【Tomcat】初识 Web 中间件 Tomcat

Web中间件Tomcat1.模拟部署Tomcat[rootNginx-1 Tomcat]# lsapache-tomcat-7.0.42.tar.gz apache-tomcat-9.0.1.tar.gz jdk-8u151-linux-x64.tar.gz jspgouV6-ROOT.zip[rootNginx-1 Tomcat]# tar -xf jdk-8u151-linux-x64.tar.gz -C /usr/local/[rootNginx-1 Tomcat]# ln -s /usr/local/jdk1.8.0_151/ /usr/local/java[rootNginx-1 Tomcat]# ll /usr/local/javalrwxrwxrwx1root root24Apr1613:32 /usr/local/java -/usr/local/jdk1.8.0_151/[rootNginx-1 Tomcat]# vim /etc/profileJAVA_HOME/usr/local/javaPATH$JAVA_HOME/bin:$PATHexportJAVA_HOMEPATH[rootNginx-1 Tomcat]# source /etc/profile[rootNginx-1 ~]# java -versionjavaversion1.8.0_151Java(TM)SE Runtime Environment(build1.8.0_151-b12)Java HotSpot(TM)64-Bit Server VM(build25.151-b12, mixed mode)[rootNginx-1 Tomcat]# tar -xf apache-tomcat-7.0.42.tar.gz -C /usr/local/[rootNginx-1 Tomcat]# ll /usr/local/tomcatlrwxrwxrwx1root root32Apr1613:37 /usr/local/tomcat -/usr/local/apache-tomcat-7.0.42/[rootNginx-1 Tomcat]# vim /etc/profileCATALINA_HOME/usr/local/tomcatexportCATALINA_HOME[rootNginx-1 Tomcat]# source /etc/profile[rootNginx-1 ~]# useradd -r -s /sbin/nologin -d /usr/local/tomcat tomcat[rootNginx-1 ~]# chown -R tomcat:tomcat /usr/local/tomcat[rootNginx-1 ~]# cat /etc/systemd/system/tomcat.service EOF[Unit]DescriptionApache Tomcat Web Application ContainerAfternetwork.target[Service]TypeforkingUsertomcatGrouptomcatEnvironmentJAVA_HOME/usr/local/javaEnvironmentCATALINA_HOME/usr/local/tomcatEnvironmentCATALINA_OPTS-Xms512m -Xmx1024m -XX:UseG1GC -XX:MaxGCPauseMillis200ExecStart/usr/local/tomcat/bin/startup.shExecStop/usr/local/tomcat/bin/shutdown.shRestarton-failureLimitNOFILE65536[Install]WantedBymulti-user.target EOF[rootNginx-1 ~]# systemctl daemon-reload[rootNginx-1 ~]# systemctl restart tomcat[rootNginx-1 ~]# systemctl status tomcat[rootNginx-1 ~]# ss -antlupe | grep java# 浏览器访问 http://172.25.254.44:8080 生产建议永远不要用 root 运行 Tomcat。创建专用用户并赋权[rootNginx-1 ~]# useradd -r -s /sbin/nologin tomcat[rootNginx-1 ~]# chown -R tomcat:tomcat /usr/local/tomcat2.核心配置文件深度解析2.1Tomcat主目录介绍[rootNginx-1 ~]# tree -L 1 /usr/local/tomcat//usr/local/tomcat/ ├── bin# 存放tomcat管理脚本├── conf# tomcat配置文件存放目录├── lib# web应用调用的jar包存放路径├── LICENSE ├── logs# tomcat日志存放目录catalina.out为主要输出日志├── NOTICE ├── RELEASE-NOTES ├── RUNNING.txt ├── temp ├── webapps# web程序存放目录└── work# 存放编译产生的.java与.class文件2.2webapps目录介绍[rootNginx-1 webapps]# pwd/usr/local/tomcat/webapps[rootNginx-1 webapps]# tree -L 1 ..├── docs# tomcat帮助文档├── examples# web应用实例├── host-manager# 主机管理├── manager# 管理└── ROOT# 默认站点根目录2.3 默认网站的主目录主页[rootNginx-1 ROOT]# ls /usr/local/tomcat/webapps/ROOT/2.4Tomcat配置文件目录介绍[rootNginx-1 conf]# pwd/usr/local/tomcat/conf[rootNginx-1 conf]# tree -L 1 ..├── Catalina ├── catalina.policy ├── catalina.properties ├── context.xml ├── logging.properties ├── server.xml# Tomcat主配置文件├── tomcat-users.xml# Tomcat管理用户配置文件└── web.xml2.5server.xml关键节点!-- 连接器处理 HTTP 请求 --Connectorport8080protocolHTTP/1.1connectionTimeout20000redirectPort8443maxThreads200!--最大工作线程--minSpareThreads25!-- 初始空闲线程 --acceptCount100!-- 等待队列长度 --URIEncodingUTF-8 /!-- 虚拟主机一个 Engine 可包含多个 Host --Hostnameapi.example.comappBasewebapps_apiunpackWARstrueautoDeployfalseValveclassNameorg.apache.catalina.valves.AccessLogValvedirectorylogsprefixapi_access_logsuffix.txtpattern%h %l %u %tquot;%rquot;%s %b//Host⚠️autoDeploytrue在开发环境方便但生产环境必须关闭避免热部署导致内存泄漏或类加载冲突。3.性能调优及安全加固3.1 调优参数参数CATALINA_OPTS在bin/setenv.sh推荐或 systemd 的Environment中设置exportCATALINA_OPTS-Xms1g -Xmx2g \ -XX:UseG1GC -XX:MaxGCPauseMillis200 \ -XX:HeapDumpOnOutOfMemoryError -XX:HeapDumpPath/tmp/tomcat_heapdump.hprof \ -Djava.security.egdfile:/dev/./urandom \ -Dfile.encodingUTF-8 -Duser.timezoneAsia/Shanghai参数说明-Xms/-Xmx堆内存初始/最大值生产建议设为相等UseG1GCJDK8u191 推荐垃圾回收器延迟低java.security.egd解决 Tomcat 启动慢SecureRandom 阻塞file.encoding/timezone避免中文乱码、时间差问题3.2 安全加固清单删除无用默认应用rm-rf/usr/local/tomcat/webapps/{docs,examples,host-manager,manager,ROOT}禁用 AJP 协议除非配合 Apache httpd mod_jk!-- server.xml 中注释掉或删除 --!-- Connector port8009 protocolAJP/1.3 redirectPort8443 / --隐藏版本信息# 创建 lib/catalina.jar 中的 org/apache/catalina/util/ServerInfo.propertiesmkdir-p/usr/local/tomcat/libcat/usr/local/tomcat/lib/org/apache/catalina/util/ServerInfo.propertiesEOF server.infoWebServer server.number0.0.0.0 server.built2024-01-01 EOF限制上传文件大小web.xml或应用内配置filterfilter-namesizeLimitFilter/filter-namefilter-classorg.apache.tomcat.websocket.server.WsFilter/filter-classinit-paramparam-namemaxFileSize/param-nameparam-value10485760/param-value!-- 10MB --/init-param/filter4.常见故障排查速查表及日志分析技巧现象可能原因排查命令/日志位置启动卡住/慢SecureRandom 阻塞cat /proc/sys/kernel/random/entropy_availjava.net.BindException端口被占用ss -tlnp | grep :8080OutOfMemoryError堆内存不足/内存泄漏分析heapdump.hprof检查catalina.out请求超时/拒绝线程池打满jstack pid | grep -c http-nio-8080中文乱码URIEncoding/文件编码未设检查 Connector 和file.encodingManager 403 拒绝访问未配置角色或IP限制检查tomcat-users.xml和context.xml中的RemoteAddrValve日志分析技巧# 实时跟踪核心日志tail-f/usr/local/tomcat/logs/catalina.out# 搜索错误堆栈grep-C5Exception\|Error/usr/local/tomcat/logs/catalina.out# 查看访问日志需开启 AccessLogValveawk{print $1}/usr/local/tomcat/logs/localhost_access_log.*.txt|sort|uniq-c|sort-nr|head