原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。 http://snailwarrior.blog.51cto.com/680306/139971
以下操作配置参考Tomcat的官方网站: [url]http://tomcat.apache.org[/url]
1、下载最新版本的JDK SE
我下载的是Linux平台二进制版本 jdk-6u12-linux-i586.bin
# chmod +x jdk-6u12-linux-i586.bin
# ./jdk-6u12-linux-i586.bin
# ./jdk-6u12-linux-i586.bin
# mv jdk1.6.0_12 /usr/local/
# cd /usr/local
# ln -s jdk1.6.0_12 jdk
# cd /usr/local
# ln -s jdk1.6.0_12 jdk
2、下载Tomcat当前最新的版本,安装到 /usr/local/tomcat:
# wget [url]http://apache.mirror.phpchina.com/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.gz[/url]
# tar zxf apache-tomcat-6.0.18.tar.gz -C /usr/local
# cd /usr/local
# ln -s apache-tomcat-6.0.18 tomcat
# tar zxf apache-tomcat-6.0.18.tar.gz -C /usr/local
# cd /usr/local
# ln -s apache-tomcat-6.0.18 tomcat
设置JAVA_HOME环境变量,修改 tomcat/bin/startup.sh, tomcat/bin/shutdown.sh 在前面部分添加以下两行:
export JAVA_HOME
export JAVA_HOME
(或者修改 /etc/profile 在里面添加上述两行)
# cd /usr/local/tomcat
# ./bin/startup.sh
[root@pps tomcat]# ./bin/startup.sh
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/local/jdk
# ./bin/startup.sh
[root@pps tomcat]# ./bin/startup.sh
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/local/jdk
在浏览器输入: [url]http://localhost:8080/[/url] 看看那只“猫”是否出来了。
如果Linux没有安装或没启用X界面的话,可以在局域网的机器输入 [url]http://ip:8080[/url] 访问。
如果Linux没有安装或没启用X界面的话,可以在局域网的机器输入 [url]http://ip:8080[/url] 访问。
【概念理解】keystore 是一个密码保护的文件,用来存储密钥和证书
# cd /usr/local/jdk/bin/
# ./keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/local/tomcat/conf/.keystore
# cd /usr/local/jdk/bin/
# ./keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/local/tomcat/conf/.keystore
【注意】它会在前后问你两次密码,第二次直接回车就行了,如果两个密码不一样,将会出现java.io.IOException错误。详情请见: [url]http://issues.apache.org/bugzilla/show_bug.cgi?id=38217[/url]
(2)修改 tomcat/conf/server.xml
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
clientAuth="false" sslProtocol="TLS" />
clientAuth="false" sslProtocol="TLS" />
# /usr/local/tomcat/bin/shutdown.sh
# /usr/local/tomcat/bin/startup.sh
# /usr/local/tomcat/bin/shutdown.sh
# /usr/local/tomcat/bin/startup.sh
浏览器输入: [url][/url]
浏览器输入: [url][/url]
Finally, using name-based virtual hosts a secured connection can be problematic. This is a design limitation of the SSL protocol itself. The SSL handshake, where the client browser accepts the server certificate, must occur before the HTTP request is accessed. As a result, the request information containing the virtual host name cannot be determined prior to authentication, and it is therefore not possible to assign multiple certificates to a single IP address. If all virtual hosts a single IP address need to authenticate against the same certificate, the addition of multiple virtual hosts should not interfere with normal SSL operations the server. Be aware, however, that most client browsers will compare the server's domain name against the domain name listed in the certificate, if any (applicable primarily to official, CA-signed certificates). If the domain names do not match, these browsers will display a warning to the client user. In general, ly address-based virtual hosts are commonly used with SSL in a production environment.
Finally, using name-based virtual hosts a secured connection can be problematic. This is a design limitation of the SSL protocol itself. The SSL handshake, where the client browser accepts the server certificate, must occur before the HTTP request is accessed. As a result, the request information containing the virtual host name cannot be determined prior to authentication, and it is therefore not possible to assign multiple certificates to a single IP address. If all virtual hosts a single IP address need to authenticate against the same certificate, the addition of multiple virtual hosts should not interfere with normal SSL operations the server. Be aware, however, that most client browsers will compare the server's domain name against the domain name listed in the certificate, if any (applicable primarily to official, CA-signed certificates). If the domain names do not match, these browsers will display a warning to the client user. In general, ly address-based virtual hosts are commonly used with SSL in a production environment.
QQ: 755721501