tomcat 端口默认为8080, 可以通过修改下面port项改为80端口,但不建议你这样使用80端口,tomcat 会继承root权限,这是非常危险的做法。
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
性能调整
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
maxThreads="2048" />
<Connector port="8080" protocol="HTTP/1.1"
maxThreads="2048"
minSpareThreads="64"
maxSpareThreads="256"
acceptCount="128"
enableLookups="false"
redirectPort="8443"
debug="0"
connectionTimeout="20000"
disableUploadTimeout="true"
URIEncoding="UTF-8" />
maxThreads="4096" 最大连接数 minSpareThreads="50" 最小空闲线程 maxSpareThreads="100" 最大空闲线程 enableLookups="false" 禁止域名解析 acceptCount="15000" connectionTimeout="30000" 超时时间 redirectPort="8443" disableUploadTimeout="true" URIEncoding="UTF-8" UTF-8编码 protocol="AJP/1.3" AJP协议版本
<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEngine="on"
SSLCertificateFile="${catalina.base}/conf/localhost.crt"
SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" />
压缩传送数据
compression="on" compressionMinSize="2048" noCompressionUserAgents="gozilla, traviata" compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css"
如果你的站点编码非UTF-8,去掉URIEncoding="UTF-8"使用下面选项.
useBodyEncodingForURI="true"
在Connector中加入server="Neo App Srv 1.0"
vim $CATALINA_HOME/conf/server.xml
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
maxThreads="8192"
minSpareThreads="64"
maxSpareThreads="128"
acceptCount="128"
enableLookups="false"
server="Neo App Srv 1.0"/>
# curl -I http://localhost:8080/ HTTP/1.1 400 Bad Request Transfer-Encoding: chunked Date: Thu, 20 Oct 2011 09:51:55 GMT Connection: close Server: Neo App Srv 1.0
配置虚拟目录
例如我们需要这样的配置
http://www.netkiller.cn/news http://www.netkiller.cn/member http://www.netkiller.cn/product
实现方法
<Host name="localhost" appBase="/www/example.com" unpackWARs="true" autoDeploy="true"> <Alias>www.example.com</Alias> <Context path="news" docBase="www.example.com/news" reloadable="false"></Context> <Context path="member" docBase="www.example.com/member" reloadable="false"></Context> <Context path="product" docBase="www.example.com/product" reloadable="false"></Context> </Host>
关闭war自动部署 unpackWARs="false" autoDeploy="false"。防止被植入木马等恶意程序
关闭 reloadable="false" 也用于防止被植入木马
<?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="manager"/> <user username="tomcat" password="QI0Ajp7" roles="manager"/> </tomcat-users>
状态监控 http://localhost/manager/status
服务管理 http://localhost/manager/html/list
<tomcat-users> <!-- NOTE: By default, no user is included in the "manager-gui" role required to operate the "/manager/html" web application. If you wish to use this app, you must define such a user - the username and password are arbitrary. --> <!-- NOTE: The sample user and role entries below are wrapped in a comment and thus are ignored when reading this file. Do not forget to remove <!.. ..> that surrounds them. --> <!-- <role rolename="tomcat"/> <role rolename="role1"/> <user username="tomcat" password="tomcat" roles="tomcat"/> <user username="both" password="tomcat" roles="tomcat,role1"/> <user username="role1" password="tomcat" roles="role1"/> --> <role rolename="manager-gui"/> <role rolename="manager-script"/> <role rolename="manager-jmx"/> <role rolename="manager-status"/> <user username="tomcat" password="tomcat" roles="manager-gui,manager-script,manager-jmx,manager-status"/> <role rolename="admin-gui"/> <role rolename="admin-script"/> <user username="admin" password="admin" roles="admin-gui,admin-script"/> </tomcat-users>
context.xml 主要用于配置 数据库连接池
开启热部署,生产环境不建议使用
<Context reloadable="true">
org.apache.catalina.webresources.Cache.getResource Unable to add the resource at [/WEB-INF/lib/netkiller.jar] to the cache because there was insufficient free space available after evicting expired cache entries - consider increasing the maximum size of the cache
<Resources cachingAllowed="true" cacheMaxSize="100000" />
修改日志目录
1catalina.org.apache.juli.FileHandler.level = FINE
#1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
1catalina.org.apache.juli.FileHandler.directory = /www/logs/tomcat
1catalina.org.apache.juli.FileHandler.prefix = catalina.
配置跳过扫描*.jar
tomcat.util.scan.StandardJarScanFilter.jarsToSkip=\*.jar
context.xml
<JarScanner scanClassPath="false"/>
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。
