溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點(diǎn)擊 登錄注冊 即表示同意《億速云用戶服務(wù)條款》

CentOS+Nginx+Tomcat+Mysql+PHP 環(huán)境搭建及系統(tǒng)部署

發(fā)布時(shí)間:2020-07-10 07:24:50 來源:網(wǎng)絡(luò) 閱讀:3887 作者:ankey 欄目:MySQL數(shù)據(jù)庫

==============安裝centos 7.0=======================
選擇最小安裝,將相關(guān)的"調(diào)試工具"、“兼容性程序庫”、“開發(fā)工具”選中。
此操作是為了減少后期安裝或編譯相關(guān)服務(wù)時(shí)出現(xiàn)依賴、或環(huán)境的問題。
硬盤分區(qū),可根據(jù)個(gè)人的習(xí)慣而定,不清楚的可以直接選擇系統(tǒng)自動(dòng)分區(qū),
由于個(gè)人的習(xí)慣,本人的分區(qū)如下,僅供參考:
/boot 500M 用于啟動(dòng)Linux的核心文件
swap 5120M(5G) Linux下的交換分區(qū),又稱為虛擬內(nèi)存,一般是物理內(nèi)存的2倍,但不建議超過8G
/ 51200M(50G) 所有系統(tǒng)的文件等,都在該分區(qū)下
/home 剩下的空間 用戶主目錄,新建的用戶的目錄將會(huì)出現(xiàn)在這里

================關(guān)閉不需要的安全設(shè)置,使用其他的安全管理================
vi /etc/selinux/config //關(guān)閉Selinux
SELINUX=disabled //原為enforcing改為disabled
------------------------或使用以下命令關(guān)閉SELINUX---------------------------------------
sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
setenforce 0

systemctl stop firewalld //停止系統(tǒng)默認(rèn)的防火墻
systemctl mask firewalld //屏蔽服務(wù)(讓它不能啟動(dòng))
reboot //重啟讓selinux配置生效

=================管理工具安裝======================
安裝ifconfig、ntsysv、updatedb、lrzsz(上傳下載)、wget(遠(yuǎn)程http下載)功能
yum install -y chkconfig net-tools telnet ntsysv mlocate lrzsz wget lsof setuptool system-config-securitylevel-tui system-config-network-gui system-config-network-tui system-config-date tcpdump
yum install -y vim nano //安裝編輯器

==============更新Centos 7.0 repo源=====================
yum install -y epel-release
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/epel-release.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum clean all
yum makecache
yum install -y python-pip
pip install --upgrade pip
pip install requests

=====安裝nginx yum安裝的第三方repo源文件(使用編譯安裝則不需要)=======
mkdir /root/software
cd /root/software
wget https://mirrors.ustc.edu.cn/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm
rpm -ivh epel-release-7-11.noarch.rpm
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm

=====安裝mysql yum安裝的第三方repo源文件(使用編譯安裝則不需要)=======
cd /root/software //進(jìn)入源文件集中文件夾
wget http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm //下載
yum localinstall -y mysql57-community-release-el7-8.noarch.rpm //通過rpm安裝得到repo源
yum repolist enabled | grep "mysql.-community." //檢查mysql源是否安裝成功

=================各種環(huán)境的預(yù)裝======================
yum install -y make cmake gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers gd gd-devel perl expat expat-devel nss_ldap unixODBC-devel libxslt-devel libevent-devel libtool-ltdl bison libtool zip unzip gmp-devel //安裝各種環(huán)境所需要的插件
yum install -y pcre pcre-devel //安裝PCRE(可與預(yù)裝環(huán)境同步進(jìn)行)
yum update -y //升級(jí)補(bǔ)丁

=======================安裝mysql及初始設(shè)置mysql=======================
yum install -y bison-devel libaio-devel //預(yù)裝mysql環(huán)境
yum install -y perl-Data-Dumper //預(yù)裝mysql所需環(huán)境
yum install -y mysql-server //安裝mysqld
service mysqld start //啟動(dòng)mysql
systemctl enable mysqld.service //開機(jī)自啟動(dòng)

grep 'temporary password' /var/log/mysqld.log //mysql5.7版本后,初始密碼不再為空,默認(rèn)隨機(jī)生成,可通過該命令查詢
mysql -u root -p //進(jìn)入mysql
alter user root@localhost identified by '三種或以上的八位字符'; 默認(rèn)需要先修改密碼,才能其他操作
exit; //退出mysql管理
----------------------------設(shè)置mysql 不分大小寫----------------------
vi /etc/my.cnf
[mysqld]
lower_case_table_names=1 //必須在[mysqld] 中

-------------------------配置mysql支持UTF-8-------------------------
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
lower_case_table_names=1
character-set-server=utf8
max_connections=500
innodb_log_file_size=60M
innodb_buffer_pool_size=128M
symbolic-links=0

[client]
default-character-set=utf8
socket=/var/lib/mysql/mysql.sock

[mysqld_safe]
open-files-limit = 8192
log-error=/var/log/mysqld.log
socket=/var/lib/mysql/mysql.sock
pid-file=/var/run/mysqld/mysqld.pid

service mysqld restart //重啟mysql

=================MySQL運(yùn)維小知識(shí)======================
MySQL高占用CPU、內(nèi)存,有可能是由于進(jìn)程未能及時(shí)釋放,可以通過簡單的設(shè)置,可以有效的解決這個(gè)問題。
mysql -uroot -p
mysql> show global variables like '%timeout';
mysql> set global interactive_timeout=100;
-----------------上述的,在重啟mysqld.service后失效-----------------------------------
vi /etc/my.cnf
[mysqld]
interactive_timeout=20
wait_timeout=20
------------------------------上述,任何時(shí)候都生效-------------------------
-----------------------------mysql創(chuàng)建遠(yuǎn)程用戶并授權(quán)---------------------------
mysql -uroot -p
mysql> create user root identified by '123456';
mysql> grant all privileges on . to 'root'@'%'identified by '123456' with grant option;
mysql> flush privileges;
-----------------------------mysql創(chuàng)建數(shù)據(jù)庫-----------------------------
mysql> CREATE DATABASE lottery DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
----------------------------mysql修改指定用戶的密碼-------------------------------
update mysql.user set password=password('新密碼') where User="test" and Host="localhost";
---------------------------mysql刪除指定用戶-------------------------------------
delete from user where User='test' and Host='localhost';

====================安裝PHP環(huán)境==========================
yum install -y php56w php56w-cli php56w-common php56w-gd php56w-ldap php56w-mbstring php56w-mcrypt php56w-mysql php56w-pdo php56w-devel
yum install -y traceroute net-snmp-devel vim sysstat tree mysql-devel ntpdate libjpeg* bind-utils
yum install -y php56w-imap php56w-odbc php56w-pear php56w-xml php56w-xmlrpc php56w-mhash libmcrypt php56w-bcmath
yum install -y php56w-fpm
vi /etc/php-fpm.d/www.conf

user = nginx //默認(rèn)為apache,修改與nginx一致的用戶 需要安裝nginx后才能改
group = nginx //默認(rèn)為apache,修改與nginx一致的組 需要安裝nginx后才能改

vi /etc/php.ini

session.save_path = "/var/lib/php/session" //設(shè)置session的位置,否則PHP運(yùn)行會(huì)出錯(cuò)

chmod 777 /var/lib/php/session //設(shè)置文件夾屬性
chkconfig php-fpm on

=============安裝yum nginx============
yum install -y automake autoconf libtool make
yum install -y nginx
chkconfig nginx on
cd /etc/nginx
mkdir vhost //放虛擬主機(jī)配置文件的位置
vi nginx.conf
-------------在server{}中添加如下內(nèi)容---------------------------
~~~~在server的root下添加如下內(nèi)容,默認(rèn)首頁文件名~
index index.php default.php index.html index.htm;
~~在server中添加支持PHP的語句~~~
location ~ .php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
---------------------在http{}的最后,添加如下內(nèi)容---------------------------
include vhost/*.conf; //添加完成后保存退出
nginx -t //檢查nginx.conf及vhost下的配置文件是否正確
service php-fpm start //啟動(dòng)PHP-FPM
service nginx restart //重啟nginx服務(wù)
------------------虛擬主機(jī)配置示例------------------------------
server {
listen 808;
server_name 10.17.162.113:808;
root /home/website/phpmyadmin/wwwroot;
location / {
index index.php index.html index.shtml;
}

location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/website/phpmyadmin/wwwroot$fastcgi_script_name;
include fastcgi_params;
}

#log...
}
------------------Nginx 反向代理轉(zhuǎn)發(fā)(無條件訪問HTTPS)---------------------------
server {
listen 80;
server_name huizhong.itrxm.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443;
server_name huizhong.itrxm.com;
ssl on;
ssl_certificate /etc/nginx/vhost/ssl/huizhong.itrxm.com-certificate.crt;
ssl_certificate_key /etc/nginx/vhost/ssl/huizhong.itrxm.com-private.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass https://10.17.162.113:6443;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_next_upstream off;
proxy_buffer_size 32k;
proxy_buffers 64 32k;
proxy_busy_buffers_size 1m;
proxy_temp_file_write_size 512k;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
}
-------------------------------Nginx訪問TomCat WebApps下某個(gè)目錄---------------
server {
listen 80;
server_name hhcphb.itrxm.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass http://59.188.14.217:8080/HBH5/;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#root html;
#index index.html;
proxy_next_upstream off;
proxy_buffer_size 32k;
proxy_buffers 64 32k;
proxy_busy_buffers_size 1m;
proxy_temp_file_write_size 512k;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /HBH5/ {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass http://59.188.14.217:8080/HBH5/;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#root html;
#index index.html;
proxy_next_upstream off;
proxy_buffer_size 32k;
proxy_buffers 64 32k;
proxy_busy_buffers_size 1m;
proxy_temp_file_write_size 512k;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
}

================JAVA開發(fā)環(huán)境安裝=============
yum search java-1.7 //搜索java-1.7的版本
yum install -y java-1.7.0-openjdk-devel.x86_64 //安裝java-1.7.0版本開發(fā)環(huán)境
cd /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.161-2.6.12.0.el7_4.x86_64/ //進(jìn)入安裝目錄
vi /etc/profile //環(huán)境配置
-------------------在文件最后面,添加上-----------------------
export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.161-2.6.12.0.el7_4.x86_64 //版本不同,路徑不一樣,需要注意這個(gè)問題
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar

source /etc/profile //立即生效
javac //運(yùn)行測試
-----------------------顯示以下內(nèi)容說明配置成功---------------------------
[root@apisrv lib]# javac
Usage: javac <options> <source files>
where possible options include:
-g Generate all debugging info
-g:none Generate no debugging info
-g:{lines,vars,source} Generate only some debugging info
-nowarn Generate no warnings
-verbose Output messages about what the compiler is doing
-deprecation Output source locations where deprecated APIs are used
-classpath <path> Specify where to find user class files and annotation processors
-cp <path> Specify where to find user class files and annotation processors
-sourcepath <path> Specify where to find input source files
-bootclasspath <path> Override location of bootstrap class files
-extdirs <dirs> Override location of installed extensions
-endorseddirs <dirs> Override location of endorsed standards path
-proc:{none,only} Control whether annotation processing and/or compilation is done.
-processor <class1>[,<class2>,<class3>...] Names of the annotation processors to run; bypasses default discovery process
-processorpath <path> Specify where to find annotation processors
-parameters Generate metadata for reflection on method parameters
-d <directory> Specify where to place generated class files
-s <directory> Specify where to place generated source files
-h <directory> Specify where to place generated native header files
-implicit:{none,class} Specify whether or not to generate class files for implicitly referenced files
-encoding <encoding> Specify character encoding used by source files
-source <release> Provide source compatibility with specified release
-target <release> Generate class files for specific VM version
-profile <profile> Check that API used is available in the specified profile
-version Version information
-help Print a synopsis of standard options
-Akey[=value] Options to pass to annotation processors
-X Print a synopsis of nonstandard options
-J<flag> Pass <flag> directly to the runtime system
-Werror Terminate compilation if warnings occur
@<filename> Read options and filenames from file

注:若輸入javac顯示:bash: javac: 未找到命令… 則說明配置失敗,檢查環(huán)境變量路徑是否正確。

================Tomcat安裝=============
mkdir /opt/tomcat
sudo groupadd tomcat
sudo useradd -s /bin/nologin -g tomcat -d /opt/tomcat/tomcat tomcat
mkdir /root/software //創(chuàng)建專用于存放下載的軟件,個(gè)人習(xí)慣,也可放在/usr/local下等。
cd /root/software
wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-7/v7.0.82/bin/apache-tomcat-7.0.82.tar.gz
sudo tar -zxvf apache-tomcat-7.0.82.tar.gz -C /opt/tomcat/tomcat --strip-components=1
cd /opt/tomcat/tomcat
chmod -R 754 bin/
chgrp -R tomcat /opt/tomcat/tomcat
chmod -R g+r conf
chmod g+x conf
chown -R tomcat webapps/ work/ temp/ logs/

=================創(chuàng)建服務(wù)啟動(dòng)文件==================
sudo vi /etc/systemd/system/tomcat.service
-------------------------------內(nèi)容如下----------------------------------------------------
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target

[Service]
Type=forking

Environment=JAVA_HOME=/usr/lib/jvm/jre
Environment=CATALINA_PID=/opt/tomcat/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat/tomcat
Environment=CATALINA_BASE=/opt/tomcat/tomcat
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'

ExecStart=/opt/tomcat/tomcat/bin/startup.sh
ExecStop=/bin/kill -15 $MAINPID

User=tomcat
Group=tomcat

[Install]
WantedBy=multi-user.target

systemctl daemon-reload //重載一下服務(wù)單元
systemctl enable tomcat.service
systemctl start tomcat.service

===========安裝haveged(進(jìn)程守護(hù))====================
sudo yum install -y haveged
sudo systemctl start haveged.service
sudo systemctl enable haveged.service

訪問 http://[Your-Host-IP]:8080 預(yù)覽是否正常。

================配置Tomcat 管理界面==========================
sudo vi /opt/tomcat/tomcat/conf/tomcat-users.xml
-------------------------在<tomcat-users>與</tomcat-users>內(nèi)輸入以下內(nèi)容-------------------
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user username="tomcat" password="s3cret" roles="admin-gui,manager-gui,manager-script,manager-jmx,manager-status"/>

sudo systemctl restart tomcat.service

==============catalina.out 日志分割===================
yum install -y cronolog
修改bin/catalina.sh文件 標(biāo)紅的為修改的內(nèi)容,

shift
touch “$CATALINA_OUT”
if [ “$1” = “-security” ] ; then
if [ $have_tty -eq 1 ]; then
echo “Using Security Manager”
fi
shift
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Djava.security.manager \
-Djava.security.policy==”\”$CATALINA_BASE/conf/catalina.policy\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap “$@” start \

“$CATALINA_OUT” 2>&1 “&”
else
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap “$@” start \
“$CATALINA_OUT” 2>&1 “&”
fi
改為:
shift

touch "$CATALINA_OUT" 注釋掉

if [ “$1” = “-security” ] ; then
if [ $have_tty -eq 1 ]; then
echo “Using Security Manager”
fi
shift
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Djava.security.manager \
-Djava.security.policy==”\”$CATALINA_BASE/conf/catalina.policy\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap "$@" start 2>&1 | /usr/sbin/cronolog "$CATALINA_BASE"/logs/catalina.%Y-%m-%d.out >> /dev/null &
else
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap “$@” start 2>&1 | /usr/sbin/cronolog "$CATALINA_BASE"/logs/catalina.%Y-%m-%d.out >> /dev/null &
fi

====================tomcat日志分割定期刪除catalina.out=============
每天晚上11點(diǎn)50切割日志文件,同時(shí)刪除超過30天的日志
log_path=/opt/tomcat/logs
d=date +%Y-%m-%d
d90=date -d'30 day ago' +%Y-%m-%d
cd ${log_path} && cp catalina.out $log_path/cron/catalina.out.$d.log
echo > catalina.out
rm -rf $log_path/cron/catalina.out.${d90}.log

添加權(quán)限
chmod 777 /shell/log.sh
編輯crontab
crontab -e
50 23 * sh /shell/log.sh
----------------------另一種方法---------------------------
crontab -e

  • 5 find /usr/logs/ -name ".20" -ctime +7 -exec rm -rf {} \;

systemctl start tomcat7.service

===============配置訪問同一個(gè)項(xiàng)目下不同的文件夾===========
先將原本的<host>配置注釋掉,然后新增如下內(nèi)容:
<Host name="hhcp.itrxm.com" appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
<Context path="" docBase="/data/tomcat/tomcat/webapps/ROOT" debug="0" reloadable="true" />
</Host>
<Host name="hhcphb.itrxm.com" appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
<Context path="" docBase="/data/tomcat/tomcat/webapps/HBH5" debug="0" reloadable="true" />
</Host>

================SSL環(huán)境搭建==================================
在nginx的conf中,進(jìn)行做對(duì)應(yīng)的修改
server {
listen 80;
server_name 域名地址;
rewrite ^(.*)$ https://$host$1 permanent;
}

server {
listen 443;
server_name x;
ssl on;
ssl_certificate /etc/nginx/vhost/ssl/certificate.crt;
ssl_certificate_key /etc/nginx/vhost/ssl/private.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

     location / {
          client_max_body_size    16m;
          client_body_buffer_size 128k;
          proxy_pass                          http://IP地址:8080;
          proxy_set_header        Host $host;
          proxy_set_header        X-Real-IP $remote_addr;
          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header           X-Forwarded-Proto https;
          proxy_next_upstream   off;

          proxy_connect_timeout   30;
          proxy_read_timeout      300;
          proxy_send_timeout      300;
    }
}

在tomcat 中的server.xml中修改:
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
修改為:
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
keystoreFile="/opt/tomcat/tomcat/conf/cert/201802031124.pfx" //絕對(duì)路徑,否則容易出錯(cuò)
keystoreType="PKCS12"
keystorePass="201802031124"
clientAuth="false"
SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>
并新加節(jié)點(diǎn):
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"/>

重啟tomcat服務(wù)
systemctl restart tomcat.service

注:沒有若只有key及crt文件的證書,可以進(jìn)入
https://www.myssl.cn/tools/merge-pfx-cert.html
中進(jìn)行生成一個(gè)pfx文件的證書,并設(shè)置一個(gè)密碼。

=================通過VisualVM對(duì)Tomcat性能監(jiān)控==================
JMX下載地址:http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-jmx-remote.jar
catalina-jmx-remote.jar包下載完成后放到Tomcat的lib目錄下

vim catalina.sh
----------------------------------在注釋下面添加如下內(nèi)容------------------------------------
CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=7090
-Dcom.sun.management.jmxremote.ssl=false
-Djava.rmi.server.hostname=被監(jiān)控的服務(wù)器IP地址
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.password.file=/var/tomcat/tomcat/conf/jmxremote.password
-Dcom.sun.management.jmxremote.access.file=/var/tomcat/tomcat/conf/jmxremote.access"

cd /var/tomcat/tomcat/conf
vim jmxremote.access

monitorRole readonly
controlRole readwrite

vim jmxremote.password //要與運(yùn)行tomcat的權(quán)限一致

monitorRole 25DWdl2&D^W
controlRole 25DWdl2&D^W

chmod 0400 jmxremote.password //密碼文件應(yīng)該是只讀的,只能由Tomcat運(yùn)行用戶
systemctl restart tomcat.service

至此,整套環(huán)境及系統(tǒng)搭建部署完畢。

向AI問一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請(qǐng)聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI