Two boot modes for TOMCAT 9.0 7 and Web page management

Project Environment

系统平台：CentOS Linux release 7.4.1708 (Core)       内核  3.10.0-693.el7.x86_64   最小化安装

Configuring the JDK Environment

Go to Oracle website to download components that meet your project requirements Java SE development Kit 8u162

http://download.oracle.com/otn-pub/java/jdk/8u162-b12/0da788060d494f5095bf8624735fa2f1/jdk-8u162-linux-x64.tar.gz

# cd /usr/local/# tar xvf jdk-8u162-linux-x64.tar.gz -C /usr/local/# ln -sv jdk1.8.0_162/ javajdk# vim /etc/profile.d/java.shexport JAVA_HOME=/usr/local/javajdkexport PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATHexport CLASSPATH=$JAVA_HOME/lib:$JAVA_HOME/jre/lib# source /etc/profile.d/java.sh# java -versionjava version "1.8.0_162"

Configure Tomcat to download the appropriate version on the website

https://tomcat.apache.org/

http://apache.mirrors.pair.com/tomcat/tomcat-9/v9.0.7/bin/apache-tomcat-9.0.7.tar.gz# tar xvf apache-tomcat-9.0.7.tar.gz -C /usr/local/# cd /usr/local/# mv apache-tomcat-9.0.7/ tomcat-9.0.7# ln -sv tomcat-9.0.7/ tomcat

Configuring the Tomcat environment variable

# vim /etc/profile.d/tomcat.shexport CATALINA_BASE=/usr/local/tomcatexport PATH=$CATALINA_BASE/bin:$PATH

Configure Tomcat boot method one: through catalina.sh

Call $catalina_home/bin/startup.sh directly to start Tomcat, call $catalina_home/bin/shutdown.sh to close Tomcat

The Tomcat process is opened and maintained by the root user and is considered a defect from a security standpoint.

# vim /usr/local/tomcat/bin/catalina.sh在第二行写入JAVA_HOME=/usr/local/javajdkCATALINA_BASE=/usr/local/tomcat# echo "/usr/local/tomcat/bin/catalina.sh start" >> /etc/rc.local# chmod +x /etc/rc.local  > 这一步很重要

Method Two: To be transported by daemon mode

Running Tomcat in a daemon manner allows Tomcat to be unaffected by the terminal and will not stop because it exits the terminal. You can have Tomcat run as a normal user, allowing Tomcat to be shipped automatically when the system starts.

JSVC is a toolkit developed specifically for Java applications, and the goal is to convert the normal run of Java applications to run as a UNIX daemon. This makes it easy to start/stop the application.

In the directory where Tomcat is installed bin/commons-daemon-native.tar.gz or http://commons.apache.org/proper/commons-daemon/download_daemon.cgi

# cd /usr/local/tomcat-9.0.7/bin/# tar xvf commons-daemon-native.tar.gz# cd commons-daemon-1.1.0-native-src/unix/# ./configure# make# cp jsvc /usr/local/tomcat/bin/

Create a Tomcat user

# useradd -r -s /sbin/nologin tomcat# chown -R tomcat /usr/local/tomcat/

Configuring scripts that use Systemd startup mode

# vim /usr/lib/systemd/system/tomcat.service[Unit]Description=Apache Tomcat Web Application ContainerAfter=syslog.target network.target[Service]Type=forkingEnvironmentFile=/usr/local/tomcat/conf/tomcat.confExecStart=/usr/local/tomcat/bin/daemon.sh startExecStop=/usr/local/tomcat/bin/daemon.sh stopSuccessExitStatus=143User=tomcatGroup=tomcat[Install]WantedBy=multi-user.target参数配置文件# vim /usr/local/tomcat/conf/tomcat.confJAVA_HOME="/usr/local/javajdk"CATALINA_BASE="/usr/local/tomcat"CATALINA_HOME="/usr/local/tomcat"TOMCAT_USER="tomcat"#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"  > 调优使用之后可以使用以下方式管理了# systemctl status tomcat       状态# systemctl start tomcat        启动# systemctl stop tomcat         停止可以看到是以jsvc进行运行# ss -nltp|grep 8080LISTEN     0      100         :::8080                    :::*                   users:(("jsvc",pid=2953,fd=49))

Configuring Tomcat Web Management

# cd /usr/local/tomcat/conf/# cp tomcat-users.xml{,.bak}# vim tomcat-users.xml

Role definitions 1, Server Status

View read-only server status

2. Manager App

Manage apps, including start, stop, Reload, Undeploy, and configure session expiration time for the war package service

The following role functions need to be turned on

manager-gui     允许访问html接口(即URL路径为/manager/html/*)manager-script  允许访问纯文本接口(即URL路径为/manager/text/*)manager-jmx     允许访问JMX代理接口(即URL路径为/manager/jmxproxy/*)manager-status  允许访问Tomcat只读状态页面(即URL路径为/manager/status/*)

3. Host Manager

Managing and configuring the Tomcat server

The following role functions need to be turned on

manager-gui     允许访问html接口(即URL路径为/manager/html/*)admin-gui       允许访问html接口admin-script    允许访问纯文本接口

###

4 major Roles 5 functions are defined in the following format:

<role rolename="admin-gui"/><role rolename="manager-gui"/><role rolename="manager-script"/><role rolename="manager-jmx"/><role rolename="manager-status"/>

Add the user name and password format, and grant access to the role as follows

<user username="用户名" password="密码" roles="这里是角色如：admin-gui,manager-gui"/><user username="tomcat" password="123abc" roles="admin-gui,manager-gui"/>

In addition to password restrictions, you can add or restrict access to the manager Web application by adding or restricting the host, especially on the public network. Reference URL Https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Remote_Address_Filter

以下2行看需要设置# vim /usr/local/tomcat/webapps/manager/META-INF/context.xml# vim /usr/local/tomcat/webapps/host-manager/META-INF/context.xml添加允许访问的IP范围，否则只能本机访问<Context antiResourceLocking="false" privileged="true" >  <Valve className="org.apache.catalina.valves.RemoteAddrValve"         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192\.168\.10\.\d+" />  <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/></Context>

Modify the file size that Tomcat allows to upload

Unit is byte

    <multipart-config>      <!-- 50MB max -->      <max-file-size>52428800</max-file-size>      <max-request-size>52428800</max-request-size>      <file-size-threshold>0</file-size-threshold>    </multipart-config>

The above configuration requires a restart of the Tomcat service to take effect

Two boot modes for TOMCAT 9.0 7 and Web page management