Tomcat
[TOC]
1.JVM介紹
JVM是Java Virtual Machine(Java虛擬機)的縮寫
Java虛擬機本質是就是一個程序捍岳,當它在命令行上啟動的時候新锈,就開始執(zhí)行保存在某字節(jié)碼文件中的指令绍载。Java語言的可移植性正是建立在Java虛擬機的基礎上。任何平臺只要裝有針對于該平臺的Java虛擬機拗窃,字節(jié)碼文件(.class)就可以在該平臺上運行篙程。這就是“一次編譯怔蚌,多次運行”。
2.Tomcat介紹
a.什么是Tomcat
Tomcat和我們此前學習的 Nginx 類似功咒,也是一個Web服務器愉阎。
b.Tomcat與Nginx有什么區(qū)別?
Nginx僅支持靜態(tài)資源力奋,而Tomcat則支持Java開發(fā)的 jsp 動態(tài)資源和靜態(tài)資源榜旦。
Nginx適合做前端負載均衡,而Tomcat適合做后端應用服務處理景殷。
通常情況下溅呢,企業(yè)會使用 Nginx+tomcat 結合使用,由Nginx處理靜態(tài)資源猿挚,Tomcat處理動態(tài)資源咐旧。
3.Tomcat快速安裝
方法1:
rpm -ivh jdk-8u102-linux-x64.rpm
mkdir /app
tar xf apache-tomcat-8.0.27.tar.gz -C /app
/app/apache-tomcat-8.0.27/bin/startup.sh
方法2:
mkdir /app/
tar xf jdk-8u60-linux-x64.tar.gz -C /app/
ln -s /app/jdk1.8.0_60 /app/jdk
sed -i.ori '$a export JAVA_HOME=/app/jdk\nexport PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH\nexport CLASSPATH=.$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$JAVA_HOME/lib/tools.jar' /etc/profile
source /etc/profile
tar xf apache-tomcat-8.0.27.tar.gz -C /app
/app/apache-tomcat-8.0.27/bin/startup.sh
4.Tomcat啟動慢解決方案
沒優(yōu)化之前啟動時間
[root@tomcat logs]# grep 'Server startup' catalina.out
03-Aug-2019 03:15:18.225 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 591050 ms
優(yōu)化之后啟動時間
[root@tomcat logs]# grep 'Server startup' catalina.out
03-Aug-2019 03:15:18.225 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 591050 ms
03-Aug-2019 03:22:14.112 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 1326 ms
優(yōu)化方法:
vi /usr/java/jdk1.8.0_102/jre/lib/security/java.security
securerandom.source=file:/dev/urandom
5.tomcat目錄結構介紹
[root@tomcat apache-tomcat-8.0.27]# ll
total 92
drwxr-xr-x 2 root root 4096 Aug 3 03:05 bin #主要包含啟動、關閉tomcat腳本和腳本依賴文件
drwxr-xr-x 3 root root 198 Aug 3 03:05 conf #tomcat配置文件目錄
drwxr-xr-x 2 root root 4096 Aug 3 03:05 lib #tomcat運行需要加載的jar包
-rw-r--r-- 1 root root 57011 Sep 28 2015 LICENSE #license文件亭饵,不重要
drwxr-xr-x 2 root root 197 Aug 3 03:15 logs #在運行過程中產生的日志文件
-rw-r--r-- 1 root root 1444 Sep 28 2015 NOTICE #不重要
-rw-r--r-- 1 root root 6741 Sep 28 2015 RELEASE-NOTES #版本特性休偶,不重要
-rw-r--r-- 1 root root 16204 Sep 28 2015 RUNNING.txt #幫助文件,不重要
drwxr-xr-x 2 root root 30 Aug 3 03:05 temp #存放臨時文件
drwxr-xr-x 7 root root 81 Sep 28 2015 webapps #站點目錄
drwxr-xr-x 3 root root 22 Aug 3 03:05 work #tomcat運行時產生的緩存文件
6.tomcat配置文件
核心配置文件:
/app/apache-tomcat-8.0.27/conf/server.xml
一個tomcat實例一個server
一個server中包含多個Connector辜羊,Connector的主要功能是接受踏兜、響應用戶請求。
service的作用是:將connector關聯(lián)至engine(catalina引擎)
一個host就是一個站點八秃,類似于nginx的多站點
context類似于nginx中l(wèi)ocation的概念
8.配置tomcat basic認證
<web-app>
......
<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>test100</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Default</realm-name>
</login-config>
</web-app>
9.Nginx+Tomcat集群架構實戰(zhàn)
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream java {
server 10.0.0.100:8080;
server 10.0.0.101:8080;
}
server {
listen 80;
server_name http://jpress.etiantian.org;
root html;
index index.html index.htm;
location / {
proxy_pass http://java;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
10.Nginx+Tomcat集群實現(xiàn)全棧Https
server {
listen 443;
server_name blog.qstack.com.cn;
ssl on;
ssl_certificate /opt/xiaohua/1_blog.qstack.com.cn_bundle.crt;
ssl_certificate_key /opt/xiaohua/2_blog.qstack.com.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
root /opt/tuchuang;
index index.php index.html index.htm;
location / {
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name blog.qstack.com.cn;
location / {
return 302 https://blog.qstack.com.cn$request_uri;
}
}
11.Tomcat監(jiān)控
zabbix監(jiān)控tomcat
vim /application/apache-tomcat-8.0.27/bin/catalina.sh
CATALINA_OPTS="$CATALINA_OPTS
-Dcom.sun.management.jmxremote
-Djava.rmi.server.hostname=10.0.0.72
-Dcom.sun.management.jmxremote.port=12345
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false"
a:安裝zabbix-java-gateway碱妆,10052
b:配置重啟zabbix-java-gateway
START_POLLERS=5
c:配置重啟zabbix-server
JavaGateway=127.0.0.1
JavaGatewayPort=10052
StartJavaPollers=5
d:zabbix-web添加jmx監(jiān)控
12.Tomcat性能優(yōu)化
JAVA_OPTS="$JAVA_OPTS -server -Xms256m -Xmx256m -Xss256k -XX:+UseParallelOldGC -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp/heap_dump -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -Xloggc:/tmp/heap_trace.txt -XX:NewSize=128m -XX:MaxNewSize=128m"
13.反向代理nginx.conf文件
upstream test {
server 172.16.1.8:8080;
server 172.16.1.9:8080;
}
server {
listen 80;
server_name blog.oldqiang.com;
location / {
return 302 https://blog.oldqiang.com$request_uri;
}
}
server {
listen 443;
server_name blog.oldqiang.com;
ssl on;
ssl_certificate /opt/nginx/1_blog.oldqiang.com_bundle.crt;
ssl_certificate_key /opt/nginx/2_blog.oldqiang.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://test;
proxy_set_header Host $host;
}
location ~.*\.(png|jpg) {
root /data;
}
}
