of these pages on the Internet is best to be transmitted over HTTPS, which prevents important information from being stolen by intermediate links.
The detailed method can refer to my previous article, "Add GoDaddy SSL certificate to your website", article describes how to request a signed SSL certificate and how to modify the configuration of Tomcat. If you're just trying to experiment with adding HTTPS to your site, or just using HTTPS on your company's internal Web site, you can use a simple method: Use a self-signed SSL certificate. The so-called self-signed SSL certificate is the certificate of its own, this certificate does not pass the third-party certificate signing certification, so when browsing this site browser will prompt the certificate error, but visitors can continue to browse the site content.
The following assumes that we are adding an SSL certificate for the www.dog.com in the previous section. First use the Java Keytool tool to generate a KeyStore file (a file format for storing certificates) and execute the following command in your home directory:
$ keytool-keysize 2048-genkey-alias tomcat-keyalg Rsa-keystore tomcat.keystore
It then prompts you to set a password and enter the DN information:
Enter keystore Password:  set up a password to protect your KeyStore file, for example 123456re-enter new password: Repeat the above password what's your first and last Nam E?  [Unknown]:  www.dog.com (is the domain name) what is the name of the Your organizational unit?  [Unknown]:  Networking organizational unit name (whatever) what is the name of your organization?  [Unknown]:  dog.com Organization name (whatever) what's the name of the your city or Locality?  [Unknown]:  Shenzhen City (whatever) what's the name of the your state or province?  [Unknown]:  Guangdong Province (whatever) what's the Two-letter country code for this unit?  [Unknown]:  CN country's two-digit code (casual) is cn=www.dog.com, ou=networking, o=dog.com, L=shenzhen, St=guangdong, C=CN correct?< C13/>[no]:  Yes the above information is correct input yesenter key password for    (RETURN if same as KeyStore password): This step directly hit enter
When finished, a Tomcat.keystore file is generated in the current directory. Copy this file to the root directory of the dog Web application (that is,/var/lib/tomcat6/dog):
$ sudo cp Tomcat.keystore/var/lib/tomcat6/dog
Then modify the Tomcat Master Profile Server.xml and add the following new Connector node under the default Connector node:
<connector port= "443" protocol= "Http/1.1″    sslenabled=" true "    scheme=" https "secure=" true "    Clientauth= "false" sslprotocol= "TLS"    keystorefile= "/var/lib/tomcat6/dog/tomcat.keystore"    keystorepass= " 123456 "/>
If you are using a NIO connector, you should change the value of the protocol attribute to Http11nioprotocol, which is:
<connector port= "443" protocol= "Http11nioprotocol″    sslenabled=" true "    scheme=" https "secure=" true "    Clientauth= "false" sslprotocol= "TLS"    keystorefile= "/var/lib/tomcat6/dog/tomcat.keystore"    keystorepass= " 123456 "/>
Restart the Tomcat service and use a browser to access the https://www.dog.com, the browser may prompt for a certificate error, ignore it (for the Firefox browser also need to click the "Add Exception" button to ignore), you can see that the HTTPS way to browse the Web.
8. Use APR high-performance connector
APR is Apache portable Runtime, which provides high performance features of Apache Http, simple comparison of the features of ordinary connectors, NiO and Apr below (excerpt from here):
                  Java Blocking Connector java Nio Blocking Connector APR Connector Classname HTTP1                       1Protocol http11nioprotocol http11aprprotocol Tomcat Version 3.x 4.x 5.x 6.x                        6.x 5.5.x 6.x support Polling NO YES YES Polling Size N/A unlimited-restricted by mem unlimited-configurable R EAD http Request Blocking Non Blocking Blocking Read http Body Blockin G-Sim Blocking Blocking Write HTTP Response Blocking Sim Bl Ocking Blocking SSL support Java SSL Java SSL Ope       Nssl SSL handshake Blocking Non Blocking Blocking Max Connections            MaxThreads       See polling size See polling size 
The Tomcat document is recommended between NIO and APR, because I have no physical environment (that is, a lot of access from the Internet) to test and compare in detail, so I'm not quite sure what the difference is. Here's how to use APR:
The installation method is simple by installing the APR for Tomcat local library and OpenSSL (if you need to use an SSL certificate and the system is not already installed), and the same is the case with the native source of the Arch Linux:
$ sudo pacman-s tomcat-native$ sudo pacman-s OpenSSL
Then modify the Tomcat Master Profile Server.xml, change the Connector protocol property value to "Org.apache.coyote.http11.Http11AprProtocol", the modified configuration is as follows:
<connector port= "protocol=" Org.apache.coyote.http11.Http11AprProtocol "redirectport=" 443 "/>"           
(Note: Retention of protocol= "Http/1.1″ attribute value is also possible)
Then restart the Tomcat service, how do you know if you are using the APR connector? Just check Tomcat's log file to find out, the default log file is:/var/log/tomcat6/catalina.err:
$ sudo tail/var/log/tomcat6/catalina.err
If you see the following red words appear at the end of the log after restarting the Tomcat service, you have successfully used the APR connector.
Feb, 9:44:05 AM org.apache.coyote.http11. http11aprprotocol start info:starting Coyote http/1.1 on http-80 Feb, 9:44:05 AM ORG.APACHE.COYOTE.HTTP1 1.http11aprprotocol start info:starting Coyote http/1.1 on http-443 Feb, 9:44:05 AM Org.apache.catalina. Startup. Catalina start Info:server startup in 1281 MS
If you use the APR connector and need to add an SSL certificate (that is, HTTPS access is required), you need to use OpenSSL to generate the encrypted private key and modify the corresponding Connector configuration, still in the 7th section of the example, the Www.dog.com site to add SSL certificate to explain.
First use OpenSSL to generate the private key and self-signed, in the home directory to execute the following command:
# Generate Private key$ OpenSSL genrsa-out ca.key 1024x768  # Generate csr$ OpenSSL req-new-key ca.key-out CA.CSR # Gen Erate Self signed key$ OpenSSL x509-req-days 365-in ca.csr-signkey ca.key-out ca.crt
Similar to the 7th section above, you will also be asked to enter the DN information, and then copy the CA.CRT and Ca.key files to the root directory of the dog site application:
$ sudo cp ca.crt/var/lib/tomcat6/dog$ sudo cp Ca.key/var/lib/tomcat6/dog
Then modify the Connector node as follows:
<connector port= "443" sslenabled= "true"           scheme= "https" secure= "true"           sslcertificatefile= "/var/lib/ Tomcat6/dog/ca.crt "           sslcertificatekeyfile="/var/lib/tomcat6/dog/ca.key "/>
Takes effect after restarting the Tomcat service.
At last
This article simply describes the methods and procedures for installing TOMCAT 6 in the Arch Linux environment, modifying the master profile, building multiple sites, adding SSL certificates, and using high-performance NIO and APR connectors.
From:http://www.cnblogs.com/gentoo/archive/2012/10/13/2722463.html
Tomcat Server.xml Configuration Detailed