概述
Apache Tomcat 7 / tomcat7 /Tomcat 8 / tomcat8
tomcat8 download
http://archive.apache.org/dist/tomcat/tomcat-8/v8.0.9/bin/apache-tomcat-8.0.9.tar.gz
apache tomcat7 apr 配置
http://apr.apache.org/download.cgi
http://archive.apache.org/dist/apr/
http://forum.ospod.com/post-3006-1.fhtml
http://forum.ospod.com/post-3010-1.fhtml
http://www.fayea.com/apache-mirror//apr/apr-1.4.6.tar.gz
http://www.fayea.com/apache-mirror//apr/apr-util-1.5.1.tar.gz
linux下tomcat的arp配置
http://neptune.iteye.com/blog/125101
apache tomcat7 https 8443 配置
TOMCAT HTTPS单向认证: tomcat7 开启https ,使用JDK 7的keytool 生成tomcat证书
tomcat7.0应用 及其 https 的设置http://flashdream8.iteye.com/blog/771005
tomcat下配置https环境
http://blog.csdn.net/supersky07/article/details/7407523
完美配置Tomcat的HTTPS
http://lixor.iteye.com/blog/1532655
https单向/双向认证的tomcat配置攻略
http://xiaohuafyle.iteye.com/blog/1538719
Linux 环境Apache Tomcat 中文路径乱码
http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#Common_Attributes
http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html#Common_Attributes
http://tomcat.apache.org/tomcat-8.0-doc/config/ajp.html#Common_Attributes
http://127.0.0.1:8080/testJSP/中文路径.txt
tomcat不支持中文的URL,即使我们对URL编译成 UTF-8也不行,
URIEncoding与useBodyEncodingForURI 在tomcat中文乱码处理上的区别
URIEncoding | This specifies the character encoding used to decode the URI bytes, after %xx decoding the URL. If not specified, UTF-8 will be used unless the |
useBodyEncodingForURI | This specifies if the encoding specified in contentType should be used for URI query parameters, instead of using the URIEncoding. This setting is present for compatibility with Tomcat 4.1.x, where the encoding specified in the contentType, or explicitly set using Request.setCharacterEncoding method was also used for the parameters from the URL. The default value is |
大家知道tomcat5.0开始,对网页的中文字符的post或者get,经常会出现乱码现象。
具体是因为Tomcat默认是按ISO-8859-1进行URL解码,ISO-8859-1并未包括中文字符,这样的话中文字符肯定就不能被正确解析了。
常见的解决方法是在tomcat的server.xml下的connetor属性中增加URIEncoding或者useBodyEncodingForURI属性。
但是,这两种方式有什么区别呢?我简单谈一下自己的理解:按照tomcat-docs/config/http.html文档的说明
URIEncoding:This specifies the character encoding used to decode the URI bytes, after %xx decoding the URL. If not specified, ISO-8859-1 will be used.
useBodyEncodingForURI:This specifies if the encoding specified in contentType should be used for URI query parameters, instead of using the URIEncoding.
也就是说,
useBodyEncodingForURI参数表示是否用request.setCharacterEncoding
参数对URL提交的数据和表单中GET方式提交的数据进行重新编码,在默认情况下,该参数为false。
URIEncoding参数指定对所有GET方式请求进行统一的重新编码(解码)的编码。
URIEncoding和useBodyEncodingForURI区别是,
URIEncoding是对所有GET方式的请求的数据进行统一的重新编码,
而useBodyEncodingForURI则是根据响应该请求的页面的request.setCharacterEncoding参数对数据进行的重新编码,不同的页面可以有不同的重新编码的编码
Linux 环境Apache Tomcat 中文内容乱码 / txt、html tomcat上乱码
http://127.0.0.1:8080/testJSP/中文路径和内容.txt
http://blog.csdn.net/xiaowei999/article/details/1783795
暂时解决方法:index.html文件用记事本打开然后另存为UTF-8格式后就不会乱码,指标不治本。
根本解决方法一,修改tomcat server的全局变量web.xml
[root@Loadrunner19 ~]# vim /test/soft/vmware/tomcat/conf/web.xml
<?xml version="1.0" encoding="ISO-8859-1"?> <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0"> <!-- ===================== Default MIME Type Mappings =================== --> <!-- When serving static resources, Tomcat will automatically generate --> <!-- a "Content-Type" header based on the resource's filename extension, --> <!-- based on these mappings. Additional mappings can be added here (to --> <!-- apply to all web applications), or in your own application's web.xml --> <!-- deployment descriptor. --> <mime-mapping> <extension>txt</extension> <mime-type>text/plain;charset=UTF-8</mime-type> </mime-mapping> <!-- 这里设置charset=UTF-8所有类型txt文本都将显示成UTF-8格式的txt --> </web-app>
根本解决方法二,修改tomcat webapps的局部变量web.xml ,如上修改法即可。
根本解决方法三,设置tomcat server 过滤器。
https 的设置
1.首先用jdk自带的工具keytool生成一个"服务器证书"
JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore C:key.keystore
提示输入密码,使用Tomcat的默认值changeit
输入相关信息后确认
2..修改tomcat目录下的server.xml文件,将 原来注释的 打开(去掉注释符号) 在加上
keystoreFile="${catalina.base}/key/key.keystore" 表示放到tomcat 下面的 key文件夹下
keystorePass="123456" 123456 表示在 第一步设置的时候设置的密码
URIEncoding="UTF-8" 设置的编码,原因是防止在通过url传递汉字中文参数的时候发生乱码
- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
- maxThreads="150" scheme="https" secure="true"
- URIEncoding="GBK"
- clientAuth="false"
- keystoreFile="${catalina.base}/key/key.keystore"
- keystorePass="123456"
- sslProtocol="TLS" />
或
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
- maxThreads="150" scheme="https" secure="true"
- URIEncoding="UTF-8"
- clientAuth="false"
- keystoreFile="${catalina.base}/key/key.keystore"
- keystorePass="123456"
- sslProtocol="TLS" />
3. 修改web.xml 文件 让 tomcat 自动转向 https
在 </welcome-file-list> 后面 插入以下代码
- <login-config>
- <!-- Authorization setting for SSL -->
- <auth-method>CLIENT-CERT</auth-method>
- <realm-name>Client Cert Users-only Area</realm-name>
- </login-config>
- <security-constraint>
- <!-- Authorization setting for SSL -->
- <web-resource-collection >
- <web-resource-name >SSL</web-resource-name>
- <url-pattern>/*</url-pattern>
- </web-resource-collection>
- <user-data-constraint>
- <transport-guarantee>CONFIDENTIAL</transport-guarantee>
- </user-data-constraint>
- </security-constraint>
4. 保存以上文件 重启tomcat
(大功告成)
C:Program FilesJavajdk1.7.0_11bin>keytool.exe -help
密钥和证书管理工具 命令: -certreq 生成证书请求 -changealias 更改条目的别名 -delete 删除条目 -exportcert 导出证书 -genkeypair 生成密钥对 -genseckey 生成密钥 -gencert 根据证书请求生成证书 -importcert 导入证书或证书链 -importkeystore 从其他密钥库导入一个或所有条目 -keypasswd 更改条目的密钥口令 -list 列出密钥库中的条目 -printcert 打印证书内容 -printcertreq 打印证书请求的内容 -printcrl 打印 CRL 文件的内容 -storepasswd 更改密钥库的存储口令 使用 "keytool -command_name -help" 获取 command_name 的用法
C:Program FilesJavajdk1.7.0_11bin>keytool.exe -genkey -help
keytool -genkeypair [OPTION]... 生成密钥对 选项: -alias <alias> 要处理的条目的别名 -keyalg <keyalg> 密钥算法名称 -keysize <keysize> 密钥位大小 -sigalg <sigalg> 签名算法名称 -destalias <destalias> 目标别名 -dname <dname> 唯一判别名 -startdate <startdate> 证书有效期开始日期/时间 -ext <value> X.509 扩展 -validity <valDays> 有效天数 -keypass <arg> 密钥口令 -keystore <keystore> 密钥库名称 -storepass <arg> 密钥库口令 -storetype <storetype> 密钥库类型 -providername <providername> 提供方名称 -providerclass <providerclass> 提供方类名 -providerarg <arg> 提供方参数 -providerpath <pathlist> 提供方类路径 -v 详细输出 -protected 通过受保护的机制的口令 使用 "keytool -help" 获取所有可用命令
linux jdk7 keytool
[lindows@Loadrunner19 ~]$ /opt/soft/jdk1.7.0_11/bin/keytool --help
Key and Certificate Management Tool Commands: -certreq Generates a certificate request -changealias Changes an entry's alias -delete Deletes an entry -exportcert Exports certificate -genkeypair Generates a key pair -genseckey Generates a secret key -gencert Generates certificate from a certificate request -importcert Imports a certificate or a certificate chain -importkeystore Imports one or all entries from another keystore -keypasswd Changes the key password of an entry -list Lists entries in a keystore -printcert Prints the content of a certificate -printcertreq Prints the content of a certificate request -printcrl Prints the content of a CRL file -storepasswd Changes the store password of a keystore Use "keytool -command_name -help" for usage of command_name
[root@Loadrunner19 bin]# /usr/bin/keytool -?
问题:tomcat 7 起停/启停异常、问题 停止tomcat7失败
解决:Linux root 用户无法停止tomcat7,需由tomcat7进程的所属用户停止即可
[root@Loadrunner19 ~]# /opt/soft/apache-tomcat-7.0.34/bin/catalina.sh stop
Using CATALINA_BASE: /opt/soft/apache-tomcat-7.0.34
Using CATALINA_HOME: /opt/soft/apache-tomcat-7.0.34
Using CATALINA_TMPDIR: /opt/soft/apache-tomcat-7.0.34/temp
Using JRE_HOME: /usr
Using CLASSPATH: /opt/soft/apache-tomcat-7.0.34/bin/bootstrap.jar:/opt/soft/apache-tomcat-7.0.34/bin/tomcat-juli.jar
WARNING: error instantiating 'org.apache.juli.ClassLoaderLogManager' referenced by java.util.logging.manager, class not found
java.lang.ClassNotFoundException: org.apache.juli.ClassLoaderLogManager not found
<<No stacktrace available>>
Exception in thread "main" java.lang.ClassFormatError: org.apache.catalina.startup.Bootstrap (unrecognized class file version)
at java.lang.VMClassLoader.defineClass(libgcj.so.7rh)
at java.lang.ClassLoader.defineClass(libgcj.so.7rh)
at java.security.SecureClassLoader.defineClass(libgcj.so.7rh)
at java.net.URLClassLoader.findClass(libgcj.so.7rh)
at java.lang.ClassLoader.loadClass(libgcj.so.7rh)
at java.lang.ClassLoader.loadClass(libgcj.so.7rh)
at gnu.java.lang.MainThread.run(libgcj.so.7rh)
[root@Loadrunner19 ~]#
[root@Loadrunner19 ~]# ps -ef | grep tomcat
lindows 9929 1 0 Jan21 pts/0 00:15:27 /opt/soft/jdk1.7.0_11/jre/bin/java -Djava.util.logging.config.file=/opt/soft/apache-tomcat-7.0.34/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=192.168.157.79 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Djava.endorsed.dirs=/opt/soft/apache-tomcat-7.0.34/endorsed -classpath /opt/soft/apache-tomcat-7.0.34/bin/bootstrap.jar:/opt/soft/apache-tomcat-7.0.34/bin/tomcat-juli.jar -Dcatalina.base=/opt/soft/apache-tomcat-7.0.34 -Dcatalina.home=/opt/soft/apache-tomcat-7.0.34 -Djava.io.tmpdir=/opt/soft/apache-tomcat-7.0.34/temp org.apache.catalina.startup.Bootstrap start
root 20457 2561 0 16:36 pts/4 00:00:00 grep tomcat
[root@Loadrunner19 ~]# su - lindows
[lindows@Loadrunner19 ~]$ /opt/soft/apache-tomcat-7.0.34/bin/catalina.sh stop
Using CATALINA_BASE: /opt/soft/apache-tomcat-7.0.34
Using CATALINA_HOME: /opt/soft/apache-tomcat-7.0.34
Using CATALINA_TMPDIR: /opt/soft/apache-tomcat-7.0.34/temp
Using JRE_HOME: /opt/soft/jdk1.7.0_11/jre
Using CLASSPATH: /opt/soft/apache-tomcat-7.0.34/bin/bootstrap.jar:/opt/soft/apache-tomcat-7.0.34/bin/tomcat-juli.jar
Win7下配置jdk7和Tomcat7的方法
http://wenku.baidu.com/view/ebe082a2d1f34693daef3e13.html
问题:
jdk-7u11-windows-x64.exe
apache-tomcat-7.0.22-windows-x64.zip
D:softapache-tomcat-7.0.22bin>catalina.bat
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined
At least one of these environment variable is needed to run this program
解决:
默认路径安装好JDK7,默认zip包释放好apache-tomcat7,
没有设置好.;%JAVA_HOME%bin;%CATALINA_HOME%bin;到%PATH%变量里。
D:softapache-tomcat-7.0.22bin>set | findstr _HOME
CATALINA_HOME=D:softapache-tomcat-7.0.22
JAVA_HOME=C:Program FilesJavajdk1.7.0_11
Path=.;%CATALINA_HOME%bin;%JAVA_HOME%bin;D:softUnxUtilsusrlocalwbin;C:Windowssystem32;C:Windows;C:WindowsSystem32Wbem;C:WindowsSystem32WindowsPowerShellv1.0
D:softapache-tomcat-7.0.22bin>echo %JAVA_HOME%
C:Program FilesJavajdk1.7.0_11
D:softapache-tomcat-7.0.22bin>echo %CATALINA_HOME%
D:softapache-tomcat-7.0.22
D:softapache-tomcat-7.0.22bin>echo %path%
.;%CATALINA_HOME%bin;%JAVA_HOME%bin;D:softUnxUtilsusrlocalwbin;C:Windowssystem32;C:Windows;C:WindowsSystem32Wbem;C:WindowsSystem32WindowsPowerShellv1.0
问题一:
D:softapache-tomcat-7.0.22bin>startup.bat
The CATALINA_HOME environment variable is not defined correctly
This environment variable is needed to run this program
解决:
没有设置好CATALINA_HOME或JAVA_HOME变量,都需要重新检查一遍,见问题二相关运行变量设置。
问题二:
D:softapache-tomcat-7.0.22bin>startup.bat
The JRE_HOME environment variable is not defined correctly
This environment variable is needed to run this program
原因:
没有设置好CLASSPATH变量,tomcat启动需要C:Program FilesJavajdk1.7.0_10libdt.jar和tools.jar
C:Program FilesJavajdk1.7.0_10lib>ls -la total 35579 drwxrwxrwx 1 user group 0 Jan 14 14:12 . drwxrwxrwx 1 user group 0 Jan 14 14:12 .. -rw-rw-rw- 1 user group 446136 Jan 14 14:12 ant-javafx.jar -rw-rw-rw- 1 user group 15815435 Jan 14 14:12 ct.sym -rw-rw-rw- 1 user group 145610 Jan 14 14:12 dt.jar -rw-rw-rw- 1 user group 18432 Jan 14 14:12 ir.idl -rw-rw-rw- 1 user group 1098005 Jan 14 14:12 javafx-doclet.jar -rw-rw-rw- 1 user group 68323 Jan 14 14:12 javafx-mx.jar -rw-rw-rw- 1 user group 1682 Jan 14 14:12 jawt.lib -rw-rw-rw- 1 user group 412829 Jan 14 14:12 jconsole.jar -rw-rw-rw- 1 user group 589318 Jan 14 14:12 jvm.lib -rw-rw-rw- 1 user group 640 Jan 14 14:12 orb.idl -rw-rw-rw- 1 user group 2604939 Jan 14 14:12 sa-jdi.jar -rw-rw-rw- 1 user group 15226565 Jan 14 14:12 tools.jar drwxrwxrwx 1 user group 0 Jan 14 14:12 visualvm
解决:
windows 2003 x86 SP2默认环境变量
Microsoft Windows [版本 5.2.3790]
(C) 版权所有 1985-2003 Microsoft Corp.
C:Documents and SettingsAdministrator>set
ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingsAdministratorApplication Data
ClusterLog=C:WINDOWSClustercluster.log
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=A-5A213F4A273A4
ComSpec=C:WINDOWSsystem32cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=Documents and SettingsAdministrator
LOGONSERVER=\A-5A213F4A273A4
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=170a
ProgramFiles=C:Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1ADMINI~1LOCALS~1Temp
TMP=C:DOCUME~1ADMINI~1LOCALS~1Temp
USERDOMAIN=A-5A213F4A273A4
USERNAME=Administrator
USERPROFILE=C:Documents and SettingsAdministrator
windir=C:WINDOWS
C:Documents and SettingsAdministrator>set | find "HOME"
HOMEDRIVE=C:
HOMEPATH=Documents and SettingsAdministrator
C:Documents and SettingsAdministrator>set | find "PATH"
HOMEPATH=Documents and SettingsAdministrator
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
Windows增加如下变量后DOS里查看如下
D:softapache-tomcat-7.0.22bin>set CATALINA_HOME=D:softapache-tomcat-7.0.22 JAVA_HOME=C:Program FilesJavajdk1.7.0_10 CLASSPATH=%JAVA_HOME%jredt.jar;%JAVA_HOME%jretools.jar; Path=.;%JAVA_HOME%bin;%CATALINA_HOME%bin;C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;
Windows 运行tomcat7,ok
D:softapache-tomcat-7.0.22bin>startup.bat
Using CATALINA_BASE: "D:softapache-tomcat-7.0.22" Using CATALINA_HOME: "D:softapache-tomcat-7.0.22" Using CATALINA_TMPDIR: "D:softapache-tomcat-7.0.22temp" Using JRE_HOME: "C:Program FilesJavajdk1.7.0_10" Using CLASSPATH: "D:softapache-tomcat-7.0.22binbootstrap.jar;D:softapache-tomcat-7.0.22bintomcat-juli.jar"
Tomcat 7 配置远程JMX支持穿透防火墙 /
http://minsj.iteye.com/blog/1748681
http://docs.oracle.com/javase/6/docs/technotes/guides/management/agent.html
Tomcat 7 配置JVM垃圾回收日志 verbosegc.log
tomcat 7.0.63 配置verbosegc。log ,修改catalina.sh 或catalina.bat 文件添加如上内容
#添加如下内容后,启动tomcat即可 set "JAVA_OPTS=-server -Xms512m -Xmx1024m -XX:PermSize=64m -XX:MaxPermSize=128m -XX:+PrintGCDetails -XX:+PrintGCDateStamps -Xloggc:F:/apache-tomcat-7.0.63/logs/verbosegc.log"
Windows 2003x64,Tomcat7x64,JDK7x64开启jmx 方法一
新建: D:softapache-tomcat-7.0.22binsetenv.bat
rem BAT的注释符号,调用SUN的JAVA类设置JMX
rem 参见D:softapache-tomcat-7.0.22bincatalina.bat中CATALINA_OPTS和setenv.bat的说明
set CATALINA_OPTS=%CATALINA_OPTS% -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9999 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false
<!-- jmx added by com.iteye.lindows start --> <Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002" /> <!-- jmx added by com.iteye.lindows end -->新建文件:
rem 加载catalina-jmx-remote.jar并配置server.xml的jmx rmi port rem http://tomcat.apache.org/tomcat-7.0-doc/config/listeners.html#JMX_Remote_Lifecycle_Listener_-_org.apache.catalina.mbeans.JmxRemoteLifecycleListener set CATALINA_OPTS=%CATALINA_OPTS% -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false
#!/bin/sh # 注意这里需要加上 -Djava.rmi.server.hostname=192.168.157.79 参数 # http://wenku.baidu.com/view/1d686730eefdc8d376ee3257.html # 在虚拟机启动linux,tomcat配置jmx参数,无-Djava.rmi.server.hostname参数,连接jmx成功。 # 怀疑多网卡,在虚拟机上多加一个网卡,启动tomcat,无配置-Djava.rmi.server.hostname参数,连接jmx失败; # 重新调整配置,再加上-Djava.rmi.server.hostname参数,启动tomcat,连接jmx成功。 # CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=192.168.157.79 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"
C:Program FilesJavajdk1.7.0_10bin>jconsole.exe 192.168.157.87:10001
http://dl.iteye.com/topics/download/980dcfd7-2d72-30df-ba72-d2ecc7854955
Tomcat 7 for Linux JVM内存设置 / RHEL5.5x64_Tomcat7_JDK7x64 内存设置
添加文件setenv.sh放入tomcat7,文件内容如下:
[root@localhost bin]# more /opt/apache-tomcat-7.0.26/bin/setenv.sh
#!/bin/sh JAVA_OPTS='-Xms768m -Xmx1024m'
[root@localhost bin]# ll /opt/apache-tomcat-7.0.26/bin/setenv.sh
-rw-r--r-- 1 root root 41 03-21 15:49 /opt/apache-tomcat-7.0.26/bin/setenv.sh
[root@localhost bin]# ps -ef | grep java (启动后查看验证,ok)
root 6867 1 1 14:45 ? 00:00:45 /opt/jdk1.6.0_43/jre/bin/java -Djava.util.logging.config.file=/opt/apache-tomcat-7.0.26/conf/logging.properties -Xms768m -Xmx1024m -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/opt/apache-tomcat-7.0.26/endorsed -classpath /opt/apache-tomcat-7.0.26/bin/bootstrap.jar:/opt/apache-tomcat-7.0.26/bin/tomcat-juli.jar -Dcatalina.base=/opt/apache-tomcat-7.0.26 -Dcatalina.home=/opt/apache-tomcat-7.0.26 -Djava.io.tmpdir=/opt/apache-tomcat-7.0.26/temp org.apache.catalina.startup.Bootstrap start
root 6880 1 0 14:45 ? 00:00:00 /bin/bash /opt/jdk1.6.0_43/bin/../lib/visualvm//platform/lib/nbexec --jdkhome /opt/jdk1.6.0_43/bin/.. --branding visualvm --clusters /opt/jdk1.6.0_43/bin/../lib/visualvm//visualvm:/opt/jdk1.6.0_43/bin/../lib/visualvm//profiler: --userdir /root/.visualvm/7 -J-client -J-Xms24m -J-Xmx256m -J-Dsun.jvmstat.perdata.syncWaitMs=10000 -J-Dsun.java2d.noddraw=true -J-Dsun.java2d.d3d=false
linux下tomcat设置最大连接数,设置最大内存,使用Jconsole监控
H:devdev_servertomcatlinux下tomcat设置.docx
2013/03/21 15:39 17,277 linux下tomcat设置 (2).docx
2013/03/21 15:14 31,477 linux下tomcat设置.docx
2013/01/30 09:42 14,478 linux下tomcat设置.docx.rar
2013/03/21 15:17 32,919 linux下的tomcat jvm内存.docx
2013/03/21 15:45 31,183 linux中tomcat内存溢出解决办法.docx
AdministrationTomcat's administration web application is no longer installed by default. Download and install the "admin" package to use it.
添加 Tomcat Administration Username :
D:Program FilesApache Software Foundationapache-tomcat-5.5.28 conftomcat-users.xml
<?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="tomcat"/> <role rolename="role1"/> <user username="tomcat" password="tomcat" roles="tomcat"/> <user username="both" password="tomcat" roles="tomcat,role1"/> <user username="role1" password="tomcat" roles="role1"/> <!--add admin console here --> <role rolename="manager"/> <role rolename="admin"/> <user username="admin" password="" roles="admin,manager"/> <!--add admin console here --> </tomcat-users>
添加 Tomcat Administration Application Configuration
D:Program FilesApache Software Foundationapache-tomcat-5.5.28confCatalinalocalhostadmin.xml
<?xml version="1.0" encoding="UTF-8"?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <!-- Context configuration file for the Tomcat Administration Web App $Id: admin.xml 565211 2007-08-13 00:09:38Z markt $ --> <Context docBase="${catalina.home}/server/webapps/admin" privileged="true" antiResourceLocking="false" antiJARLocking="false"> <!-- Uncomment this Valve to limit access to the Admin app to localhost for obvious security reasons. Allow may be a comma-separated list of hosts (or even regular expressions). <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1"/> --> </Context>
添加 Tomcat Administration Application
http://labs.xiaonei.com/apache-mirror/tomcat/tomcat-5/v5.5.28/bin/apache-tomcat-5.5.28-admin.zip
D:Program FilesApache Software Foundationapache-tomcat-5.5.28serverwebappsadmin
Tomcat6 配置 Tomcat Manager
http://localhost:8080/manager
401 Unauthorized
You are not authorized to view this page. If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file will contain the credentials to let you use this webapp.
You will need to add manager role to the config file listed above. For example:
<role rolename="manager"/> <user username="tomcat" password="s3cret" roles="manager"/>
For more information - please see the Manager App HOW-TO .
修改文件:D:Program Filesapache-tomcat-6.0.20conftomcat-users.xml
<?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="manager"/> <role rolename="admin"/> <user username="admin" password="" roles="admin,manager"/> </tomcat-users>
Tomcat 7 添加配置web管理控制台 ,注意下载版本32/64, 这个也适用于apache-tomcat-6.0.32。
http://hi.baidu.com/everything%5Fis%5Ftruth/blog/item/cc115910616ecad5a6ef3f07.html
修改文件 D:softapache-tomcat-7.0.22conf tomcat-users.xml
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user username="tomcat" password="s3cret" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-script,admin-gui"/>
Tomcat5 外引项目配置
文件:
D:tomcat5confCatalinalocalhostworkorder .xml
内容:
< Context path = "/workorder " docBase = "D:workspaceorderWebRoot" reloadable = "true"/ >
路径:http://localhost:8585/workorder
Tomcat 5 查看并发访问量
http://localhost:8585/manager/status/
http://localhost:8585/manager/status/all
http://192.168.157.87:8080/manager/status?XML=true
http8585
Max threads: 150 Min spare threads: 0 Max spare threads: 0 Current thread count: 3 Current thread busy: 1 Keeped alive sockets count: 0
Max processing time: 265 ms Processing time: 0.451 s Request count: 4 Error count: 0 Bytes received: 0.00 MB Bytes sent: 0.06 MB
Tomcat 启动分析、启动脚本、类载入器
启动分析 :http://docs.huihoo.com/apache/tomcat/heavyz/01-startup.html
启动脚本:http://docs.huihoo.com/apache/tomcat/heavyz/02-catalina.sh .html
类载入器:http://docs.huihoo.com/apache/tomcat/heavyz/03-classloader.html
Tomcat 6 安装成Windows服务
http://guyongpeng.iteye.com/blog/176914
安装tomcat服务
D:Program Filesapache-tomcat-6.0.20bin>service.bat install
Installing the service 'Tomcat6' ...
Using CATALINA_HOME: D:Program Filesapache-tomcat-6.0.20
Using CATALINA_BASE: D:Program Filesapache-tomcat-6.0.20
Using JAVA_HOME: D:Program Filesjdk1.6.0_16
Using JVM: D:Program Filesjdk1.6.0_16jrebinserverjvm.dll
The service 'Tomcat6' has been installed.
D:Program Filesapache-tomcat-6.0.20bin>net start Tomcat6
Apache Tomcat 6 服务正在启动 ..
Apache Tomcat 6 服务已经启动成功。
或
D:Program Filesapache-tomcat-6.0.20bin>service.bat install lindows
Installing the service 'lindows' ...
Using CATALINA_HOME: D:Program Filesapache-tomcat-6.0.20
Using CATALINA_BASE: D:Program Filesapache-tomcat-6.0.20
Using JAVA_HOME: D:Program Filesjdk1.6.0_16
Using JVM: D:Program Filesjdk1.6.0_16jrebinserverjvm.dll
The service 'lindows' has been installed.
D:Program Filesapache-tomcat-6.0.20bin>net start lindows
Apache Tomcat lindows 服务正在启动 .
Apache Tomcat lindows 服务已经启动成功。
卸载tomcat服务
D:Program Filesapache-tomcat-6.0.20bin>service.bat remove
或
D:Program Filesapache-tomcat-6.0.20bin>service.bat remove tomcat6
一般性的,若需要将通用的java应用添加为windows服务,可以使用wrapper工具
Tomcat Cluster 服务器集群
http://blog.chinaunix.net/u1/34716/showart_276614.html
http://server.chinabyte.com/392/2632892.shtml
http://albertsong.iteye.com/blog/271235
apache跟tomcat做集群session不同步问题
http://www.iteye.com/topic/21449
@robbin
1、tomcat实例要在response的时候标示自己,通过server.xml里面的jvmRoute参数
2、apache要从request里面拿出来route信息,从哪个HEAD里面拿?通过stickysession参数来指定
3、apache怎么转发?通过route参数来指定。
最后想提醒一点:apache2.2的load balance的session sticky性能并不好,因为他这是在七层协议级别进行请求的分发。我测试的结果表明,并不很稳定。 对于tomcat群集来说,最好就是SNA(Share Nothing Architecture),
应用程序压根就不用session,这样才能无限扩展。
@codeutil
mod_jk这个早就该淘汰了, 用modajp
结合Apache和Tomcat实现集群和负载均衡
http://hqjiang.iteye.com/blog/261107
本文基本参考自 轻松实现Apache,Tomcat集群和负载均衡 ,经由实操经历记录而成,碰到些出入,以及个别地方依据个人的习惯,所以在一定程度上未能保持原文的完整性,还望原著者海涵。
因原文中有较多的贴图,如若各位读者一时不想亲自动手而直想看到配置效果,可查看原文。
一:软件环境
1. Apache: apache 2.0.55 (由http://httpd.apache.org/ 进入下载)(点击下载apache 2.0.55 )
2. Tomcat: Tomcat 5.5.25 (由http://tomcat.apache.org/ 进入下载)(点击下载Tomcat 5.5.25 zip版 )
3. mod_jk: 在页面 http://tomcat.apache.org/ Download 标题下找到 Tomcat Connectors 链接进入( 点击下载mod_jk-apache-2.0.55.so ),看起来像是个Unix/Linux下的动态库,实际应是个Win32 的 DLL 动态库,大概是为保持不同平台配置的一致性,才用了这个扩展名。
二:负载均衡
三:配置集群
nginx+tomcat集群负载均衡(实现session复制)
http://blog.chinaunix.net/u2/83793/showart_1354266.html
参考链接:
Linux操作系统下配置Tomcat多个实例解析
http://linux.chinaitlab.com/administer/747294.html
运行多个tomcat实例两法
http://blog.csdn.net/hansoft/archive/2006/04/01/647060.aspx
apache下多个tomcat实例的实现
http://blog.chinaunix.net/u/2914/showart_1162420.html
Apache+tomcat虚拟主机多实例的配置
http://hi.baidu.com/xerik/blog/item/ab69b1513a44ea8e8d54304b.html
Tomcat 6 数据源与连接池配置
JNDI数据源的使用
http://weixuezheng1986-163-com.iteye.com/blog/561305
http://www.blogjava.net/ec2008/archive/2008/07/19/216063.html
project:test
Driver path:
D:workspacetestWebRootWEB-INFlibojdbc14.10g.jar
Datasource config
D:tomcat6.0confserver.xml
<GlobalNamingResources>
<!-- 其中将数据源参数配置在tomcat全局连接池中-->
<Resource
name="jdbc/oracle "
type="javax.sql.DataSource"
maxActive="4"
maxIdle="2"
username="scott"
maxWait="5000"
driverClassName="oracle.jdbc.driver.OracleDriver"
validationQuery="select 1 from dual"
password="tiger"
url="jdbc:oracle:thin:@localhost:1521:orcl"/>
</GlobalNamingResources>
JNDI config
D:workspacetestWebRootWEB-INFweb.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee "
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance " xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd ">
<!-- 其中加入应用JNDI配置 -->
<resource-ref>
<description>DB Connection </description>
<!-- JNDI 命名-->
<res-ref-name>jdbc/oracle </res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Application </res-auth>
</resource-ref>
或
<resource-ref>
<description>DB Connection </description>
<res-ref-name>jdbc/oracle </res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container </res-auth>
</resource-ref>
</web-app>
Tomcat 6 数据源与连接池配置 方法二
project:test
Driver path:
D:workspacetestWebRootWEB-INFlibojdbc14.10g.jar
Datasource config
D:tomcat6.0confCatalinalocalhosttest.xml
或
D:tomcat6.0conf context.xml
<?xml version="1.0" encoding="UTF-8"?>
<Context path="/test " docBase="D:workspacetestWebRoot " reloadable="true">
<!-- 其中将数据源参数配置在tomcat局部连接池中-->
<Resource name="jdbc/oracle"
type="javax.sql.DataSource"
username="scott"
password="tiger"
driverClassName="oracle.jdbc.OracleDriver"
validationQuery="select 1 from dual"
maxIdle="2"
maxWait="5000"
url="jdbc:oracle:thin:@localhost:1521:orcl"
maxActive="4"/>
</Context>
page test ok
D:workspacetestWebRootindex.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme() + "://"
+ request.getServerName() + ":" + request.getServerPort()
+ path + "/";
%>
<%@ page import="java.sql.*"%>
<%@ page import="javax.naming.*"%>
<%@ page import="javax.sql.*"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>tomcat datasource test</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<%
Context initContext = new InitialContext();
//java:/comp/env 或 java:/comp/env/ 固定写法
Context envContext = (Context) initContext
.lookup("java:/comp/env/");
DataSource ds = (DataSource) envContext.lookup("jdbc/oracle");
//方法二
//DataSource ds = (DataSource) initContext.lookup("java:/comp/env/jdbc/oracle");
Connection conn = ds.getConnection();
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery("select * from dept");
out.println("结果集是否为空:" + (rs == null) + "<p>");
while (rs.next()) {
String deptno = rs.getString(1);
String dname = rs.getString(2);
String loc = rs.getString(3);
out.println("t部门编号:" + deptno + "t部门名称:" + dname + " 地点:"
+ "t" + loc + "<p>");
}
out.println("finally");
try {
if (rs != null) {
rs.close();
}
if (stmt != null) {
stmt.close();
}
if (conn != null) {
conn.close();
}
} catch (SQLException e2) {
e2.printStackTrace();
}
%>
</body>
</html>
tomcat 虚拟主机配置
http://absolute007.iteye.com/blog/175902
第一步、
在tomcat/conf/server.xml中添加
<Host name="jsp " debug="0" appBase="E:My Documentsmyeclipse_workspace">
<Context path="" docBase="." debug="0"/>
</Host>
第二步、
对于windows XP:
WINDOWSsystem32driversetc
中找到hosts这个文件,此文件没有扩展名,可以手工创建。后面添加
127.0.0.1 localhost
127.0.0.1 jsp
第三步:
浏览器中输入
http://jsp:8008/jspsqltest/WebRoot/test.jsp
一切完成
tomcat5 优化配置
http://liliugen.iteye.com/blog/265422
http://liliugen.iteye.com/blog/265506
http://japi.iteye.com/blog/261586
http://lichen0921.iteye.com/blog/451092
tomcat java.lang.OutOfMemoryError: PermGen space
Exception in thread "http-9085-17" java.lang.OutOfMemoryError: PermGen space
http://my.oschina.net/txijin/blog/32264
tomcat5 log 日志分割问题 / cronolog-1.6.2.tar.gz
用cronolog分割tomcat的catalina.out文件
http://robbin.iteye.com/blog/97287
http://lvinie.iteye.com/blog/1214037
http://lindows.iteye.com/blogs/235263
tomcat 最大连接数配置
http://maqianli.iteye.com/blog/298619
在server.xml中有配置的。
<Connector port="8080"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
acceptCount="100"
/>
maxThreads="150" 表示最多同时处理150个连接
minSpareThreads="25" 表示即使没有人使用也开这么多空线程等待
maxSpareThreads="75" 表示如果最多可以空75个线程,例如某时刻有80人访问,之后没有人访问了,则tomcat不会保留80个空线程,而是关闭5个空的。
acceptCount="100" 当同时连接的人数达到maxThreads时,还可以接收排队的连接,超过这个连接的则直接返回拒绝连
接。
Tomcat集群的三种负载均衡方式优缺点对照。
本地查看远程端口8080是否开放
C:Documents and SettingsLindows>telnet 192.168.118.168 8000
tomcat 8080 端口冲突解决 方法一 (基于Windows系统)
http://inshect.iteye.com/blog/343057
dos 输入 ,并查看冲突端口号对应的PID(系统进程号)
C:Documents and SettingsLindows>netstat -help
C:Documents and SettingsLindows>netstat -b
C:Documents and SettingsLindows>netstat -ano > c:netstat.txt
看看占用0.0.0:80端口的PID是多少
在“任务管理器”中查找对应PID的程序。
如果任务管理器的进程页中看不到PID栏,
则在任务管理器的菜单〖查看〗〖选择列〗中选择一下。删掉PID对应的程序即可。
tomcat 8080 端口冲突解决 方法二 (基于Windows系统重启)
windows 命令行下 简单好用的查看端口占用情况的方法
http://freeman983.iteye.com/blog/349971
在windows命令行窗口下执行:
C:>netstat -ano | findstr "8080"
或
C:>netstat -ano | findstr 8080
TCP 127.0.0.1:4444 0.0.0.0:0 LISTENING 2434
由上面得知,端口被进程号为2434的进程占用,继续执行下面命令:
C:>tasklist | findstr "2434"
或
C:>tasklist | findstr 2434
javaw.exe 2434 Console 0 16,064 K
c:>taskkill /f /im javaw.exe
tomcat 8080 端口冲突解决 方法三 (基于Linux系统重启)
http://www.blogjava.net/baizhihui19870626/articles/375249.html
# 扫瞄/查找本机正在开放的端口号及其服务名称
[root@Loadrunner_19 vsftpd]# nmap localhost
或
[root@Loadrunner_19 vsftpd]# nmap -p 0-65535 localhost
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-09-28 15:32 CSTmass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns_servers
Interesting ports on Loadrunner_19 (127.0.0.1):
Not shown: 1673 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
631/tcp open ipp
666/tcp open doom
6000/tcp open X11
# 扫瞄/查找指定机器段(Windows或Linux)正在开放的端口号及其服务名称
[root@Loadrunner_19 vsftpd]# nmap -PT 192.168.157.87-100
# 扫瞄/查找指定机器(Windows或Linux)正在开放的端口号及其服务名称
[root@Loadrunner_19 vsftpd]# nmap -PT 192.168.157.87
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-09-28 15:47 CST
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns_servers
Interesting ports on 192.168.157.87:
Not shown: 1668 closed ports
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
3389/tcp open ms-term-serv
5001/tcp open commplex-link
5002/tcp open rfe
5003/tcp open filemaker
6000/tcp open X11
MAC Address: 00:50:56:9D:1C:D4 (VMWare)
Nmap finished: 1 IP address (1 host up) scanned in 1.527 seconds
# 查出 tomcat8080端口原来与自定义vsftp 8080端口冲突
[root@Loadrunner_19 vsftpd]# netstat -apln | grep 8080
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 6630/vsftpd
# 利用lsof 查看正在运行的服务及进程号
[root@Loadrunner_19 vsftpd]# lsof -i :8080
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
vsftpd 6867 root 3u IPv4 1338173 TCP *:ftp (LISTEN)
# 调出vsftp进程号并杀掉即可
[root@Loadrunner_19 vsftpd]# kill -9 6630
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 6630/vsftpd
Apache HTTP Server 与 Tomcat 的三种连接方式介绍
刘 冬 (javayou@gmail.com ), 开发工程师, 2007 年 1 月 15 日
http://www.ibm.com/developerworks/cn/opensource/os-lo-apache-tomcat/index.html
Apache Tomcat应用绑定域名以及Apache端口转发
http://cyzgbw.iteye.com/blog/1828770
1. 下载安装版本的Tomcat(或者压缩版的,只不过要自己配开机自启服务);
2. http服务默认端口是80端口,如果只有一个软件服务器请直接修改为80端口;
3. 如果有其他软件服务器(如IIS)占用了80端口请修改http端口为其他的,如果有其他Tomcat已经安装了请修改JVM端口
a) 修改80端口:打开conf/server.xml文件,找到下面的代码将port改为自己需要的端口数
- <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />
b) 修改JVM端口:
i. 这里的port改为其他数字
- <Server port="8005" shutdown="SHUTDOWN">
ii. 这里的port改为其他数字
- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
4. 将自己的应用程序放在非webapps目录下,如果是war包请解压成文件夹;
5. 打开conf/server.xml文件,在原来的Host标签对下添加一段代码
- <Host name="www.xx.cn" appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
- <Context docBase="E:Program Fileswebxxx" path="" reloadable="true" />
- </Host>
Name中输入对应的域名,docBase中输入应用的文件夹位置;其他配置可以参考Tomcat手册进行配置。
6. 启动tomcat,在浏览器中输入www.xx.cn看看能不能有显示,当然你要用自己配置的地址了
7. 如果没有占用到80端口,那么就需要使用Apache服务器来转发了。
Apache端口转发
1. 下载新版的Apache服务器;
2. 打开conf/httpd.conf文件;
3. 找到Listen,将后面的端口改成自己需要的,如80,也可以另写一行来监听多个端口;
4. 将Include conf/extra/httpd-vhosts.conf前面的#去掉以使httpd-vhosts.conf文件生效;
5. 打开conf/extra/httpd-vhost.conf文件,在下面加入以下代码
- <VirtualHost *:80>(*表示监听所有IP,后面的80表示监听从哪个端口发来的数据)
- ServerAdmin XXX@xxx.cn (这里是管理员的邮件地址)
- ServerName www.xx.cn (这里就是你的域名地址)
- ProxyPass / http://www.xx.cn:8100/ (这里就是你要转发到的地址,就是Tomcat中的地址)
- ProxyPassReverse / http://www.xx.cn:8100/ (这里重复一下)
- ErrorLog "logs/www.superocean.cn/error.log" (日志位置)
- CustomLog "logs/www.superocean.cn/access.log" common (重复一下)
- </VirtualHost>
6.然后启动Apache,在浏览器中输入www.xx.cn,不用加端口号也可以直接访问非80端口Tomcat的应用了。
Tomcat SSL OpenSSL 443
终于搞定了Windows下Tomcat Web服务器的SSL配置
http://albertsong.iteye.com/blog/198344
http://www.myssl.cn/guide/install_openssl.asp
Tomcat6配置使用SSL双向认证
http://www.openssl.cn/
http://www.openssl.org/
http://baike.baidu.com/view/300712.htm
http://tech.techweb.com.cn/thread-226423-1-2.html
使用OpenSSL API进行安全编程
http://www.ibm.com/developerworks/cn/linux/l-openssl.html
openssl生成pem建立CA
http://ideage.iteye.com/blog/356915
文章一:http://blog.chinaunix.net/u/11234/showart_290705.html
文章二:http://blog.chinaunix.net/u/11234/showart_291316.html
openssl简明使用手册
http://firefly.iteye.com/blog/177544
简要介绍了使用openssl来生成CA证书、申请证书、颁发证书以及撤销证书的过程
1. 首先建立CA密钥:
openssl genrsa -des3 -out ca.key 1024 (创建密钥)
chmod 400 ca.key (修改权限为仅root能访问)
openssl rsa -noout -text -in ca.key (查看创建的证书)
2. 利用CA密钥自签署CA证书:
openssl req -config openssl.cnf -new -x509 -days 3650 -key ca.key -out ca.crt
chmod 400 ca.crt (修改权限为仅root能访问)
openssl x509 -noout -text -in ca.crt (查看创建的证书)
3. 创建服务器证书签署申请:
openssl genrsa -des3 -out client.key 1024
chmod 400 client.key (修改权限为仅root能访问)
openssl rsa -noout -text -in client.key (查看创建的证书)
4. 利用证书签署申请生成请求:
openssl req -config openssl_client.cnf -new -key client.key -out client.csr
openssl req -noout -text -in client.csr (查看创建的请求)
5.进行证书签署:
这时候需要先设置一下openssl的配置文件。
modify openssl.cnf并根据这个配置文件创建相应的目录和文件。
在创建了serial文件之后,还需要添加当前的八进制的serial number,如:01
然后执行:
openssl ca -config openssl_client.cnf -keyfile ca.key -cert ca.crt -in client.csr -out client.pem -days 1095
这个certificate是BASE64形式的,要转成PKCS12才能装到IE,/NETSCAPE上.所以还要:
openssl pkcs12 -export -in client.pem -inkey client.key -out clinet.pfx
6.证书撤销:
openssl ca -keyfile ca.key -cert ca.crt -revoke client.pem
这时数据库被更新证书被标记上撤销的标志,需要生成新的证书撤销列表:
openssl ca -gencrl -keyfile ca.key -cert ca.crt -out crl/test.crl
查看证书撤销列表:
openssl crl -noout -text -in crl/test.crl
证书撤销列表文件要在WEB站点上可以使用,必须将crldays或crlhours和crlexts加到证书中:
openssl ca -gencrl -config /etc/openssl.cnf -crldays 7 -crlexts crl_ext -out crl/sopac-ca.crl
当虚拟目录不是在80端口且打开ssl时出错 ssl_error_rx_record_too_long
【错误】如果网站URL是:http://ip:port/ 时,如果再在网站上启用ssl,在浏览器上访问:https://ip:port/ 将会收到如下错误:SSL 接收到一个超出最大准许长度的记录。错误码: ssl_error_rx_record_too_long
【原因】:
ssl协议默认是在web server的443端口监听,所以,访问ssl会产生如下形式的访问:http://ip:443/ 这样将与http://ip:port/ 里的port冲突。
【所以】:对https访问,web server会自己定位到导用的了ssl的网站(启用了ssql ,此网上就自动在443上监听)上。
【解决 】 :对https://ip:port/ 的访问可以省略port,如:对https://ip/
http://msn.ynet.com/view.jsp?oid=48723368+
javax.servlet.ServletException: Node with number 0 does not exist.
http://msn.sports.ynet.com/2008/view.jsp?oid=42362690
javax.servlet.ServletException: Node with number 42362690 does not exist.
【问题】
2009-3-12 15:06:31 org.apache.catalina.core.AprLifecycleListener lifecycleEvent
严重: An incompatible version 1.1.1 of the Apache Tomcat Native library is installed, while Tomcat requires version 1.1.3
2009-3-12 15:06:31 org.apache.catalina.core.AprLifecycleListener lifecycleEvent
信息: An older version 1.1.1 of the Apache Tomcat Native library is installed, while Tomcat recommends version greater than 1.1.4
2009-3-12 15:06:31 org.apache.coyote.http11.Http11AprProtocol init
【解决 】
http://tomcat.heanet.ie/native/1.1.8/binaries/win32/
http://topic.csdn.net/u/20080605/14/68376d57-bb1b-4b45-a489-13aa722f2e67.html
下载 http://tomcat.heanet.ie/native/1.1.8/binaries/win32/tcnative-1.dll 目前版本1.1.8
1、把文件放入C:WINDOWSsystem32里。或D:tomcat5.5bin下,我就是这样解决的。
2、把它放在环境变量path中所指向的jdk的bin的目录下,例如,放在C: Javajdk1.5.0_09bin目录下
Apache Tomcat Log
tomcat catalina.out日志切割每天生成一个文件
http://www.sbear.cn/archives/367
tomcat的catalina.out一直增长,太大了会造成tomcat异常,
需要对其日志进行切割每天生成一个文件,并且删除7天前的文件。
#!/bin/bash cd `dirname $0` d=`date +%Y%m%d` d7=`date -d'7 day ago' +%Y%m%d` cd ../logs/ cp catalina.out catalina.out.${d} echo "" > catalina.out rm -rf catalina.out.${d7}
放到tomcat的bin目录中,然后crontab每天执行
Tomcat APR (Apache Portable Runtime)
ref
http://redalx.iteye.com/blog/162246
http://blog.csdn.net/tingya/archive/2006/04/15/664304.aspx
apr说白了就是如何在Tomcat中使用JNI的方式来读取文件以及进行网络传输, 提高tomcat 的IO效率。
apr可以大大提升Tomcat对静态文件的处理性能,同时如果你使用了HTTPS方式传输的话,也可以提升SSL的处理性能。
doc
http://apr .apache.org/
http://tomcat.apache.org/tomcat-5.5-doc/apr.html
http://tomcat .apache.org/tomcat -6.0-doc/apr .html
down
http://tomcat.heanet.ie/native/
http://tomcat.heanet.ie/native/1.1.9/binaries/win32/tcnative-1.dll
setup for Windows
直接下载编译好的二进制版本的dll库文件
http://tomcat.heanet.ie/native/1.1.9/binaries/win32/tcnative-1.dll来使Tomcat启用APR
setup for linux
在Linux下,可以直接解压和安装bin目录下的tomcat_native.tar.gz文件,编译之前要确保apr库已经安装,安装的方式:
# ./configure --with-apr=/usr/local/apr
# make
# make install
安装成功后还需要对tomcat设置环境变量,方法是在catalina.sh文件中增加一行:
CATALINA_OPTS="-Djava.library.path=/usr/local/apr/lib"
怎么才能判断Tomcat是否已经启用了APR库呢?方法是通过看Tomcat的启动日志
如果没有启用APR,则启动日志一般有这么一条:
org.apache.coyote.http11.Http11Protocol start
如果启用了APR,则这条日志就会变成:
使用了apr 之后,如果使用了https,https的配置也需要作改变。需要用到openssl来进行证书文件的生成。
<!-- ssl for apr -->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false"
SSLEngine="on"
SSLCertificateFile="..confcaserver.crt"
SSLCertificateKeyFile="..confcaserver.key" />
linux下编译
cd apache-tomcat -5.5.14/bin/tomcat -native-1.1.1/jni/native/
./configure --with-apr =/usr/bin/apr -1-config --with-java-home=/usr/java/jdk1.5.0_06/
make
make install
bin/catalina.sh
加上
CATALINA_OPTS="-Djava.library.path=/usr/local/apr /lib"
end
最后
以上就是认真荷花为你收集整理的webServer tomcat5 / tomcat6 / tomcat7 / tomcat8的全部内容,希望文章能够帮你解决webServer tomcat5 / tomcat6 / tomcat7 / tomcat8所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
发表评论 取消回复