一、安装JDK环境

方法一、

官方下载链接

http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html

64位:http://download.oracle.com/otn-pub/java/jdk/7u71-b14/jdk-7u71-linux-x64.tar.gz

32位:http://download.oracle.com/otn-pub/java/jdk/7u71-b14/jdk-7u71-linux-i586.tar.gz

# tar -zxvf jdk-7u71-linux-x64.tar.gz //解压

# cp -r jdk-7u71-linux-x64/ /usr/local/jdk7 //拷贝到指定目录

# vi /etc/profile  //编辑系统环境变量配置文件

在最后面添加如下配置:

export JAVA_HOME=/usr/local/jdk7

export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar

export PATH=$PATH:$JAVA_HOME/bin
# source  /etc/profile //启用变量

# java -version //查看java版本
java version "1.7.0_71"

Java(TM) SE Runtime Environment (build 1.7.0_71-b14)

Java HotSpot(TM) 64-Bit Server VM (build 24.71-b01, mixed mode)

配置生效,JDK已经安装完毕。

方法二、

wget --no-check-certificate --no-cookie --header "Cookie: oraclelicense=accept-securebackup-cookie;" http://download.oracle.com/otn-pub/java/jdk/8u45-b14/jdk-8u45-linux-x64.rpm

因为oracle现在要同意协议才能下载,直接使用wget加链接下载不到,所以要加上前面的那些代码.

rpm -ivh jdk-8u45-linux-x64.rpm

命令执行完毕即安装完成,使用java -version 检查是否安装成功。

二、安装Tomcat

下载链接:

http://mirrors.cnnic.cn/apache/tomcat/tomcat-6/v6.0.43/bin/apache-tomcat-6.0.43.zip

http://apache.fayea.com/tomcat/tomcat-7/v7.0.57/bin/apache-tomcat-7.0.57.zip

http://apache.fayea.com/tomcat/tomcat-8/v8.0.15/bin/apache-tomcat-8.0.15.zip

1.上传下载好的tomcat包,解压并拷贝到你需要安装的目录下,同时新建软链接指向tomcat目录。

# unzip apache-tomcat-6.0.43.zip

# cp -r  apache-tomcat-6.0.43  /usr/local/tomcat-6.0.43

# ln -s  /usr/local/tomcat-6.0.43 /user/local/tomcat

2.新建tomcat用户用于启动tomcat,主要是从安全上考虑,毕竟root用户权限太大,,,

# mkdir /webroot/testapp //新建项目存放目录

# groupadd tomcat  //添加tomcat用户组

# useradd -d /webroot/testapp  -g tomcat tomcat //添加tomcat用户到tomcat用户组,并设定用户home目录为/webroot/testapp

# usermod -s /sbin/nologin tomcat//禁止用户远程登录SSH

3.编译生成jsvc文件,以服务项启动。

# cd /user/local/tomcat/bin

# tar zxvf commons-daemon-native.tar.gz

# cd commons-daemon-1.0.-native-src/

# cd unix/

# yum -y install gcc //此时需要联网安装gcc

# ./configure  //编译

# make  //此时会编译并生成一个jsvc

# cp jsvc /usr/local/tomcat/bin/jsvc //拷贝

# ln -s /usr/local/tomcat/bin/daemon.sh /etc/init.d/tomcat6 //创建软链接

# chmod  /usr/local/tomcat/bin/daemon.sh //配置可执行权限

# chmod +x /usr/local/tomcat/bin/*.sh  //可能需要配置其他文件的可执行权限
# chown -R tomcat:tomcat /usr/local/tomcat //设置目录权限
# vi /usr/local/tomcat/bin/daemon.sh //设置随机启动必要环境参数

编辑文件内容如下:

#!/bin/sh

//加入以下内容

# tomcatd This shell script takes care of starting and stopping

# standalone tomcat

# chkconfig:

# description: tomcat service

# processname: tomcatd

# config file:

# Source function library.

. /etc/rc.d/init.d/functions

# Source networking configuration.

. /etc/sysconfig/network

# Check that networking is up.

if [ "${NETWORKING}" = "no" ]; then

    echo "Network is stoped! Please open the network!";

    exit

fi

//加入以上内容

# Licensed to the Apache Software Foundation (ASF) under one or more
# chkconfig tomcat6 on   //设置随机启动

如果chkconfig命令执行失败,请参考如下链接内容:

http://www.cnblogs.com/niocai/archive/2012/07/12/2587780.html

http://www.cnblogs.com/goodspeed/archive/2012/10/18/2729615.html

设定JDK路径,大约在95行:

//设定JDK路径

JAVA_HOME=/usr/java/jdk7

if [ -z "$JAVA_HOME" ]; then
# service tomcat6 start  //启动tomcat

4.优化tomcat内存设定

打开/usr/local/tomcat/bin/daemon.sh 文件,修改内容如下,大约在167左右:

##修复Tomcat容器乱码问题##

CATALINA_OPTS="$CATALINA_OPTS -Dfile.encoding=UTF-8"

##Tomcat optimization##

JAVA_OPTS="$JAVA_OPTS -server -Xms2560m -Xmx2560m -Xss1280k -XX:PermSize=320M -XX:MaxNewSize=1280m -XX:MaxPermSize=1280m -Djava.awt.headless=true"

# ----- Execute The Requested Command -----------------------------------------

JAVA_OPTS="-server -Xmsm -Xmxm -Xssk -XX:PermSize=M -XX:MaxNewSize=m -XX:MaxPermSize=m -Djava.awt.headless=true"

红色字体请根据自己服务器的实际配置酌情增大或减小。

daemon.sh完整的配置内容:

#!/bin/sh

# tomcatd This shell script takes care of starting and stopping

# standalone tomcat

# chkconfig:

# description: tomcat service

# processname: tomcatd

# config file:

# Source function library.

. /etc/rc.d/init.d/functions

# Source networking configuration.

. /etc/sysconfig/network

# Check that networking is up.

if [ "${NETWORKING}" = "no" ]; then

    echo "Network is stoped! Please open the network!";

    exit

fi

# Licensed to the Apache Software Foundation (ASF) under one or more

# contributor license agreements.  See the NOTICE file distributed with

# this work for additional information regarding copyright ownership.

# The ASF licenses this file to You under the Apache License, Version 2.0

# (the "License"); you may not use this file except in compliance with

# the License.  You may obtain a copy of the License at

#

#     http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

#

# -----------------------------------------------------------------------------

# Commons Daemon wrapper script.

# -----------------------------------------------------------------------------

#

# resolve links - $ may be a softlink

ARG0="$0"

while [ -h "$ARG0" ]; do

  ls=`ls -ld "$ARG0"`

  link=`expr "$ls" : '.*-> \(.*\)$'`

  if expr "$link" : '/.*' > /dev/null; then

    ARG0="$link"

  else

    ARG0="`dirname $ARG0`/$link"

  fi

done

DIRNAME="`dirname $ARG0`"

PROGRAM="`basename $ARG0`"

while [ ".$1" != . ]

do

  case "$1" in

    --java-home )

        JAVA_HOME="$2"

        shift; shift;

        continue

    ;;

    --catalina-home )

        CATALINA_HOME="$2"

        shift; shift;

        continue

    ;;

    --catalina-base )

        CATALINA_BASE="$2"

        shift; shift;

        continue

    ;;

    --catalina-pid )

        CATALINA_PID="$2"

        shift; shift;

        continue

    ;;

    --tomcat-user )

        TOMCAT_USER="$2"

        shift; shift;

        continue

    ;;

    --service-start-wait-time )

        SERVICE_START_WAIT_TIME="$2"

        shift; shift;

        continue

    ;;

    * )

        break

    ;;

  esac

done

# OS specific support (must be 'true' or 'false').

cygwin=false;

darwin=false;

case "`uname`" in

    CYGWIN*)

        cygwin=true

        ;;

    Darwin*)

        darwin=true

        ;;

esac

# Use the maximum available, or set MAX_FD != - to use that

test ".$MAX_FD" = . && MAX_FD="maximum"

# Setup parameters for running the jsvc

#

test ".$TOMCAT_USER" = . && TOMCAT_USER=tomcat

# Set JAVA_HOME to working JDK or JRE

# JAVA_HOME=/opt/jdk-1.6.0.22

# If not set we'll try to guess the JAVA_HOME

# from java binary if on the PATH

#

###CHANGE BY PHPDRAGON###

JAVA_HOME=/usr/java/jdk7

###CHANGE BY PHPDRAGON###

if [ -z "$JAVA_HOME" ]; then

    JAVA_BIN="`which java 2>/dev/null || type java 2>&1`"

    test -x "$JAVA_BIN" && JAVA_HOME="`dirname $JAVA_BIN`"

    test ".$JAVA_HOME" != . && JAVA_HOME=`cd "$JAVA_HOME/.." >/dev/null; pwd`

else

    JAVA_BIN="$JAVA_HOME/bin/java"

fi

# Only set CATALINA_HOME if not already set

test ".$CATALINA_HOME" = . && CATALINA_HOME=`cd "$DIRNAME/.." >/dev/null; pwd`

test ".$CATALINA_BASE" = . && CATALINA_BASE="$CATALINA_HOME"

test ".$CATALINA_MAIN" = . && CATALINA_MAIN=org.apache.catalina.startup.Bootstrap

test ".$JSVC" = . && JSVC="$CATALINA_BASE/bin/jsvc"

# Set the default service-start wait time if necessary

test ".$SERVICE_START_WAIT_TIME" = . && SERVICE_START_WAIT_TIME=

# Ensure that any user defined CLASSPATH variables are not used on startup,

# but allow them to be specified in setenv.sh, in rare case when it is needed.

CLASSPATH=

JAVA_OPTS=

if [ -r "$CATALINA_BASE/bin/setenv.sh" ]; then

  . "$CATALINA_BASE/bin/setenv.sh"

elif [ -r "$CATALINA_HOME/bin/setenv.sh" ]; then

  . "$CATALINA_HOME/bin/setenv.sh"

fi

# Add on extra jar files to CLASSPATH

# tomcat-juli.jar can be over-ridden per instance

test ".$CLASSPATH" != . && CLASSPATH="${CLASSPATH}:"

if [ "$CATALINA_BASE" != "$CATALINA_HOME" ] && [ -r "$CATALINA_BASE/bin/tomcat-juli.jar" ] ; then

  CLASSPATH="$CLASSPATH$CATALINA_BASE/bin/tomcat-juli.jar:$CATALINA_HOME/bin/commons-daemon.jar:$CATALINA_HOME/bin/bootstrap.jar"

else

  CLASSPATH="$CLASSPATH$CATALINA_HOME/bin/commons-daemon.jar:$CATALINA_HOME/bin/bootstrap.jar"

fi

test ".$CATALINA_OUT" = . && CATALINA_OUT="$CATALINA_BASE/logs/catalina-daemon.out"

test ".$CATALINA_TMP" = . && CATALINA_TMP="$CATALINA_BASE/temp"

# Set juli LogManager config file if it is present and an override has not been issued

if [ -z "$LOGGING_CONFIG" ]; then

  if [ -r "$CATALINA_BASE/conf/logging.properties" ]; then

    LOGGING_CONFIG="-Djava.util.logging.config.file=$CATALINA_BASE/conf/logging.properties"

  else

    # Bugzilla

    LOGGING_CONFIG="-Dnop"

  fi

fi

test ".$LOGGING_MANAGER" = . && LOGGING_MANAGER="-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager"

JAVA_OPTS="$JAVA_OPTS $LOGGING_MANAGER"

# Set -pidfile

test ".$CATALINA_PID" = . && CATALINA_PID="$CATALINA_BASE/logs/catalina-daemon.pid"

# Increase the maximum file descriptors if we can

if [ "$cygwin" = "false" ]; then

    MAX_FD_LIMIT=`ulimit -H -n`

    if [ "$?" -eq  ]; then

        # Darwin does not allow RLIMIT_INFINITY on file soft limit

        if [ "$darwin" = "true" -a "$MAX_FD_LIMIT" = "unlimited" ]; then

            MAX_FD_LIMIT=`/usr/sbin/sysctl -n kern.maxfilesperproc`

        fi

        test ".$MAX_FD" = ".maximum" && MAX_FD="$MAX_FD_LIMIT"

        ulimit -n $MAX_FD

        if [ "$?" -ne  ]; then

            echo "$PROGRAM: Could not set maximum file descriptor limit: $MAX_FD"

        fi

    else

        echo "$PROGRAM: Could not query system maximum file descriptor limit: $MAX_FD_LIMIT"

    fi

fi

###CHANGE BY PHPDRAGON###

##Repair of Tomcat container Garbled problem##

CATALINA_OPTS="$CATALINA_OPTS -Dfile.encoding=UTF-8"

##Tomcat optimization##

JAVA_OPTS="$JAVA_OPTS -server -Xms2560m -Xmx2560m -Xss1280k -XX:PermSize=320M -XX:MaxNewSize=1280m -XX:MaxPermSize=1280m -Djava.awt.headless=true"

###CHANGE BY PHPDRAGON###

# ----- Execute The Requested Command -----------------------------------------

case "$1" in

    run     )

      shift

      "$JSVC" $* \

      $JSVC_OPTS \

      -java-home "$JAVA_HOME" \

      -pidfile "$CATALINA_PID" \

      -wait "$SERVICE_START_WAIT_TIME" \

      -nodetach \

      -outfile "&1" \

      -errfile "&2" \

      -classpath "$CLASSPATH" \

      "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \

      -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \

      -Dcatalina.base="$CATALINA_BASE" \

      -Dcatalina.home="$CATALINA_HOME" \

      -Djava.io.tmpdir="$CATALINA_TMP" \

      $CATALINA_MAIN

      exit $?

    ;;

    start   )

      "$JSVC" $JSVC_OPTS \

      -java-home "$JAVA_HOME" \

      -user $TOMCAT_USER \

      -pidfile "$CATALINA_PID" \

      -wait "$SERVICE_START_WAIT_TIME" \

      -outfile "$CATALINA_OUT" \

      -errfile "&1" \

      -classpath "$CLASSPATH" \

      "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \

      -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \

      -Dcatalina.base="$CATALINA_BASE" \

      -Dcatalina.home="$CATALINA_HOME" \

      -Djava.io.tmpdir="$CATALINA_TMP" \

      $CATALINA_MAIN

      exit $?

    ;;

    stop    )

      "$JSVC" $JSVC_OPTS \

      -stop \

      -pidfile "$CATALINA_PID" \

      -classpath "$CLASSPATH" \

      -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \

      -Dcatalina.base="$CATALINA_BASE" \

      -Dcatalina.home="$CATALINA_HOME" \

      -Djava.io.tmpdir="$CATALINA_TMP" \

      $CATALINA_MAIN

      exit $?

    ;;

    version  )

      "$JSVC" \

      -java-home "$JAVA_HOME" \

      -pidfile "$CATALINA_PID" \

      -classpath "$CLASSPATH" \

      -errfile "&2" \

      -version \

      -check \

      $CATALINA_MAIN

      if [ "$?" =  ]; then

        "$JAVA_BIN" \

        -classpath "$CATALINA_HOME/lib/catalina.jar" \

        org.apache.catalina.util.ServerInfo

      fi

      exit $?

    ;;

    *       )

      echo "Unknown command: \`$1'"

      echo "Usage: $PROGRAM ( commands ... )"

      echo "commands:"

      echo "  run               Start Tomcat without detaching from console"

      echo "  start             Start Tomcat"

      echo "  stop              Stop Tomcat"

      echo "  version           What version of commons daemon and Tomcat"

      echo "                    are you running?"

      exit

    ;;

esac

三、安装vsftpd

# yum -y install vsftpd
# vi /etc/vsftpd/vsftpd.conf  //编辑配置文件

12行 anonymous_enable=YES 改为 NO 静止匿名用户登录

允许ascii码上传下载文件

81行 ascii_upload_enable=YES  去除 #

82行 ascii_download_enable=YES  去除 #

将登录后的用户限制在本地家目录下:

97行chroot_list_enable=YES 去除 # 
99行chroot_list_file=/etc/vsftpd/chroot_list 去除 #

121行userlist_enable=YES 修改 为 NO

#echo "tomcat" >> /etc/vsftpd/chroot_list  //将tomcat登录后限制在/webroot/testapp/目录下,该目录在创建tomcat用户时已经指定
#echo "tomcat" >>  /etc/vsftpd/user_list //添加tomcat可登录ftp

好了,安全方面,项目使用的是tomcat普通用户运行,禁止了SSH远程登录,同时使用ftp进行代码文件的上传。

这么做的初衷是之前的项目使用的80端口转发8080端口,导致程序的任务脚本CURL访问自身报错误[java.lang.Exception: Connection refused],

同时使用SecureFXPortable上传脚本导致项目上下文乱码。

打算不采用jsvc模式部署的,请参考我的另一篇文章

Centos6.3 下使用 Tomcat-6.0.43 非root用户 部署 生产环境 端口转发方式

借鉴:

http://www.linuxidc.com/Linux/2012-09/70481.htm

http://www.cnblogs.com/ebs-blog/archive/2010/10/14/2167288.html

http://blog.csdn.net/cnfixit/article/details/7030666

http://blog.csdn.net/wuyigong111/article/details/17410661

http://wenku.baidu.com/link?url=yZXEqZFAG4WNVhiAOoh4uHy_eQ5FV3JSiNPRa9zbAZ1Wj3hNS6h2upCv0TgCqAcJnqNnxqAf5nRpYD_5r_-4JJRa4mdnkqqZwuvwg4gAmbG

http://www.cnblogs.com/panjun-Donet/archive/2010/08/10/1796873.html

http://www.jb51.net/article/34332.htm

http://blog.sina.com.cn/s/blog_5c4532e50100vhbv.html

Centos6.3 下使用 Tomcat-6.0.43 非root用户 jsvc模式部署 生产环境 端口80 vsftp的更多相关文章

  1. Centos6.3 下使用 Tomcat-6.0.43 非root用户 部署 生产环境 端口转发方式

    一.安装JDK环境 方法一. 官方下载链接 http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260 ...

  2. centos6.8下LNMP (nginx1.8.0+php5.6.10+mysql5.6.12) - 部署手册

    在平时运维工作中,经常需要用到LNMP应用框架.以下对LNMP环境部署记录下: 1)前期准备:为了安装顺利,建议先使用yum安装依赖库[root@opd ~]#yum install -y make ...

  3. Ubuntu下配置Tomcat以指定(非root)身份执行

    My Blog:http://www.outflush.com/ 通常情况下.在配置Tomcat生产环境时,一般会配置Tomcat以特定的身份执行(非root).这样有利于提高安全性,防止站点被黑后的 ...

  4. Linux下非root用户运行Tomcat

    PS:Linux下使用非root用户运行tomcat的原因 由于项目需求,也由于root用户启动tomcat有一个严重的问题,那就是tomcat具有root权限. 这意味着你的任何一个页面脚本(htm ...

  5. zzw原创_非root用户下安装nginx

    想自己安装nginx,又不相用到root用户. 非root用户下(本文为用户bdctool)来ngnix安装,要依赖pcre库.zlib库等, 1. 下载依赖包:下载地址 pcre(www.pcre. ...

  6. CentOS6.7下使用非root用户(普通用户)编译安装与配置mysql数据库并使用shell脚本定时任务方式实现mysql数据库服务随机自动启动

    CentOS6.7下使用非root用户(普通用户)编译安装与配置mysql数据库并使用shell脚本定时任务方式实现mysql数据库服务随机自动启动1.关于mysql?MySQL是一个关系型数据库管理 ...

  7. linux系统非ROOT用户80端口不能启动tomcat问题的变通办法——通过Iptables端口转发

    2010-07-17 13:21:42 org.apache.tomcat.util.digester.SetPropertiesRule begin 警告: [SetPropertiesRule]{ ...

  8. 【出错记录】Tomcat非root用户启动无法拥有权限读写文件

    简单记录下,如有必要,将深入补充: 一.非root用户运行Tomcat及原因 由于项目中,为了安全需要,Tomcat将禁止以root形式启动,原因很简单,举个例子,一旦有人恶意将jsp文件透过某个别的 ...

  9. perl 下使用非root用户安装模块

    perl下安装模块可以使用cpan命令,但是通常我们不具有root用户权限,所以只能以sudo方式安装模块. 例如需要安装Net::SCP::Expect模块, 执行cpan Net::SCP::Ex ...

随机推荐

  1. 解决mysql开启GTID主从同步出现1236错误问题

    解决mysql开启GTID主从同步出现1236错误问题     最近遇到mysql开启gtid做复制时,从库出现1236错误,导致同步无法进行,本文就这问题记录下处理步骤,有关gtid知识在这里不做介 ...

  2. EMERGENCY! EUREKA MAY BE INCORRECTLY CLAIMING INSTANCES ARE UP WHEN THEY'RE NOT. RENEWALS ARE LESSER THAN THRESHOLD AND HENCE THE INSTANCES ARE NOT BEING EXPIRED JUST TO BE SAFE.

    启动两个client,过了一会,停了其中一个,访问注册中心时,界面上显示了红色粗体警告信息: 查阅了很多资料,终于了解了中间的问题.现将理解整理如下: Eureka server和client之间每隔 ...

  3. PCL的PNG文件和计算点云重心

    PCL提供节约一点云的值为一个PNG图像文件的可能方案.显然,这只能用有序的点云来完成,因为生成的图像的行和列将与点云的对应完全一致.例如,如果你从一个传感器Kinect或Xtion的点云,你可以用这 ...

  4. 解决java.lang.IllegalStateException: The application’s PagerAdapter changed the adapter’s content

    A界面中有viewpager的动态加载,从界面A跳到界面B,再finish掉B返回A时报出此异常. java.lang.IllegalStateException: The application's ...

  5. ADO.NET实体数据模型中关于数据库字段默认值的处理

    无论是Visual Studio 2010或者2013内置的ADO.NET实体数据模型都有一个小问题:数据库中有些字段已设置了默认值,但ADO.NET实体数据模型工具并不会自动进行设置. 这时需要手工 ...

  6. Linux 下用管道执行 ps aux | grep 进程ID 来获取CPU与内存占用率

    #include <stdio.h> #include <unistd.h>   int main() {     char caStdOutLine[1024]; // ps ...

  7. 数据规整化:pandas 求合并数据集(交集并集等)

    数据集的合并或连接运算是通过一个或多个键将行链接起来的.这些运算是关系型数据库的核心.pandas的merge函数是对数据应用这些算法的这样切入点. 默认是交集, inner连接 列名不同可以分别指定 ...

  8. (笔记)Mysql命令mysql:连接Mysql数据库

    mysql命令用户连接数据库. mysql命令格式: mysql -h主机地址 -u用户名 -p用户密码 1) 连接到本机上的MYSQL首先打开DOS窗口,然后进入目录mysql\bin,再键入命令m ...

  9. SciTE配置信息

    超强文本编辑器SciTE配置方法详细实例 转载 2006年12月28日 17:07:00 标签: 文本编辑 / 文档 / 语言 / html / python / api 32800 关于scite文 ...

  10. (转)linux用文件锁实现保证一个程序只能启动一个进程

    #include <stdio.h> #include <unistd.h>#include <fcntl.h>#include <errno.h>in ...