Linuxhotel Wiki

Wie ging das nochmal?

Benutzer-Werkzeuge

Webseiten-Werkzeuge


tomcat_administration:start

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen gezeigt.

Link zu der Vergleichsansicht

Beide Seiten, vorherige Überarbeitung Vorherige Überarbeitung
Nächste Überarbeitung
Vorherige Überarbeitung
tomcat_administration:start [2016/11/21 08:04]
marco.staub
tomcat_administration:start [2022/05/13 15:09] (aktuell)
marco.staub
Zeile 3: Zeile 3:
 ===== Tag 1 ===== ===== Tag 1 =====
  
-==== rc.sh ====+==== 1.2 - tomcat.sh ====
 <​code>​ <​code>​
-#!/usr/bin/sh +#!/bin/sh
-# rc.sh+
  
 ### Start Config ### ### Start Config ###
-TOMCAT_VERSION=8.5.8+ 
 +TOMCAT_VERSION=10.0.20
 INSTANCE_NAME=workshop INSTANCE_NAME=workshop
-INSTANCE_VERSION=1.0 
  
 ### End Config #### ### End Config ####
  
 CATALINA_HOME=/​opt/​tomcat/​products/​${TOMCAT_VERSION} CATALINA_HOME=/​opt/​tomcat/​products/​${TOMCAT_VERSION}
-CATALINA_BASE=/​opt/​tomcat/​instances/​${INSTANCE_NAME}/​${INSTANCE_VERSION}+CATALINA_BASE=/​opt/​tomcat/​instances/​${INSTANCE_NAME}
  
 export CATALINA_HOME export CATALINA_HOME
Zeile 22: Zeile 21:
  
 case "​$1"​ in case "​$1"​ in
-   start) +start) 
-   ​$CATALINA_HOME/​bin/​startup.sh +        $CATALINA_HOME/​bin/​startup.sh 
-;; +        ;; 
-   ​stop) +stop) 
-   ​$CATALINA_HOME/​bin/​shutdown.sh +        $CATALINA_HOME/​bin/​shutdown.sh 
-;; +        ;; 
-   ​*) +*) 
-   ​echo "​Usage:​ $0 {start|stop}"​ +        echo "​Usage:​ $0 {start|stop}"​ 
-   ​exit 1 +        exit 1 
-;;+        ;;
 esac esac
 </​code>​ </​code>​
  
-==== Erweiterung setenv.sh ====+==== 1.3 - Erweiterung setenv.sh ====
  
 <​code>​ <​code>​
Zeile 42: Zeile 41:
 CATALINA_OUT="​${CATALINA_VAR}/​logs/​catalina.out"​ CATALINA_OUT="​${CATALINA_VAR}/​logs/​catalina.out"​
 CATALINA_OPTS="​-Dcatalina.var=${CATALINA_VAR}"​ CATALINA_OPTS="​-Dcatalina.var=${CATALINA_VAR}"​
-export CATALINA_TMPDIR;​ export CATALINA_OPTS 
-export CATALINA_PID;​ export CATALINA_OUT 
 </​code>​ </​code>​
  
-==== action.bash ====+==== 1.4 - OOM ==== 
 +<​code>​ 
 +JAVA_OOM="​-XX:​+HeapDumpOnOutOfMemoryError -XX:​HeapDumpPath=/​var/​tomcat/​workshop -XX:​OnOutOfMemoryError=${CATALINA_HOME}/​bin/​oom.sh"​ 
 +CATALINA_OPTS="​$CATALINA_OPTS $JAVA_OOM"​ 
 +</​code>​ 
 + 
 +==== 1.4 - action.bash ====
  
 <​code>​ <​code>​
Zeile 53: Zeile 56:
 printf "​Memory Dump:\n $dumps"​ >> /​tmp/​dumps.log printf "​Memory Dump:\n $dumps"​ >> /​tmp/​dumps.log
 # printf "​Memory Dump:\n $dumps"​ | mailx -s "​Memory Dump" "​admin@example.zz"​ # printf "​Memory Dump:\n $dumps"​ | mailx -s "​Memory Dump" "​admin@example.zz"​
 +</​code>​
 +
 +==== 1.8 - Valve und Filter ====
 +
 +<​code>​
 +<​Context>​
 +<Valve className="​org.apache.catalina.valves.StuckThreadDetectionValve"​ threshold="​10"/>​
 +</​Context>​
 +</​code>​
 +
 +<​code>​
 +   <​filter>​
 +      <​filter-name>​ExpiresFilter</​filter-name>​
 +      <​filter-class>​org.apache.catalina.filters.ExpiresFilter</​filter-class>​
 +      <​init-param>​
 +         <​param-name>​ExpiresByType text</​param-name>​
 +         <​param-value>​access plus 2 days</​param-value>​
 +      </​init-param>​
 +   </​filter>​
 +   <​filter-mapping>​
 +      <​filter-name>​ExpiresFilter</​filter-name>​
 +      <​url-pattern>​*.html</​url-pattern>​
 +      <​dispatcher>​REQUEST</​dispatcher>​
 +   </​filter-mapping>​
 +</​code>​
 +
 +===== Tag 2 =====
 +
 +==== 2.4 - SSL Connector ====
 +
 +<​code>​
 +<​Connector port="​8443"​ protocol="​org.apache.coyote.http11.Http11NioProtocol"​
 +   ​maxThreads="​150"​ SSLEnabled="​true"​ scheme="​https"​ secure="​true"​ >
 +   <​SSLHostConfig protocols="​all,​-TLSv1,​-TLSv1.1"​
 +                  ciphers="​HIGH:​!aNULL:​!eNULL:​!EXPORT:​!DES:​!RC4:​!MD5:​!kRSA"​
 +                  honorCipherOrder="​true"​ >
 +      <​Certificate ​
 +           ​certificateKeystoreFile="​${catalina.base}/​conf/​keystore.jks"​
 +           ​certificateKeystorePassword="​changeit"​ />
 +    </​SSLHostConfig>​
 +</​Connector>​
 +</​code>​
 +
 +==== 2.5 - Anpassungen logging.properties ====
 +
 +<​code>​
 +handlers = 1catalina.org.apache.juli.AsyncFileHandler,​
 +2localhost.org.apache.juli.AsyncFileHandler,​
 +3manager.org.apache.juli.AsyncFileHandler,​ 4hostmanager.
 +org.apache.juli.AsyncFileHandler,​ java.util.logging.ConsoleHandler,​
 +5workshop1.org.apache.juli.AsyncFileHandler,​
 +6workshop2.org.apache.juli.AsyncFileHandler
 +</​code>​
 +<​code>​
 +5workshop1.org.apache.juli.AsyncFileHandler.level = FINE
 +5workshop1.org.apache.juli.AsyncFileHandler.directory = ${catalina.var}/​logs
 +5workshop1.org.apache.juli.AsyncFileHandler.prefix = workshop_log1.
 +5workshop1.org.apache.juli.AsyncFileHandler.maxDays = 90
 +5workshop1.org.apache.juli.AsyncFileHandler.encoding = UTF-8
 +
 +6workshop2.org.apache.juli.AsyncFileHandler.level = FINE
 +6workshop2.org.apache.juli.AsyncFileHandler.directory = ${catalina.var}/​logs
 +6workshop2.org.apache.juli.AsyncFileHandler.prefix = workshop_log2.
 +6workshop2.org.apache.juli.AsyncFileHandler.maxDays = 90
 +6workshop2.org.apache.juli.AsyncFileHandler.encoding = UTF-8
 +</​code>​
 +<​code>​
 +ws_log.handlers = 5workshop1.org.apache.juli.AsyncFileHandler
 +de.kippdata.workshop.handlers = 6workshop2.org.apache.juli.AsyncFileHandler
 +</​code>​
 +==== 2.6 - log4j.xml ====
 +<​code>​
 +<?xml version="​1.0"​ encoding="​UTF-8"?>​
 +<!-- You can add the attribute monitorInterval (seconds)
 +     to the Configuration element for hot config reloading, ​
 +     for example: <​Configuration monitorInterval="​60">​ -->
 +<​Configuration status="​warn"​ monitorInterval="​60">​
 +  <​Appenders>​
 +    <​RollingFile name="​default"​
 +                 ​fileName="​${sys:​catalina.var}/​logs/​catalina.log"​
 +                 ​filePattern="​${sys:​catalina.var}/​logs/​catalina.log.%d{yyyy-MM-dd-HHmmss}">​
 +      <​PatternLayout>​
 +        <​pattern>​%d %r %p [%t] %c (%F:%L) - %m%n</​pattern>​
 +      </​PatternLayout>​
 +      <!-- Daily Rotation, schedule is cron style
 +           with columns seconds, minutes, hours, day-of-month,​
 +           ​month,​ day-of-week,​ year(optional) -->
 +      <​CronTriggeringPolicy schedule="​0 0 0 * * ?" />
 +    </​RollingFile>​
 +  </​Appenders>​
 +  <​Loggers>​
 +    <Root level="​info">​
 +      <​AppenderRef ref="​default"/>​
 +    </​Root>​
 +<!-- Example for changing a log level
 +    <Logger name="​org.apache.catalina"​
 +            level="​info"​ additivity="​false">​
 +      <​AppenderRef ref="​default"/>​
 +    </​Logger>​
 +    <Logger name="​org.apache.catalina.core.ContainerBase.[Catalina].[localhost]"​
 +            level="​info"​ additivity="​false">​
 +      <​AppenderRef ref="​default"/>​
 +    </​Logger>​
 +    <Logger name="​org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/​manager]"​
 +            level="​info"​ additivity="​false">​
 +      <​AppenderRef ref="​default"/>​
 +    </​Logger>​
 +-->
 +  </​Loggers>​
 +</​Configuration>​
 +</​code>​
 +
 +==== 2.7 - JMX Remote ====
 +<​code>​
 +JMX_OPTS_NOSSL_NOAUTH="​\
 +-Dcom.sun.management.jmxremote=true \
 +-Dcom.sun.management.jmxremote.port=1090 \
 +-Dcom.sun.management.jmxremote.ssl=false \
 +-Dcom.sun.management.jmxremote.authenticate=false \
 +"
 +
 +JMX_OPTS_SSL_NOAUTH="​\
 +-Dcom.sun.management.jmxremote=true \
 +-Dcom.sun.management.jmxremote.port=1090 \
 +-Dcom.sun.management.jmxremote.ssl=true \
 +-Dcom.sun.management.jmxremote.authenticate=false \
 +-Djavax.net.ssl.keyStorePassword=workshop \
 +-Djavax.net.ssl.keyStore=${CATALINA_BASE}/​conf/​keystore.jks \
 +"
 +
 +JMX_OPTS_SSL_AUTH="​\
 +-Dcom.sun.management.jmxremote=true \
 +-Dcom.sun.management.jmxremote.port=1090 \
 +-Dcom.sun.management.jmxremote.ssl=true \
 +-Dcom.sun.management.jmxremote.authenticate=true \
 +-Dcom.sun.management.jmxremote.access.file=${CATALINA_BASE}/​conf/​jmxremote.access \
 +-Dcom.sun.management.jmxremote.password.file=${CATALINA_BASE}/​conf/​jmxremote.password \
 +-Djavax.net.ssl.keyStorePassword=workshop \
 +-Djavax.net.ssl.keyStore=${CATALINA_BASE}/​conf/​keystore.jks \
 +"
 +
 +CATALINA_OPTS="​$CATALINA_OPTS $JMX_OPTS_NOSSL_NOAUTH"​
 +</​code>​
 +
 +===== Tag 3 =====
 +
 +==== 3.7 - Ressources ====
 +
 +<​code>​
 +<Context docBase="/​opt/​webapps/​workshop/​3.1.0/​workshop.war">​
 +   <​Resources>​
 +      <​PreResources className="​org.apache.catalina.webresources.DirResourceSet"​
 +                     ​base="​${catalina.base}/​conf/​workshop"​ webAppMount="/​WEB-INF/​classes"​ />
 +   </​Resources>​
 +</​Context>​
 +</​code>​
 +
 +==== 3.8 - LDAP Realm ====
 +
 +<​code>​
 +   <​Realm className="​org.apache.catalina.realm.JNDIRealm"​
 +          connectionName="​cn=tcmanager,​ou=specialusers,​dc=linuxhotel,​dc=de"​
 +          connectionPassword="​secret"​
 +          connectionURL="​ldap://​ldapserver:​389/"​
 +          userBase="​ou=people,​dc=linuxhotel,​dc=de"​
 +          userSubtree="​true"​
 +          userSearch="​(uid={0})"​
 +          roleBase="​ou=groups,​dc=linuxhotel,​dc=de"​
 +          roleSubtree="​true"​
 +          roleName="​cn"​
 +          roleSearch="​(uniqueMember={0})"​
 +          />
 +</​code>​
 +
 +===== Tag 4 =====
 +
 +
 +===== Tag 5 =====
 +
 +==== 5.1 - docker ====
 +
 +<​code>​
 +FROM alpine:3.15
 +
 +#### OpenJDK 17
 +RUN apk update
 +RUN apk add openjdk17-jre-headless
 +ENV JAVA_HOME /​usr/​lib/​jvm/​java-17-openjdk
 +
 +#### tcnative
 +#ENV TCNATIVE 1.2.33
 +#RUN apk add openjdk17-jdk apr-dev openssl-dev gcc make musl-dev
 +#RUN wget -O /​tmp/​tomcat-native-${TCNATIVE}-src.tar.gz https://​dlcdn.apache.org/​tomcat/​tomcat-connectors/​native/​${TCNATIVE}/​source/​tomcat-native-${TCNATIVE}-src.tar.gz;​ \
 +#  cd /tmp; \
 +#  tar -zxf tomcat-native-${TCNATIVE}-src.tar.gz;​ \
 +#  cd tomcat-native-${TCNATIVE}-src/​native;​ \
 +#  ./configure --prefix=/​opt/​tcnative/​${TCNATIVE};​ \
 +#  make; \
 +#  make install; \
 +#  cd /tmp; \
 +#  rm -rf /​tmp/​tomcat-native*
 +
 +#### tomcat
 +ENV TOMCATVERSION 10.0.20
 +ENV INSTANCENAME workshop
 +ENV TOMCATDIR /opt/tomcat
 +ENV WARFILE workshop.war
 +ENV APPVERSION 3.1.0
 +ENV CATALINA_HOME ${TOMCATDIR}/​products/​apache-tomcat-${TOMCATVERSION}
 +ENV CATALINA_BASE ${TOMCATDIR}/​instances/​${INSTANCENAME}
 +ENV CATALINA_VAR /​var/​tomcat/​${INSTANCENAME}
 +ENV PATH $CATALINA_HOME/​bin:​$PATH
 +ENV TCUSER tcrun
 +ENV TCGROUP tcgroup
 +
 +# create CATALINA_HOME
 +RUN mkdir -p "​${TOMCATDIR}/​products";​ \
 +  cd ${TOMCATDIR}/​products;​ \
 +  wget -O /​tmp/​tomcat-product.tar.gz "​https://​archive.apache.org/​dist/​tomcat/​tomcat-10/​v${TOMCATVERSION}/​bin/​apache-tomcat-${TOMCATVERSION}.tar.gz";​ \
 +  tar -zxf /​tmp/​tomcat-product.tar.gz;​ \
 +  rm /​tmp/​tomcat-product.tar.gz
 +
 +# create CATALINA_BASE
 +COPY ${INSTANCENAME}.tar /​tmp/​${INSTANCENAME}.tar
 +RUN mkdir -p ${TOMCATDIR}/​instances;​ \
 +  cd ${TOMCATDIR}/​instances;​ \
 +  tar -xf /​tmp/​${INSTANCENAME}.tar;​ \
 +  rm /​tmp/​${INSTANCENAME}.tar
 +
 +# create CATALINA_VAR
 +RUN mkdir -p /​var/​tomcat/​${INSTANCENAME};​ \
 +  cd /​var/​tomcat/​${INSTANCENAME};​ \
 +  mkdir logs temp webapps work
 +
 +# create webappdir
 +RUN mkdir -p /​opt/​webapps/​${INSTANCENAME}/​${APPVERSION}-jee9
 +COPY $WARFILE /​opt/​webapps/​${INSTANCENAME}/​${APPVERSION}-jee9/​
 +
 +# create runtime user and change rights
 +RUN addgroup $TCGROUP; \
 +  adduser -h /opt/tomcat -H -G $TCGROUP -s /bin/sh -D $TCUSER; \
 +  chown -R $TCUSER:​$TCGROUP /​opt/​tomcat;​ \
 +  chown -R $TCUSER:​$TCGROUP /​var/​tomcat;​ \
 +  chown -R $TCUSER:​$TCGROUP /​opt/​webapps
 +
 +WORKDIR $CATALINA_BASE
 +EXPOSE 8080 8443
 +
 +USER $TCUSER
 +CMD ["​catalina.sh","​run"​]
 +</​code>​
 +
 +==== 5.3 - einfacher Proxy ====
 +<​code>​
 +<​VirtualHost *:80>
 +  ProxyPass /workshop http://​localhost:​8180/​workshop
 +  ProxyPassReverse /workshop http://​localhost:​8080/​workshop
 +  ProxyPassReverse /workshop http://​localhost:​8180/​workshop
 +  ProxyPreserveHost On
 +</​VirtualHost>​
 +</​code>​
 +
 +==== 5.6 - Monitoring ====
 +
 +<​code>​
 +   ​ProxyPass /lbmanager !
 +   <​Location /​lbmanager>​
 +      SetHandler balancer-manager
 +      AuthType basic
 +      AuthName "Proxy Balancer"​
 +      AuthBasicProvider file
 +      AuthUserFile htpasswd.intern
 +      Require user proxyadmin
 +   </​Location>​
 +</​code>​
 +
 +<​code>​
 +  LogFormat "%h %l %u %t \"​%r\"​ %>s %b %{BALANCER_ROUTE_CHANGED}e %{BALANCER_WORKER_ROUTE}e %{BALANCER_SESSION_ROUTE}e %D" proxyextended
 +  CustomLog "​logs/​proxy_access_log"​ proxyextended
 </​code>​ </​code>​
  
tomcat_administration/start.1479715479.txt.gz · Zuletzt geändert: 2016/11/21 08:04 von marco.staub