1、版本信息

组件名

版本号

jdk1.8.0_45
tomcat8.0.23
apr1.5.2
apr-iconv1.2.1
apr-util1.5.4
tomcat-native1.1.33


Tomcat的通讯模型总共为3种,分别为BIO、NIO、APR,而本次所采用的模式为APR。

3种模式的区别:


Java Blocking Connector

Java Nio Blocking Connector

APR/native Connector

Tomcat Version3.x onwards7.x onwards5.5.x onwards
Classname

BIO(AjpProtocol)

NIO(AjpNioProtocol)APR(AjpAprProtocol)
Read Request HeadersBlockingSim BlockingBlocking
Read Request BodyBlockingSim BlockingBlocking
Write ResponseBlockingSim BlockingBlocking
Wait for next RequestBlockingNon BlockingNon Blocking
Max ConnectionsmaxConnectionsmaxConnectionsmaxConnections
Polling SizeN/AmaxConnectionsmaxConnections
Support PollingNOYESYES

2、基础安装

 # cd /usr/local/src
 # tar xvzf jdk-8u45-linux-x64.gz -C /opt
 # cd /opt && ln -s jdk1.8.0_45 jdk
  
 # cd /usr/local/src
 # tar xvzf apache-tomcat-8.0.23.tar.gz -C /opt
 # cd /opt && ln -s apache-tomcat-8.0.23 tomcat


vim /etc/profile

export TOMCAT_HOME=/opt/tomcat
export JAVA_HOME=/opt/jdk
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$PATH:$JAVA_HOME/bin:$TOMCAT_HOME/bin


 # source /etc/profile
 # mkdir -p /data/logs/{search,tomcat}
 # mkdir -p /data/search/{data,index}


vim /opt/tomcat/conf/server.xml

......
<Connector port="8080"
        protocol="org.apache.coyote.http11.Http11AprProtocol"
        maxHttpHeaderSize="8192"
        onnectionTimeout="20000"
        redirectPort="8443"
        maxThreads="1000"
        minSpareThreads="50"
        maxSpareThreads="150"
        minProcessors="100"
        maxProcessors="1000"
        acceptCount="1000"
        disableUpload20meout="true"
        enableLookups="false"
        URIEncoding="UTF-8" />
......


vim /opt/tomcat/bin/setenv.sh这里以64G内存、24核CPU为例,且以单实例运行)

JAVA_OPTS="-Djava.awt.headless=true -Dfile.encoding=UTF-8
    -server -Xms48g -Xmx48g -Xss1m
    -XX:NewSize=8g -XX:MaxNewSize=16g
    -XX:NewRatio=4 -XX:SurvivorRatio=4
    -XX:+AggressiveOpts -XX:+UseBiasedLocking
    -XX:+UseConcMarkSweepGC -XX:ParallelCMSThreads=24
    -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -Xloggc:/data/logs/tomcat/gc.log
    -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/data/logs/tomcat/heapdump.bin
    -XX:+CMSParallelRemarkEnabled -XX:+ScavengeBeforeFullGC
    -XX:CMSInitiatingOccupancyFraction=75"
  
CATALINA_OUT=/data/logs/tomcat/catalina.out
  
CATALINA_OPTS="-Dcom.sun.management.jmxremote
    -Dcom.sun.management.jmxremote.authenticate=false
    -Dcom.sun.management.jmxremote.ssl=false
    -Dcom.sun.management.jmxremote.port=10826"


 # chmod +x /opt/tomcat/bin/setenv.sh


# vim /opt/tomcat/conf/logging.properties

......

1catalina.org.apache.juli.AsyncFileHandler.level = FINE

1catalina.org.apache.juli.AsyncFileHandler.directory = /data/logs/tomcat
1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina.
  
2localhost.org.apache.juli.AsyncFileHandler.level = FINE
2localhost.org.apache.juli.AsyncFileHandler.directory = /data/logs/tomcat
2localhost.org.apache.juli.AsyncFileHandler.prefix = localhost.
  
3manager.org.apache.juli.AsyncFileHandler.level = FINE
3manager.org.apache.juli.AsyncFileHandler.directory = /data/logs/tomcat
3manager.org.apache.juli.AsyncFileHandler.prefix = manager.
  
4host-manager.org.apache.juli.AsyncFileHandler.level = FINE
4host-manager.org.apache.juli.AsyncFileHandler.directory = /data/logs/tomcat

4host-manager.org.apache.juli.AsyncFileHandler.prefix = host-manager.

......


也可以直接如下执行:

 # sed -i 's#${catalina.base}/logs#/data/logs/tomcat#g' /opt/tomcat/conf/logging.properties


 # cd /usr/local/src
 # tar xvzf apr-1.5.2.tar.gz
 # cd apr-1.5.2
 # ./configure --prefix=/opt/apr
 # make && make install
  
 # cd /usr/local/src
 # tar xvzf apr-iconv-1.2.1.tar.gz
 # cd apr-iconv-1.2.1
 # ./configure --prefix=/opt/apr-iconv --with-apr=/opt/apr
 # make && make install
  
 # cd /usr/local/src
 # tar xvzf apr-util-1.5.4.tar.gz
 # cd apr-util-1.5.4
 # ./configure --prefix=/opt/apr-util --with-apr=/opt/apr --with-apr-iconv=/opt/apr-iconv/bin/apriconv
 # make && make install
  
 # cd /usr/local/src
 # tar xvzf tomcat-native-1.1.33-src.tar.gz
 # cd tomcat-native-1.1.33-src/jni/native
 # ./configure --prefix=/usr --with-apr=/opt/apr --with-java-home=/opt/jdk
 # make && make install


安装结果如下:

wKioL1Y7CSSAlZp5AAFsPP1DySA327.jpg

3、安全设置

1)隐藏Tomcat版本信息

 # cd /opt/tomcat/lib
 # mkdir -p org/apache/catalina/util
 # vim org/apache/catalina/util/ServerInfo.properties
 server.info=Eleme Tomcat


2)删除Tomcat管理页面

 # rm -rf /opt/tomcat/webapps/*


3)以普通用户运行Tomcat

方式一:(使用jsvc以普通用户权限去启动Tomcat,这是官方最推荐的方法,原理是root用户fork非root进程

 # useradd tomcat -s /usr/sbin/nologin   【Ubuntu系统环境】
 # useradd tomcat -s /sbin/nologin       【CentOS系统环境】
  
 # chown -R tomcat:tomcat /opt/tomcat/
 # chown -R tomcat:tomcat /data/logs/{search,tomcat}
  
 # cd /opt/tomcat/bin
 # tar xvzf commons-daemon-native.tar.gz
 # cd commons-daemon-1.0.15-native-src/unix
 # ./configure --with-java=/opt/jdk
 # make
 # cp jsvc ../../
 # cd ../../
 # ./daemon.sh start


wKiom1Y7CZ3jl-ueAA-QSZmddrs863.jpg

注:正常情况下有两个进程,参数都是一样的,但属主不一样,1个是root用户,1个是tomcat用户。


方式二:

 # useradd tomcat -s /bin/bash
 # chown -R tomcat:tomcat /opt/tomcat/
 # chown -R tomcat:tomcat /data/logs/{search,tomcat}
 # sudo su tomcat /opt/tomcat/bin/startup.sh


wKioL1Y7CvLwczicAAduzZJTHWk381.jpg


4)其他设置

自定义错误页面,比如添加以下内容:

 <error-page>
 <error-code>500</error-code>
 <location>/500.jsp</location>
 </error-page>

注:可以根据需要自行增加相应的错误码,常见的如500,404等,location选项为指定跳转的页面,该jsp文件需要自己生成。

删除jspx文件解析,可以注释掉以下内容

 <url-pattern>*.jspx</url-pattern>

注:以上两点配置,都在web.xml进行设置。

4、初步压测结果

测试工具:siege

并发线程数:600

测试命令:/opt/siege/bin/siege -c 600 -f /opt/urls.txt

wKioL1Y7C_7THbLUAAEDkSgvnyY157.jpg


测试并调优的难点主要是在JVM上,需要对JVM有较深入的了解,根据不同的应用场景进行调优。