- 安裝Java
- 上傳tomcat.tar.gz並解壓兩次,重命名兩個文件夾
- tomcat-dev(生產模式)
- tomcat-test(測試使用)
- vim /etc/profile 在最後面追加代碼
# 用戶主路徑配置
export USER_HOME=/home/user
# Java配置
export JAVA_HOME=$USER_HOME/java/jdk-13.0.1
export CLASSPATH=.:$JAVA_HOME/lib:$CLASSPATH
export PATH=$JAVA_HOME/bin:$PATH
# Tomcat生產環境配置
export TOMCAT_HOME_DEV=$USER_HOME/tomcat/tomcat-dev
export CATALINA_HOME_DEV=$TOMCAT_HOME_DEV
export CATALINA_BASE_DEV=$TOMCAT_HOME_DEV
# Tomcat測試環境配置
export TOMCAT_HOME_TEST=$USER_HOME/tomcat/tomcat-test
export CATALINA_HOME=$TOMCAT_HOME
export CATALINA_BASE=$TOMCAT_HOME
4. 配置生效
source /etc/profile
5. 分別修改Tomcat中bin/catalina.sh,分別配置對應的CATALINA_HOME及CATALINA_BASE,以生產模式爲例
vim /home/user/tomcat/tomcat-dev/bin/catalina.sh
在非註釋的第一行,也就是# OS specific support.下面一行,追加配置
# OS specific support. $var _must_ be set to either true or false.
# 追加內容,引用在/etc/profile配置的生產模式環境變量
export CATALINA_HOME=$CATALINA_HOME_DEV
export CATALINA_BASE=$CATALINA_BASE_DEV
# 追加結束
cygwin=false
6. 配置生產模式的conf/server.xml,使用SSL
<?xml version="1.0" encoding="UTF-8"?>
<!-- 生產模式使用8005端口 -->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase"
auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<!-- 重定向到443端口配置
keystoreFile寫.jks文件的絕對路徑
keystorePass是密鑰,如果沒有主動生成在keystorePass.txt文件 -->
<Connector port="443"
protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
keystoreFile="/home/user/ssl/Tomcat/www.domain.com.jks"
keystorePass="123456"
sslProtocol="TLS"
clientAuth="false"/>
<!-- 8080端口,重定向到443 -->
<Connector port="8080"
connectionTimeout="20000"
protocol="HTTP/1.1"
redirectPort="443" />
<!-- 80端口,可以將http訪問轉爲https,結合web.xml文件配置 -->
<Connector port="80"
connectionTimeout="20000"
protocol="HTTP/1.1"
redirectPort="443" />
<!-- 8009端口,重定向到443 -->
<Connector port="8009"
protocol="AJP/1.3"
redirectPort="443" />
<Engine name="Catalina"
defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost"
appBase="webapps"
unpackWARs="true"
autoDeploy="true">
<!-- 網站主頁路徑配置,在webapps/web文件夾 -->
<Context path=""
docBase="web"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log"
suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
7. 配置SSL還需要配置conf/web.xml文件,同時配置歡迎頁面,即官網訪問界面
<!-- 歡迎頁面配置,設置webapps/web/index.html爲首頁 -->
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<!-- SSL配置 -->
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
8. 配置測試模式的conf/server.xml,在生產模式中使用了8005,8080,8009,443端口,要避免這些端口的重複應用,所以我在測試模式分別使用9005,9080,9009,分別都加上1000,比較好記
9. 分別啓動兩個Tomat,https://www.domain.com,http://xxx.xxx.xxx.xxx:9080/全部可以正常訪問
10. Linux直接發送GET請求命令
curl -l http://localhost:9080/
11. Tomcat自檢命令
sh bin/configtest.sh
12. 查看端口占用命令
lsof -i:9080
13. 實時查看日誌命令
tail logs/catalina.out