Home | 簡體中文 | 繁體中文 | 雜文 | 知乎專欄 | Github | OSChina 博客 | 雲社區 | 雲棲社區 | Facebook | Linkedin | 視頻教程 | 打賞(Donations) | About
46.2. 配置 Tomcat 伺服器
上一頁 第 46 章 Apache Tomcat 下一頁
知乎專欄多維度架構 微信號 netkiller-ebook | QQ群:128659835 請註明“讀者”

46.2. 配置 Tomcat 伺服器

46.2.1. server.xml

46.2.1.1. Connector

tomcat 連接埠預設為8080, 可以通過修改下面port項改為80連接埠,但不建議你這樣使用80連接埠,tomcat 會繼承root權限,這是非常危險的做法。

			
    <Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

性能調整

			
    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443"
               maxThreads="2048" />

	<Connector port="8080" protocol="HTTP/1.1"
				maxThreads="2048"
				minSpareThreads="64"
				maxSpareThreads="256"
				acceptCount="128"
				enableLookups="false"
				redirectPort="8443"
				debug="0"
				connectionTimeout="20000"
				disableUploadTimeout="true"
				URIEncoding="UTF-8" />
			
			
			
maxThreads="4096"		最大連接數
minSpareThreads="50"	最小空閒綫程
maxSpareThreads="100"	最大空閒綫程
enableLookups="false"	禁止域名解析
acceptCount="15000"
connectionTimeout="30000"	超時時間
redirectPort="8443"
disableUploadTimeout="true"
URIEncoding="UTF-8"		UTF-8編碼
protocol="AJP/1.3"		AJP協議版本
46.2.1.1.1. HTTPS
				
   <Connector port="443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               SSLEngine="on"
               SSLCertificateFile="${catalina.base}/conf/localhost.crt"
               SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" />
46.2.1.1.2. compression

壓縮傳送數據

				
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css"
46.2.1.1.3. useBodyEncodingForURI

如果你的站點編碼非UTF-8,去掉URIEncoding="UTF-8"使用下面選項.

useBodyEncodingForURI="true"

46.2.1.1.4. 隱藏Tomcat版本信息

在Connector中加入server="Neo App Srv 1.0"

				
vim $CATALINA_HOME/conf/server.xml

    <Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443"
				maxThreads="8192"
				minSpareThreads="64"
				maxSpareThreads="128"
				acceptCount="128"
				enableLookups="false"
                server="Neo App Srv 1.0"/>
				
				
# curl -I http://localhost:8080/
HTTP/1.1 400 Bad Request
Transfer-Encoding: chunked
Date: Thu, 20 Oct 2011 09:51:55 GMT
Connection: close
Server: Neo App Srv 1.0

46.2.1.2. Context

配置虛擬目錄

例如我們需要這樣的配置

http://www.netkiller.cn/news
http://www.netkiller.cn/member
http://www.netkiller.cn/product

實現方法

			
<Host name="localhost"  appBase="/www/example.com" unpackWARs="true" autoDeploy="true">
	<Alias>www.example.com</Alias>

	<Context path="news" docBase="www.example.com/news" reloadable="false"></Context>
	<Context path="member" docBase="www.example.com/member" reloadable="false"></Context>
	<Context path="product" docBase="www.example.com/product" reloadable="false"></Context>

</Host>
46.2.1.2.1. 應用程序安全

關閉war自動部署 unpackWARs="false" autoDeploy="false"。防止被植入木馬等惡意程序

關閉 reloadable="false" 也用於防止被植入木馬

46.2.1.2.2. JSESSIONID

修改 Cookie 變數 JSESSIONID, 這個cookie 是用於維持Session關係。建議你改為PHPSESSID。 

				
<Context path="" docBase="path/to/your" reloadable="false" sessionCookieDomain=".example.com" sessionCookiePath="/" sessionCookieName="PHPSESSID" />

46.2.2. tomcat-users.xml

		
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>

<role rolename="manager"/>
<user username="tomcat" password="QI0Ajp7" roles="manager"/>

</tomcat-users>

狀態監控 http://localhost/manager/status

服務管理 http://localhost/manager/html/list

		
<tomcat-users>
<!--
  NOTE:  By default, no user is included in the "manager-gui" role required
  to operate the "/manager/html" web application.  If you wish to use this app,
  you must define such a user - the username and password are arbitrary.
-->
<!--
  NOTE:  The sample user and role entries below are wrapped in a comment
  and thus are ignored when reading this file. Do not forget to remove
  <!.. ..> that surrounds them.
-->
<!--
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>
-->
  <role rolename="manager-gui"/>
  <role rolename="manager-script"/>
  <role rolename="manager-jmx"/>
  <role rolename="manager-status"/>

  <user username="tomcat" password="tomcat" roles="manager-gui,manager-script,manager-jmx,manager-status"/>
  <role rolename="admin-gui"/>
  <role rolename="admin-script"/>
  <user username="admin" password="admin" roles="admin-gui,admin-script"/>

</tomcat-users>

46.2.3. context.xml

context.xml 主要用於配置 資料庫連接池

開啟熱部署,生產環境不建議使用

		
<Context reloadable="true">

46.2.3.1. Resources

org.apache.catalina.webresources.Cache.getResource Unable to add the resource at [/WEB-INF/lib/netkiller.jar] to the cache because there was insufficient free space available after evicting expired cache entries - consider increasing the maximum size of the cache

			
<Resources cachingAllowed="true" cacheMaxSize="100000" />

46.2.3.2. session cookie

			
<Context sessionCookieName="PHPSESSID" sessionCookieDomain=".example.com" sessionCookiePath="/">
	<!-- ... -->
</Context>

46.2.4. logging.properties

修改日誌目錄

1catalina.org.apache.juli.FileHandler.level = FINE
#1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
1catalina.org.apache.juli.FileHandler.directory = /www/logs/tomcat
1catalina.org.apache.juli.FileHandler.prefix = catalina.

46.2.5. catalina.properties

配置跳過掃瞄*.jar

tomcat.util.scan.StandardJarScanFilter.jarsToSkip=\*.jar

context.xml

		
<JarScanner scanClassPath="false"/>

上一頁 上一級 下一頁
第 46 章 Apache Tomcat 起始頁 46.3. 虛擬主機配置