以下是常见的tomcat配置和问题
以下总结来自实践(OS: Ubuntu 10.10 64bit)
目录
-
Tomcat conf配置
- tomcat-users.xml配置
- web.xml静态资源编码设置
- URI编码设置
- APR
-
配置SSL
- 非APR的SSL配置步骤
- APR环境的SSL配置(ssl使用apr)
- gzip压缩
- jdbc
- HttpOnly
Tomcat conf配置
tomcat-users.xml配置
- 默认是没有任何用户的,这样开发不方便,如果是生产环境,建议删除所有用户,开发配置(tomcat7)如下:
-
- <?xml version='1.0' encoding='utf-8'?>
- <tomcat-users>
- <role rolename="manager-gui"/>
- <role rolename="manager-script"/>
- <role rolename="manager-jmx"/>
- <role rolename="manager-status"/>
- <user username="admin" password="" roles="manager-gui,manager-script,manager-jmx,manager-status"/>
- </tomcat-users>
web.xml静态资源编码设置
-
问题:在查看页面js或者css的源代码的时候,源代码出现乱码,但是页面上一切正常运行,因为tomcat需要配置静态资源的编码格式 解决:打开tomcat_home/conf/web.xml文件,在mime-type中增加编码chartset=utf-8信息即可,如:
- <mime-mapping>
- <extension>css</extension>
- <mime-type>text/css;charset=utf-8</mime-type>
- </mime-mapping>
- <mime-mapping>
- <extension>js</extension>
- <mime-type>text/javascript;charset=utf-8</mime-type>
- </mime-mapping>
URI编码设置
-
问题:乱码问题,非通过表单的提交,比如直接在浏览器地址栏直接输入中文数据的乱码问题
http://yoururl//your.action?name=我的中文名&check=可能在服务器端乱码
解决:打开tomcat_home/conf/server.xml文件,设置Connector属性URIEncoding="UTF-8"就可以解决了,注意每一个Connector都要设置此属性
- <Connector URIEncoding="UTF-8" port="8159" protocol="AJP/1.3" redirectPort="8593"/>
APR
-
tomcat启动时提示信息——The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found
Sep 3, 2010 8:59:51 PM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /prog/java/jdk1.6.0_20/bin:/prog/apache/app-apache-tomcat-7.0.0/bin Sep 3, 2010 8:59:51 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 848 ms
步骤:APR详情
- 准备依赖包
-
下载APR依赖: APR 1.2+ development headers (libapr1-dev package)
-
下载OpenSSL依赖:OpenSSL 0.9.7+ development headers (libssl-dev package)
-
- 解压缩tomcat_home/bin/tomcat-native.tar.gz
-
进入目录:tomcat-native-1.1.20-src/jni/native 详细安装见此目录下的BUILDING文件
- 执行 export JAVA_HOME=/prog/java/jdk 设置JDK
- 执行:./configure --with-apr=/usr/bin --with-ssl=/usr/bin
- 执行:make
-
执行:sudo make install -->安装到/usr/local/apr/lib
- 执行:ln -s /usr/local/apr/lib/libtcnative-1.so $JAVA_HOME/jre/lib/amd64/
-
重新启动tomcat看到:
Sep 3, 2010 9:56:17 PM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.20. Sep 3, 2010 9:56:18 PM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Sep 3, 2010 9:56:18 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: Failed to initialize the SSLEngine. Sep 3, 2010 9:56:18 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8782 Sep 3, 2010 9:56:18 PM org.apache.coyote.ajp.AjpAprProtocol init INFO: Initializing Coyote AJP/1.3 on ajp-8711 Sep 3, 2010 9:56:18 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 840 ms
- 准备依赖包
配置SSL
非APR的SSL配置步骤
-
创建keystore:
jdk/bin/keytool -genkey -keystore tomcat.keystore -alias tomcat -keyalg RSA
- 把tomcat.keystore放入${user.home}目录中,就是你的用户目录,当然你可以放入其他目录中
-
修改tomcat的server.xml,增加Connector:
- <Connector port="9145" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"
- URIEncoding="UTF-8"
- keystoreFile="${user.home}/tomcat.keystore" keystorePass="cms4g-proxy-PaSsWoRd"
- maxThreads="20"
- />
-
如果还是按照上面的#非APR的SSL配置步骤进行ssl配置,那么需要这么做:
-
在Connector中配置protocol=org.apache.coyote.http11.Http11NioProtocol
<Connector port="9145" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" protocol="org.apache.coyote.http11.Http11NioProtocol" URIEncoding="UTF-8" keystoreFile="${user.home}/tomcat.keystore" keystorePass="cms4g-proxy-PaSsWoRd" maxThreads="20" />
但启动时会提示错误:Failed to initialize the SSLEngine.
Sep 3, 2010 10:49:42 PM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.20. Sep 3, 2010 10:49:43 PM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Sep 3, 2010 10:49:43 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: Failed to initialize the SSLEngine. Sep 3, 2010 10:49:43 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8782 Sep 3, 2010 10:49:43 PM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector INFO: Using a shared selector for servlet write/read Sep 3, 2010 10:49:43 PM org.apache.coyote.http11.Http11NioProtocol init INFO: Initializing Coyote HTTP/1.1 on http-9145 Sep 3, 2010 10:49:43 PM org.apache.coyote.ajp.AjpAprProtocol init INFO: Initializing Coyote AJP/1.3 on ajp-8711 Sep 3, 2010 10:49:43 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1162 ms
-
虽然提示信息:Failed to initialize the SSLEngine.但ssl依然可以正常运行,要抑制此信息只要修改server.xml配置apr的sslengine=off即可,如
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" />
启动信息
Sep 3, 2010 10:51:53 PM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.20. Sep 3, 2010 10:51:53 PM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Sep 3, 2010 10:51:54 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8782 Sep 3, 2010 10:51:54 PM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector INFO: Using a shared selector for servlet write/read Sep 3, 2010 10:51:54 PM org.apache.coyote.http11.Http11NioProtocol init INFO: Initializing Coyote HTTP/1.1 on http-9145 Sep 3, 2010 10:51:54 PM org.apache.coyote.ajp.AjpAprProtocol init INFO: Initializing Coyote AJP/1.3 on ajp-8711 Sep 3, 2010 10:51:54 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1081 ms
-
APR环境的SSL配置(ssl使用apr)
-
创建相关密钥:OpenSSL官方createKey
-
创建private key:
Private keys are generated with 'openssl genrsa' if you want a RSA private key, or 'openssl gendsa' if you want a DSA private key. openssl genrsa -out privkey.pem
-
Creating a certificate request
3. Creating a certificate request The certificate request is created like this: openssl req -new -key privkey.pem -out cert.csr
-
自签名
4. Creating a self-signed test certificate openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
-
我的实际运行:
openssl genrsa -out tomcatkey.pem 产生文件 tomcatkey.pem openssl req -new -x509 -key tomcatkey.pem -out tomcatca.pem -days 1095 产生文件 tomcatca.pem
-
-
配置APR的SSL Connector和listener,文件server.xml:
<!--APR library loader. Documentation at /docs/apr.html --> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> <!-- Connector配置 --> <Connector port="9145" SSLEnabled="true" scheme="https" secure="true" URIEncoding="UTF-8" SSLCertificateKeyFile="${user.home}/tomcatkey.pem" SSLCertificateFile="${user.home}/tomcatca.pem" maxThreads="20" />
gzip压缩
-
直接在server.xml中配置Connector即可:
<Connector port="9145" SSLEnabled="true" scheme="https" secure="true" URIEncoding="UTF-8" SSLCertificateKeyFile="${user.home}/tomcatkey.pem" SSLCertificateFile="${user.home}/tomcatca.pem" maxThreads="20" compression="on" compressionMinSize="1024" compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css,application/x-json,application/json" />
jdbc
-
配置Context.xml
<Context path="" docBase="${catalina.home}/atlassian-jira" reloadable="false"> <Resource name="jdbc/JiraDS" auth="Container" type="javax.sql.DataSource" username="[enter db username]" password="[enter db password]" driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://localhost/jiradb?useUnicode=true&characterEncoding=UTF8" [ delete the minEvictableIdleTimeMillis and timeBetweenEvictionRunsMillis params here ] maxActive="20" validationQuery="select 1"/> </Context>
HttpOnly
- 配置Context中配置useHttpOnly="true",tomcat7默认是true,对于6是false
-
<?xml version="1.0" encoding="UTF-8" ?> <Context path="/${tomcat.deployName}" docBase="${basedir}/WebRoot" useHttpOnly="true"/>
-