Linux Tomcat Https配置步骤.docx

CENTOS(LINUX) TOMCAT安装与配置步骤1. 软件准备1.1Linux(centos)安装包1.2JDK安装包1.3Tomcat安装包1.4APR安装包 /download.cgi下载： apr-x.x.x.tar.gz apr-util-x.x.x.tar.gz tomcat-native.tar.gz 可以在tomcat/bin目录下找到。2. Linux(centos)安装2.1步骤略2.2装中文包su rootyum install Chinese Support中文包位于ISO文件中server 文件夹下fonts-chinese-3.02-9.6.el5.noarch.rpmfonts-ISO8859-2-75dpi-1.0-17.1.noarch.rpm 执行命令# rpm -ivh fonts-chinese-3.02-9.6.el5.noarch.rpm # rpm -ivh fonts-ISO8859-2-75dpi-1.0-17.1.noarch.rpm #vi /etc/sysconfig/i18nLANG=en-US.UTF-8将en-US修改为zh-CNSYSFONT=latarcyrheb-sun16按Esc键，输入“：wq”存盘退出如果安装完后还不支持中文，则进下如下步骤： # cd /usr/share/fonts/ # fc-cache -fv 3. JDK安装3.1卸载OpenJDK默认安装用root用户登陆到系统，打开终端输入：# rpm -qa|grep gcj查看是否有显示信息，如：# java-1.4.2-gcj-compat-xxxxxx如果有则卸载：rpm -e -nodeps java-1.4.2-gcj-compat-xxxxxx卸载rpm版的jdk：#rpm -qa|grep jdk 显示：jdk-1.6.0_10-fcs卸载：#rpm -e -nodeps jdk-1.6.0_10-fcs3.2安装预期的JDK# cd # 拷贝或移动jdk-xxxx-linux-i586-rpm.bin到此# chmod +x jdk-xxxx-linux-i586-rpm.bin# ./jdk-xxxx-linux-i586-rpm.bin如果出错提示：运行rpm -ivh glib* -force nodeps3.3检验安装并确认JDK的根目录# java versionjava version 版本号 Java(TM) 2 Runtime Environment, Standard Edition (build版本号_xx-xxx) Java HotSpot(TM) 64-Bit Server VM (build版本号_xx-xxx, mixed mode)3.4设置JDK环境变量Rahat:# cd /root# pwd/root# vi .bashrc输入“i”进入编辑模式进行你想要的修改，末尾追加：export JAVA_HOME=/usr/java/latestexport JRE_HOME=$JAVA_HOME/jreexport CLASSPATH=.:$JAVA_HOME/lib:$JAVA_HOME/jre/libexport PATH=$JAVA_HOME/bin:$HOME/bin:$PATH输入完毕后按Esc键，然后输入“:wq”存盘退出；“：q”放弃并退出Centos:# cd /etc/profile.d# touch jdk.sh# vi jdk.sh输入“i”进入编辑模式进行你想要的修改，末尾追加：export JAVA_HOME=/usr/java/jdk1.6.0_45export JRE_HOME=$JAVA_HOME/jreexport PATH=$JAVA_HOME/bin:$PATHexport CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar3.5使环境变量生效：# source profile4. 安装Tomcat4.1步骤略4.2更改地址栏tomcat图标首先制作一个名为favicon.ico的图标文件，然后进入tomcat的webapps下的ROOT目录，把其中的favicon.ico替换成自己的。注意：favicon.ico应该为1616像素或3232像素5. 提升Tomcat性能5.1安装 aprtar zxvf apr-X.X.X.tar.gzcd apr-X.X.X./configure提示：configure: error: no acceptable C compiler found in $PATH#yum y install gccmakemake install完毕，默认安装路径在/usr/local/apr下5.2安装apr-utiltar zxvf apr-util-X.X.X.tar.gzcd apr-util-X.X.X./configure -with-apr=/usr/local/aprmakemake install5.3安装tomcat-nativecd /usr/local/$TOMCAT_HOME/bin tar zxvf tomcat-native.tar.gzcd tomcat-native-1.1.20-src/jni/native./configure -with-apr=/usr/local/apr -with-java-home=$JAVA_HOMEmakemake install5.4设置 apr 的环境变量：Linux:# vi /etc/profile或者/root/.bashrcCentos:# cd /etc/profile.d# touch apr.sh# vi apr.sh/ 后面添加以下内容 export LD_LIBRARY_PATH=/usr/local/apr/lib /退出vi，运行下面命令生效 source /etc/profile5.5 启用线程池、解决B/S传输中文乱码问题5.6避免内存溢出# vi /bin/catalina.sh在“cygwin=false”前加入：JAVA_OPTS=-server -Xms1024m -Xmx4096m -XX:PermSize=256M -XX:MaxNewSize=1024m -XX:MaxPermSize=512m -Djava.awt.headless=true5.7重启tomcat，查看日志里有如下信息：信息: Loaded APR based Apache Tomcat Native library 此时启动Tomcat如果以下错误：INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib请加入下面的环境变量：export LD_LIBRARY_PATH=/usr/local/apr/libsource /etc/profileSEVERE: Failed to initialize the SSLEngine. org.apache.tomcat.jni.Error: 70023: This function has not been implemented on this platform请关闭SSL侦听，除非你有使用SSL，修改/conf/ server.xml6. 配置Https6.1使用jdk提供的keytool工具制作证书：# pwd /root # keytool -genkey -alias tomcat -keyalg RSA What is your first and last name? Unknown: What is the name of your organizational unit? Unknown: What is the name of your organization? Unknown: What is the name of your City or Locality? Unknown: What is the name of your State or Province? Unknown: What is the two-letter country code for this unit? Unknown: Is CN=xx, OU=xx, O=xx, L=xx，ST=xx C=xx correct? no: yEnter key password for (RETURN if same as keystore password): 完成后，会在用户主目录/root下生成证书文件:.keystore。6.2启动tomcat https监听修改/$TOMCAT_HOME/conf/server.xml文件，把原来已经注释SSL的部分取消，也就是激活：!- - 注意:修改配置文件中keystorePass为keystore的密码，如果密钥不是存放在/root/.keystore，或使用了另外的文件名。可在配置文件中定义keystoreFile=/path/.keystore6.3重启Tomcat# cd /$TOMCAT_HOME/bin# ./shutdown.sh# ./startup.sh# netstat -ln|grep 443tcp 0 0 :443 :* LISTEN7. 制作浏览器公钥：# cd /root# keytool -export -file server.crt -alias tomcat8. 浏览器下安装公钥步骤略。9. 将Tomcat的默认8080端口改为80端口：用编辑器打开server.xml文件，找到“8080”，然后将其修改为“80”存盘，重启Tomcat即可。10. 关闭|开启linux防火墙# systemctl stop/start firewalld 11.永久失效防火墙# systemctl disable firewalld11. LINUX通过下面的命令可以开启允许对外访问的网络端口： 比如，开启|关闭80端口# /sbin/iptables -I INPUT -p tcp -dport 80 -j ACCEPT|DROP# /etc/rc.d/init.d/iptables save #保存配置 Saving firewall rules to /etc/sysconfig/iptables: OK # /etc/rc.d/init.d/iptables restart #重启服务 查看端口是否已经开放：# /etc/init.d/iptables statusTable: filterChain INPUT (policy ACCEPT)num target prot opt source destination 1 ACCEPT tcp - /0 /0 tcp dpt:80 2 RH-Firewall-1-INPUT all - /0 /0 Chain FORWARD (policy ACCEPT)num target prot opt source destination1 RH-Firewall-1-INPUT all - /0 /0 Chain OUTPUT (policy ACCEPT)num target prot opt source destinationChain RH-Firewall-1-INPUT (2 references)num target prot opt source destination 1 ACCEPT all - /0 /0 2 ACCEPT icmp - /0 /0 icmp type 255 3 ACCEPT esp - /0 /0 4 ACCEPT ah - /0 /0 5 ACCEPT udp - /0 51 udp dpt:5353 6 ACCEPT udp - /0 0.0.0