基于APR模式的Tomcat环境部署

1、版本信息

组件名

版本号

jdk 1.8.0_45
tomcat 8.0.23
apr 1.5.2
apr-iconv 1.2.1
apr-util 1.5.4
tomcat-native 1.1.33


Tomcat的通讯模型总共为3种,分别为BIO、NIO、APR,而本次所采用的模式为APR。

3种模式的区别:


Java Blocking Connector

Java Nio Blocking Connector

APR/native Connector

Tomcat Version 3.x onwards 7.x onwards 5.5.x onwards
Classname

BIO(AjpProtocol)

NIO(AjpNioProtocol) APR(AjpAprProtocol)
Read Request Headers Blocking Sim Blocking Blocking
Read Request Body Blocking Sim Blocking Blocking
Write Response Blocking Sim Blocking Blocking
Wait for next Request Blocking Non Blocking Non Blocking
Max Connections maxConnections maxConnections maxConnections
Polling Size N/A maxConnections maxConnections
Support Polling NO YES YES

2、基础安装

 # cd /usr/local/src
 # tar xvzf jdk-8u45-linux-x64.gz -C /opt
 # cd /opt && ln -s jdk1.8.0_45 jdk
  
 # cd /usr/local/src
 # wget http://mirrors.hust.edu.cn/apache/tomcat/tomcat-8/v8.0.23/bin/apache-tomcat-8.0.23.tar.gz
 # tar xvzf apache-tomcat-8.0.23.tar.gz -C /opt
 # cd /opt && ln -s apache-tomcat-8.0.23 tomcat


vim /etc/profile

export  TOMCAT_HOME= /opt/tomcat
export  JAVA_HOME= /opt/jdk
export  CLASSPATH=.:$JAVA_HOME /lib/dt .jar:$JAVA_HOME /lib/tools .jar
export  PATH=$PATH:$JAVA_HOME /bin :$TOMCAT_HOME /bin


 # source /etc/profile
 # mkdir -p /data/logs/{search,tomcat}
 # mkdir -p /data/search/{data,index}


vim /opt/tomcat/conf/server.xml

......
<Connector port= "8080"
         protocol= "org.apache.coyote.http11.Http11AprProtocol"
         maxHttpHeaderSize= "8192"
         onnectionTimeout= "20000"
         redirectPort= "8443"
         maxThreads= "1000"
         minSpareThreads= "50"
         maxSpareThreads= "150"
         minProcessors= "100"
         maxProcessors= "1000"
         acceptCount= "1000"
         disableUpload20meout= "true"
         enableLookups= "false"
         URIEncoding= "UTF-8"  />
......


vim /opt/tomcat/bin/setenv.sh这里以64G内存、24核CPU为例,且以单实例运行)

JAVA_OPTS="-Djava.awt.headless= true  -Dfile.encoding=UTF-8
     -server -Xms48g -Xmx48g -Xss1m
     -XX:NewSize=8g -XX:MaxNewSize=16g
     -XX:NewRatio=4 -XX:SurvivorRatio=4
     -XX:+AggressiveOpts -XX:+UseBiasedLocking
     -XX:+UseConcMarkSweepGC -XX:ParallelCMSThreads=24
     -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -Xloggc: /data/logs/tomcat/gc .log
     -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath= /data/logs/tomcat/heapdump .bin
     -XX:+CMSParallelRemarkEnabled -XX:+ScavengeBeforeFullGC
     -XX:CMSInitiatingOccupancyFraction=75"
  
CATALINA_OUT= /data/logs/tomcat/catalina .out
  
CATALINA_OPTS="-Dcom.sun.management.jmxremote
     -Dcom.sun.management.jmxremote.authenticate= false
     -Dcom.sun.management.jmxremote.ssl= false
     -Dcom.sun.management.jmxremote.port=10826"


 # chmod +x /opt/tomcat/bin/setenv.sh


# vim /opt/tomcat/conf/logging.properties

......

1catalina.org.apache.juli.AsyncFileHandler.level = FINE

1catalina.org.apache.juli.AsyncFileHandler.directory =  /data/logs/tomcat
1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina.
  
2localhost.org.apache.juli.AsyncFileHandler.level = FINE
2localhost.org.apache.juli.AsyncFileHandler.directory =  /data/logs/tomcat
2localhost.org.apache.juli.AsyncFileHandler.prefix = localhost.
  
3manager.org.apache.juli.AsyncFileHandler.level = FINE
3manager.org.apache.juli.AsyncFileHandler.directory =  /data/logs/tomcat
3manager.org.apache.juli.AsyncFileHandler.prefix = manager.
  
4host-manager.org.apache.juli.AsyncFileHandler.level = FINE
4host-manager.org.apache.juli.AsyncFileHandler.directory =  /data/logs/tomcat

4host-manager.org.apache.juli.AsyncFileHandler.prefix = host-manager.

......


也可以直接如下执行:

 # sed -i 's#${catalina.base}/logs#/data/logs/tomcat#g' /opt/tomcat/conf/logging.properties


 # cd /usr/local/src
 # wget http://mirrors.hust.edu.cn/apache/apr/apr-1.5.2.tar.gz
 # tar xvzf apr-1.5.2.tar.gz
 # cd apr-1.5.2
 # ./configure --prefix=/opt/apr
 # make && make install
  
 # cd /usr/local/src
 # wget http://mirrors.hust.edu.cn/apache/apr/apr-iconv-1.2.1.tar.gz
 # tar xvzf apr-iconv-1.2.1.tar.gz
 # cd apr-iconv-1.2.1
 # ./configure --prefix=/opt/apr-iconv --with-apr=/opt/apr
 # make && make install
  
 # cd /usr/local/src
 # wget http://mirrors.hust.edu.cn/apache/apr/apr-util-1.5.4.tar.gz
 # tar xvzf apr-util-1.5.4.tar.gz
 # cd apr-util-1.5.4
 # ./configure --prefix=/opt/apr-util --with-apr=/opt/apr --with-apr-iconv=/opt/apr-iconv/bin/apriconv
 # make && make install
  
 # cd /usr/local/src
 # wget http://mirrors.cnnic.cn/apache/tomcat/tomcat-connectors/native/1.1.33/source/tomcat-native-1.1.33-src.tar.gz
 # tar xvzf tomcat-native-1.1.33-src.tar.gz
 # cd tomcat-native-1.1.33-src/jni/native
 # ./configure --prefix=/usr --with-apr=/opt/apr --with-java-home=/opt/jdk
 # make && make install


安装结果如下:

wKioL1Y7CSSAlZp5AAFsPP1DySA327.jpg

3、安全设置

1)隐藏Tomcat版本信息

 # cd /opt/tomcat/lib
 # mkdir -p org/apache/catalina/util
 # vim org/apache/catalina/util/ServerInfo.properties
 server.info=Eleme Tomcat


2)删除Tomcat管理页面

 # rm -rf /opt/tomcat/webapps/*


3)以普通用户运行Tomcat

方式一:(使用jsvc以普通用户权限去启动Tomcat,这是官方最推荐的方法,原理是root用户fork非root进程

 # useradd tomcat -s /usr/sbin/nologin   【Ubuntu系统环境】
 # useradd tomcat -s /sbin/nologin       【CentOS系统环境】
  
 # chown -R tomcat:tomcat /opt/tomcat/
 # chown -R tomcat:tomcat /data/logs/{search,tomcat}
  
 # cd /opt/tomcat/bin
 # tar xvzf commons-daemon-native.tar.gz
 # cd commons-daemon-1.0.15-native-src/unix
 # ./configure --with-java=/opt/jdk
 # make
 # cp jsvc ../../
 # cd ../../
 # ./daemon.sh start


wKiom1Y7CZ3jl-ueAA-QSZmddrs863.jpg

注:正常情况下有两个进程,参数都是一样的,但属主不一样,1个是root用户,1个是tomcat用户。


方式二:

 # useradd tomcat -s /bin/bash
 # chown -R tomcat:tomcat /opt/tomcat/
 # chown -R tomcat:tomcat /data/logs/{search,tomcat}
 # sudo su tomcat /opt/tomcat/bin/startup.sh


wKioL1Y7CvLwczicAAduzZJTHWk381.jpg


4)其他设置

自定义错误页面,比如添加以下内容:

 <error-page>
 <error-code>500< /error-code >
 <location> /500 .jsp< /location >
 < /error-page >

注:可以根据需要自行增加相应的错误码,常见的如500,404等,location选项为指定跳转的页面,该jsp文件需要自己生成。

删除jspx文件解析,可以注释掉以下内容

 <url-pattern>*.jspx</url-pattern>

注:以上两点配置,都在web.xml进行设置。

4、初步压测结果

测试工具:siege

并发线程数:600

测试命令:/opt/siege/bin/siege -c 600 -f /opt/urls.txt

wKioL1Y7C_7THbLUAAEDkSgvnyY157.jpg


测试并调优的难点主要是在JVM上,需要对JVM有较深入的了解,根据不同的应用场景进行调优。



你可能感兴趣的:(tomcat)