Shulou(Shulou.com)06/03 Report--

Tomcat server is a free open source web application server, which is a lightweight application server. It is widely used in small and medium-sized systems and not many concurrent users. It is the first choice for developing and testing JSP programs. Generally speaking, although Tomcat is the same as apache or Nginx web servers, it has the function of dealing with HTML pages, but its ability to deal with static pages is far less than apache or Nginx, so Tomcat generally runs on the back end as a servlet and JSP container.

For more information about the directory and configuration files of Tomcat, please refer to the official website: https://tomcat.apache.org/

First, deploy Tomcat

Preparatory work:

One centos7.3 server

Download the required software package: https://pan.baidu.com/s/1Meys8bsvBsdwVUYak9srKQ

Extraction code: 5bic

1. Start deployment:

[root@tomcat /] # rpm-qa | grep jdk # detect the jdk environment copy-jdk-configs-1.2-1.el7.noarchjava-1.8.0-openjdk-headless-1.8.0.102-4.b14.el7.x86_64java-1.8.0-openjdk-1.8.0.102-4.b14.el7.x86_64java-1.7.0-openjdk-1.7.0.111-2.6.7 installed by rpm .8.el7.x86 _ 64java-1.7.0-openjdk-headless-1.7.0.111-2.6.7.8.el7.x86_64# uninstall the package with headless [root@tomcat /] # rpm-e-- nodeps java-1.8.0-openjdk-headless-1.8.0.102-4.b14.el7.x86_64 # uninstall both versions [root@tomcat /] # rpm-e-- Nodeps java-1.7.0-openjdk-headless-1.7.0.111-2.6.7.8.el7.x86_64 [root@tomcat /] # mkdir tomcat [root@tomcat /] # cd tomcat/ [root@tomcat tomcat] # rz # xshell environment directly upload the required software package [root@tomcat tomcat] # lsapache-tomcat-8.5.35.tar.gz jdk-8u211-linux-x64.tar.gz tomcat monitoring page .txt [root @ tomcat tomcat] # tar zxf jdk-8u211-linux-x64.tar.gz-C / usr/local/ # extract the jdk package to the specified directory [root@tomcat tomcat] # tar zxf apache-tomcat-8.5.35.tar.gz # extract the Tomcat source package [root@tomcat tomcat] # mv apache-tomcat-8.5.35 / usr/local/tomcat # move the Tomcat to the specified path and modify the directory name Edit environment variables for Tomcat [root@tomcat tomcat] # vim / etc/profile # Add the following lines at the end of the file. / / omit part of the content export JAVA_HOME=/usr/local/jdk1.8.0_211export JRE_HOME=/usr/local/jdk1.8.0_211/jreexport CLASSPATH=$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jarexport PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH [root@tomcat tomcat] #. / etc/profile # execute to make it effective [root@tomcat /] # java-version # View Java version Make sure that java version "1.8.0211" Java (TM) SE Runtime Environment (build 1.8.0_211-b12) Java HotSpot (TM) 64-Bit Server VM (build 25.211-b12) has been installed successfully Mixed mode) [root@tomcat /] # / usr/local/tomcat/bin/startup.sh # start the Tomcat service Using CATALINA_BASE: / usr/local/tomcatUsing CATALINA_HOME: / usr/local/tomcatUsing CATALINA_TMPDIR: / usr/local/tomcat/tempUsing JRE_HOME: / usr/local/jdk1.8.0_211/jreUsing CLASSPATH: / usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat / bin/tomcat-juli.jarTomcat started. [root@tomcat /] # netstat-anput | grep 8080 # check whether the port is listening properly tcp6 0 0:: 8080: * LISTEN 3712/java

You can use the client to access the Tomcat server IP+8080 port and you can see the following page:

Define multiple instances of Tomcat

The so-called multi-instance means that multiple Tomcat services are running on one server, so it should be noted that when defining multiple instances of Tomcat, port conflicts must not occur.

[root@tomcat local] # cp-r tomcat tomcat2 # make a copy of the Tomcat [root@tomcat local] # vim tomcat2/conf/server.xml # Edit the copied Tomcat master configuration file # all port numbers of the configuration file need to be modified except those with comments, # as long as the configuration item contains "port" and is followed by a number All port numbers # can be changed according to the circumstances [root@tomcat local] # / usr/local/tomcat2/bin/startup.sh # launch copy TomcatUsing CATALINA_BASE: / usr/local/tomcat2Using CATALINA_HOME: / usr/local/tomcat2Using CATALINA_TMPDIR: / usr/local/tomcat2/tempUsing JRE_HOME: / usr/local/jdk1.8.0_211/jreUsing CLASSPATH: / usr/local / tomcat2/bin/bootstrap.jar:/usr/local/tomcat2/bin/tomcat-juli.jarTomcat started. [root@tomcat local] # netstat-anput | grep 8081 # see that tcp6 0 0:: 8081: * LISTEN 3936/java has started listening

You can use the client to access the Tomcat server IP+8081 port, and you can see the following page (the same page as the Tomcat directory before it was completely copied):

Configure Tomcat custom directory

[root@tomcat /] # mkdir-p / data/project # create a custom site root [root@tomcat /] # echo aaa > / data/project/index1.jsp # Edit two test pages [root@tomcat /] # echo bbb > / data/project/index2.jsp [root@tomcat /] # vim / usr/local/tomcat/conf/server.xml # to edit the main configuration file. / / omit part of the content. # find the Host element and add the following tag # another way to write the tag is # the configuration added above is explained as follows: # Path: indicate the path to access by the client; # docBase: specify the path where the web page is stored; # Debug: specify a debug level of 0, with the least output information, and 9 provide the most information; # reloadable: when true means that the web.xml file is automatically loaded when there are changes, there is no need to restart the service. # CorssContext: when true, different context share a session (session pool). [root@tomcat /] # / usr/local/tomcat/bin/shutdown.sh # execute these two commands to restart the service to make the configuration effective [root@tomcat /] # / usr/local/tomcat/bin/startup.sh

Access https://192.168.171.134:8080/shop/index1.jsp authentication

Access https://192.168.171.134:8080/shop/index2.jsp authentication

4. Enable Tomcat directory traversal

In apache or Nginx, their directory traversal is on by default, while the Tomcat service, whose directory traversal is off by default, in some cases, we need to turn on its directory traversal function

If you directly visit 192.168.171.134:8080/shop/ for testing, you will get an error of 404:

Enable the traversal function of tomcat:

[root@tomcat /] # vim / usr/local/tomcat/conf/web.xml. / / omit part of the content listings true # search false, find this line, change false to true, then [root@tomcat /] # / usr/local/tomcat/bin/shutdown.sh # restart tomcat to make the configuration take effect [root@tomcat /] # / usr/local/tomcat/bin/startup.sh

Revisit 192.168.171.134:8080/shop/ for testing:

5. Tomcat configure https

[root@tomcat /] # keytool-genkey-v-alias tomcat-keyalg RSA-keystore / usr/local/tomcat/conf/tomcat.eystore-validity 36500 # obtain the certificate Enter keystore password: # fill in the key Re-enter new password: What is your first and last name? # what is your last name and first name? [Unknown]: zyzWhat is the name of your organizational unit? # what is the name of your organizational unit? [Unknown]: hhWhat is the name of your organization? # what is the name of your organization? [Unknown]: testWhat is the name of your City or Locality? # what is the name of your city or region? [Unknown]: bjWhat is the name of your State or Province? # what is the name of your state or province? [Unknown]: what is the country code of the unit bjWhat is the two-letter country code for this unit? [Unknown]: cnIs CN=zyz, OU=, O=test, L=bj, ST=bj, C=cn correct? # are you sure? [no]: yGenerating 2048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 36 RETURN if same as keystore password 50 days for: CN=zyz, OU=, O=test, L=bj, ST=bj, C=cnEnter key password for (RETURN if same as keystore password): # enter directly [Storing / usr/local/tomcat/conf/tomcat.keystore] [root@tomcat /] # vim / usr/local/tomcat/conf/server.xml. / / omit part # add the following to the service element # specify key [root@tomcat /] # / usr/local/tomcat/bin/shutdown.sh # restart the service to make the configuration effective [root@tomcat /] # / usr/local/tomcat/bin/startup.sh [root@tomcat /] # netstat-anput | grep 443 # check whether the port listens to tcp6 0 0: 443: * LISTEN 4795/java

Visit https://192.168.171.134 to verify:

Use Tomcat to monitor the use of JVM virtual machine resources in real time

[root@tomcat /] # vim / usr/local/tomcat/conf/server.xml # zai host element add the following content [root@tomcat /] # mkdir-p / data/jiankong # to create the test site root directory [root@tomcat /] # vim / data/jiankong/index.jsp # Edit the test file [root@tomcat /] # / usr / local/tomcat/bin/shutdown.sh # restart the service to make the configuration effective [root@tomcat /] # / usr/local/tomcat/bin/startup.sh

Access http://192.168.171.134:8080/jiankong/ authentication:

7. Enable JMX remote debugging function

[root@tomcat /] # vim / usr/local/tomcat/bin/catalina.sh # Edit this file Jump to line 306 export JDK_JAVA_OPTIONS # and add the following below this line: CATALINA_OPTS= "$CATALINA_OPTS-Dcom.sun.management.jmxremote-Dcom.sun.management.jmxremote.port=8888-Dcom.sun.management.jmxremote.ssl=false-Dcom.sun.management.jmxremote.authenticate=true" [root@tomcat /] # cd / usr/local/jdk1.8.0_211/jre/lib/management/ [root @ tomcat management] # cp jmxremote.password. Template jmxremote.password [root@tomcat management] # vim jmxremote.password# jump to the last line to add the following content zyz 123.com# because it is a read-only file That's why we need wq! Force save exit [root@tomcat management] # vim jmxremote.access # add the following content on the last line: zyz readwrite\ create javax.management.monitor.*,javax.management.timer.*\ unregister [root@tomcat management] # chmod 600 jmxremote.password jmxremote.access # its permission must be changed to 600 Otherwise, it will fail [root@tomcat management] # / usr/local/tomcat/bin/shutdown.sh # restart the service to make the configuration effective [root@tomcat management] # / usr/local/tomcat/bin/startup.sh [root@tomcat /] #. / etc/profile # execute refresh variable [root@tomcat /] # jconsole # execute this command

To verify its remote debugging function, because it needs graphical support, it needs to enter its graphical desktop environment. The following operations cannot be done on xshell:

Then click as follows:

Then you can see the following interface, which shows the usage of the JVM virtual machine:

8. Open the mangent management page

1. When accessing the default interface of Tomcat, there is a "Manager App" box, as follows:

2. After clicking to enter, you will see the following 403 error page. We need to copy the code it prompts:

This error page has clearly written the reason and how to configure it.

3. Configure and open its manager management page:

[root@tomcat /] # vim / usr/local/tomcat/conf/tomcat-users.xml # add the following two lines at the end # this line ends without writing [root@tomcat /] # vim / usr/local/tomcat/webapps/manager/META-INF/context.xml # add the allowed access IP after "allow=" above Divide [root@tomcat /] # / usr/local/tomcat/bin/shutdown.sh [root@tomcat /] # / usr/local/tomcat/bin/startup.sh with the pipe character "|"

Client authentication:

Click again to prompt for the password:

4. On the drop-down page, you can add a custom directory through the war package:

Prepare the war package

[root@tomcat test] # cat index.jsp testtesttesttesttesttest. [root@tomcat test] # jar-cvf test.war index.jsp added manifestadding: index.jsp (in = 80) (out= 10) (deflated 87%)

In the web graphical interface, add the war package:

The client can access TomcatIP+8080 port + / test for access testing, and its content is the content of the war package we have done, as follows:

9. Open the host-mangent management page

[root@tomcat /] # vim / usr/local/tomcat/conf/tomcat-users.xml. / / add the following two lines [root@tomcat /] # vim / usr/local/tomcat/webapps/host-manager/META-INF/context.xml at the end and add allowed IP after allow to be separated by "|"

Client authentication:

10. Cutting the running log of Tomcat

Cronolog is a third-party log cutting tool, which is more convenient and fast, and is a powerful tool for log cutting. This third-party tool is used here.

[root@tomcat tomcat] # tar zxf cronolog-1.6.2.tar.gz # unpack [root@tomcat tomcat] # cd cronolog-1.6.2/ [root@tomcat cronolog-1.6.2] #. / configure & & make & & make install # compile and install [root@tomcat cronolog-1.6.2] # which cronolog # to ensure that the command cronolog / usr/local/sbin/cronolog [root] can be found @ tomcat cronolog-1.6.2] # vim / usr/local/tomcat/bin/catalina.sh # Edit this file to search for touch and comment out: # touch "$CATALINA_OUT" jump to line 470 or so to modify org.apache.catalina.startup.Bootstrap "$@" start 2 > & 1 | / usr/local/sbin/cronolog / usr/local/tomcat/logs/test.%Y-%m-%d.out > > / dev/null & comment out: # > > "$CATALINA_OUT" 2 > & 1 "&" [root@tomcat cronolog-1.6.2] # / usr/local/tomcat/bin/shutdown.sh # restart Verification [root@tomcat cronolog-1.6.2] # / usr/local/tomcat/bin/startup.sh [root@tomcat logs] # ls # make sure there is test.2020-01-12.outcatalina.2020-01-12.log localhost.2020-01-12. Log test.2020-01-12.outcatalina.out localhost_access_log.2020-01-12.txthost-manager.2020-01-12.log manager.2020-01-12.log

Define the page returned by Tomcat 404 error

By default, when the client accesses a directory that does not exist on the Tomcat server, it will prompt an error of 404 and display the version information of our Tomcat, which is taboo. The error page returned by default is as follows:

The solution is to redirect the 404 status code so that we can customize the page information returned as follows:

[root@tomcat logs] # cat/ usr/local/tomcat/webapps/ROOT/error.jsp Access Error... [root@tomcat logs] # vim / usr/local/tomcat/conf/web.xml version= "3.1" > # add the following content near line 22: 404/error.jsp [root@tomcat /] # / usr/local/tomcat/bin/shutdown.sh # restart verification [root@tomcat /] # / usr/local/tomcat/bin/startup.sh

Visit a page that does not exist again to verify:

Memory optimization of Tomcat

[root@tomcat ~] # vim / usr/local/tomcat/bin/catalina.sh # Edit this file #! / bin/sh # add the following content JAVA_OPTS= "- Dfile.encoding=UTF-8-server-Xms1023M-Xmx1024M-XX:NewSize=512M-XX:MaxNewSize=1020M-XX:NewRatio=2-XX:ParallelGCThreads=15-XX:+DisableExplicitGC" # below the first line, save and exit, and restart Tomcat. # you can use the previous real-time monitoring JVM virtual machine resources to view and verify # if the version before Tomcat 8.0, you can also add the following two configuration items, the version after 8.0 will be removed: #-XX:PermSize=256M#-XX:MaxPermSize=356M

The added configuration items are explained as follows:

-Xms: indicates the initial memory size of JVM, or the size of the Java initialization heap.-Xms is set to the same value as-Xmx to prevent JVM from repeatedly re-applying for memory, resulting in great ups and downs in performance. The default value is 1x64 of physical memory.

-Xmx: represents the maximum Java heap size. When the memory required by the application exceeds the maximum value of the heap, the virtual machine will prompt for a memory overflow and cause the application service to crash, so it is generally recommended that the maximum value of the heap be set to 80% of the maximum available memory.

-Xmn: set the minimum memory of JVM (128256 is enough, generally not set)

-XX:NewSize: sets the memory size of the new generation. In the new generation, the memory space allocated when the object is newly created, and the object is still not reclaimed after the garbage collector is collected by the garbage collector, the object will be moved to the old generation.

-XX:PermSize: sets the persistent memory size for storing static files, such as Java classes, methods, and so on. Persistent generation has no significant effect on garbage collection, but some should

With the possibility of dynamically generating or calling some class, the persistence zone is also known as the method zone, which stores the structural information of each java class: such as runtime constant pool, field and method data, bytecode contents of constructors and ordinary methods, and special methods used for initialization of classes, instances, interfaces, and other data, JDK8 has removed the persistent generation (PermGen Space) and replaced the metaspace (Metaspace). Metaspace consumes local memory and no longer consumes virtual machine memory.

-XX:MaxPermSize: set the maximum persistent generation memory size. Permanent generation does not belong to heap memory. Heap memory only contains the new generation and the old age.

-XX:NewRatio: change the ratio of the new space to the old space, meaning that the size of the new space is 1 / 8 of that of the old space (default is 8)

-XX:ParallelGCThreads can be used to increase parallelism, requiring multiple cpu

-XX:+DisableExplicitGC: turn off System.gc (), which is simply to turn off the memory recovery mechanism in java

XIII. Optimization of Tomcat thread pool

[root@tomcat /] # vim / usr/local/tomcat/conf/server.xml # Edit zh main configuration file # add the following below line 53

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.