Benutzer-Werkzeuge
tomcat_administration:start
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen gezeigt.
| Beide Seiten, vorherige Überarbeitung Vorherige Überarbeitung Nächste Überarbeitung | Vorherige Überarbeitung | ||
|
tomcat_administration:start [2016/11/21 08:01] marco.staub |
tomcat_administration:start [2024/04/11 06:55] (aktuell) |
||
|---|---|---|---|
| Zeile 3: | Zeile 3: | ||
| ===== Tag 1 ===== | ===== Tag 1 ===== | ||
| - | ==== rc.sh ==== | + | ==== 1.2 - tomcat.sh ==== |
| - | <nowiki> | + | <code> |
| - | #!/usr/bin/sh | + | #!/bin/sh |
| - | # rc.sh | + | |
| ### Start Config ### | ### Start Config ### | ||
| - | TOMCAT_VERSION=8.5.8 | + | |
| + | TOMCAT_VERSION=10.1.20 | ||
| INSTANCE_NAME=workshop | INSTANCE_NAME=workshop | ||
| - | INSTANCE_VERSION=1.0 | + | |
| ### End Config #### | ### End Config #### | ||
| + | |||
| CATALINA_HOME=/opt/tomcat/products/${TOMCAT_VERSION} | CATALINA_HOME=/opt/tomcat/products/${TOMCAT_VERSION} | ||
| - | CATALINA_BASE=/opt/tomcat/instances/${INSTANCE_NAME}/${INSTANCE_VERSION} | + | CATALINA_BASE=/opt/tomcat/instances/${INSTANCE_NAME} |
| export CATALINA_HOME | export CATALINA_HOME | ||
| export CATALINA_BASE | export CATALINA_BASE | ||
| + | |||
| case "$1" in | case "$1" in | ||
| start) | start) | ||
| - | $CATALINA_HOME/bin/startup.sh | + | $CATALINA_HOME/bin/startup.sh |
| - | ;; | + | ;; |
| stop) | stop) | ||
| - | $CATALINA_HOME/bin/shutdown.sh | + | $CATALINA_HOME/bin/shutdown.sh |
| - | ;; | + | ;; |
| *) | *) | ||
| - | echo "Usage: $0 {start|stop}" | + | echo "Usage: $0 {start|stop}" |
| - | exit 1 | + | exit 1 |
| - | ;; | + | ;; |
| esac | esac | ||
| - | </nowiki> | + | </code> |
| + | |||
| + | ==== 1.3 - Erweiterung setenv.sh ==== | ||
| + | |||
| + | <code> | ||
| + | CATALINA_TMPDIR="${CATALINA_VAR}/temp" | ||
| + | CATALINA_PID="${CATALINA_VAR}/logs/tomcat.pid" | ||
| + | CATALINA_OUT="${CATALINA_VAR}/logs/catalina.out" | ||
| + | CATALINA_OPTS="-Dcatalina.var=${CATALINA_VAR}" | ||
| + | </code> | ||
| + | |||
| + | ==== 1.4 - OOM ==== | ||
| + | <code> | ||
| + | JAVA_OOM="-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/tomcat/workshop -XX:OnOutOfMemoryError=${CATALINA_HOME}/bin/oom.sh" | ||
| + | CATALINA_OPTS="$CATALINA_OPTS $JAVA_OOM" | ||
| + | </code> | ||
| + | |||
| + | ==== 1.4 - action.bash ==== | ||
| + | |||
| + | <code> | ||
| + | #!/bin/bash | ||
| + | dumps=`ls -1rt /var/tomcat/java_pid*.hprof | tail -1`; | ||
| + | printf "Memory Dump:\n $dumps" >> /tmp/dumps.log | ||
| + | # printf "Memory Dump:\n $dumps" | mailx -s "Memory Dump" "admin@example.zz" | ||
| + | </code> | ||
| + | |||
| + | ==== 1.8 - Valve und Filter ==== | ||
| + | |||
| + | <code> | ||
| + | <Context> | ||
| + | <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="10"/> | ||
| + | </Context> | ||
| + | </code> | ||
| + | |||
| + | <code> | ||
| + | <filter> | ||
| + | <filter-name>ExpiresFilter</filter-name> | ||
| + | <filter-class>org.apache.catalina.filters.ExpiresFilter</filter-class> | ||
| + | <init-param> | ||
| + | <param-name>ExpiresByType text</param-name> | ||
| + | <param-value>access plus 2 days</param-value> | ||
| + | </init-param> | ||
| + | </filter> | ||
| + | <filter-mapping> | ||
| + | <filter-name>ExpiresFilter</filter-name> | ||
| + | <url-pattern>*.html</url-pattern> | ||
| + | <dispatcher>REQUEST</dispatcher> | ||
| + | </filter-mapping> | ||
| + | </code> | ||
| + | |||
| + | ===== Tag 2 ===== | ||
| + | |||
| + | ==== 2.4 - SSL Connector ==== | ||
| + | |||
| + | <code> | ||
| + | <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" | ||
| + | maxThreads="150" SSLEnabled="true" scheme="https" secure="true" > | ||
| + | <SSLHostConfig protocols="all,-TLSv1,-TLSv1.1" | ||
| + | ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA" | ||
| + | honorCipherOrder="true" > | ||
| + | <Certificate | ||
| + | certificateKeystoreFile="${catalina.base}/conf/keystore.jks" | ||
| + | certificateKeystorePassword="changeit" /> | ||
| + | </SSLHostConfig> | ||
| + | </Connector> | ||
| + | </code> | ||
| + | |||
| + | ==== 2.5 - Anpassungen logging.properties ==== | ||
| + | |||
| + | <code> | ||
| + | handlers = 1catalina.org.apache.juli.AsyncFileHandler, | ||
| + | 2localhost.org.apache.juli.AsyncFileHandler, | ||
| + | 3manager.org.apache.juli.AsyncFileHandler, 4hostmanager. | ||
| + | org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler, | ||
| + | 5workshop1.org.apache.juli.AsyncFileHandler, | ||
| + | 6workshop2.org.apache.juli.AsyncFileHandler | ||
| + | </code> | ||
| + | <code> | ||
| + | 5workshop1.org.apache.juli.AsyncFileHandler.level = FINE | ||
| + | 5workshop1.org.apache.juli.AsyncFileHandler.directory = ${catalina.var}/logs | ||
| + | 5workshop1.org.apache.juli.AsyncFileHandler.prefix = workshop_log1. | ||
| + | 5workshop1.org.apache.juli.AsyncFileHandler.maxDays = 90 | ||
| + | 5workshop1.org.apache.juli.AsyncFileHandler.encoding = UTF-8 | ||
| + | |||
| + | 6workshop2.org.apache.juli.AsyncFileHandler.level = FINE | ||
| + | 6workshop2.org.apache.juli.AsyncFileHandler.directory = ${catalina.var}/logs | ||
| + | 6workshop2.org.apache.juli.AsyncFileHandler.prefix = workshop_log2. | ||
| + | 6workshop2.org.apache.juli.AsyncFileHandler.maxDays = 90 | ||
| + | 6workshop2.org.apache.juli.AsyncFileHandler.encoding = UTF-8 | ||
| + | </code> | ||
| + | <code> | ||
| + | ws_log.handlers = 5workshop1.org.apache.juli.AsyncFileHandler | ||
| + | de.kippdata.workshop.handlers = 6workshop2.org.apache.juli.AsyncFileHandler | ||
| + | </code> | ||
| + | ==== 2.6 - log4j.xml ==== | ||
| + | <code> | ||
| + | <?xml version="1.0" encoding="UTF-8"?> | ||
| + | <!-- You can add the attribute monitorInterval (seconds) | ||
| + | to the Configuration element for hot config reloading, | ||
| + | for example: <Configuration monitorInterval="60"> --> | ||
| + | <Configuration status="warn" monitorInterval="60"> | ||
| + | <Appenders> | ||
| + | <RollingFile name="default" | ||
| + | fileName="${sys:catalina.var}/logs/catalina.log" | ||
| + | filePattern="${sys:catalina.var}/logs/catalina.log.%d{yyyy-MM-dd-HHmmss}"> | ||
| + | <PatternLayout> | ||
| + | <pattern>%d %r %p [%t] %c (%F:%L) - %m%n</pattern> | ||
| + | </PatternLayout> | ||
| + | <!-- Daily Rotation, schedule is cron style | ||
| + | with columns seconds, minutes, hours, day-of-month, | ||
| + | month, day-of-week, year(optional) --> | ||
| + | <CronTriggeringPolicy schedule="0 0 0 * * ?" /> | ||
| + | </RollingFile> | ||
| + | </Appenders> | ||
| + | <Loggers> | ||
| + | <Root level="info"> | ||
| + | <AppenderRef ref="default"/> | ||
| + | </Root> | ||
| + | <!-- Example for changing a log level | ||
| + | <Logger name="org.apache.catalina" | ||
| + | level="info" additivity="false"> | ||
| + | <AppenderRef ref="default"/> | ||
| + | </Logger> | ||
| + | <Logger name="org.apache.catalina.core.ContainerBase.[Catalina].[localhost]" | ||
| + | level="info" additivity="false"> | ||
| + | <AppenderRef ref="default"/> | ||
| + | </Logger> | ||
| + | <Logger name="org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager]" | ||
| + | level="info" additivity="false"> | ||
| + | <AppenderRef ref="default"/> | ||
| + | </Logger> | ||
| + | --> | ||
| + | </Loggers> | ||
| + | </Configuration> | ||
| + | </code> | ||
| + | |||
| + | ==== 2.7 - JMX Remote ==== | ||
| + | <code> | ||
| + | JMX_OPTS_NOSSL_NOAUTH="\ | ||
| + | -Dcom.sun.management.jmxremote=true \ | ||
| + | -Dcom.sun.management.jmxremote.port=1090 \ | ||
| + | -Dcom.sun.management.jmxremote.ssl=false \ | ||
| + | -Dcom.sun.management.jmxremote.authenticate=false \ | ||
| + | " | ||
| + | |||
| + | JMX_OPTS_SSL_NOAUTH="\ | ||
| + | -Dcom.sun.management.jmxremote=true \ | ||
| + | -Dcom.sun.management.jmxremote.port=1090 \ | ||
| + | -Dcom.sun.management.jmxremote.ssl=true \ | ||
| + | -Dcom.sun.management.jmxremote.authenticate=false \ | ||
| + | -Djavax.net.ssl.keyStorePassword=workshop \ | ||
| + | -Djavax.net.ssl.keyStore=${CATALINA_BASE}/conf/keystore.jks \ | ||
| + | " | ||
| + | |||
| + | JMX_OPTS_SSL_AUTH="\ | ||
| + | -Dcom.sun.management.jmxremote=true \ | ||
| + | -Dcom.sun.management.jmxremote.port=1090 \ | ||
| + | -Dcom.sun.management.jmxremote.ssl=true \ | ||
| + | -Dcom.sun.management.jmxremote.authenticate=true \ | ||
| + | -Dcom.sun.management.jmxremote.access.file=${CATALINA_BASE}/conf/jmxremote.access \ | ||
| + | -Dcom.sun.management.jmxremote.password.file=${CATALINA_BASE}/conf/jmxremote.password \ | ||
| + | -Djavax.net.ssl.keyStorePassword=workshop \ | ||
| + | -Djavax.net.ssl.keyStore=${CATALINA_BASE}/conf/keystore.jks \ | ||
| + | " | ||
| + | |||
| + | CATALINA_OPTS="$CATALINA_OPTS $JMX_OPTS_NOSSL_NOAUTH" | ||
| + | </code> | ||
| + | |||
| + | ===== Tag 3 ===== | ||
| + | |||
| + | ==== 3.7 - Ressources ==== | ||
| + | |||
| + | <code> | ||
| + | <Context docBase="/opt/webapps/workshop/3.1.0/workshop.war"> | ||
| + | <Resources> | ||
| + | <PreResources className="org.apache.catalina.webresources.DirResourceSet" | ||
| + | base="${catalina.base}/conf/workshop" webAppMount="/WEB-INF/classes" /> | ||
| + | </Resources> | ||
| + | </Context> | ||
| + | </code> | ||
| + | |||
| + | ==== 3.8 - LDAP Realm ==== | ||
| + | |||
| + | <code> | ||
| + | <Realm className="org.apache.catalina.realm.JNDIRealm" | ||
| + | connectionName="cn=tcmanager,ou=specialusers,dc=linuxhotel,dc=de" | ||
| + | connectionPassword="secret" | ||
| + | connectionURL="ldap://ldapserver:389/" | ||
| + | userBase="ou=people,dc=linuxhotel,dc=de" | ||
| + | userSubtree="true" | ||
| + | userSearch="(uid={0})" | ||
| + | roleBase="ou=groups,dc=linuxhotel,dc=de" | ||
| + | roleSubtree="true" | ||
| + | roleName="cn" | ||
| + | roleSearch="(uniqueMember={0})" | ||
| + | /> | ||
| + | </code> | ||
| + | |||
| + | ===== Tag 4 ===== | ||
| + | |||
| + | |||
| + | ===== Tag 5 ===== | ||
| + | |||
| + | ==== 5.1 - docker ==== | ||
| + | |||
| + | <code> | ||
| + | FROM alpine:3.15 | ||
| + | |||
| + | #### OpenJDK 17 | ||
| + | RUN apk update | ||
| + | RUN apk add openjdk17-jre-headless | ||
| + | ENV JAVA_HOME /usr/lib/jvm/java-17-openjdk | ||
| + | |||
| + | #### tcnative | ||
| + | #ENV TCNATIVE 1.2.33 | ||
| + | #RUN apk add openjdk17-jdk apr-dev openssl-dev gcc make musl-dev | ||
| + | #RUN wget -O /tmp/tomcat-native-${TCNATIVE}-src.tar.gz https://dlcdn.apache.org/tomcat/tomcat-connectors/native/${TCNATIVE}/source/tomcat-native-${TCNATIVE}-src.tar.gz; \ | ||
| + | # cd /tmp; \ | ||
| + | # tar -zxf tomcat-native-${TCNATIVE}-src.tar.gz; \ | ||
| + | # cd tomcat-native-${TCNATIVE}-src/native; \ | ||
| + | # ./configure --prefix=/opt/tcnative/${TCNATIVE}; \ | ||
| + | # make; \ | ||
| + | # make install; \ | ||
| + | # cd /tmp; \ | ||
| + | # rm -rf /tmp/tomcat-native* | ||
| + | |||
| + | #### tomcat | ||
| + | ENV TOMCATVERSION 10.0.20 | ||
| + | ENV INSTANCENAME workshop | ||
| + | ENV TOMCATDIR /opt/tomcat | ||
| + | ENV WARFILE workshop.war | ||
| + | ENV APPVERSION 3.1.0 | ||
| + | ENV CATALINA_HOME ${TOMCATDIR}/products/apache-tomcat-${TOMCATVERSION} | ||
| + | ENV CATALINA_BASE ${TOMCATDIR}/instances/${INSTANCENAME} | ||
| + | ENV CATALINA_VAR /var/tomcat/${INSTANCENAME} | ||
| + | ENV PATH $CATALINA_HOME/bin:$PATH | ||
| + | ENV TCUSER tcrun | ||
| + | ENV TCGROUP tcgroup | ||
| + | |||
| + | # create CATALINA_HOME | ||
| + | RUN mkdir -p "${TOMCATDIR}/products"; \ | ||
| + | cd ${TOMCATDIR}/products; \ | ||
| + | wget -O /tmp/tomcat-product.tar.gz "https://archive.apache.org/dist/tomcat/tomcat-10/v${TOMCATVERSION}/bin/apache-tomcat-${TOMCATVERSION}.tar.gz"; \ | ||
| + | tar -zxf /tmp/tomcat-product.tar.gz; \ | ||
| + | rm /tmp/tomcat-product.tar.gz | ||
| + | |||
| + | # create CATALINA_BASE | ||
| + | COPY ${INSTANCENAME}.tar /tmp/${INSTANCENAME}.tar | ||
| + | RUN mkdir -p ${TOMCATDIR}/instances; \ | ||
| + | cd ${TOMCATDIR}/instances; \ | ||
| + | tar -xf /tmp/${INSTANCENAME}.tar; \ | ||
| + | rm /tmp/${INSTANCENAME}.tar | ||
| + | |||
| + | # create CATALINA_VAR | ||
| + | RUN mkdir -p /var/tomcat/${INSTANCENAME}; \ | ||
| + | cd /var/tomcat/${INSTANCENAME}; \ | ||
| + | mkdir logs temp webapps work | ||
| + | |||
| + | # create webappdir | ||
| + | RUN mkdir -p /opt/webapps/${INSTANCENAME}/${APPVERSION}-jee9 | ||
| + | COPY $WARFILE /opt/webapps/${INSTANCENAME}/${APPVERSION}-jee9/ | ||
| + | |||
| + | # create runtime user and change rights | ||
| + | RUN addgroup $TCGROUP; \ | ||
| + | adduser -h /opt/tomcat -H -G $TCGROUP -s /bin/sh -D $TCUSER; \ | ||
| + | chown -R $TCUSER:$TCGROUP /opt/tomcat; \ | ||
| + | chown -R $TCUSER:$TCGROUP /var/tomcat; \ | ||
| + | chown -R $TCUSER:$TCGROUP /opt/webapps | ||
| + | |||
| + | WORKDIR $CATALINA_BASE | ||
| + | EXPOSE 8080 8443 | ||
| + | |||
| + | USER $TCUSER | ||
| + | CMD ["catalina.sh","run"] | ||
| + | </code> | ||
| + | |||
| + | ==== 5.3 - einfacher Proxy ==== | ||
| + | <code> | ||
| + | <VirtualHost *:80> | ||
| + | ProxyPass /workshop http://localhost:8180/workshop | ||
| + | ProxyPassReverse /workshop http://localhost:8080/workshop | ||
| + | ProxyPassReverse /workshop http://localhost:8180/workshop | ||
| + | ProxyPreserveHost On | ||
| + | </VirtualHost> | ||
| + | </code> | ||
| + | |||
| + | ==== 5.6 - Monitoring ==== | ||
| + | |||
| + | <code> | ||
| + | ProxyPass /lbmanager ! | ||
| + | <Location /lbmanager> | ||
| + | SetHandler balancer-manager | ||
| + | AuthType basic | ||
| + | AuthName "Proxy Balancer" | ||
| + | AuthBasicProvider file | ||
| + | AuthUserFile htpasswd.intern | ||
| + | Require user proxyadmin | ||
| + | </Location> | ||
| + | </code> | ||
| + | <code> | ||
| + | LogFormat "%h %l %u %t \"%r\" %>s %b %{BALANCER_ROUTE_CHANGED}e %{BALANCER_WORKER_ROUTE}e %{BALANCER_SESSION_ROUTE}e %D" proxyextended | ||
| + | CustomLog "logs/proxy_access_log" proxyextended | ||
| + | </code> | ||
tomcat_administration/start.1479715280.txt.gz · Zuletzt geändert: 2016/11/21 08:01 von marco.staub
Seiten-Werkzeuge
Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-Noncommercial-Share Alike 4.0 International
