#!/bin/bash

#####################################setup##########################################################

yum install -i gcc zlib1g zlib1g-dev openssl libssl-dev libpcre3 libpcre3-dev libevent-dev;#http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html;cd /usr/local/srctar -zxvf jdk-8u102-linux-x64.tar.gzmv /usr/local/src/jdk1.8.0_102 /usr/local/jdk#配置JDK環(huán)境變量sed -i '$a ulimit -n 65535' /etc/profilesed -i '$a export JAVA_HOME=/usr/local/jdk' /etc/profilesed -i '$a export JRE_HOME=$JAVA_HOME/jre' /etc/profilesed -i '$a export CLASSPATH=.:$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH' /etc/profilesed -i '$a export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH' /etc/profilesource /etc/profilecd /usr/local/srcwget https://mirrors.cnnic.cn/apache/tomcat/tomcat-8/v8.5.23/bin/apache-tomcat-8.5.23.tar.gz;tar -zxvf apache-tomcat-8.5.23.tar.gzcd apache-tomcat-8.5.23/lib#下載加入lib文件以支持共享sessionwget http://central.maven.org/maven2/de/javakaffee/msm/memcached-session-manager/2.1.1/memcached-session-manager-2.1.1.jarwget http://central.maven.org/maven2/de/javakaffee/msm/memcached-session-manager-tc8/2.1.1/memcached-session-manager-tc8-2.1.1.jarwget http://central.maven.org/maven2/net/spy/spymemcached/2.11.1/spymemcached-2.11.1.jarwget http://central.maven.org/maven2/de/javakaffee/msm/msm-javolution-serializer/2.1.1/msm-javolution-serializer-2.1.1.jarwget http://central.maven.org/maven2/javolution/javolution/5.4.5/javolution-5.4.5.jarcd .. && cd ..#禁止TLDs掃描新加入的jar包sed -i '134c xom-*.jar,javolution-5.4.5.jar,memcached-session-manager-2.1.1.jar,memcached-session-manager-tc8-2.1.1.jar,msm-javolution-serializer-2.1.1.jar,spymemcached-2.11.1.jar' apache-tomcat-8.5.23/conf/catalina.properties#tomcat的優(yōu)化配置,在102行處插入內(nèi)容sed -i '102c export JAVA_OPTS="-server -Xms1000M -Xmx1000M -Xss512k -XX:+AggressiveOpts -XX:+UseBiasedLocking -XX:+DisableExplicitGC -XX:MaxTenuringThreshold=15 -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:+CMSParallelRemarkEnabled -XX:+UseCMSCompactAtFullCollection -XX:LargePageSizeInBytes=128m -XX:+UseFastAccessorMethods -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=true"' apache-tomcat-8.5.23/bin/catalina.shcp -r apache-tomcat-8.5.23 /usr/local/tomcat#cat <~/aaa.txt##EOF#sed -i '20 r ~/aaa.txt' /usr/local/tomcat/conf/context.xmlcd /usr/local/srcwget http://mirror.bit.edu.cn/apache/apr/apr-1.6.3.tar.gz tar -zxvf apr-1.6.3.tar.gz cd apr-1.6.3 && ./configure --prefix=/usr/local/aprmake && make installcd .. && rm -rf apr-1.6.3 && rm -rf apr-1.6.3.tar.gz wget http://mirror.bit.edu.cn/apache/apr/apr-util-1.6.1.tar.gz tar -zxvf apr-util-1.6.1.tar.gz cd apr-util-1.6.1 && ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/aprmake && make installcd .. && rm -rf apr-util-1.6.1 && rm -rf apr-util-1.6.1.tar.gz wget https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-connectors/native/1.2.16/source/tomcat-native-1.2.16-src.tar.gz tar -zxvf tomcat-native-1.2.16-src.tar.gz cd tomcat-native-1.2.16-src/native && ./configure --with-apr=/usr/local/aprmake && make installcd .. && cd .. && rm -rf tomcat-native-1.2.16-src && rm -rf tomcat-native-1.2.16-src.tar.gz sed -i '$a export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/apr/lib' /etc/profilesource /etc/profile#####################################end setup#####################################################################添加管理員 # vi /usr/local/tomcat/conf/tomcat-users.xml

? ? # vi /usr/local/tomcat/conf/Catalina/localhost/下? 添加manager.xml? #################################sed '1,10y/abcde/ABCDE/' file 來自: http://man.linuxde.net/sedCATALINA_BASE,CATALINA_HOMEstartup securityhttp://localhost:8080/adminserver.xml context.xml tomcat-users.xml web.xml catalina.policy catalinat.propertiesserver service connector engine host context realmengine valve host contextvalve:日志 單點(diǎn)登錄 請(qǐng)求過濾Manager: context.xmlJNDI/????JDBC連接###########################################JavaMail發(fā)送郵件context.xmlmail.smtp.hostlocalhostweb.xmlmail/Sessionjavax.mail.SessionContainer#download,setup javamail activationweb.xmlSendMailServletSendMailServletSendMailServlet/mail/SendMailServlet###################添加管理員權(quán)限http://localhost:8080/manager/###三種部署方式manager,ant,http##三種連接器：http,nio,arp##支持CGI：web.xml刪除注釋,context.xml:##支持SSI：同上ssi?

? ? ? ? ? org.apache.catalina.ssi.SSIServlet?

? ? ? ? buffered1debug0expires666isVirtualWebappRelative04ssi*.shtmlssi?

? ? ? ? ? org.apache.catalina.ssi.SSIFilter?

? ? ? ? contentTypetext/x-server-parsed-html(;.*)?debug0expires666isVirtualWebappRelative0inputEncodingutf-8outputEncodingutf-8#################################################tomcat性能調(diào)優(yōu)linux修改TOMCAT_HOME/bin/catalina.sh，在前面加入JAVA_OPTS="-XX:PermSize=64M -XX:MaxPermSize=128m -Xms512m -Xmx1024m -Duser.timezone=Asia/Shanghai"tomcat 線程優(yōu)化maxThreads="600"? ? ? ///最大線程數(shù)minSpareThreads="100"http:///初始化時(shí)創(chuàng)建的線程數(shù)maxSpareThreads="500"http:///一旦創(chuàng)建的線程超過這個(gè)值，Tomcat就會(huì)關(guān)閉不再需要的socket線程畜份。acceptCount="700"http://指定當(dāng)所有可以使用的處理請(qǐng)求的線程數(shù)都被使用時(shí)佑钾，可以放到處理隊(duì)列中的請(qǐng)求數(shù)，超過這個(gè)數(shù)的請(qǐng)求將不予處理這里是http connector的優(yōu)化纬向，如果使用apache和tomcat做集群的負(fù)載均衡，并且使用ajp協(xié)議做apache和tomcat的協(xié)議轉(zhuǎn)發(fā)，那么還需要優(yōu)化ajp connector旺韭。##配置線程池由于tomcat有多個(gè)connector，所以tomcat線程的配置掏觉，又支持多個(gè)connector共享一個(gè)線程池区端。首先。打開/conf/server.xml澳腹，增加最大線程500（一般服務(wù)器足以）织盼，最小空閑線程數(shù)20，線程最大空閑時(shí)間60秒酱塔。然后沥邻，修改節(jié)點(diǎn)，增加executor屬性延旧，executor設(shè)置為線程池的名字：可以多個(gè)connector公用1個(gè)線程池谋国，所以ajp connector也同樣可以設(shè)置使用tomcatThreadPool線程池。禁用DNS查詢 enableLookups="false"##安裝并啟動(dòng)APR:更好的支持并發(fā)(1)安裝APR tomcat-native? ? apr-1.3.8.tar.gz? 安裝在/usr/local/apr? ? #tar zxvf apr-1.3.8.tar.gz? ? #cd apr-1.3.8? ? #./configure;make;make install? ? ? ? apr-util-1.3.9.tar.gz? 安裝在/usr/local/apr/lib? ? #tar zxvf apr-util-1.3.9.tar.gz? ? #cd apr-util-1.3.9? ? ? #./configure --with-apr=/usr/local/apr ----with-java-home=JDK;make;make install? ? ? ? #cd apache-tomcat-6.0.20/bin? ? ? #tar zxvf tomcat-native.tar.gz? ? ? #cd tomcat-native/jni/native? ? ? #./configure --with-apr=/usr/local/apr;make;make install? ? ? (2)設(shè)置 Tomcat 整合 APR? ? 修改 tomcat 的啟動(dòng) shell （startup.sh）迁沫，在該文件中加入啟動(dòng)參數(shù)：? ? ? CATALINA_OPTS="$CATALINA_OPTS -Djava.library.path=/usr/local/apr/lib" 芦瘾。 #############################################ajp#worker.propeties worker1.list=worker1worker.worker1.type=ajp13worker.worker1.host=192.168.1.12#apache:confLoadModule jk_module modules/mod_jk.soJkWorkersFile conf/workers.propertiesJkLogFile logs/httpd/mod_jk.logJkLogLevel debugJkRequestLogFormat "%w %U %T"JkMount /exapmle/* worker1SetEnvIf Request_URL "nojk/*" no-jk###############################mod_proxyLoadModule proxy_module modules/mod_proxy.soLoadModule proxy_ajp_module modules/mod_proxy_ajp.soLoadModule proxy_balancer_module modules/mod_proxy_balancer.soProxyRequests offProxyPreserveHost OnOrder deny,allow

Allow from allProxyPass /example/jsp ajp://192.168.1.12:8009/example/jspProxyPassReverse /example/jsp ajp://192.168.1.12:8009/example/jspOrder deny,allow

Allow from all#################################worker.list=xx,yy,zzworker.xx.type=ajp13worker.xx.host=localhostworker.xx.port=8009IIS與Tomcat連接：ISAPI####resource配置JDBC server.xml#grant all privileges on *.* to 'xx' identified by 'xxx'#flush privileges###########################tomcat安全刪除/webapps/examples更改shutdown端口用tomcat賬號(hào)啟動(dòng) /bin/su tomcat $CATALINA_HOME/bin/startup.shjre: chmod -R o=rx /jre/*? ? tomcat: chown -R tomcat:tomcat /tomcat/#tomcat啟用security manager: catalina.sh start -security##catalina.policy 啟用類裝載器grant codeBase "file:${catalina.home}/webapps/youapp/-"{permission java.lang.RuntimePermission "createClassLoader"}##啟用JDBC驅(qū)動(dòng)打開數(shù)據(jù)庫grant codeBase "file:${catalina.home}/webapps/-" {permission java.net.SocketPermission "db.server.com:54213", "connect";}##允許訪問25端口grant codeBase "file:${catalina.home}/webapps/-"{permission java.net.SocketPermission "mail.server.com:25","connect";}##讀寫所有文件grant {java.io.FilePermission "<>","read,write,execute,delete";}###serlvet:BASIC,摘要，F(xiàn)ORM,HTTPS客戶端證書##禁用目錄列表listingsfalse###禁用SSI集畅，CGI近弟，關(guān)閉privileged='true'#########################################apache 加入 sslListen 192.168.10.10:80NameVirtualHost 192.168.10.10ServerName xx.com

DocumentRoot /xx/xx

ServerAdmin xx@qq.com

ErrorLog /xx/xx.log

CustomLog /xx/xx.log common##tomcat虛擬主機(jī)###########################apache tomcat互聯(lián)###################################httpd.confListen 80LoadModule jk_module modules/mod_jk.soJKWorkdersFile /etc/httpd/conf/workers.propertiesJKShmFile /var/log/httpd/mod_jk.shmJKLogFile /var/log/httpd/mod_jk.logJKLogLevel infoJKLogStampFormat "[%a %b %d %H:%M:%S %Y]"NameVirtualHost 192.168.1.2ServerName aa.com

DocumentRoot /home/websites/aa

ErrorLog /home/websites/aa/error

CustomLog /home/websites/aa/access common

JKMount /*.jsp aa-workerworkers.propertiesworker.list=aa-worker,bb-workerworker.aa-worker.type=ajp13worker.aa-worker.host=aa.comworker.aa-worker.port=8009##########################end apache tomcat互聯(lián)#######################################啟用managertomcat-users.xmlhttp://xx:8080/host-manager/html

#######

JVM_OPTIONS='-Xms512m -Xmm1024m'? 初始堆大小，最大堆大小

export JVM_OPTIONS

grant codeBase "file:/home/xx/xx/-"{

permission java.io.FilePermission "/some/cc/xx/*","read";

}

################################################################################

/manager/jmxproxy

################################################jmx監(jiān)控tomcat

bin/catalina.sh

#加入

? [ $1 != "stop" ] && JAVA_OPTS="-Dcom.sun.management.jmxremote \?

-Dcom.sun.management.jmxremote.port=9008 \?

-Dcom.sun.management.jmxremote.ssl=false \?

-Dcom.sun.management.jmxremote.authenticate=false $JAVA_OPTS"?

export JAVA_OPTS?

#java/bin/jconsole啟動(dòng),輸入

service:jmx:rmi:///jndi/rmi://localhost:9008/jmxrmi?

##################################################################################

負(fù)載均衡：

DNS負(fù)載均衡

硬件負(fù)載均衡(F5 big-ip:4-7層挺智，15萬以上祷愉；梭子魚負(fù)載均衡：比較便宜)

軟件負(fù)載均衡(LVS,Nginx,HAProxy)

#mod_jk,mod_proxy通信

##http head:get,accept,referer,accept-language,accept-encoding,host,connection

##request,response

#nginx

? ? ? ? ? proxy_pass http://geeboo;

? ? ? ? ? ? ? proxy_redirect off;

? ? ? ? ? ? ? proxy_set_header X-Real-IP $remote_addr;?

? ? ? ? ? ? ? proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

? ? ? ? ? ? ? proxy_set_header Host $host;

? ? ? ? ? ? ? client_max_body_size 1024m;

? ? ? ? ? ? ? client_body_buffer_size 1024000k;

? ? ? ? ? ? ? proxy_connect_timeout 40s;

? ? ? ? ? ? ? proxy_send_timeout 40s;

? ? ? ? ? ? ? proxy_read_timeout 40s;

? ? ? ? ? ? ? proxy_buffer_size 102400k;

? ? ? ? ? ? ? proxy_buffers 6 102400k;

? ? ? ? ? ? ? proxy_busy_buffers_size 102400k;

? ? ? ? ? ? ? proxy_temp_file_write_size 102400k;

##############

##掃描參數(shù)? -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9

##掃描端口 nmap -p80,443,55,110 192.168.10.10

##掃描端口 nmap -sP 192.168.10.10

##掃描網(wǎng)段 nmap -sP 10.10.10.0/24

##掃描操作系統(tǒng) nmap -O 10.10.10.0/24

##掃描所有? nmap -A 10.10.10.0/24

##掃描版本檢測 nmap -sV 10.10.10.0