摘要
通过文件配置tomcat的各项参数。
目录结构
/bin # 脚本文件目录。
/common/lib # 存放所有web项目都可以访问的公共jar包(使用Common类加载器加载)。
/conf # 存放配置文件,最重要的是server.xml。
/logs # 存放日志文件。
/server/webapps # 来管理Tomcat-web服务用的。仅对TOMCAT可见,对所有的WEB APP都不可见(使用Catalina类加载器加载)。
/shared/lib # 仅对所有WEB APP可见,对TOMCAT不可见(使用Shared类加载器加载)。
/temp # Tomcat运行时候存放临时文件用的。
/webapps # web应用发布目录。
/work # Tomcat把各种由jsp生成的servlet文件放在这个目录下。删除后,启动时会自动创建。
tomcat运行参数配置
配置内存大小
bin/catalina.sh 文件中的 JAVA_OPTS
安全配置
将
屏蔽后台管理入口
- 方法一:从控制用户和权限着手。废掉要管理权限的用户就可以了。
- 方法二:将conf/Catalina/localhost/manager.xml改名。
配置403,404,500错误页面 web.xml
<error-page>
<error-code>401</error-code>
<location>/401.jsp</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/404.jsp</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/500.jsp</location>
</error-page>
配置Log4j日志记录
- 将log4j-1.2.15.jar加入到common/lib目录。
- 将log4j.properties加入到common/classes目录。
# Output pattern : date [thread] priority category - message log4j.rootLogger=DEUBG, stdout, logfile log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=%d [%t] %-5p [%c] - %m%n log4j.appender.logfile=org.apache.log4j.DailyRollingFileAppender log4j.appender.logfile.File=${catalina.home}/logs/tomcat_app.log log4j.appender.logfile.layout=org.apache.log4j.PatternLayout log4j.appender.logfile.layout.ConversionPattern=%d [%t] %-5p [%c] - %m%n #3rd party library level log4j.logger.org.hibernate.cache=ERROR
tomcat配置文件
vi /opt/tomcat/conf/server.xml # 主要的配置文件。
<Server port="8005" <!-- port:指定的端口负责监听关闭tomcat的请求。-->
shutdown="SHUTDOWN"> <!-- shutdown:指定向端口发送的命令字符串。 -->
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina"> # 指定service的名字。
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" # Tomcat使用线程来处理接收的每个请求。 这个值表示Tomcat可创建的最大的线程数。
maxSpareThreads="" # 一旦创建的线程超过这个值,Tomcat就会关闭不再需要的socket线程。
minSpareThreads="4"/> # Tomcat初始化时创建的线程数。
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector port="8080"
protocol="HTTP/1.1" connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" # 指定服务器端要创建的端口号,并在这个断口监听来自客户端的请求。 protocol="HTTP/1.1"
connectionTimeout="20000" # 指定超时的时间数(以毫秒为单位)。
redirectPort="8443" /> # 指定服务器正在处理http请求时收到了一个SSL传输请求后重定向的端口号。
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation. The default
SSLImplementation will depend on the presence of the APR/native
library and the useOpenSSL attribute of the
AprLifecycleListener.
Either JSSE or OpenSSL style configuration may be used regardless of
the SSLImplementation selected. JSSE style configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" # Tomcat使用线程来处理接收的每个请求。 这个值表示Tomcat可创建的最大的线程数。
SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>
</Connector>
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation which always uses
OpenSSL for TLS.
Either JSSE or OpenSSL style configuration may be used. OpenSSL style
configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
certificateFile="conf/localhost-rsa-cert.pem"
certificateChainFile="conf/localhost-rsa-chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine <!-- 表示指定service中的请求处理机,接收和处理来自Connector的请求的标签 -->
name="Catalina" defaultHost="localhost"> <!-- 指定缺省的处理请求的主机名,它至少与其中的一个host元素的name属性值是一样的。-->
<!-- For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host <!-- 表示一个虚拟主机的标签 -->
name="localhost" <!-- 指定主机名。 -->
appBase="webapps" <!-- 应用程序基本目录,即存放应用程序的目录。-->
unpackWARs="true" <!-- 如果为true,则tomcat会自动将WAR文件解压,否则不解压,直接从WAR文件中运行应用程序。-->
autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" <!-- 指定log文件存放的位置。-->
prefix="localhost_access_log" <!-- 指定log文件的前缀。-->
suffix=".txt" <!-- 指定log文件的后缀。-->
pattern="%h %l %u %t "%r" %s %b" /> <!-- 有两个值,common方式记录远程主机名或ip地址,用户名,日期, 第一行请求的字符串,HTTP响应代码,发送的字节数。 combined方式比common方式记录的值更多。-->
</Host>
</Engine>
</Service>
</Server>
web.xml # 缺省的web app配置,WEB-INF/web.xml会覆盖该配置。
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
context.xml # 不清楚跟server.xml里面的context是否有关系。
<Context>
<!-- Default set of monitored resources. If one of these changes, the -->
<!-- web application will be reloaded. -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
<!-- Uncomment this to disable session persistence across Tomcat restarts -->
<!--
<Manager pathname="" />
-->
</Context>
tomcat-users.xml # 角色和用户配置 角色可查看管理页面
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="<must-be-changed>" roles="tomcat"/>
<user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
<user username="role1" password="<must-be-changed>" roles="role1"/>
但是tomcat8.5 更改之后,仍然访问拒绝。
vi /opt/tomcat/webapps/manager/META-INF/context.xml
TOMCAT多域名虚拟目录配置
<Host name="www.sipp.net" debug="0" appBase="/root/sipp" unpackWARs="true"
autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
<Context path="/" docBase="/root/sipp"></Context>
</Host>