Benutzer-Werkzeuge
tomcat_administration:start
Inhaltsverzeichnis
Tomcat Administration
Tag 1
1.2 - tomcat.sh
#!/bin/sh
### Start Config ###
TOMCAT_VERSION=10.0.20
INSTANCE_NAME=workshop
### End Config ####
CATALINA_HOME=/opt/tomcat/products/${TOMCAT_VERSION}
CATALINA_BASE=/opt/tomcat/instances/${INSTANCE_NAME}
export CATALINA_HOME
export CATALINA_BASE
case "$1" in
start)
$CATALINA_HOME/bin/startup.sh
;;
stop)
$CATALINA_HOME/bin/shutdown.sh
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac
1.3 - Erweiterung setenv.sh
CATALINA_TMPDIR="${CATALINA_VAR}/temp"
CATALINA_PID="${CATALINA_VAR}/logs/tomcat.pid"
CATALINA_OUT="${CATALINA_VAR}/logs/catalina.out"
CATALINA_OPTS="-Dcatalina.var=${CATALINA_VAR}"
1.4 - OOM
JAVA_OOM="-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/tomcat/workshop -XX:OnOutOfMemoryError=${CATALINA_HOME}/bin/oom.sh"
CATALINA_OPTS="$CATALINA_OPTS $JAVA_OOM"
1.4 - action.bash
#!/bin/bash dumps=`ls -1rt /var/tomcat/java_pid*.hprof | tail -1`; printf "Memory Dump:\n $dumps" >> /tmp/dumps.log # printf "Memory Dump:\n $dumps" | mailx -s "Memory Dump" "admin@example.zz"
1.8 - Valve und Filter
<Context> <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="10"/> </Context>
<filter>
<filter-name>ExpiresFilter</filter-name>
<filter-class>org.apache.catalina.filters.ExpiresFilter</filter-class>
<init-param>
<param-name>ExpiresByType text</param-name>
<param-value>access plus 2 days</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ExpiresFilter</filter-name>
<url-pattern>*.html</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
Tag 2
2.4 - SSL Connector
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true" >
<SSLHostConfig protocols="all,-TLSv1,-TLSv1.1"
ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"
honorCipherOrder="true" >
<Certificate
certificateKeystoreFile="${catalina.base}/conf/keystore.jks"
certificateKeystorePassword="changeit" />
</SSLHostConfig>
</Connector>
2.5 - Anpassungen logging.properties
handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler, 3manager.org.apache.juli.AsyncFileHandler, 4hostmanager. org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler, 5workshop1.org.apache.juli.AsyncFileHandler, 6workshop2.org.apache.juli.AsyncFileHandler
5workshop1.org.apache.juli.AsyncFileHandler.level = FINE
5workshop1.org.apache.juli.AsyncFileHandler.directory = ${catalina.var}/logs
5workshop1.org.apache.juli.AsyncFileHandler.prefix = workshop_log1.
5workshop1.org.apache.juli.AsyncFileHandler.maxDays = 90
5workshop1.org.apache.juli.AsyncFileHandler.encoding = UTF-8
6workshop2.org.apache.juli.AsyncFileHandler.level = FINE
6workshop2.org.apache.juli.AsyncFileHandler.directory = ${catalina.var}/logs
6workshop2.org.apache.juli.AsyncFileHandler.prefix = workshop_log2.
6workshop2.org.apache.juli.AsyncFileHandler.maxDays = 90
6workshop2.org.apache.juli.AsyncFileHandler.encoding = UTF-8
ws_log.handlers = 5workshop1.org.apache.juli.AsyncFileHandler de.kippdata.workshop.handlers = 6workshop2.org.apache.juli.AsyncFileHandler
2.6 - log4j.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- You can add the attribute monitorInterval (seconds)
to the Configuration element for hot config reloading,
for example: <Configuration monitorInterval="60"> -->
<Configuration status="warn" monitorInterval="60">
<Appenders>
<RollingFile name="default"
fileName="${sys:catalina.var}/logs/catalina.log"
filePattern="${sys:catalina.var}/logs/catalina.log.%d{yyyy-MM-dd-HHmmss}">
<PatternLayout>
<pattern>%d %r %p [%t] %c (%F:%L) - %m%n</pattern>
</PatternLayout>
<!-- Daily Rotation, schedule is cron style
with columns seconds, minutes, hours, day-of-month,
month, day-of-week, year(optional) -->
<CronTriggeringPolicy schedule="0 0 0 * * ?" />
</RollingFile>
</Appenders>
<Loggers>
<Root level="info">
<AppenderRef ref="default"/>
</Root>
<!-- Example for changing a log level
<Logger name="org.apache.catalina"
level="info" additivity="false">
<AppenderRef ref="default"/>
</Logger>
<Logger name="org.apache.catalina.core.ContainerBase.[Catalina].[localhost]"
level="info" additivity="false">
<AppenderRef ref="default"/>
</Logger>
<Logger name="org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager]"
level="info" additivity="false">
<AppenderRef ref="default"/>
</Logger>
-->
</Loggers>
</Configuration>
2.7 - JMX Remote
JMX_OPTS_NOSSL_NOAUTH="\
-Dcom.sun.management.jmxremote=true \
-Dcom.sun.management.jmxremote.port=1090 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false \
"
JMX_OPTS_SSL_NOAUTH="\
-Dcom.sun.management.jmxremote=true \
-Dcom.sun.management.jmxremote.port=1090 \
-Dcom.sun.management.jmxremote.ssl=true \
-Dcom.sun.management.jmxremote.authenticate=false \
-Djavax.net.ssl.keyStorePassword=workshop \
-Djavax.net.ssl.keyStore=${CATALINA_BASE}/conf/keystore.jks \
"
JMX_OPTS_SSL_AUTH="\
-Dcom.sun.management.jmxremote=true \
-Dcom.sun.management.jmxremote.port=1090 \
-Dcom.sun.management.jmxremote.ssl=true \
-Dcom.sun.management.jmxremote.authenticate=true \
-Dcom.sun.management.jmxremote.access.file=${CATALINA_BASE}/conf/jmxremote.access \
-Dcom.sun.management.jmxremote.password.file=${CATALINA_BASE}/conf/jmxremote.password \
-Djavax.net.ssl.keyStorePassword=workshop \
-Djavax.net.ssl.keyStore=${CATALINA_BASE}/conf/keystore.jks \
"
CATALINA_OPTS="$CATALINA_OPTS $JMX_OPTS_NOSSL_NOAUTH"
Tag 3
3.7 - Ressources
<Context docBase="/opt/webapps/workshop/3.1.0/workshop.war">
<Resources>
<PreResources className="org.apache.catalina.webresources.DirResourceSet"
base="${catalina.base}/conf/workshop" webAppMount="/WEB-INF/classes" />
</Resources>
</Context>
3.8 - LDAP Realm
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionName="cn=tcmanager,ou=specialusers,dc=linuxhotel,dc=de"
connectionPassword="secret"
connectionURL="ldap://ldapserver:389/"
userBase="ou=people,dc=linuxhotel,dc=de"
userSubtree="true"
userSearch="(uid={0})"
roleBase="ou=groups,dc=linuxhotel,dc=de"
roleSubtree="true"
roleName="cn"
roleSearch="(uniqueMember={0})"
/>
Tag 4
Tag 5
5.1 - docker
FROM alpine:3.15
#### OpenJDK 17
RUN apk update
RUN apk add openjdk17-jre-headless
ENV JAVA_HOME /usr/lib/jvm/java-17-openjdk
#### tcnative
#ENV TCNATIVE 1.2.33
#RUN apk add openjdk17-jdk apr-dev openssl-dev gcc make musl-dev
#RUN wget -O /tmp/tomcat-native-${TCNATIVE}-src.tar.gz https://dlcdn.apache.org/tomcat/tomcat-connectors/native/${TCNATIVE}/source/tomcat-native-${TCNATIVE}-src.tar.gz; \
# cd /tmp; \
# tar -zxf tomcat-native-${TCNATIVE}-src.tar.gz; \
# cd tomcat-native-${TCNATIVE}-src/native; \
# ./configure --prefix=/opt/tcnative/${TCNATIVE}; \
# make; \
# make install; \
# cd /tmp; \
# rm -rf /tmp/tomcat-native*
#### tomcat
ENV TOMCATVERSION 10.0.20
ENV INSTANCENAME workshop
ENV TOMCATDIR /opt/tomcat
ENV WARFILE workshop.war
ENV APPVERSION 3.1.0
ENV CATALINA_HOME ${TOMCATDIR}/products/apache-tomcat-${TOMCATVERSION}
ENV CATALINA_BASE ${TOMCATDIR}/instances/${INSTANCENAME}
ENV CATALINA_VAR /var/tomcat/${INSTANCENAME}
ENV PATH $CATALINA_HOME/bin:$PATH
ENV TCUSER tcrun
ENV TCGROUP tcgroup
# create CATALINA_HOME
RUN mkdir -p "${TOMCATDIR}/products"; \
cd ${TOMCATDIR}/products; \
wget -O /tmp/tomcat-product.tar.gz "https://archive.apache.org/dist/tomcat/tomcat-10/v${TOMCATVERSION}/bin/apache-tomcat-${TOMCATVERSION}.tar.gz"; \
tar -zxf /tmp/tomcat-product.tar.gz; \
rm /tmp/tomcat-product.tar.gz
# create CATALINA_BASE
COPY ${INSTANCENAME}.tar /tmp/${INSTANCENAME}.tar
RUN mkdir -p ${TOMCATDIR}/instances; \
cd ${TOMCATDIR}/instances; \
tar -xf /tmp/${INSTANCENAME}.tar; \
rm /tmp/${INSTANCENAME}.tar
# create CATALINA_VAR
RUN mkdir -p /var/tomcat/${INSTANCENAME}; \
cd /var/tomcat/${INSTANCENAME}; \
mkdir logs temp webapps work
# create webappdir
RUN mkdir -p /opt/webapps/${INSTANCENAME}/${APPVERSION}-jee9
COPY $WARFILE /opt/webapps/${INSTANCENAME}/${APPVERSION}-jee9/
# create runtime user and change rights
RUN addgroup $TCGROUP; \
adduser -h /opt/tomcat -H -G $TCGROUP -s /bin/sh -D $TCUSER; \
chown -R $TCUSER:$TCGROUP /opt/tomcat; \
chown -R $TCUSER:$TCGROUP /var/tomcat; \
chown -R $TCUSER:$TCGROUP /opt/webapps
WORKDIR $CATALINA_BASE
EXPOSE 8080 8443
USER $TCUSER
CMD ["catalina.sh","run"]
5.3 - einfacher Proxy
<VirtualHost *:80> ProxyPass /workshop http://localhost:8180/workshop ProxyPassReverse /workshop http://localhost:8080/workshop ProxyPassReverse /workshop http://localhost:8180/workshop ProxyPreserveHost On </VirtualHost>
5.6 - Monitoring
ProxyPass /lbmanager !
<Location /lbmanager>
SetHandler balancer-manager
AuthType basic
AuthName "Proxy Balancer"
AuthBasicProvider file
AuthUserFile htpasswd.intern
Require user proxyadmin
</Location>
LogFormat "%h %l %u %t \"%r\" %>s %b %{BALANCER_ROUTE_CHANGED}e %{BALANCER_WORKER_ROUTE}e %{BALANCER_SESSION_ROUTE}e %D" proxyextended
CustomLog "logs/proxy_access_log" proxyextended
tomcat_administration/start.txt · Zuletzt geändert: 2022/05/13 15:09 von marco.staub
Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-Noncommercial-Share Alike 4.0 International
