Tomcat 基础安装与配置
Basic Installation and Configuration
概述
Apache Tomcat是一个开源的Java Servlet容器,实现了Java EE的Servlet和JSP规范。本文将详细介绍Tomcat的安装、基本配置和初始化设置。
1. 环境准备
1.1 Java环境安装
# Ubuntu/Debian 安装 OpenJDK
sudo apt update
sudo apt install openjdk-11-jdk
# CentOS/RHEL 安装 OpenJDK
sudo yum install java-11-openjdk-devel
# 验证Java安装
java -version
javac -version
# 设置JAVA_HOME环境变量
echo 'export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64' >> ~/.bashrc
echo 'export PATH=$JAVA_HOME/bin:$PATH' >> ~/.bashrc
source ~/.bashrc
1.2 系统要求检查
# 检查系统信息
uname -a
cat /etc/os-release
# 检查可用内存
free -h
# 检查磁盘空间
df -h
# 检查网络端口
netstat -tuln | grep -E ':(8080|8005|8009|8443)'
2. Tomcat安装
2.1 官方安装包安装
# 下载Tomcat 9.0.x
cd /opt
sudo wget https://downloads.apache.org/tomcat/tomcat-9/v9.0.80/bin/apache-tomcat-9.0.80.tar.gz
# 解压安装
sudo tar -xzf apache-tomcat-9.0.80.tar.gz
sudo mv apache-tomcat-9.0.80 tomcat9
sudo chown -R tomcat:tomcat /opt/tomcat9
# 创建tomcat用户
sudo useradd -r -m -U -d /opt/tomcat9 -s /bin/false tomcat
# 设置环境变量
sudo tee /etc/environment << EOF
JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64
CATALINA_HOME=/opt/tomcat9
CATALINA_BASE=/opt/tomcat9
EOF
2.2 包管理器安装
# Ubuntu/Debian
sudo apt update
sudo apt install tomcat9
# CentOS/RHEL (需要EPEL)
sudo yum install epel-release
sudo yum install tomcat
# 启动服务
sudo systemctl start tomcat9
sudo systemctl enable tomcat9
2.3 目录结构说明
$CATALINA_HOME/
├── bin/ # 启动脚本和工具
│ ├── startup.sh
│ ├── shutdown.sh
│ ├── catalina.sh
│ └── setenv.sh
├── conf/ # 配置文件
│ ├── server.xml
│ ├── web.xml
│ ├── context.xml
│ └── tomcat-users.xml
├── lib/ # 库文件
├── logs/ # 日志文件
├── temp/ # 临时文件
├── webapps/ # Web应用目录
│ ├── ROOT/
│ ├── manager/
│ └── examples/
└── work/ # 编译后的JSP和临时文件
3. 基础配置
3.1 创建管理用户
<!-- conf/tomcat-users.xml -->
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<!-- 定义角色 -->
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<!-- 创建管理员用户 -->
<user username="admin"
password="admin123"
roles="manager-gui,manager-script,admin-gui,admin-script"/>
<!-- 创建部署用户 -->
<user username="deployer"
password="deploy123"
roles="manager-script"/>
</tomcat-users>
3.2 基本服务器配置
<!-- conf/server.xml 关键配置 -->
<Server port="8005" shutdown="SHUTDOWN">
<!-- 全局JNDI资源 -->
<GlobalNamingResources>
<Resource name="UserDatabase"
auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- 服务定义 -->
<Service name="Catalina">
<!-- HTTP连接器 -->
<Connector port="8080"
protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
maxThreads="200"
minSpareThreads="10"
maxSpareThreads="75"
enableLookups="false"
compression="on"
compressionMinSize="2048"
compressibleMimeType="text/html,text/xml,text/css,text/javascript,application/javascript,application/json"/>
<!-- AJP连接器(用于与Apache集成) -->
<Connector port="8009"
protocol="AJP/1.3"
redirectPort="8443"
secretRequired="false"/>
<!-- 引擎配置 -->
<Engine name="Catalina" defaultHost="localhost">
<!-- 认证领域 -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<!-- 默认虚拟主机 -->
<Host name="localhost"
appBase="webapps"
unpackWARs="true"
autoDeploy="true">
<!-- 访问日志阀门 -->
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log"
suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
3.3 JVM参数配置
# 创建 setenv.sh 文件
sudo tee $CATALINA_HOME/bin/setenv.sh << 'EOF'
#!/bin/bash
# JVM内存设置
export CATALINA_OPTS="$CATALINA_OPTS -Xms512m"
export CATALINA_OPTS="$CATALINA_OPTS -Xmx2048m"
export CATALINA_OPTS="$CATALINA_OPTS -XX:MetaspaceSize=256m"
export CATALINA_OPTS="$CATALINA_OPTS -XX:MaxMetaspaceSize=512m"
# GC设置
export CATALINA_OPTS="$CATALINA_OPTS -XX:+UseG1GC"
export CATALINA_OPTS="$CATALINA_OPTS -XX:+UseStringDeduplication"
export CATALINA_OPTS="$CATALINA_OPTS -XX:+PrintGCDetails"
export CATALINA_OPTS="$CATALINA_OPTS -XX:+PrintGCTimeStamps"
export CATALINA_OPTS="$CATALINA_OPTS -Xloggc:$CATALINA_HOME/logs/gc.log"
# 远程调试(开发环境)
# export CATALINA_OPTS="$CATALINA_OPTS -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
# JMX监控
export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote"
export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote.port=9999"
export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote.authenticate=false"
export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote.ssl=false"
# 时区设置
export CATALINA_OPTS="$CATALINA_OPTS -Duser.timezone=Asia/Shanghai"
# 文件编码
export CATALINA_OPTS="$CATALINA_OPTS -Dfile.encoding=UTF-8"
EOF
# 设置执行权限
sudo chmod +x $CATALINA_HOME/bin/setenv.sh
4. 系统服务配置
4.1 创建Systemd服务
# 创建服务文件
sudo tee /etc/systemd/system/tomcat.service << 'EOF'
[Unit]
Description=Apache Tomcat Web Application Container
After=network.target
[Service]
Type=forking
Environment="JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64"
Environment="CATALINA_PID=/opt/tomcat9/temp/tomcat.pid"
Environment="CATALINA_HOME=/opt/tomcat9"
Environment="CATALINA_BASE=/opt/tomcat9"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat9/bin/startup.sh
ExecStop=/opt/tomcat9/bin/shutdown.sh
User=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always
[Install]
WantedBy=multi-user.target
EOF
# 重新加载systemd配置
sudo systemctl daemon-reload
# 启动并启用服务
sudo systemctl start tomcat
sudo systemctl enable tomcat
# 查看服务状态
sudo systemctl status tomcat
4.2 防火墙配置
# Ubuntu UFW
sudo ufw allow 8080/tcp
sudo ufw allow 8443/tcp
# CentOS firewalld
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --permanent --add-port=8443/tcp
sudo firewall-cmd --reload
# 查看开放端口
sudo netstat -tuln | grep -E ':(8080|8443)'
5. 初始化验证
5.1 基本功能测试
# 检查Tomcat进程
ps aux | grep tomcat
jps -l
# 检查端口监听
netstat -tuln | grep 8080
# 测试HTTP访问
curl -I http://localhost:8080/
curl http://localhost:8080/
# 检查日志
tail -f $CATALINA_HOME/logs/catalina.out
tail -f $CATALINA_HOME/logs/localhost_access_log.$(date +%Y-%m-%d).txt
5.2 管理界面访问
# 访问管理界面
curl -u admin:admin123 http://localhost:8080/manager/html
# 获取服务器状态
curl -u admin:admin123 http://localhost:8080/manager/text/serverinfo
# 列出应用
curl -u admin:admin123 http://localhost:8080/manager/text/list
5.3 性能测试
# 使用ab进行简单压力测试
ab -n 1000 -c 10 http://localhost:8080/
# 监控JVM内存使用
jstat -gc $(jps -l | grep org.apache.catalina.startup.Bootstrap | cut -d' ' -f1) 5s
6. 安全加固
6.1 移除默认应用
# 移除不需要的默认应用
sudo rm -rf $CATALINA_HOME/webapps/docs
sudo rm -rf $CATALINA_HOME/webapps/examples
sudo rm -rf $CATALINA_HOME/webapps/host-manager
# 保留ROOT和manager(可选)
# sudo rm -rf $CATALINA_HOME/webapps/ROOT
6.2 基本安全配置
<!-- 在 conf/server.xml 中添加安全配置 -->
<Server port="8005" shutdown="SHUTDOWN">
<!-- 隐藏服务器信息 -->
<Connector port="8080"
protocol="HTTP/1.1"
server="Apache"
connectionTimeout="20000"
redirectPort="8443"/>
<Engine name="Catalina" defaultHost="localhost">
<!-- 错误页面配置 -->
<Host name="localhost" appBase="webapps">
<Valve className="org.apache.catalina.valves.ErrorReportValve"
showReport="false"
showServerInfo="false"/>
</Host>
</Engine>
</Server>
6.3 限制管理访问
<!-- 在 webapps/manager/META-INF/context.xml 中配置IP限制 -->
<Context antiResourceLocking="false" privileged="true">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.0\.0\.1|192\.168\.1\..*" />
</Context>
7. 日志配置
7.1 日志级别配置
# conf/logging.properties
handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler
.handlers = 1catalina.org.apache.juli.AsyncFileHandler
# 根日志级别
.level = INFO
# Catalina日志
1catalina.org.apache.juli.AsyncFileHandler.level = INFO
1catalina.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina.
1catalina.org.apache.juli.AsyncFileHandler.maxDays = 90
1catalina.org.apache.juli.AsyncFileHandler.encoding = UTF-8
# Localhost日志
2localhost.org.apache.juli.AsyncFileHandler.level = INFO
2localhost.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
2localhost.org.apache.juli.AsyncFileHandler.prefix = localhost.
2localhost.org.apache.juli.AsyncFileHandler.maxDays = 90
2localhost.org.apache.juli.AsyncFileHandler.encoding = UTF-8
7.2 日志轮转脚本
#!/bin/bash
# tomcat-logrotate.sh
CATALINA_HOME="/opt/tomcat9"
LOG_DIR="$CATALINA_HOME/logs"
BACKUP_DIR="/var/backups/tomcat-logs"
DAYS_TO_KEEP=30
# 创建备份目录
mkdir -p $BACKUP_DIR
# 压缩并移动旧日志
find $LOG_DIR -name "*.log" -type f -mtime +1 -exec gzip {} \;
find $LOG_DIR -name "*.gz" -type f -mtime +7 -exec mv {} $BACKUP_DIR/ \;
# 清理过期备份
find $BACKUP_DIR -name "*.gz" -type f -mtime +$DAYS_TO_KEEP -delete
# 重新启动Tomcat以创建新日志文件
systemctl reload tomcat
echo "日志轮转完成: $(date)"
8. 备份和恢复
8.1 配置备份
#!/bin/bash
# tomcat-backup.sh
CATALINA_HOME="/opt/tomcat9"
BACKUP_DIR="/var/backups/tomcat"
DATE=$(date +%Y%m%d_%H%M%S)
# 创建备份目录
mkdir -p $BACKUP_DIR
# 备份配置文件
tar -czf "$BACKUP_DIR/tomcat-config-$DATE.tar.gz" \
-C $CATALINA_HOME \
conf/ \
bin/setenv.sh
# 备份应用
tar -czf "$BACKUP_DIR/tomcat-webapps-$DATE.tar.gz" \
-C $CATALINA_HOME \
webapps/
echo "备份完成: $BACKUP_DIR/tomcat-*-$DATE.tar.gz"
8.2 快速恢复脚本
#!/bin/bash
# tomcat-restore.sh
BACKUP_FILE=$1
CATALINA_HOME="/opt/tomcat9"
if [ -z "$BACKUP_FILE" ]; then
echo "用法: $0 <备份文件>"
exit 1
fi
# 停止Tomcat
systemctl stop tomcat
# 恢复配置
tar -xzf $BACKUP_FILE -C $CATALINA_HOME
# 设置权限
chown -R tomcat:tomcat $CATALINA_HOME
# 启动Tomcat
systemctl start tomcat
echo "恢复完成"
小结
通过本文学习,你应该掌握:
- Tomcat的安装和环境准备
- 基本配置文件的设置方法
- JVM参数优化技巧
- 系统服务的配置管理
- 基本的安全加固措施
- 日志配置和管理方法
- 备份和恢复策略
下一篇文章将详细介绍Tomcat的架构与组件。