跳至主要內容

搭建Tomcat

知识库运维技巧开发搭建Tomcat大约 1 分钟

## 下载对应的tomcat版本
# https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.75/bin/apache-tomcat-8.5.75.tar.gz
wget https://dlcdn.apache.org/tomcat/tomcat-8/v8.5.75/bin/apache-tomcat-8.5.75.tar.gz  --no-check-certificate
## 解压并放到指定的目录
tar xzvf apache-tomcat-8.5.75.tar.gz -C /opt
mv /opt/apache-tomcat-8.5.75 /opt/tomcat-8.5.75
## 创建用户用来管理tomcat
groupadd tomcat
useradd -g tomcat -s /sbin/nologin tomcat
chown -R tomcat:tomcat /opt/tomcat-8.5.75/
## 添加tomcat service
cat >> /usr/lib/systemd/system/tomcat8.service <<EOF
[Unit]
Description=Tomcat 8 servlet container
After=network.target

[Service]
Type=forking
User=tomcat
Group=tomcat
# 自定义的jre路径
Environment="JAVA_HOME=/usr/local/lib/jdk1.8.0_201/jre"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom"

Environment="CATALINA_BASE=/opt/tomcat-8.5.75"
Environment="CATALINA_HOME=/opt/tomcat-8.5.75"
Environment="CATALINA_PID=/opt/tomcat-8.5.75/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"

ExecStart=/opt/tomcat-8.5.75/bin/startup.sh
ExecStop=/opt/tomcat-8.5.75/bin/shutdown.sh

[Install]
WantedBy=multi-user.target
EOF
## 加载配置并开机自启
systemctl daemon-reload && systemctl enable tomcat8.service
# 启动tomcat 并查看服务状态
systemctl start tomcat8.service && systemctl status tomcat8.service

tomcat 配置 HTTPS

###### 证书配置
## 生成证书 使用JDK自带的工具keytool (keytool -genkeypair)
keytool -genkey -alias caskeystore -keyalg RSA -keystore thekeystore \
    -storepass 123456 -keypass 123456 \
    -dname "CN=cas.alot.pw, OU=bjtxra,OU=com,S=BJ,C=CN" \
    -ext SAN="dns:localhost,ip:127.0.0.1"
## 导出数字证书
#keytool -export -alias caskeystore -storepass 123456 -keystore thekeystore -rfc -file cas.crt
# 将数字证书导入jdk下的jre里,这里导入JDK时需要默认密码 changeit
# windows:
#keytool -import -alias caskeystore -keystore %JAVA_HOME%\jre\lib\security\cacerts -file cas.crt -trustcacerts -storepass changeit
# Unix:
#sudo keytool -import -alias caskeystore -keystore $JAVA_HOME/jre/lib/security/cacerts -file cas.crt -trustcacerts -storepass changeit

###### tomcat配置证书
# 新建存放证书的目录
mkdir -p /opt/tomcat-8.5.75/conf/keystore
# 复制证书到指定目录
cp -avf ~/thekeystore /opt/tomcat-8.5.75/conf/keystore/
# 修改文件权限
chown -R tomcat:tomcat /opt/tomcat-8.5.75/conf/keystore/
# 修改tomcat配置文件
vi /opt/tomcat-8.5.75/conf/server.xml
:<<EOF
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="conf/keystore/thekeystore" type="RSA" certificateKeystoreType="JKS" certificateKeystorePassword="123456"/>
        </SSLHostConfig>
    </Connector>
EOF
# 重启tomcat服务
systemctl start tomcat8.service && systemctl status tomcat8.service
# 访问地址:http://192.168.10.151:8443