Tomcat

安裝openJDK

CentOS 5以yum安裝openjdk
#yum install java-1.6.0-openjdk java-1.6.0-openjdk-devel
ps:
透過yum makecache && yum search openjdk可找到可用的版本

驗證目前版本
#java -version
java version “1.6.0_20”
OpenJDK Runtime Environment (IcedTea6 1.9.8) (rhel-1.22.1.9.8.el5_6-i386)
OpenJDK Client VM (build 19.0-b09, mixed mode)
ps:
若版本仍為舊版,可手動切換
#update-alternatives –config java
1 /usr/lib/jvm/jre-1.4.2-gcj/bin/java
*+ 2 /usr/lib/jvm/jre-1.6.0-openjdk/bin/java

設定環境變數
#vi /etc/profile
JAVA_HOME=/usr/lib/jvm/java-1.6.0
PATH=$PATH:$JAVA_HOME/bin
CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar
export PATH JAVA_HOME CLASSPATH

重開機
#reboot

refer:
http://iammic.pixnet.net/blog/post/5533593

………………………………………………………………………………………………………………………………

安裝TOMCAT

1以configurate安裝
下載位置為http://tomcat.apache.org/download-60.cgi
ex:install tomcat-6.0.29
#wget http://apache.ntu.edu.tw//tomcat/tomcat-6/v6.0.29/bin/apache-tomcat-6.0.29.tar.gz
#tar -zxvf apache-tomcat-6.0.29.tar.gz
#mv apache-tomcat-6.0.29 /usr/local/tomcat6
#/usr/local/tomcat6/bin/startup.sh
Using CATALINA_BASE: /usr/local/tomcat6
Using CATALINA_HOME: /usr/local/tomcat6
Using CATALINA_TMPDIR: /usr/local/tomcat6/temp
Using JRE_HOME: /usr
Using CLASSPATH: /usr/local/tomcat6/bin/bootstrap.jar

2測試是否安裝完成
開啟 http://< tomcat ip>:8080

ps:
安裝位置會儲存在$CATALINA_HOME
若只有單一instances,則CATALINA_BASE會等於CATALINA_HOME

ps:
$CATALINA_HOME結構如下
/bin
存放啟動和關閉等其他指令
.sh結尾表示unix system,.bat結尾表示win system
/conf
存放組態檔和相關DTDs,其中server.xml是container主要的組態檔,非常重要
/logs
log存放的地方
/webapps
This is where your webapps go.

ps:
startup.sh執行後會執行以下
/usr/lib/jvm/java-1.6.0/bin/java -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/local/tomcat/endorsed
-classpath /usr/local/tomcat/bin/bootstrap.jar
-Dcatalina.base=/usr/local/tomcat
-Dcatalina.home=/usr/local/tomcat
-Djava.io.tmpdir=/usr/local/tomcat/temp org.apache.catalina.startup.Bootstrap start

3編輯環境檔
#vi /etc/profile
export CATALINA_HOME=/usr/local/tomcat
export CLASSPATH=.:$JAVA_HOME/lib:$CATALINA_HOME/lib
export PATH=$PATH:$CATALINA_HOME/bin
#source /etc/profile
#/usr/local/tomcat6/catalina.sh start

ps
yum安裝方法
#cd /etc/yum.repos.d
#wget http://www.jpackage.org/jpackage50.repo
#yum update
#yum install tomcat6 tomcat6-webapps tomcat6-admin-webapps
#service tomcat6 ѕtаrt
預設安裝在/usr/share/tomcat6

………………………………………………………………………………………………………………………………

常見操作 

網頁管理介面
Status
https:// ip /manager/status
Tomcat Manager
https:// ip /manager/html

設定tomcat網頁管理介面的帳號密碼
#vi conf/tomcat-user.xml
加入以下
< role rolename=”manager”/>
< user username=”ray” password=”pass” roles=”manager”/>

限制進入manager的ip
vi $CATALINA_HOME/conf/Catalina/localhost/manager.xml
< Context path=”/manager” privileged=”true”
docBase=”/usr/local/kinetic/tomcat6/server/webapps/manager”>
< Valve className=”org.apache.catalina.valves.RemoteAddrValve”
allow=”127.0.0.1″/>
< /Context>

………………………………………………………

SSL設定

自建憑證的設定方式 

1
Create a priviate key
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /root/server.jks
輸入keystore密碼,在設定server.xml的keystorePass會用到
enter keystore password:
您的名稱為何？
[Unknown]： manager
您的編制單位名稱為何？
[Unknown]： it
您的組織名稱為何？
[Unknown]： sys
您所在的城市或地區名稱為何？
[Unknown]： taipei
您所在的州及省份名稱為何？
[Unknown]： taiwan
該單位的二字國碼為何
[Unknown]： tw
CN=localhost, OU=localhost, O=localhost, L=taipei, ST=taiwan, C=tw 正確嗎？
[否]： y
輸入 < localhost> 的主密碼
（RETURN 如果和 keystore 密碼相同）：

這樣會產生一個server.jks檔案，具在當中的tomcat別名管理下儲存有一對公、私鑰。
接下來編輯Tomcat的conf目錄中server.xml，找到以下這段註解所在：
< Connector port=”443″ protocol=”HTTP/1.1″
SSLEnabled=”true” maxThreads=”150″ scheme=”https”
secure=”true” clientAuth=”false” sslProtocol=”TLS”
keystorePass=”你的密碼” />

refer:
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.htmlps:

… 

購買憑證的設定方式

假設參數如下
keyalias為keynameidp1
keystore為keystoreidp1.jks
certificatereq為csridp1.txt
keystorePass為thisispassword

1
make key
#keytool -genkey -alias keynameidp1 -keyalg RSA -keysize 2048 -keystore keystoreidp1.jks
成功後會產生key檔keystoreidp1.jks

2
make CSR(certificate requset)
#keytool -certreq -alias keynameidp1 -file csridp1.txt -keystore keystoreidp1.jks
成功後會產生CSR檔csridp1.txt

3
CSR檔(certificatereq)要給ssl單位
並向ssl單位取得cer檔(可能是4個或3個),如下
root.cer
uca_1.cer
uca_2.cer
server.cer

4
將上述.cer檔塞到key裡

# keytool -import -trustcacerts -alias root -file root.cer -keystore keystoreidp1.jks
Enter keystore password:
Certificate already exists in system-wide CA keystore under alias <83httpwwwusertrustcomutndatacorpsgc>
Do you still want to add it to your own keystore? [no]: y
Certificate was added to keystore

# keytool -import -trustcacerts -alias uca1 -file uca_1.cer -keystore keystoreidp1.jks
Enter keystore password:
Certificate was added to keystore

# keytool -import -trustcacerts -alias uca2 -file uca_2.cer -keystore keystoreidp1.jks
Enter keystore password:
Certificate was added to keystore

# keytool -import -trustcacerts -alias keynameidp1 -file server.cer -keystore keystoreidp1.jks
Enter keystore password:
Certificate was added to keystore

……………………………………………..

 
執行程式
方法有 jsp 及 servlet

servlet
testservlet.class存放在webapps/< dir>/WEB-INF/classes/
並在WEB-INF/web.xml定義好以下
< servlet>
< servlet-name>HelloServlet< /servlet-name>
< servlet-class>mypackage.Hello< /servlet-class>
< /servlet>
< servlet-mapping>
< servlet-name>HelloServlet< /servlet-name>
< url-pattern>/hello< /url-pattern>
< /servlet-mapping>
ps:
url-pattern是開網頁的路徑要對應到servlet-name
servlet-class是.class的路徑要對應到servlet-name
ps:
war包裝的檔案用以下執行解開
jar -xvf sample.war

ps:
.class產生方式
在classes目錄下編輯好.java後,執行javac < name>.java
ps:確定CLASSPATH變數有包含CATALINA_HOME%libservlet-api.jar,否則執行javac時會出現package javax.servlet.http does not exist
ex:
#vi testservlet.java
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class testservlet extends HttpServlet
{
public void doGet(HttpServletRequest request,HttpServletResponse response)
throws ServletException,IOException
{
response.setContentType(“text/html”);
PrintWriter out = response.getWriter();
out.println(“< h1>Hello world”);
}
}
#javac testservlet.java

……………..

 
設成daemon,防止權限過大
安裝jsvc.tar.gz
SHELL> tar -zxvf jsvc.tar.gz
SHELL> cd jsvc.src #準備進行安裝
SHELL> chmod +x configure
SHELL> ./configure -with-java= /usr/java/jdk1.0.6_14 #指定jdk安裝位址
SHELL> make #編譯
使用者用戶建立(建立群組與OWNER)
SHELL> useradd tomcat6
SHELL> groupadd tomcat
SHELL>usermod -G tomcat tomcat6
SHELL> chown -R tomcat6 /usr/local/tomcat6

………………………………..

其他設定參考
http://funp.com/t11187#p=11187