Jakata tomcat5
http://mirrors.ccs.neu.edu/Apache/dist/tomcat/tomcat-5/
http://archive.apache.org/dist/jakarta/tomcat-5/
http://tomcat.apache.org/
http://labs.xiaonei.com/ 由校内网维护的Apache下载镜像
http://tomcat.apache.org/download-55.cgi
http://apache.mirror.phpchina.com/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.zip
http://apache.mirror.phpchina.com/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26-admin.zip
http://tomcat.apache.org/download-60.cgi
http://apache.mirror.phpchina.com/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.zip
http://tomcat.apache.org/download-native.cgi
http://apache.mirror.phpchina.com/tomcat/tomcat-connectors/native/1.1.14/binaries/win32/
http://apache.mirror.phpchina.com/tomcat/tomcat-connectors/native/1.1.16/binaries/win32/
http://tomcat.apache.org/download-connectors.cgi
http://apache.mirror.phpchina.com/tomcat/tomcat-connectors/
http://apache.mirror.phpchina.com/tomcat/tomcat-connectors/jk/binaries/win32/jk-1.2.26/
Tomcat5 添加管理控制台
http://localhost:8080/admin
AdministrationTomcat's administration web application is no longer installed by default. Download and install the "admin" package to use it.
添加 Tomcat Administration Username :
D:\Program Files\Apache Software Foundation\apache-tomcat-5.5.28 \conf\tomcat-users.xml
Xml代码
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/> <user username="role1" password="tomcat" roles="role1"/>
<!--add admin console here -->
<role rolename="manager"/>
<role rolename="admin"/>
<user username="admin" password="" roles="admin,manager"/> <!--add admin console here -->
</tomcat-users>
添加 Tomcat Administration Application Configuration
D:\Program Files\Apache Software Foundation\apache-tomcat-5.5.28\conf\Catalina\localhost\admin.xml
Xml代码
<?xml version="1.0" encoding="UTF-8"?>
<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -->
<!-- Context configuration file for the Tomcat Administration Web App $Id: admin.xml 565211 2007-08-13 00:09:38Z markt $ -->
<Context docBase="${catalina.home}/server/webapps/admin" privileged="true" antiResourceLocking="false" antiJARLocking="false">
<!-- Uncomment this Valve to limit access to the Admin app to localhost for obvious security reasons. Allow may be a comma-separated list of hosts (or even regular expressions). <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1"/> -->
</Context>
添加 Tomcat Administration Application
http://labs.xiaonei.com/apache-mirror/tomcat/tomcat-5/v5.5.28/bin/apache-tomcat-5.5.28-admin.zip
D:\Program Files\Apache Software Foundation\apache-tomcat-5.5.28\server\webapps\admin
Tomcat6 配置 Tomcat Manager
http://localhost:8080/manager
401 Unauthorized
You are not authorized to view this page. If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file will contain the credentials to let you use this webapp.
You will need to add manager role to the config file listed above. For example:
<role rolename="manager"/> <user username="tomcat" password="s3cret" roles="manager"/>
For more information - please see the Manager App HOW-TO .
修改文件:D:\Program Files\apache-tomcat-6.0.20\conf\tomcat-users.xml
Xml代码
Xml代码
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users> <role rolename="manager"/>
<role rolename="admin"/>
<user username="admin" password="" roles="admin,manager"/> </tomcat-users>
Tomcat5 外引项目配置
文件:
D:\tomcat5\conf\Catalina\localhost\workorder .xml
内容:
< Context path = "/workorder " docBase = "D:\workspace\order\WebRoot" reloadable = "true"/ >
路径:http://localhost:8585/workorder
Tomcat 5 查看并发访问量
http://localhost:8585/manager/status/
http://localhost:8585/manager/status/all
http8585
Max threads: 150 Min spare threads: 0 Max spare threads: 0 Current thread count: 3 Current thread busy: 1 Keeped alive sockets count: 0
Max processing time: 265 ms Processing time: 0.451 s Request count: 4 Error count: 0 Bytes received: 0.00 MB Bytes sent: 0.06 MB
Tomcat 启动分析、启动脚本、类载入器
启动分析 :http://docs.huihoo.com/apache/tomcat/heavyz/01-startup.html
启动脚本:http://docs.huihoo.com/apache/tomcat/heavyz/02-catalina.sh .html
类载入器:http://docs.huihoo.com/apache/tomcat/heavyz/03-classloader.html
Tomcat 6 安装成Windows服务
http://guyongpeng.javaeye.com/blog/176914
安装tomcat服务
D:\Program Files\apache-tomcat-6.0.20\bin>service.bat install
Installing the service 'Tomcat6' ...
Using CATALINA_HOME: D:\Program Files\apache-tomcat-6.0.20
Using CATALINA_BASE: D:\Program Files\apache-tomcat-6.0.20
Using JAVA_HOME: D:\Program Files\jdk1.6.0_16
Using JVM: D:\Program Files\jdk1.6.0_16\jre\bin\server\jvm.dll
The service 'Tomcat6' has been installed.
D:\Program Files\apache-tomcat-6.0.20\bin>net start Tomcat6
Apache Tomcat 6 服务正在启动 ..
Apache Tomcat 6 服务已经启动成功。
或
D:\Program Files\apache-tomcat-6.0.20\bin>service.bat install lindows
Installing the service 'lindows' ...
Using CATALINA_HOME: D:\Program Files\apache-tomcat-6.0.20
Using CATALINA_BASE: D:\Program Files\apache-tomcat-6.0.20
Using JAVA_HOME: D:\Program Files\jdk1.6.0_16
Using JVM: D:\Program Files\jdk1.6.0_16\jre\bin\server\jvm.dll
The service 'lindows' has been installed.
D:\Program Files\apache-tomcat-6.0.20\bin>net start lindows
Apache Tomcat lindows 服务正在启动 .
Apache Tomcat lindows 服务已经启动成功。
卸载tomcat服务
D:\Program Files\apache-tomcat-6.0.20\bin>service.bat remove
或
D:\Program Files\apache-tomcat-6.0.20\bin>service.bat remove tomcat6
一般性的,若需要将通用的java应用添加为windows服务,可以使用wrapper工具
Tomcat Cluster 服务器集群
http://blog.chinaunix.net/u1/34716/showart_276614.html
http://server.chinabyte.com/392/2632892.shtml
http://albertsong.javaeye.com/blog/271235
apache跟tomcat做集群session不同步问题
http://www.javaeye.com/topic/21449
@robbin
1、tomcat实例要在response的时候标示自己,通过server.xml里面的jvmRoute参数
2、apache要从request里面拿出来route信息,从哪个HEAD里面拿?通过stickysession参数来指定
3、apache怎么转发?通过route参数来指定。
最后想提醒一点:apache2.2的load balance的session sticky性能并不好,因为他这是在七层协议级别进行请求的分发。我测试的结果表明,并不很稳定。对于tomcat群集来说,最好就是SNA(Share Nothing Architecture),
应用程序压根就不用session,这样才能无限扩展。
@codeutil
mod_jk这个早就该淘汰了, 用modajp
结合Apache和Tomcat实现集群和负载均衡
http://hqjiang.javaeye.com/blog/261107
本文基本参考自 轻松实现Apache,Tomcat集群和负载均衡 ,经由实操经历记录而成,碰到些出入,以及个别地方依据个人的习惯,所以在一定程度上未能保持原文的完整性,还望原著者海涵。
因原文中有较多的贴图,如若各位读者一时不想亲自动手而直想看到配置效果,可查看原文。
一:软件环境
1. Apache: apache 2.0.55 (由http://httpd.apache.org/ 进入下载)(点击下载apache 2.0.55 )
2. Tomcat: Tomcat 5.5.25 (由http://tomcat.apache.org/ 进入下载)(点击下载Tomcat 5.5.25 zip版 )
3. mod_jk: 在页面 http://tomcat.apache.org/ Download 标题下找到 Tomcat Connectors 链接进入( 点击下载mod_jk-apache-2.0.55.so ),看起来像是个Unix/Linux下的动态库,实际应是个Win32 的 DLL 动态库,大概是为保持不同平台配置的一致性,才用了这个扩展名。
二:负载均衡
三:配置集群
nginx+tomcat集群负载均衡(实现session复制)
http://blog.chinaunix.net/u2/83793/showart_1354266.html
参考链接:
Linux操作系统下配置Tomcat多个实例解析
http://linux.chinaitlab.com/administer/747294.html
运行多个tomcat实例两法
http://blog.csdn.net/hansoft/archive/2006/04/01/647060.aspx
apache下多个tomcat实例的实现
http://blog.chinaunix.net/u/2914/showart_1162420.html
Apache+tomcat虚拟主机多实例的配置
http://hi.baidu.com/xerik/blog/item/ab69b1513a44ea8e8d54304b.html
tomcat5.0 修改
文件D:\tomcat5.0\conf\server.xml
1.<!-- Example Server Configuration File -->
<!-- Note that component elements are nested corresponding to their
parent-child relationships with each other -->
<!-- A "Server" is a singleton element that represents the entire JVM,
which may contain one or more "Service" instances. The Server
listens for a shutdown command on the indicated port.
Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" or "Loggers" at this level.
-->
<Server port="8004 " shutdown="SHUTDOWN">
2.<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector port="8484 " maxHttpHeaderSize="8192"
maxThreads="1000" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="GBK"/>
3.<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8008 " enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
tomcat5.5修改
文件D:\tomcat5.5\conf\server.xml
1.<Server port="8005 " shutdown="SHUTDOWN">
2.<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector port="8585" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
3.<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009 " enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
tomcat6.0修改
文件D:\tomcat6.0\conf\server.xml
1.<Server port="8006" shutdown="SHUTDOWN">
2. <!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8686 " protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
3.<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8010" protocol="AJP/1.3" redirectPort="8443" />
Tomcat 6 数据源与连接池配置
JNDI数据源的使用
http://weixuezheng1986-163-com.javaeye.com/blog/561305
http://www.blogjava.net/ec2008/archive/2008/07/19/216063.html
project:test
Driver path:
D:\workspace\test\WebRoot\WEB-INF\lib\ojdbc14.10g.jar
Datasource config
D:\tomcat6.0\conf\server.xml
<GlobalNamingResources>
<!-- 其中将数据源参数配置在tomcat全局连接池中-->
<Resource
name="jdbc/oracle "
type="javax.sql.DataSource"
maxActive="4"
maxIdle="2"
username="scott"
maxWait="5000"
driverClassName="oracle.jdbc.driver.OracleDriver"
validationQuery="select 1 from dual"
password="tiger"
url="jdbc:oracle:thin:@localhost:1521:orcl"/>
</GlobalNamingResources>
JNDI config
D:\workspace\test\WebRoot\WEB-INF\web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee "
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance " xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd ">
<!-- 其中加入应用JNDI配置 -->
<resource-ref>
<description>DB Connection </description>
<!-- JNDI 命名-->
<res-ref-name>jdbc/oracle </res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Application </res-auth>
</resource-ref>
或
<resource-ref>
<description>DB Connection </description>
<res-ref-name>jdbc/oracle </res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container </res-auth>
</resource-ref>
</web-app>
Tomcat 6 数据源与连接池配置 方法二
project:test
Driver path:
D:\workspace\test\WebRoot\WEB-INF\lib\ojdbc14.10g.jar
Datasource config
D:\tomcat6.0\conf\Catalina\localhost\test.xml
或
D:\tomcat6.0\conf \context.xml
<?xml version="1.0" encoding="UTF-8"?>
<Context path="/test " docBase="D:\workspace\test\WebRoot " reloadable="true">
<!-- 其中将数据源参数配置在tomcat局部连接池中-->
<Resource name="jdbc/oracle"
type="javax.sql.DataSource"
username="scott"
password="tiger"
driverClassName="oracle.jdbc.OracleDriver"
validationQuery="select 1 from dual"
maxIdle="2"
maxWait="5000"
url="jdbc:oracle:thin:@localhost:1521:orcl"
maxActive="4"/>
</Context>
page test ok
D:\workspace\test\WebRoot\index.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme() + "://"
+ request.getServerName() + ":" + request.getServerPort()
+ path + "/";
%>
<%@ page import="java.sql.*"%>
<%@ page import="javax.naming.*"%>
<%@ page import="javax.sql.*"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>tomcat datasource test</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<%
Context initContext = new InitialContext();
//java:/comp/env 或 java:/comp/env/ 固定写法
Context envContext = (Context) initContext
.lookup("java:/comp/env/");
DataSource ds = (DataSource) envContext.lookup("jdbc/oracle");
//方法二
//DataSource ds = (DataSource) initContext.lookup("java:/comp/env/jdbc/oracle");
Connection conn = ds.getConnection();
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery("select * from dept");
out.println("结果集是否为空:" + (rs == null) + "<p>");
while (rs.next()) {
String deptno = rs.getString(1);
String dname = rs.getString(2);
String loc = rs.getString(3);
out.println("\t部门编号:" + deptno + "\t部门名称:" + dname + " 地点:"
+ "\t" + loc + "<p>");
}
out.println("finally");
try {
if (rs != null) {
rs.close();
}
if (stmt != null) {
stmt.close();
}
if (conn != null) {
conn.close();
}
} catch (SQLException e2) {
e2.printStackTrace();
}
%>
</body>
</html>
tomcat 虚拟主机配置
http://absolute007.javaeye.com/blog/175902
第一步、
在tomcat/conf/server.xml中添加
<Host name="jsp " debug="0" appBase="E:\My Documents\myeclipse_workspace">
<Context path="" docBase="." debug="0"/>
</Host>
第二步、
对于windows XP:
\WINDOWS\system32\drivers\etc\
中找到hosts这个文件,此文件没有扩展名,可以手工创建。后面添加
127.0.0.1 localhost
127.0.0.1 jsp
第三步:
浏览器中输入
http://jsp:8008/jspsqltest/WebRoot/test.jsp
一切完成
tomcat5 优化配置
http://liliugen.javaeye.com/blog/265422
http://liliugen.javaeye.com/blog/265506
http://japi.javaeye.com/blog/261586
java.lang.OutOfMemoryError: PermGen space
tomcat 最大连接数配置
http://maqianli.javaeye.com/blog/298619
在server.xml中有配置的。
<Connector port="8080"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
acceptCount="100"
/>
maxThreads="150" 表示最多同时处理150个连接
minSpareThreads="25" 表示即使没有人使用也开这么多空线程等待
maxSpareThreads="75" 表示如果最多可以空75个线程,例如某时刻有80人访问,之后没有人访问了,则tomcat不会保留80个空线程,而是关闭5个空的。
acceptCount="100" 当同时连接的人数达到maxThreads时,还可以接收排队的连接,超过这个连接的则直接返回拒绝连
接。
Tomcat集群的三种负载均衡方式优缺点对照。
http://wangdei.javaeye.com/blog/205947
1.使用DNS轮询.
2.使用Apache R-proxy方式。
3.使用Apache mod_jk方式.
DNS轮询的缺点是,当集群中某台服务器停止之后,用户由于dns缓存的缘故,便无法访问服务,
必须等到dns解析更新,或者这台服务器重新启动。
还有就是必须把集群中的所有服务端口暴露给外界,没有用apache做前置代理的方式安全,
并且占用大量公网IP地址,而且tomcat还要负责处理静态网页资源,影响效率。
优点是集群配置最简单,dns设置也非常简单。
R-proxy的缺点是,当其中一台tomcat停止运行的时候,apache仍然会转发请求过去,导致502网关错误。
但是只要服务器再启动就不存在这个问题。
mod_jk方式的优点是,Apache 会自动检测到停止掉的tomcat,然后不再发请求过去。
缺点就是,当停止掉的tomcat服务器再次启动的时候,Apache检测不到,仍然不会转发请求过去。
R-proxy和mod_jk的共同优点是.可以只将Apache置于公网,节省公网IP地址资源。
可以通过设置来实现Apache专门负责处理静态网页,让Tomcat专门负责处理jsp和servlet等动态请求。
共同缺点是:如果前置Apache代理服务器停止运行,所有集群服务将无法对外提供。
R-proxy和mod_jk对静态页面请求的处理,都可以通设置来选取一个尽可能优化的效果。
这三种方式对实现最佳负载均衡都有一定不足,mod_jk相对好些,可以通过设置lbfactor参数来分配请求任务。
所有这些在实际使用中都应该根据具体情况来选择。
本地查看远程端口8080是否开放
C:\Documents and Settings\Lindows>telnet 192.168.118.168 8000
tomcat 8080 端口冲突解决 方法一
http://inshect.javaeye.com/blog/343057
dos 输入 ,并查看冲突端口号对应的PID(系统进程号)
C:\Documents and Settings\Lindows>netstat -help
C:\Documents and Settings\Lindows>netstat -b
C:\Documents and Settings\Lindows>netstat -ano > c:\netstat.txt
看看占用0.0.0:80端口的PID是多少
在“任务管理器”中查找对应PID的程序。
如果任务管理器的进程页中看不到PID栏,
则在任务管理器的菜单〖查看〗〖选择列〗中选择一下。删掉PID对应的程序即可。
tomcat 8080 端口冲突解决 方法二
windows 命令行下 简单好用的查看端口占用情况的方法
http://freeman983.javaeye.com/blog/349971
在windows命令行窗口下执行:
C:\>netstat -ano | findstr "8080"
或
C:\>netstat -ano | findstr 8080
TCP 127.0.0.1:4444 0.0.0.0:0 LISTENING 2434
由上面得知,端口被进程号为2434的进程占用,继续执行下面命令:
C:\>tasklist | findstr "2434"
或
C:\>tasklist | findstr 2434
javaw.exe 2434 Console 0 16,064 K
c:\>taskkill /f /im javaw.exe
Apache HTTP Server 与 Tomcat 的三种连接方式介绍
刘 冬 (mailto:
[email protected]?subject=Apache HTTP Server ä¸ Tomcat çä¸ç§è¿æ¥æ¹å¼ä»ç» ), 开发工程师, 2007 年 1 月 15 日
http://www.ibm.com/developerworks/cn/opensource/os-lo-apache-tomcat/index.html
Tomcat SSL OpenSSL 443
终于搞定了Windows下Tomcat Web服务器的SSL配置
http://albertsong.javaeye.com/blog/198344
http://www.myssl.cn/guide/install_openssl.asp
Tomcat6配置使用SSL双向认证
http://www.openssl.cn/
http://www.openssl.org/
http://baike.baidu.com/view/300712.htm
http://tech.techweb.com.cn/thread-226423-1-2.html
使用OpenSSL API进行安全编程
http://www.ibm.com/developerworks/cn/linux/l-openssl.html
openssl生成pem建立CA
http://ideage.javaeye.com/blog/356915
文章一:http://blog.chinaunix.net/u/11234/showart_290705.html
文章二:http://blog.chinaunix.net/u/11234/showart_291316.html
openssl简明使用手册
http://firefly.javaeye.com/blog/177544
简要介绍了使用openssl来生成CA证书、申请证书、颁发证书以及撤销证书的过程
1. 首先建立CA密钥:
openssl genrsa -des3 -out ca.key 1024 (创建密钥)
chmod 400 ca.key (修改权限为仅root能访问)
openssl rsa -noout -text -in ca.key (查看创建的证书)
2. 利用CA密钥自签署CA证书:
openssl req -config openssl.cnf -new -x509 -days 3650 -key ca.key -out ca.crt
chmod 400 ca.crt (修改权限为仅root能访问)
openssl x509 -noout -text -in ca.crt (查看创建的证书)
3. 创建服务器证书签署申请:
openssl genrsa -des3 -out client.key 1024
chmod 400 client.key (修改权限为仅root能访问)
openssl rsa -noout -text -in client.key (查看创建的证书)
4. 利用证书签署申请生成请求:
openssl req -config openssl_client.cnf -new -key client.key -out client.csr
openssl req -noout -text -in client.csr (查看创建的请求)
5.进行证书签署:
这时候需要先设置一下openssl的配置文件。
modify openssl.cnf并根据这个配置文件创建相应的目录和文件。
在创建了serial文件之后,还需要添加当前的八进制的serial number,如:01
然后执行:
openssl ca -config openssl_client.cnf -keyfile ca.key -cert ca.crt -in client.csr -out client.pem -days 1095
这个certificate是BASE64形式的,要转成PKCS12才能装到IE,/NETSCAPE上.所以还要:
openssl pkcs12 -export -in client.pem -inkey client.key -out clinet.pfx
6.证书撤销:
openssl ca -keyfile ca.key -cert ca.crt -revoke client.pem
这时数据库被更新证书被标记上撤销的标志,需要生成新的证书撤销列表:
openssl ca -gencrl -keyfile ca.key -cert ca.crt -out crl/test.crl
查看证书撤销列表:
openssl crl -noout -text -in crl/test.crl
证书撤销列表文件要在WEB站点上可以使用,必须将crldays或crlhours和crlexts加到证书中:
openssl ca -gencrl -config /etc/openssl.cnf -crldays 7 -crlexts crl_ext -out crl/sopac-ca.crl
当虚拟目录不是在80端口且打开ssl时出错 ssl_error_rx_record_too_long
【错误】如果网站URL是:http://ip:port/ 时,如果再在网站上启用ssl,在浏览器上访问:https://ip:port/ 将会收到如下错误:SSL 接收到一个超出最大准许长度的记录。错误码: ssl_error_rx_record_too_long
【原因】:
ssl协议默认是在web server的443端口监听,所以,访问ssl会产生如下形式的访问:http://ip:443/ 这样将与http://ip:port/ 里的port冲突。
【所以】:对https访问,web server会自己定位到导用的了ssl的网站(启用了ssql ,此网上就自动在443上监听)上。
【解决 】 :对https://ip:port/ 的访问可以省略port,如:对https://ip/
http://msn.ynet.com/view.jsp?oid=48723368+
javax.servlet.ServletException: Node with number 0 does not exist.
http://msn.sports.ynet.com/2008/view.jsp?oid=42362690
javax.servlet.ServletException: Node with number 42362690 does not exist.
【问题】
2009-3-12 15:06:31 org.apache.catalina.core.AprLifecycleListener lifecycleEvent
严重: An incompatible version 1.1.1 of the Apache Tomcat Native library is installed, while Tomcat requires version 1.1.3
2009-3-12 15:06:31 org.apache.catalina.core.AprLifecycleListener lifecycleEvent
信息: An older version 1.1.1 of the Apache Tomcat Native library is installed, while Tomcat recommends version greater than 1.1.4
2009-3-12 15:06:31 org.apache.coyote.http11.Http11AprProtocol init
【解决 】
http://tomcat.heanet.ie/native/1.1.8/binaries/win32/
http://topic.csdn.net/u/20080605/14/68376d57-bb1b-4b45-a489-13aa722f2e67.html
下载 http://tomcat.heanet.ie/native/1.1.8/binaries/win32/tcnative-1.dll 目前版本1.1.8
1、把文件放入C:\WINDOWS\system32里。或D:\tomcat5.5\bin下,我就是这样解决的。
2、把它放在环境变量path中所指向的jdk的bin的目录下,例如,放在C: Javajdk1.5.0_09bin目录下
Apache Tomcat Log
tomcat catalina.out日志切割每天生成一个文件
http://www.sbear.cn/archives/367
tomcat的catalina.out一直增长,太大了会造成tomcat异常,
需要对其日志进行切割每天生成一个文件,并且删除7天前的文件。
#!/bin/bash
cd `dirname $0`
d=`date +%Y%m%d`
d7=`date -d'7 day ago' +%Y%m%d`
cd ../logs/
cp catalina.out catalina.out.${d}
echo "" > catalina.out
rm -rf catalina.out.${d7}
放到tomcat的bin目录中,然后crontab每天执行
Tomcat APR (Apache Portable Runtime)
ref
http://redalx.javaeye.com/blog/162246
http://blog.csdn.net/tingya/archive/2006/04/15/664304.aspx
apr说白了就是如何在Tomcat中使用JNI的方式来读取文件以及进行网络传输, 提高tomcat 的IO效率。
apr可以大大提升Tomcat对静态文件的处理性能,同时如果你使用了HTTPS方式传输的话,也可以提升SSL的处理性能。
doc
http://apr .apache.org/
http://tomcat.apache.org/tomcat-5.5-doc/apr.html
http://tomcat .apache.org/tomcat -6.0-doc/apr .html
down
http://tomcat.heanet.ie/native/
http://tomcat.heanet.ie/native/1.1.9/binaries/win32/tcnative-1.dll
setup for Windows
直接下载编译好的二进制版本的dll库文件
http://tomcat.heanet.ie/native/1.1.9/binaries/win32/tcnative-1.dll来使Tomcat启用APR
setup for linux
在Linux下,可以直接解压和安装bin目录下的tomcat_native.tar.gz文件,编译之前要确保apr库已经安装,安装的方式:
# ./configure --with-apr=/usr/local/apr
# make
# make install
安装成功后还需要对tomcat设置环境变量,方法是在catalina.sh文件中增加一行:
CATALINA_OPTS="-Djava.library.path=/usr/local/apr/lib"
怎么才能判断Tomcat是否已经启用了APR库呢?方法是通过看Tomcat的启动日志
如果没有启用APR,则启动日志一般有这么一条:
org.apache.coyote.http11.Http11Protocol start
如果启用了APR,则这条日志就会变成:
使用了apr 之后,如果使用了https,https的配置也需要作改变。需要用到openssl来进行证书文件的生成。
<!-- ssl for apr -->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false"
SSLEngine="on"
SSLCertificateFile="..\conf\ca\server.crt"
SSLCertificateKeyFile="..\conf\ca\server.key" />
linux下编译
cd apache-tomcat -5.5.14/bin/tomcat -native-1.1.1/jni/native/
./configure --with-apr =/usr/bin/apr -1-config --with-java-home=/usr/java/jdk1.5.0_06/
make
make install
bin/catalina.sh
加上
CATALINA_OPTS="-Djava.library.path=/usr/local/apr /lib"
Apache Tomcat 商用列表
Apache Tomcat/5.5.23 Apache/2.0.61 (Unix) DAV/2 PHP/5.2.4 Server at msn.ent.ynet.com Port 80 http://msn.ent.ynet.com/photo.jsp?eid=57080047&bid=20331162&ofs=5&max=2
http://taobao.ent.ynet.com/photo.jsp?eid=49540108 502 Proxy Error Apache/2.0.61 (Unix) DAV/2 Server at taobao.ent.ynet.com Port 80
南京公安局 exception
http://202.102.89.2/njga/addin/register/mainregister.jsp
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: Request[/persionRegister] does not contain handler parameter named 'method'. This may be caused by whitespace in the label text.
org.apache.struts.actions.DispatchAction.unspecified(DispatchAction.java:215)
org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:249)
org.apache.struts.actions.DispatchAction.execute(DispatchAction.java:187)
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
com.opensymphony.webwork.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:177)
com.opensymphony.webwork.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:78)
cn.myapps.base.web.filter.PersistenceFilter.doFilter(PersistenceFilter.java:29)
cn.myapps.base.web.filter.SecurityFilter.doFilter(SecurityFilter.java:109)
note The full stack trace of the root cause is available in the Apache Tomcat/6.0.14 logs.
Apache Tomcat/6.0.14
http://photograph.baihe.com/photograph/uploadFile.do;jsessionid=E6483BF8E57118CF4E21CF7F8C6DD18C
Apache Tomcat/5.5
javax.servlet.ServletException: Processing of multipart/form-data request failed. Read timed out
org.apache.commons.fileupload.FileUploadException: Processing of multipart/form-data request failed. Read timed out
tomcat 添加gzip压缩
http://bsb654321.javaeye.com/blog/649053
在文件tomcat/conf/server.xml
中添加红色部分的配置即可打开使用压缩传输功能:
<Connector port="8080" address="${jboss.bind.address}"
maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
emptySessionPath="true"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8"
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="application/java-archive,application/octet-stream,text/vnd.sun.j2me.app-descriptor,application/octet-stream, application/x-msdownload, image/png, image/gif, text/plain " />
compression 开关
noCompressionUserAgents 那种浏览器不使用压缩功能
compressionMinSize 启用压缩的输出内容大小,这里面默认为2KB
compressableMimeType 那些文件需要压缩 mimetype
在tomcat/webapps/ 工程/WEB-INF/web.xml 中增加下面的配置
Xml代码
<mime-mapping>
<extension>conf</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>CONF</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ini</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>INI</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>png</extension>
<mime-type>image/png</mime-type>
</mime-mapping>
<mime-mapping>
<extension>PNG</extension>
<mime-type>image/png</mime-type>
</mime-mapping>
<mime-mapping>
<extension>gif</extension>
<mime-type>image/gif</mime-type>
</mime-mapping>
<mime-mapping>
<extension>GIF</extension>
<mime-type>image/gif</mime-type>
</mime-mapping>
<mime-mapping>
<extension>json</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>JSON</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xml</extension>
<mime-type>text/xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>XML</extension>
<mime-type>text/xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>dll</extension>
<mime-type>application/x-msdownload</mime-type>
</mime-mapping>
<mime-mapping>
<extension>DLL</extension>
<mime-type>application/x-msdownload</mime-type>
</mime-mapping>
tomcat monitor JavaMelody / probe
http://jackyrong.javaeye.com/blog/692004
之前介绍过一个监视应用的好工具JavaMelody,功能十分齐全,这次介绍个
稍微小点的,专门为TOMCAT 而设计的。下面讲解其用法:
1 下载:
http://www.lambdaprobe.org/downloads/1.7/probe.1.7b.zip
2 解压缩后,把probe.war放到TOMCAT的webapps下,设置server.xml
的context
3 设置用户如下,在tomcat_user.xml中
vi /usr/local/tomcat/conf//tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager"/>
<role rolename="standard"/>
<role rolename="tomcat"/>
<role rolename="admin"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="probe" password="probe" roles="admin,manager"/>
<user username="role1" password="tomcat" roles="role1"/>
</tomcat-users>
4 设置环境变量,获取服务器状态
# vi /etc/profile
JAVA_OPTS=-Dcom.sun.management.jmxremote
export JAVA_OPTS
5 重启动服务器
6 输入http://localhost/probe/,输入用户名和密码
7 即可进入,这里比较精彩的是对内存的监视,动态显示了JVM的内存图表
http://jackyrong.javaeye.com/blog/731308
今天在JAVAEYE首页看到这个工具的推荐,看了下,不错:
JavaMelody能够在QA和实际运行生产环境监测Java或Java EE应用程序服务器。并以图表的形式显示:Java内存和Java CPU使用情况,用户Session数量,JDBC连接数,和http请求、sql请求、jsp页面与业务接口方法(EJB3、Spring、 Guice)的执行数量,平均执行时间,错误百分比等。图表可以按天,周,月,年或自定义时间段查看。
使用配置如下:
1、到http://code.google.com/p/javamelody/downloads/list下载zip的压缩包
2、解压缩并将javamelody.war复制到Tomcat发布目录下
3、在被监控项目web.xml中加入如下代码
<filter>
<filter-name>monitoring</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>monitoring</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>net.bull.javamelody.SessionListener</listener-class>
</listener>
于是就可以使用了,更详细的可以参考这里:
http://liuyes.javaeye.com/blog/691752
linux上tomcat6配置SSL双向认证实现https安全访问
http://ml365.javaeye.com/blog/850001
1 使用工具:
apache-tomcat-6.0.29
jdk1.6.23
2 过程描述:
2.1 在我方的服务器上,通过jdk工具keytool生成密钥对以及个人证书(其实就是认证申请文件.csr)。结果在我方生成两个文件,分别是:tian.cer(导出的个人证书),tian.csr(输出的认证签名申请文件)。
2.2 将生成的tian.csr发送给个CA方,他们会根据这个生成以下文件返回给我方:
Tian.crt(认证后的我方服务器端的数字证书),Ct2.crt(电信根证书),test.p12(带私钥的个人证书)。以下是解释:
根证书(ct2.crt)用于信任网站;个人证书(test.p12)用于向网站表明自己的身份。双向。tomcat安装ct2.crt、tian.crt,这个是向客户端证明tomcat的身份;
客户端安装ct2.crt、test.p12,这个是向tomcat服务器证明自己的身份。tian.crt是我方服务器的认证证书;ct2.crt是根证书;test.p12是客户端个人证书。tian.crt是ct2.crt根证书认证的;test.p12也是ct2.crt根证书做认证的。
2.3 把CA方发过来的ct2.crt和tian.crt加入到我方tomcat,让服务器信任证书。
2.4 配置tomcat的server.xml配置文件,配置好https。
2.5 每个访问的sp(浏览器)先把ct2.crt放在浏览器的可信任根目录里,然后安装导入个人证书(test.p12)之后。访问我方地址https://IP:8443即可。
3 操作过程:
3.1 生成密钥对以及个人证书
命令:$ keytool -genkey -alias tian -keyalg RSA
3.2导出个人证书
命令:keytool -export -alias tian -file tian.cer
信息:输入keystore密码:
保存在文件中的认证 <tian.cer>
3.3 输出认证签名申请文件(.csr)
命令:keytool -certreq -file tian.csr -alias tian
信息:输入keystore密码:
3. 4 先导入根证书
命令:keytool -import -v -trustcacerts -file ct2.crt -alias ct2_root
信任这个认证? [否]: Y
认证已添加至keystore中
[正在存储 /home/tomcat/.keystore]
3. 5 导入CA认证过的证书(tian.crt)
命令:keytool -import -v -file tian.crt -alias tian
信息:
输入keystore密码:
认证回复已安装在 keystore中
[正在存储 /home/tomcat/.keystore]
3.6配置tomcat:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/home/tomcat/.keystore"
keystorePass="password"
truststoreFile="/home/tomcat/.keystore"
truststorePass="password"
clientAuth="true" sslProtocol="TLS" />
3.7 客服端安装个人证书和根证书
3.8 访问https://IP:8443出现提示你提交个人证书提示框。成功双向认证!
end