debian tomcat

介绍 (Introduction)

Apache Tomcat is a web server and servlet container that is used to serve Java applications. Tomcat is an open source implementation of the Java Servlet and JavaServer Pages technologies, released by the Apache Software Foundation. This tutorial covers the basic installation and some configuration of the latest release of Tomcat 9 on your Debian 10 server.

Apache Tomcat是用于服务Java应用程序的Web服务器和servlet容器。 Tomcat是由Apache Software Foundation发布的Java Servlet和JavaServer Pages技术的开源实现。 本教程介绍了Debian 10服务器上Tomcat 9最新版本的基本安装和一些配置。

先决条件 (Prerequisites)

Before you begin with this guide, you should have a non-root user with sudo privileges set up on your server. You can learn how to do this by completing our Debian 10 initial server setup guide.

在开始本指南之前，您应该在服务器上设置具有sudo特权的非root用户。 您可以通过完成《 Debian 10初始服务器设置指南》来学习如何做。

第1步-安装Java (Step 1 — Install Java)

Tomcat requires Java to be installed on the server so that any Java web application code can be executed. We can satisfy that requirement by installing OpenJDK with apt.

Tomcat要求在服务器上安装Java，以便可以执行任何Java Web应用程序代码。 我们可以通过使用apt安装OpenJDK来满足该要求。

First, update your apt package index:

首先，更新您的apt软件包索引：

Then install the Java Development Kit package with apt:

然后使用apt安装Java Development Kit软件包：

Now that Java is installed, we can create a tomcat user, which will be used to run the Tomcat service.

现在已经安装了Java，我们可以创建一个tomcat用户，该用户将用于运行Tomcat服务。

第2步-创建Tomcat用户 (Step 2 — Create Tomcat User)

For security purposes, Tomcat should be run as an unprivileged user (i.e. not root). We will create a new user and group that will run the Tomcat service.

为了安全起见，Tomcat应该以非特权用户(即不是root )身份运行。 我们将创建一个将运行Tomcat服务的新用户和组。

First, create a new tomcat group:

首先，创建一个新的tomcat组：

Next, create a new tomcat user. We’ll make this user a member of the tomcat group, with a home directory of /opt/tomcat (where we will install Tomcat), and with a shell of /bin/false (so nobody can log into the account):

接下来，创建一个新的tomcat用户。 我们将使该用户成为tomcat组的成员，其主目录为/opt/tomcat (将在其中安装Tomcat)，并使用/bin/false的外壳程序(因此没有人可以登录该帐户)：

Now that our tomcat user is set up, let’s download and install Tomcat.

现在我们的tomcat用户已经设置好了，让我们下载并安装Tomcat。

第3步-安装Tomcat (Step 3 — Install Tomcat)

The best way to install Tomcat 9 is to download the latest binary release then configure it manually.

安装Tomcat 9的最佳方法是下载最新的二进制发行版，然后手动进行配置。

Find the latest version of Tomcat 9 at the Tomcat 9 Downloads page. At the time of writing, the latest version is 9.0.27, but you should use a later stable version if it is available. Under the Binary Distributions section, then under the Core list, copy the link to the “tar.gz”.

在“ Tomcat 9下载”页面上找到最新版本的Tomcat 9。 在撰写本文时，最新版本是9.0.27 ，但是如果可用，则应使用更高的稳定版本。 在“ 二进制分发”部分下，然后在“ 核心”列表下，将链接复制到“ tar.gz”。

Next, return to your SSH session and move to the /tmp directory on your server. This is a good directory to download ephemeral items, like the Tomcat tarball, which we won’t need after extracting the Tomcat contents:

接下来，返回您的SSH会话，并移至服务器上的/tmp目录。 这是一个用于下载临时项目的好目录，例如Tomcat tarball，在提取Tomcat内容后我们将不需要它们：

We’ll use the curl command-line tool to download the tarball. Install curl:

我们将使用curl命令行工具下载压缩包。 安装curl ：

Now, use curl to download the link that you copied from the Tomcat website:

现在，使用curl下载从Tomcat网站复制的链接：

We will install Tomcat to the /opt/tomcat directory. Create the directory, then extract the archive to it with these commands:

我们将Tomcat安装到/opt/tomcat目录。 创建目录，然后使用以下命令将存档解压缩到其中：

Next, we will set up the proper user permissions for our installation.

接下来，我们将为安装设置适当的用户权限。

步骤4 —更新权限 (Step 4 — Update Permissions)

The tomcat user that we created needs to have access to the Tomcat installation. We’ll set that up now.

我们创建的tomcat用户需要有权访问Tomcat安装。 我们现在将其设置。

Change to the directory where we unpacked the Tomcat installation:

转到我们解压缩Tomcat安装包的目录：

Give the tomcat group ownership over the entire installation directory:

在整个安装目录中赋予tomcat组所有权：

Next, give the tomcat group read access to the conf directory and all of its contents, and execute access to the directory itself:

接下来，授予tomcat组对conf目录及其所有内容的read权限，并execute对目录本身的访问权限：

Make the tomcat user the owner of the webapps, work, temp, and logs directories:

使tomcat用户成为webapps ， work ， temp和logs目录的所有者：

Now that the proper permissions are set up, we will create a systemd service file to manage the Tomcat process.

现在已经设置了适当的权限，我们将创建一个systemd服务文件来管理Tomcat进程。

步骤5 —创建一个systemd服务文件 (Step 5 — Create a systemd Service File)

We want to be able to run Tomcat as a service, so we will set up systemd service file.

我们希望能够将Tomcat作为服务运行，因此我们将设置systemd服务文件。

Tomcat needs to know where Java is installed. This path is commonly referred to as JAVA_HOME. The easiest way to look up that location is by running this command:

Tomcat需要知道Java的安装位置。 该路径通常称为JAVA_HOME 。 查找该位置的最简单方法是运行以下命令：

   

    Output
   
java-1.11.0-openjdk-amd64      1111       /usr/lib/jvm/java-1.11.0-openjdk-amd64

Your JAVA_HOME is the output from the last column (highlighted above). Given the example above, the correct JAVA_HOME for this server would be:

您的JAVA_HOME是最后一列的输出(上面突出显示)。 给定上面的示例，此服务器的正确JAVA_HOME将是：

   

    JAVA_HOME
   
/usr/lib/jvm/java-1.11.0-openjdk-amd64

Your JAVA_HOME may be different.

您的JAVA_HOME可能不同。

With this piece of information, we can create the systemd service file. Open a file called tomcat.service in the /etc/systemd/system directory by typing:

利用这些信息，我们可以创建systemd服务文件。 通过输入以下内容在/etc/systemd/system目录中打开一个名为tomcat.service的文件：

Paste the following contents into your service file. Modify the value of JAVA_HOME if necessary to match the value you found on your system. You may also want to modify the memory allocation settings that are specified in CATALINA_OPTS:

将以下内容粘贴到服务文件中。 如有必要，请修改JAVA_HOME的值以匹配您在系统上找到的值。 您可能还希望修改CATALINA_OPTS中指定的内存分配设置：

[Unit]
Description=Apache Tomcat Web Application Container
After=network.target

[Service]
Type=forking

Environment=JAVA_HOME=/usr/lib/jvm/java-1.11.0-openjdk-amd64
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'

ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh

User=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always

[Install]
WantedBy=multi-user.target

When you are finished, save and close the file.

完成后，保存并关闭文件。

Next, reload the systemd daemon so that it knows about our service file:

接下来，重新加载systemd守护程序，以使其了解我们的服务文件：

Start the Tomcat service by typing:

通过键入以下命令启动Tomcat服务：

Double check that it started without errors by typing:

通过输入以下内容仔细检查它是否已开始且没有错误：

You should see output similar to the following:

您应该看到类似于以下内容的输出：

   

    Output
   
● tomcat.service - Apache Tomcat Web Application Container
   Loaded: loaded (/etc/systemd/system/tomcat.service; disabled; vendor preset: enabled)
   Active: active (running) since Thu 2019-10-24 17:18:11 UTC; 4s ago
  Process: 5962 ExecStart=/opt/tomcat/bin/startup.sh (code=exited, status=0/SUCCESS)
 Main PID: 5970 (java)
    Tasks: 44 (limit: 2377)
   Memory: 184.2M
   CGroup: /system.slice/tomcat.service
           └─5970 /usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java -Djava.util.logging.config.file=/opt/tomcat/conf/logging.properties -Djava.u

Oct 24 17:18:10 tomcat systemd[1]: Starting Apache Tomcat Web Application Container...
Oct 24 17:18:11 tomcat startup.sh[5962]: Tomcat started.
Oct 24 17:18:11 tomcat systemd[1]: Started Apache Tomcat Web Application Container.

This confirms that Tomcat is up and running on your server.

这确认Tomcat已启动并在您的服务器上运行。

步骤6 —调整防火墙并测试Tomcat服务器 (Step 6 — Adjust the Firewall and Test the Tomcat Server)

Now that the Tomcat service is started, we can test to make sure the default page is available.

现在已经启动了Tomcat服务，我们可以进行测试以确保默认页面可用。

Before we do that, we need to adjust the firewall to allow our requests to get to the service. If you followed the prerequisites, you will have a ufw firewall enabled currently.

在此之前，我们需要调整防火墙以允许我们的请求进入服务。 如果遵循先决条件，则当前将启用ufw防火墙。

Tomcat uses port 8080 to accept requests. Allow traffic to that port by typing:

Tomcat使用端口8080接受请求。 通过键入以下命令允许到该端口的流量：

With the firewall modified, you can access the default splash page by going to your domain or IP address followed by :8080 in a web browser:

修改防火墙后，您可以通过在网络浏览器中转到您的域名或IP地址，然后是:8080来访问默认的初始页面：

   

    Open in web browser
   
http://server_domain_or_IP:8080

You will see the default Tomcat splash page, in addition to other information. However, if you click the links for the Manager App, for instance, you will be denied access. We can configure that access next.

除了其他信息之外，您还将看到默认的Tomcat启动页面。 但是，例如，如果单击Manager应用程序的链接，将被拒绝访问。 接下来，我们可以配置该访问权限。

If you were able to successfully access Tomcat, now is a good time to enable the service file so that Tomcat automatically starts at boot:

如果您能够成功访问Tomcat，那么现在是启用服务文件的好时机，以便Tomcat在启动时自动启动：

步骤7 —配置Tomcat Web管理界面 (Step 7 — Configure Tomcat Web Management Interface)

In order to use the manager web app that comes with Tomcat, we must add a login to our Tomcat server. We will do this by editing the tomcat-users.xml file:

为了使用Tomcat随附的管理器Web应用程序，我们必须将登录名添加到Tomcat服务器。 我们将通过编辑tomcat-users.xml文件来做到这一点：

You will want to add a user who can access the manager-gui and admin-gui (web apps that come with Tomcat). You can do so by defining a user, similar to the example below, between the tomcat-users tags. Be sure to change the username and password to something secure:

您将要添加一个可以访问manager-gui和admin-gui (Tomcat随附的Web应用程序)的用户。 您可以通过在tomcat-users标签之间定义一个用户(类似于下面的示例)来实现。 确保将用户名和密码更改为安全的名称：

<tomcat-users>
. . .
    <user username="admin" password="password" roles="manager-gui,admin-gui"/>
</tomcat-users>

Save and close the file when you are finished.

完成后保存并关闭文件。

By default, newer versions of Tomcat restrict access to the Manager and Host Manager apps to connections coming from the server itself. Since we are installing on a remote machine, you will probably want to remove or alter this restriction. To change the IP address restrictions on these, open the appropriate context.xml files.

默认情况下，较新版本的Tomcat将访问Manager和Host Manager应用程序的访问限制为来自服务器本身的连接。 由于我们是在远程计算机上安装的，因此您可能希望删除或更改此限制。 要更改这些IP地址的限制，请打开相应的context.xml文件。

For the Manager app, type:

对于Manager应用程序，键入：

For the Host Manager app, type:

对于主机管理器应用程序，键入：

Inside, comment out the IP address restriction to allow connections from anywhere. Alternatively, if you would like to allow access only to connections coming from your own IP address, you can add your public IP address to the list:

在内部，注释掉IP地址限制以允许从任何地方进行连接。 另外，如果您只允许访问来自您自己的IP地址的连接，则可以将公用IP地址添加到列表中：

<Context antiResourceLocking="false" privileged="true" >
  <!--<Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />-->
</Context>

Save and close the files when you are finished.

完成后保存并关闭文件。

To put our changes into effect, restart the Tomcat service:

要使我们的更改生效，请重新启动Tomcat服务：

第8步-访问Web界面 (Step 8 — Access the Web Interface)

Now that we have create a user, we can access the web management interface again in a web browser. Once again, you can get to the correct interface by entering your server’s domain name or IP address followed on port 8080 in your browser:

现在我们已经创建了一个用户，我们可以在Web浏览器中再次访问Web管理界面。 再一次，通过输入服务器的域名或IP地址，然后在浏览器的端口8080上，您将进入正确的界面：

   

    Open in web browser
   
http://server_domain_or_IP:8080

The page you see should be the same one you were given when you tested earlier:

您看到的页面应该与您先前测试时获得的页面相同：

Let’s take a look at the Manager App, accessible via the link or http://server_domain_or_IP:8080/manager/html. You will need to enter the account credentials that you added to the tomcat-users.xml file. Afterwards, you should see a page that looks like this:

让我们看一下可通过链接或http:// server_domain_or_IP :8080/manager/html访问的Manager App。 您将需要输入添加到tomcat-users.xml文件中的帐户凭据。 之后，您应该会看到一个如下所示的页面：

The Web Application Manager is used to manage your Java applications. You can Start, Stop, Reload, Deploy, and Undeploy here. You can also run some diagnostics on your apps (i.e. find memory leaks). Lastly, information about your server is available at the very bottom of this page.

Web应用程序管理器用于管理Java应用程序。 您可以在此处开始，停止，重新加载，部署和取消部署。 您还可以在应用程序上运行一些诊断程序(即查找内存泄漏)。 最后，有关服务器的信息位于此页面的最底部。

Now let’s take a look at the Host Manager, accessible via the link or http://server_domain_or_IP:8080/host-manager/html/:

现在，让我们看一下可通过链接或http:// server_domain_or_IP :8080/host-manager/html/访问的主机管理器：

From the Virtual Host Manager page, you can add virtual hosts to serve your applications from.

从“虚拟主机管理器”页面，您可以添加虚拟主机以从中为您的应用程序提供服务。

结论 (Conclusion)

Your installation of Tomcat is complete! You are now free to deploy your own Java web applications.

Tomcat的安装已完成！ 现在，您可以自由部署自己的Java Web应用程序。

Currently, your Tomcat installation is functional, but entirely unencrypted. This means that all data, including sensitive items like passwords, are sent in plain text that can be intercepted and read by other parties on the internet. In order to prevent this from happening, it is strongly recommended that you encrypt your connections with SSL. You can find out how to encrypt your connections to Tomcat by following this guide (note: this guide covers Tomcat 8 encryption on Ubuntu 16.04).

当前，您的Tomcat安装是可以正常运行的，但是完全未加密。 这意味着所有数据(包括敏感项目，例如密码)均以纯文本形式发送，并且可以被Internet上的其他方拦截和读取。 为了防止这种情况的发生，强烈建议您使用SSL加密连接。 您可以按照本指南查找如何加密与Tomcat的连接( 注意：本指南介绍了Ubuntu 16.04上的Tomcat 8加密 )。

翻译自: https://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-9-on-debian-10

debian tomcat