基于APR模式的Tomcat环境部署

1、版本信息

组件名	版本号
jdk	1.8.0_45
tomcat	8.0.23
apr	1.5.2
apr-iconv	1.2.1
apr-util	1.5.4
tomcat-native	1.1.33

Tomcat的通讯模型总共为3种，分别为BIO、NIO、APR，而本次所采用的模式为APR。

3种模式的区别：

	Java Blocking Connector	Java Nio Blocking Connector	APR/native Connector
Tomcat Version	3.x onwards	7.x onwards	5.5.x onwards
Classname	BIO（AjpProtocol）	NIO（AjpNioProtocol）	APR（AjpAprProtocol）
Read Request Headers	Blocking	Sim Blocking	Blocking
Read Request Body	Blocking	Sim Blocking	Blocking
Write Response	Blocking	Sim Blocking	Blocking
Wait for next Request	Blocking	Non Blocking	Non Blocking
Max Connections	maxConnections	maxConnections	maxConnections
Polling Size	N/A	maxConnections	maxConnections
Support Polling	NO	YES	YES

2、基础安装

 # cd /usr/local/src
 # tar xvzf jdk-8u45-linux-x64.gz -C /opt
 # cd /opt && ln -s jdk1.8.0_45 jdk

 # cd /usr/local/src
 # wget http://mirrors.hust.edu.cn/apache/tomcat/tomcat-8/v8.0.23/bin/apache-tomcat-8.0.23.tar.gz
 # tar xvzf apache-tomcat-8.0.23.tar.gz -C /opt
 # cd /opt && ln -s apache-tomcat-8.0.23 tomcat

# vim /etc/profile

export  TOMCAT_HOME= /opt/tomcat
export  JAVA_HOME= /opt/jdk
export  CLASSPATH=.:$JAVA_HOME /lib/dt .jar:$JAVA_HOME /lib/tools .jar
export  PATH=$PATH:$JAVA_HOME /bin :$TOMCAT_HOME /bin

 # source /etc/profile
 # mkdir -p /data/logs/{search,tomcat}
 # mkdir -p /data/search/{data,index}

# vim /opt/tomcat/conf/server.xml

......
"8080"

        protocol= "org.apache.coyote.http11.Http11AprProtocol"
        maxHttpHeaderSize= "8192"
        onnectionTimeout= "20000"
        redirectPort= "8443"
        maxThreads= "1000"
        minSpareThreads= "50"
        maxSpareThreads= "150"
        minProcessors= "100"
        maxProcessors= "1000"
        acceptCount= "1000"
        disableUpload20meout= "true"
        enableLookups= "false"
        URIEncoding= "UTF-8"  />
......

# vim /opt/tomcat/bin/setenv.sh（这里以64G内存、24核CPU为例，且以单实例运行）

JAVA_OPTS="-Djava.awt.headless= true  -Dfile.encoding=UTF-8
    -server -Xms48g -Xmx48g -Xss1m
    -XX:NewSize=8g -XX:MaxNewSize=16g
    -XX:NewRatio=4 -XX:SurvivorRatio=4
    -XX:+AggressiveOpts -XX:+UseBiasedLocking
    -XX:+UseConcMarkSweepGC -XX:ParallelCMSThreads=24
    -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -Xloggc: /data/logs/tomcat/gc .log
    -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath= /data/logs/tomcat/heapdump .bin
    -XX:+CMSParallelRemarkEnabled -XX:+ScavengeBeforeFullGC
    -XX:CMSInitiatingOccupancyFraction=75"

CATALINA_OUT= /data/logs/tomcat/catalina .out

CATALINA_OPTS="-Dcom.sun.management.jmxremote
    -Dcom.sun.management.jmxremote.authenticate= false
    -Dcom.sun.management.jmxremote.ssl= false
    -Dcom.sun.management.jmxremote.port=10826"

 # chmod +x /opt/tomcat/bin/setenv.sh

# vim /opt/tomcat/conf/logging.properties

......

1catalina.org.apache.juli.AsyncFileHandler.level = FINE

1catalina.org.apache.juli.AsyncFileHandler.directory =  /data/logs/tomcat
1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina.

2localhost.org.apache.juli.AsyncFileHandler.level = FINE
2localhost.org.apache.juli.AsyncFileHandler.directory =  /data/logs/tomcat
2localhost.org.apache.juli.AsyncFileHandler.prefix = localhost.

3manager.org.apache.juli.AsyncFileHandler.level = FINE
3manager.org.apache.juli.AsyncFileHandler.directory =  /data/logs/tomcat
3manager.org.apache.juli.AsyncFileHandler.prefix = manager.

4host-manager.org.apache.juli.AsyncFileHandler.level = FINE
4host-manager.org.apache.juli.AsyncFileHandler.directory =  /data/logs/tomcat

4host-manager.org.apache.juli.AsyncFileHandler.prefix = host-manager.

......

也可以直接如下执行：

 # sed -i 's#${catalina.base}/logs#/data/logs/tomcat#g' /opt/tomcat/conf/logging.properties

 # cd /usr/local/src
 # wget http://mirrors.hust.edu.cn/apache/apr/apr-1.5.2.tar.gz
 # tar xvzf apr-1.5.2.tar.gz
 # cd apr-1.5.2
 # ./configure --prefix=/opt/apr
 # make && make install

 # cd /usr/local/src
 # wget http://mirrors.hust.edu.cn/apache/apr/apr-iconv-1.2.1.tar.gz
 # tar xvzf apr-iconv-1.2.1.tar.gz
 # cd apr-iconv-1.2.1
 # ./configure --prefix=/opt/apr-iconv --with-apr=/opt/apr
 # make && make install

 # cd /usr/local/src
 # wget http://mirrors.hust.edu.cn/apache/apr/apr-util-1.5.4.tar.gz
 # tar xvzf apr-util-1.5.4.tar.gz
 # cd apr-util-1.5.4
 # ./configure --prefix=/opt/apr-util --with-apr=/opt/apr --with-apr-iconv=/opt/apr-iconv/bin/apriconv
 # make && make install

 # cd /usr/local/src
 # wget http://mirrors.cnnic.cn/apache/tomcat/tomcat-connectors/native/1.1.33/source/tomcat-native-1.1.33-src.tar.gz
 # tar xvzf tomcat-native-1.1.33-src.tar.gz
 # cd tomcat-native-1.1.33-src/jni/native
 # ./configure --prefix=/usr --with-apr=/opt/apr --with-java-home=/opt/jdk
 # make && make install

安装结果如下：

3、安全设置

1）隐藏Tomcat版本信息

 # cd /opt/tomcat/lib
 # mkdir -p org/apache/catalina/util
 # vim org/apache/catalina/util/ServerInfo.properties
 server.info=Eleme Tomcat

2）删除Tomcat管理页面

 # rm -rf /opt/tomcat/webapps/*

3）以普通用户运行Tomcat

方式一：（使用jsvc以普通用户权限去启动Tomcat，这是官方最推荐的方法，原理是root用户fork非root进程）

 # useradd tomcat -s /usr/sbin/nologin   【Ubuntu系统环境】
 # useradd tomcat -s /sbin/nologin       【CentOS系统环境】

 # chown -R tomcat:tomcat /opt/tomcat/
 # chown -R tomcat:tomcat /data/logs/{search,tomcat}

 # cd /opt/tomcat/bin
 # tar xvzf commons-daemon-native.tar.gz
 # cd commons-daemon-1.0.15-native-src/unix
 # ./configure --with-java=/opt/jdk
 # make
 # cp jsvc ../../
 # cd ../../
 # ./daemon.sh start

注：正常情况下有两个进程，参数都是一样的，但属主不一样，1个是root用户，1个是tomcat用户。

方式二：

 # useradd tomcat -s /bin/bash
 # chown -R tomcat:tomcat /opt/tomcat/
 # chown -R tomcat:tomcat /data/logs/{search,tomcat}
 # sudo su tomcat /opt/tomcat/bin/startup.sh

4）其他设置

自定义错误页面，比如添加以下内容：

 500< /error-code >
 /500 .jsp< /location >
 < /error-page >

注：可以根据需要自行增加相应的错误码，常见的如500，404等，location选项为指定跳转的页面，该jsp文件需要自己生成。

删除jspx文件解析，可以注释掉以下内容

 *.jspx</url-pattern>

注：以上两点配置，都在web.xml进行设置。

4、初步压测结果

测试工具：siege

并发线程数：600

测试命令：/opt/siege/bin/siege -c 600 -f /opt/urls.txt

测试并调优的难点主要是在JVM上，需要对JVM有较深入的了解，根据不同的应用场景进行调优。