Linux-Tomcat-Https配置步骤

CENTOS(LINUX)TOMCAT安装与配置步骤1.软件准备1.1Linux(centos)安装包1.2JDK安装包1.3Tomcat安装包1.4APR安装包下载：apr-x.x.x.tar.gzapr-util-x.x.x.tar.gztomcat-native.tar.gz可以在tomcat/bin目录下找到。2.Linux(centos)安装2.1步骤略2.2装中文包surootyuminstall@ChineseSupport[中文包位于ISO文件中server文件夹下]fonts-chinese-3.02-9.6.el5.noarch.rpmfonts-ISO8859-2-75dpi-1.0-17.1.noarch.rpm执行命令#rpm-ivhfonts-chinese-3.02-9.6.el5.noarch.rpm#rpm-ivhfonts-ISO8859-2-75dpi-1.0-17.1.noarch.rpm#vi/etc/sysconfig/i18nLANG=en-US.UTF-8将en-US修改为zh-CNSYSFONT=latarcyrheb-sun16按Esc键，输入“：wq”存盘退出如果安装完后还不支持中文，则进下如下步骤：#cd/usr/share/fonts/#fc-cache-fv3.JDK安装3.1卸载OpenJDK默认安装用root用户登陆到系统，打开终端输入：#rpm-qa|grepgcj查看是否有显示信息，如：#java-1.4.2-gcj-compat-xxxxxx如果有则卸载：rpm-e--nodepsjava-1.4.2-gcj-compat-xxxxxx卸载rpm版的jdk：#rpm-qa|grepjdk显示：jdk-1.6.0_10-fcs卸载：#rpm-e--nodepsjdk-1.6.0_10-fcs3.2安装预期的JDK#cdjkd安装目录#拷贝或移动jdk-xxxx-linux-i586-rpm.bin到此#chmod+xjdk-xxxx-linux-i586-rpm.bin#./jdk-xxxx-linux-i586-rpm.bin如果出错提示：运行rpm-ivhglib*--force–nodeps3.3检验安装并确认JDK的根目录#java–versionjavaversion版本号Java(TM)2RuntimeEnvironment,StandardEdition(build版本号_xx-xxx)JavaHotSpot(TM)64-BitServerVM(build版本号_xx-xxx,mixedmode)3.4设置JDK环境变量Rahat:#cd/root#pwd/root#vi.bashrc输入“i”进入编辑模式进行你想要的修改，末尾追加：exportJAVA_HOME=/usr/java/latestexportJRE_HOME=$JAVA_HOME/jreexportCLASSPATH=.:$JAVA_HOME/lib:$JAVA_HOME/jre/libexportPATH=$JAVA_HOME/bin:$HOME/bin:$PATH输入完毕后按Esc键，然后输入“:wq”存盘退出；“：q”放弃并退出Centos:#cd/etc/profile.d#touchjdk.sh#vijdk.sh输入“i”进入编辑模式进行你想要的修改，末尾追加：exportJAVA_HOME=/usr/java/jdk1.6.0_45exportJRE_HOME=$JAVA_HOME/jreexportPATH=$JAVA_HOME/bin:$PATHexportCLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar3.5使环境变量生效：#sourceprofile4.安装Tomcat4.1步骤略4.2更改地址栏tomcat图标首先制作一个名为favicon.ico的图标文件，然后进入tomcat的webapps下的ROOT目录，把其中的favicon.ico替换成自己的。注意：favicon.ico应该为16×16像素或32×32像素5.提升Tomcat性能5.1安装aprtarzxvfapr-X.X.X.tar.gzcdapr-X.X.X./configure提示：configure:error:noacceptableCcompilerfoundin$PATH#yum–yinstallgccmakemakeinstall完毕，默认安装路径在/usr/local/apr下5.2安装apr-utiltarzxvfapr-util-X.X.X.tar.gzcdapr-util-X.X.X./configure--with-apr=/usr/local/aprmakemakeinstall5.3安装tomcat-nativecd/usr/local/{$TOMCAT_HOME}/bintarzxvftomcat-native.tar.gzcdtomcat-native-1.1.20-src/jni/native./configure--with-apr=/usr/local/apr--with-java-home=$JAVA_HOMEmakemakeinstall5.4设置apr的环境变量：Linux:#vi/etc/profile或者/root/.bashrcCentos:#cd/etc/profile.d#touchapr.sh#viapr.sh//后面添加以下内容exportLD_LIBRARY_PATH=/usr/local/apr/lib//退出vi，运行下面命令生效source/etc/profile5.5启用线程池、解决B/S传输中文乱码问题Connectorexecutor=tomcatThreadPoolport=8080protocol=HTTP/1.1connectionTimeout=20000redirectPort=443useBodyEncodingForURI=true/5.6避免内存溢出#vi/bin/catalina.sh在“cygwin=false”前加入：JAVA_OPTS=-server-Xms1024m-Xmx4096m-XX:PermSize=256M-XX:MaxNewSize=1024m-XX:MaxPermSize=512m-Djava.awt.headless=true5.7重启tomcat，查看日志里有如下信息：信息:LoadedAPRbasedApacheTomcatNativelibrary1.1.205.7此时启动Tomcat如果以下错误：INFO:TheAPRbasedApacheTomcatNativelibrarywhichallowsoptimalperformanceinproductionenvironmentswasnotfoundonthejava.library.path:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib请加入下面的环境变量：exportLD_LIBRARY_PATH=/usr/local/apr/libsource/etc/profileSEVERE:FailedtoinitializetheSSLEngine.org.apache.tomcat.jni.Error:70023:Thisfunctionhasnotbeenimplementedonthisplatform请关闭SSL侦听，除非你有使用SSL，修改/conf/server.xmlListenerclassName=org.apache.catalina.core.AprLifecycleListenerSSLEngine=off/6.配置Https6.1使用jdk提供的keytool工具制作证书：#pwd/root#keytool-genkey-aliastomcat-keyalgRSAWhatisyourfirstandlastname?[Unknown]:Whatisthenameofyourorganizationalunit?[Unknown]:Whatisthenameofyourorganization?[Unknown]:WhatisthenameofyourCityorLocality?[Unknown]:WhatisthenameofyourStateorProvince?[Unknown]:Whatisthetwo-lettercountrycodeforthisunit?[Unknown]:IsCN=xx,OU=xx,O=xx,L=xx，ST=xxC=xxcorrect?[no]:yEnterkeypasswordfortomcat(RETURNifsameaskeystorepassword):完成后，会在用户主目录/root下生成证书文件:.keystore。6.2启动tomcathttps监听修改/$TOMCAT_HOME/conf/server.xml文件，把原来已经注释SSL的部分取消，也就是激活：!--AConnectorrepresentsanendpointbywhichrequestsarereceivedandresponsesarereturned.Documentationat:JavaHTTPConnector:/docs/config/http.html(blocking&non-blocking)JavaAJPConnector:/docs/config/ajp.htmlAPR(HTTP/AJP)Connector:/docs/apr.htmlDefineanon-SSLHTTP/1.1Connectoronport8080--!--Connectorport=8080protocol=HTTP/1.1connectionTimeout=20000redirectPort=443/--!--AConnectorusingthesharedthreadpool--Connectorexecutor=tomcatThreadPoolport=8080protocol=HTTP/1.1connectionTimeout=20000redirectPort=443useBodyEncodingForURI=true/!--DefineaSSLHTTP/1.1Connectoronport8443ThisconnectorusestheJSSEconfiguration,whenusingAPR,theconnectorshouldbeusingtheOpenSSLstyleconfigurationdescribedintheAPRdocumentation--Connectorport=443protocol=HTTP/1.1SSLEnabled=truemaxThreads=150scheme=httpssecure=truekeystorePass=pwdclientAuth=falsesslProtocol=TLS/!--DefineanAJP1.3Connectoronport8009--Connectorport=8009protocol=AJP/1.3redirectPort=443/注意:修改配置文件中keystorePass为keystore的密码，如果密钥不是存放在/root/.keystore，或使用了另外的文件名。可在配置文件中定义keystoreFile=/path/.keystore6.3重启Tomcat#cd/$TOMCAT_HOME/bin#./shutdown.sh#