Hier werden die Unterschiede zwischen zwei Versionen gezeigt.
tomcat_administration:start [2022/05/13 15:01] marco.staub |
tomcat_administration:start [2024/04/11 06:55] |
||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
- | ====== Tomcat Administration ====== | ||
- | |||
- | ===== Tag 1 ===== | ||
- | |||
- | ==== 1.2 - rc.sh ==== | ||
- | <code> | ||
- | #!/bin/sh | ||
- | |||
- | ### Start Config ### | ||
- | |||
- | TOMCAT_VERSION=10.0.20 | ||
- | INSTANCE_NAME=workshop | ||
- | |||
- | ### End Config #### | ||
- | |||
- | CATALINA_HOME=/opt/tomcat/products/${TOMCAT_VERSION} | ||
- | CATALINA_BASE=/opt/tomcat/instances/${INSTANCE_NAME} | ||
- | |||
- | export CATALINA_HOME | ||
- | export CATALINA_BASE | ||
- | |||
- | case "$1" in | ||
- | start) | ||
- | $CATALINA_HOME/bin/startup.sh | ||
- | ;; | ||
- | stop) | ||
- | $CATALINA_HOME/bin/shutdown.sh | ||
- | ;; | ||
- | *) | ||
- | echo "Usage: $0 {start|stop}" | ||
- | exit 1 | ||
- | ;; | ||
- | esac | ||
- | </code> | ||
- | |||
- | ==== 1.3 - Erweiterung setenv.sh ==== | ||
- | |||
- | <code> | ||
- | CATALINA_TMPDIR="${CATALINA_VAR}/temp" | ||
- | CATALINA_PID="${CATALINA_VAR}/logs/tomcat.pid" | ||
- | CATALINA_OUT="${CATALINA_VAR}/logs/catalina.out" | ||
- | CATALINA_OPTS="-Dcatalina.var=${CATALINA_VAR}" | ||
- | </code> | ||
- | |||
- | ==== 1.4 - OOM ==== | ||
- | <code> | ||
- | JAVA_OOM="-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/tomcat/workshop -XX:OnOutOfMemoryError=${CATALINA_HOME}/bin/oom.sh" | ||
- | CATALINA_OPTS="$CATALINA_OPTS $JAVA_OOM" | ||
- | </code> | ||
- | |||
- | ==== 1.4 - action.bash ==== | ||
- | |||
- | <code> | ||
- | #!/bin/bash | ||
- | dumps=`ls -1rt /var/tomcat/java_pid*.hprof | tail -1`; | ||
- | printf "Memory Dump:\n $dumps" >> /tmp/dumps.log | ||
- | # printf "Memory Dump:\n $dumps" | mailx -s "Memory Dump" "admin@example.zz" | ||
- | </code> | ||
- | |||
- | ==== 1.8 - Valve und Filter ==== | ||
- | |||
- | <code> | ||
- | <Context> | ||
- | <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="10"/> | ||
- | </Context> | ||
- | </code> | ||
- | |||
- | <code> | ||
- | <filter> | ||
- | <filter-name>ExpiresFilter</filter-name> | ||
- | <filter-class>org.apache.catalina.filters.ExpiresFilter</filter-class> | ||
- | <init-param> | ||
- | <param-name>ExpiresByType text</param-name> | ||
- | <param-value>access plus 2 days</param-value> | ||
- | </init-param> | ||
- | </filter> | ||
- | <filter-mapping> | ||
- | <filter-name>ExpiresFilter</filter-name> | ||
- | <url-pattern>*.html</url-pattern> | ||
- | <dispatcher>REQUEST</dispatcher> | ||
- | </filter-mapping> | ||
- | </code> | ||
- | |||
- | ===== Tag 2 ===== | ||
- | |||
- | ==== 2.4 - SSL Connector ==== | ||
- | |||
- | <code> | ||
- | <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" | ||
- | maxThreads="150" SSLEnabled="true" scheme="https" secure="true" > | ||
- | <SSLHostConfig protocols="all,-TLSv1,-TLSv1.1" | ||
- | ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA" | ||
- | honorCipherOrder="true" > | ||
- | <Certificate | ||
- | certificateKeystoreFile="${catalina.base}/conf/keystore.jks" | ||
- | certificateKeystorePassword="changeit" /> | ||
- | </SSLHostConfig> | ||
- | </Connector> | ||
- | </code> | ||
- | |||
- | ==== 2.5 - Anpassungen logging.properties ==== | ||
- | |||
- | <code> | ||
- | handlers = 1catalina.org.apache.juli.AsyncFileHandler, | ||
- | 2localhost.org.apache.juli.AsyncFileHandler, | ||
- | 3manager.org.apache.juli.AsyncFileHandler, 4hostmanager. | ||
- | org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler, | ||
- | 5workshop1.org.apache.juli.AsyncFileHandler, | ||
- | 6workshop2.org.apache.juli.AsyncFileHandler | ||
- | </code> | ||
- | <code> | ||
- | 5workshop1.org.apache.juli.AsyncFileHandler.level = FINE | ||
- | 5workshop1.org.apache.juli.AsyncFileHandler.directory = ${catalina.var}/logs | ||
- | 5workshop1.org.apache.juli.AsyncFileHandler.prefix = workshop_log1. | ||
- | 5workshop1.org.apache.juli.AsyncFileHandler.maxDays = 90 | ||
- | 5workshop1.org.apache.juli.AsyncFileHandler.encoding = UTF-8 | ||
- | |||
- | 6workshop2.org.apache.juli.AsyncFileHandler.level = FINE | ||
- | 6workshop2.org.apache.juli.AsyncFileHandler.directory = ${catalina.var}/logs | ||
- | 6workshop2.org.apache.juli.AsyncFileHandler.prefix = workshop_log2. | ||
- | 6workshop2.org.apache.juli.AsyncFileHandler.maxDays = 90 | ||
- | 6workshop2.org.apache.juli.AsyncFileHandler.encoding = UTF-8 | ||
- | </code> | ||
- | <code> | ||
- | ws_log.handlers = 5workshop1.org.apache.juli.AsyncFileHandler | ||
- | de.kippdata.workshop.handlers = 6workshop2.org.apache.juli.AsyncFileHandler | ||
- | </code> | ||
- | ==== 2.6 - log4j.xml ==== | ||
- | <code> | ||
- | <?xml version="1.0" encoding="UTF-8"?> | ||
- | <!-- You can add the attribute monitorInterval (seconds) | ||
- | to the Configuration element for hot config reloading, | ||
- | for example: <Configuration monitorInterval="60"> --> | ||
- | <Configuration status="warn" monitorInterval="60"> | ||
- | <Appenders> | ||
- | <RollingFile name="default" | ||
- | fileName="${sys:catalina.var}/logs/catalina.log" | ||
- | filePattern="${sys:catalina.var}/logs/catalina.log.%d{yyyy-MM-dd-HHmmss}"> | ||
- | <PatternLayout> | ||
- | <pattern>%d %r %p [%t] %c (%F:%L) - %m%n</pattern> | ||
- | </PatternLayout> | ||
- | <!-- Daily Rotation, schedule is cron style | ||
- | with columns seconds, minutes, hours, day-of-month, | ||
- | month, day-of-week, year(optional) --> | ||
- | <CronTriggeringPolicy schedule="0 0 0 * * ?" /> | ||
- | </RollingFile> | ||
- | </Appenders> | ||
- | <Loggers> | ||
- | <Root level="info"> | ||
- | <AppenderRef ref="default"/> | ||
- | </Root> | ||
- | <!-- Example for changing a log level | ||
- | <Logger name="org.apache.catalina" | ||
- | level="info" additivity="false"> | ||
- | <AppenderRef ref="default"/> | ||
- | </Logger> | ||
- | <Logger name="org.apache.catalina.core.ContainerBase.[Catalina].[localhost]" | ||
- | level="info" additivity="false"> | ||
- | <AppenderRef ref="default"/> | ||
- | </Logger> | ||
- | <Logger name="org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager]" | ||
- | level="info" additivity="false"> | ||
- | <AppenderRef ref="default"/> | ||
- | </Logger> | ||
- | --> | ||
- | </Loggers> | ||
- | </Configuration> | ||
- | </code> | ||
- | |||
- | ==== 2.7 - JMX Remote ==== | ||
- | <code> | ||
- | JMX_OPTS_NOSSL_NOAUTH="\ | ||
- | -Dcom.sun.management.jmxremote=true \ | ||
- | -Dcom.sun.management.jmxremote.port=1090 \ | ||
- | -Dcom.sun.management.jmxremote.ssl=false \ | ||
- | -Dcom.sun.management.jmxremote.authenticate=false \ | ||
- | " | ||
- | |||
- | JMX_OPTS_SSL_NOAUTH="\ | ||
- | -Dcom.sun.management.jmxremote=true \ | ||
- | -Dcom.sun.management.jmxremote.port=1090 \ | ||
- | -Dcom.sun.management.jmxremote.ssl=true \ | ||
- | -Dcom.sun.management.jmxremote.authenticate=false \ | ||
- | -Djavax.net.ssl.keyStorePassword=workshop \ | ||
- | -Djavax.net.ssl.keyStore=${CATALINA_BASE}/conf/keystore.jks \ | ||
- | " | ||
- | |||
- | JMX_OPTS_SSL_AUTH="\ | ||
- | -Dcom.sun.management.jmxremote=true \ | ||
- | -Dcom.sun.management.jmxremote.port=1090 \ | ||
- | -Dcom.sun.management.jmxremote.ssl=true \ | ||
- | -Dcom.sun.management.jmxremote.authenticate=true \ | ||
- | -Dcom.sun.management.jmxremote.access.file=${CATALINA_BASE}/conf/jmxremote.access \ | ||
- | -Dcom.sun.management.jmxremote.password.file=${CATALINA_BASE}/conf/jmxremote.password \ | ||
- | -Djavax.net.ssl.keyStorePassword=workshop \ | ||
- | -Djavax.net.ssl.keyStore=${CATALINA_BASE}/conf/keystore.jks \ | ||
- | " | ||
- | |||
- | CATALINA_OPTS="$CATALINA_OPTS $JMX_OPTS_NOSSL_NOAUTH" | ||
- | </code> | ||
- | |||
- | ===== Tag 3 ===== | ||
- | |||
- | ==== 3.7 - Ressources ==== | ||
- | |||
- | <code> | ||
- | <Context docBase="/opt/webapps/workshop/3.1.0/workshop.war"> | ||
- | <Resources> | ||
- | <PreResources className="org.apache.catalina.webresources.DirResourceSet" | ||
- | base="${catalina.base}/conf/workshop" webAppMount="/WEB-INF/classes" /> | ||
- | </Resources> | ||
- | </Context> | ||
- | </code> | ||
- | |||
- | ==== 3.8 - LDAP Realm ==== | ||
- | |||
- | <code> | ||
- | <Realm className="org.apache.catalina.realm.JNDIRealm" | ||
- | connectionName="cn=tcmanager,ou=specialusers,dc=linuxhotel,dc=de" | ||
- | connectionPassword="secret" | ||
- | connectionURL="ldap://ldapserver:389/" | ||
- | userBase="ou=people,dc=linuxhotel,dc=de" | ||
- | userSubtree="true" | ||
- | userSearch="(uid={0})" | ||
- | roleBase="ou=groups,dc=linuxhotel,dc=de" | ||
- | roleSubtree="true" | ||
- | roleName="cn" | ||
- | roleSearch="(uniqueMember={0})" | ||
- | /> | ||
- | </code> | ||
- | |||
- | ===== Tag 4 ===== | ||
- | |||
- | |||
- | ===== Tag 5 ===== | ||
- | |||
- | ==== 5.1 - docker ==== | ||
- | |||
- | <code> | ||
- | FROM alpine:3.15 | ||
- | |||
- | #### OpenJDK 17 | ||
- | RUN apk update | ||
- | RUN apk add openjdk17-jre-headless | ||
- | ENV JAVA_HOME /usr/lib/jvm/java-17-openjdk | ||
- | |||
- | #### tcnative | ||
- | #ENV TCNATIVE 1.2.33 | ||
- | #RUN apk add openjdk17-jdk apr-dev openssl-dev gcc make musl-dev | ||
- | #RUN wget -O /tmp/tomcat-native-${TCNATIVE}-src.tar.gz https://dlcdn.apache.org/tomcat/tomcat-connectors/native/${TCNATIVE}/source/tomcat-native-${TCNATIVE}-src.tar.gz; \ | ||
- | # cd /tmp; \ | ||
- | # tar -zxf tomcat-native-${TCNATIVE}-src.tar.gz; \ | ||
- | # cd tomcat-native-${TCNATIVE}-src/native; \ | ||
- | # ./configure --prefix=/opt/tcnative/${TCNATIVE}; \ | ||
- | # make; \ | ||
- | # make install; \ | ||
- | # cd /tmp; \ | ||
- | # rm -rf /tmp/tomcat-native* | ||
- | |||
- | #### tomcat | ||
- | ENV TOMCATVERSION 10.0.20 | ||
- | ENV INSTANCENAME workshop | ||
- | ENV TOMCATDIR /opt/tomcat | ||
- | ENV WARFILE workshop.war | ||
- | ENV APPVERSION 3.1.0 | ||
- | ENV CATALINA_HOME ${TOMCATDIR}/products/apache-tomcat-${TOMCATVERSION} | ||
- | ENV CATALINA_BASE ${TOMCATDIR}/instances/${INSTANCENAME} | ||
- | ENV CATALINA_VAR /var/tomcat/${INSTANCENAME} | ||
- | ENV PATH $CATALINA_HOME/bin:$PATH | ||
- | ENV TCUSER tcrun | ||
- | ENV TCGROUP tcgroup | ||
- | |||
- | # create CATALINA_HOME | ||
- | RUN mkdir -p "${TOMCATDIR}/products"; \ | ||
- | cd ${TOMCATDIR}/products; \ | ||
- | wget -O /tmp/tomcat-product.tar.gz "https://archive.apache.org/dist/tomcat/tomcat-10/v${TOMCATVERSION}/bin/apache-tomcat-${TOMCATVERSION}.tar.gz"; \ | ||
- | tar -zxf /tmp/tomcat-product.tar.gz; \ | ||
- | rm /tmp/tomcat-product.tar.gz | ||
- | |||
- | # create CATALINA_BASE | ||
- | COPY ${INSTANCENAME}.tar /tmp/${INSTANCENAME}.tar | ||
- | RUN mkdir -p ${TOMCATDIR}/instances; \ | ||
- | cd ${TOMCATDIR}/instances; \ | ||
- | tar -xf /tmp/${INSTANCENAME}.tar; \ | ||
- | rm /tmp/${INSTANCENAME}.tar | ||
- | |||
- | # create CATALINA_VAR | ||
- | RUN mkdir -p /var/tomcat/${INSTANCENAME}; \ | ||
- | cd /var/tomcat/${INSTANCENAME}; \ | ||
- | mkdir logs temp webapps work | ||
- | |||
- | # create webappdir | ||
- | RUN mkdir -p /opt/webapps/${INSTANCENAME}/${APPVERSION}-jee9 | ||
- | COPY $WARFILE /opt/webapps/${INSTANCENAME}/${APPVERSION}-jee9/ | ||
- | |||
- | # create runtime user and change rights | ||
- | RUN addgroup $TCGROUP; \ | ||
- | adduser -h /opt/tomcat -H -G $TCGROUP -s /bin/sh -D $TCUSER; \ | ||
- | chown -R $TCUSER:$TCGROUP /opt/tomcat; \ | ||
- | chown -R $TCUSER:$TCGROUP /var/tomcat; \ | ||
- | chown -R $TCUSER:$TCGROUP /opt/webapps | ||
- | |||
- | WORKDIR $CATALINA_BASE | ||
- | EXPOSE 8080 8443 | ||
- | |||
- | USER $TCUSER | ||
- | CMD ["catalina.sh","run"] | ||
- | </code> | ||
- | |||
- | ==== 5.5 - balancer-manager ==== | ||
- | |||
- | <code> | ||
- | ProxyPass /lbmanager ! | ||
- | <Location /lbmanager> | ||
- | SetHandler balancer-manager | ||
- | AuthType basic | ||
- | AuthName "Proxy Balancer" | ||
- | AuthBasicProvider file | ||
- | AuthUserFile htpasswd.intern | ||
- | Require user proxyadmin | ||
- | </Location> | ||
- | </code> | ||
- | |||