让tomcat在80端口上运行
法一:
修改连接器的端口8080为80
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
然后以root身份重启tomcat即可
法二:
不修改连接器的端口,而是使用iptables转发端口流量,即将80/tcp端口的流量全部转发到8080/tcp
tomcat配置不需要做任何修改
当需要在需要添加两条iptables规则:10.0.0.121为tomcat服务所在地址
iptables -t nat -I PREROUTING -p tcp --dst 10.0.0.121 --dport 80 -j Redirect --to-ports 8080
iptables -t nat -I OUTPUT -p tcp --dst 10.0.0.121 --dport 80 -j Redirect --to-ports 8080
此法有个缺点:
为了显示真是的端口,tomcat需要重写URL。加入网址是www.example.com,若一个用户在其浏览器地址栏中输入http://www.example.com/,则依web应用程序的内容而定,tomcat会对重写该地址,且该用户会在自己的浏览器中看到http://www.example.com:8080/index.html的地址(即重定向后,浏览器上会显示真是的访问地址)
tomcat会认定请求来源于8080端口,因为她在8080端口上打开了web服务器连接器,因此无论如何发送重定向,他都会追加上端口号8080,按照如下方式修改连接器配置接口解决:
<Connector port="8080" protocol="HTTP/1.1" proxyPort=80
connectionTimeout="20000"
redirectPort="8443" />
如果安装的tomcat就是充当主页的功能,也可同时设置proxyName="hostname.example.com"
法三:
在80端口上通过Service Wrapper运行tomcat
这种方式是使用服务封装二进制文件(a service wrapper binary),这样在80端口上以非root用户运行tomcat
jsvs(Java Service的缩写)是tomcat的二进制发行版本身所带的服务封装器
在$CATALINA_HOME/bin/目录下找到commons-daemon-native.tar.gz压缩包,解压,编译
cd /applicaton/tomcat/bin/
tar xvf commons-daemon-native.tar.gz
cd /application/tomcat/bin/commons-daemon-1.1.0-native-src/unix
./configure --with-java=$JAVA_HOME
make
编译后,在当前目录下生成一个jsvc可执行文件,拷贝至/application/tomcat/bin目录下
cp -a jsvc /application/tomcat/bin
chmod 700 /application/tomcat/bin/jsvc
chown root:root /application/tomcat/bin/jsvc
useradd -d $CATALINA_HOME/temp -s /sbin/nologin -g nobody tomcat #也可使用其它虚拟用户
且除了对logs、temp、webapps、work目录(若打算使用Admin webapp,也可包含conf目录)具有读写权限外,几乎没有其它权限
chown -R tomcat $CATALINA_HOME/{logs,temp,webapps,work,conf}
ps -ef|grep catalina.startup #查找当前正在运行的tomcat
[root@docker121 ~]# ps -ef|grep catalina.startup
root 62790 1 0 Oct05 ? 00:11:16 /application/jdk/jre/bin/java -Djava.util.logging.config.file=/application/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dignore.endorsed.dirs= -classpath /application/tomcat/bin/bootstrap.jar:/application/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/application/tomcat -Dcatalina.home=/application/tomcat -Djava.io.tmpdir=/application/tomcat/temp org.apache.catalina.startup.Bootstrap start
使用jsvc启动时,除了上述的选项外,还要加上自己的选项(提前设置好CATALINA_HOME和CATALINA_BASE环境变量):
/applicaton/tomcat/jsvc \
-user tomcat \
-home $JAVA_HOME \
-wait 10 -pidfile /var/run/jsvc.pid \
-outfile $CATALINA_HOME/logs/catalina.out \
-errfile $CATALINA_HOME/logs/catalina.out \
-Djava.util.logging.config.file=/application/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dignore.endorsed.dirs= -classpath /application/tomcat/bin/bootstrap.jar:/application/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/application/tomcat -Dcatalina.home=/application/tomcat -Djava.io.tmpdir=/application/tomcat/temp org.apache.catalina.startup.Bootstrap start
一旦运行成功,要检查tomcat日志,并尝试对tomcat产生一个http请求
关闭jsvc:
jsvc -stop -pidfile /var/run/jsvc.pid org.apache.catalina.startup.Bootstrap
如果每次启停服务都是用上述方式,太过繁琐,可使用下面的脚本(放到/etc/init.d/下):
注意:该脚本不适用多实例,若用于多实例,根据自己的环境修改脚本中的变量
cat >> /etc/init.d/jsvc <<end
#!/bin/sh
#
# chkconfig: 35 95 95
# description: tomcat start/stop scripts
##############################################################################
# Small shell script to show how to start/stop Tomcat using jsvc
# If you want to have Tomcat running on port 80 please modify the server.xml file:
#
# <!-- Define a non-SSL HTTP/1.1 Connector on
port 80 -->
# <Connector
className="org.apache.catalina.connector.http.HttpConnector"
# port="80"
minProcessors="5" maxProcessors="75"
# enableLookups="true"
redirectPort="8443"
# acceptCount="10"
debug="0" connectionTimeout="60000"/>
##############################################################################
# Adapt the following lines to your configuration
JAVA_HOME=/application/jdk
CATALINA_HOME=/application/tomcat
DAEMON_HOME=/application/tomcat/bin
#TOMCAT_USER=tomcat
JVM_MODE=server
#multi instances 按需修改如下几个变量
TMP_DIR=/application/tomcat/temp
PID_FILE=/var/run/jsvc.pid
CATALINA_BASE=/applicaton/tomcat
CATALINA_OPTS=""
CLASSPATH=$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/commons-daemon.jar:$CATALINA_HOME/bin/bootstrap.jar
# we ignore the -user $TOMCAT_USER line
# and we added the -jvm $JVM_MODE line
# add -debug before the org.apache.catalina.startup.Bootstrap line if you want
to see debug infos
case "$1" in
start)
# Start Tomcat
#
$DAEMON_HOME/jsvc \
-jvm $JVM_MODE \
-home $JAVA_HOME \
-Dcatalina.home=$CATALINA_HOME \
-Dcatalina.base=$CATALINA_BASE \
-Djava.io.tmpdir=$TMP_DIR \
-wait 10 \
-pidfile $PID_FILE \
-outfile $CATALINA_HOME/logs/catalina.out \
-errfile $CATALINA_HOME/logs/catalina.err \
$CATALINA_OPTS \
-cp $CLASSPATH \
-verbose:gc \
org.apache.catalina.startup.Bootstrap
exit $?
;;
stop)
# Stop Tomcat
#
$DAEMON_HOME/jsvc \
-stop \
-pidfile $PID_FILE \
org.apache.catalina.startup.Bootstrap
exit $?
;;
*)
echo "Usage tomcat.sh start/stop"
exit 1;;
esac
end
然后编辑server.xml文件,修改连接器的端口为80
<Connector port="80"
protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
/>
在次使用上述的指令或脚本启动即可
jsvc --help
用法:
jsvc [-options]
class [args...]
options:
-help | --help | -? 显示此帮助页面
-jvm <JVM name> 使用一个指定的Java Virtual Machine. 可用的JVMs: 'server'
-client 使用客户端Java Virtual Machine.
-server 使用服务端Java Virtual Machine.
-cp | -classpath <directories and
zip/jar files> 为service classes和 resouces设置搜索路径
-java-home | -home <directory> 设置JDK或JRE安装路径(或设置JAVA_HOME环境变量)
-version 显示当前java环境版本(检查-home和-jvm的正确性,暗含-nodetach)
-showversion 显示当前java环境版本(检查-home和-jvm的正确性) and continue execution.
-nodetach don't detach from parent process and
become a daemon
-debug
verbosely print debugging
information
-check
仅检查服务(暗含 -nodetach选项)
-user <user> 用于启动守护程序的用户(默认是当前用户)
-verbose[:class|gc|jni] enable verbose output
-cwd </full/path> set working directory to given location
(defaults to /)
-outfile </full/path/to/file> stdout的输出位置(默认/dev/null),使用'&2'模拟'1>&2'
-errfile </full/path/to/file> stderr的输出位置(默认/dev/null),使用'&1'模拟'2>&1'
-pidfile </full/path/to/file> 包含jsvc的pid文件的输出位置(默认/var/run/jsvc.pid)
-D<name>=<value> 设置java系统属性
-X<option> 设置虚拟机指定选项
-ea[:<packagename>...|:<classname>]
-enableassertions[:<packagename>...|:<classname>] enable assertions
-da[:<packagename>...|:<classname>]
-disableassertions[:<packagename>...|:<classname>] disable assertions
-esa | -enablesystemassertions enable system assertions
-dsa | -disablesystemassertions disable system assertions
-agentlib:<libname>[=<options>] load native agent library
<libname>, e.g. -agentlib:hprof
-agentpath:<pathname>[=<options>] load native agent library by full pathname
-javaagent:<jarpath>[=<options>] load Java programming language agent,
see java.lang.instrument
-procname <procname> 使用指定的进程名
-wait <waittime> 设置启动服务等待的秒数,waittime应为10的倍数(最小为10)
-restarts <maxrestarts> maximum automatic restarts (integer)
-1=infinite (default), 0=none,
1..(INT_MAX-1)=fixed restart count
-stop
使用-pidfile选项中提供的文件,停止服务
-keepstdin 禁止将stdin重定向至/dev/null
--add-modules=<module name> Java 9 --add-modules option. Passed as
it is to JVM
--module-path=<module path> Java 9 --module-path option. Passed as
it is to JVM
--upgrade-module-path=<module path> Java 9 --upgrade-module-path option. Passed
as it is to JVM
--add-reads=<module name> Java 9 --add-reads option. Passed as it
is to JVM
--add-exports=<module name> Java 9 --add-exports option. Passed as
it is to JVM
--add-opens=<module name> Java 9 --add-opens option. Passed as it
is to JVM
--limit-modules=<module name> Java 9 --limit-modules option. Passed as
it is to JVM
--patch-module=<module name> Java 9 --patch-module option. Passed as
it is to JVM
--illegal-access=<value> Java 9 --illegal-access option. Passed
as it is to JVM. Refer java help for possible values.