CentOS常见操作背记ITeye - 威尼斯人

CentOS常见操作背记ITeye

2019-01-10 14:03:49 | 作者: 秋荷 | 标签: 装置,发动,卸载 | 浏览: 776

装置编译环境及其依靠库

#yum -y install gcc gcc-c++ autoconf automake libtool libevent libevent-devel gmp gmp-devel

#yum -y install gd gd-devel freetype freetype-devel fontconfig fontconfig-devel libjpeg libjpeg-devel zlib zlib-devel pcre pcre-devel

#yum -y install ncurses ncurses-devel libmcrypt mhash

 

装置apache、MySQL、PHP

#yum -y install mysql mysql-server mysql-devel

#yum -y install httpd httpd-devel

#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

#rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt

#rpm -K rpmforge-release-0.5.2-2.el6.rf.*.rpm # Verifies the package

#rpm -i rpmforge-release-0.5.2-2.el6.rf.*.rpm

#yum install libmcrypt-devel

#rpm -Uvh http://repo.webtatic.com/yum/el6/latest.rpm

#yum -y install php54*

#yum upgrade php

 

发动apache

#/etc/init.d/httpd restart

 

发动mysql

#/etc/init.d/mysqld restart

#/usr/bin/mysql_secure_installation

 

开机自发动

#chkconfig httpd on

#chkconfig mysqld on

 

 2. JDK装置

2.1 卸载自带JDK

装置好的CentOS会自带OpenJdk,可通过如下指令检查

#java -version

java version "1.6.0"

OpenJDK Runtime Environment (build 1.6.0-b09)

OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode)

 

最好仍是先卸载掉openjdk,在装置sun公司的jdk.

#rpm -qa | grep java

显现如下信息:

java-1.4.2-gcj-compat-1.4.2.0-40jpp.115

java-1.6.0-openjdk-1.6.0.0-1.7.b09.el5

卸载:

#rpm -e --nodeps java-1.4.2-gcj-compat-1.4.2.0-40jpp.115

#rpm -e --nodeps java-1.6.0-openjdk-1.6.0.0-1.7.b09.el5

还有一些其他的指令

#rpm -qa | grep gcj

#rpm -qa | grep jdk

假如呈现找不到openjdk source的话,那么还能够这样卸载

#yum -y remove java java-1.4.2-gcj-compat-1.4.2.0-40jpp.115

#yum -y remove java java-1.6.0-openjdk-1.6.0.0-1.7.b09.el5

 

2.2 下载SUN官方JDk

wget http://download.oracle.com/otn-pub/java/jdk/7u67-b01/jdk-7u67-linux-x64.rpm?AuthParam=1410831324_73603725baa8fb8119999c7eece8704c

 

2.3 装置JDK

#rpm -ivh jdk-7u3-linux-x64.rpm

 

Preparing...                ########################################### [100%]

   1:jdk                    ########################################### [100%]

Unpacking JAR files...

    rt.jar...

    jsse.jar...

    charsets.jar...

    tools.jar...

 

    localedata.jar...

 

# vi /etc/profile

修正profile 最后面参加

export JAVA_HOME=/usr/java/jdk1.7.0_03

export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar

export PATH=$PATH:$JAVA_HOME/bin

保存退出。

 

#source /etc/profile

# update-alternatives --install /usr/bin/java java /usr/java/jdk1.7.0_03/bin/java 60

# update-alternatives --config java

 你会看到我的ssh中存在乱码。

*+ 1           /usr/java/jdk1.7.0_03/bin/java

 输入1 敲回车

然后全部ok

# java -version

java version "1.7.0_03"

Java(TM) SE Runtime Environment (build 1.7.0_03-b04)

 

Java HotSpot(TM) 64-Bit Server VM (build 22.1-b02, mixed mode)

 

3. 下载和装置最新版tomcat

Download apache-tomcat-7.0.29.tar.gz (or the latest version) 
and save it to /usr/local/src

 

# md5sum apache-tomcat-7.0.29.tar.gz  

 

307076fa3827e19fa9b03f3ef7cf1f3f *apache-tomcat-7.0.29.tar.gz

 

Compare the output above to the MD5 Checksum provided next to the download link and you used above and check that it matches. 

unpack the file using tar -xzf:

# tar -xzf apache-tomcat-7.0.29.tar.gz

This will create the directory /usr/share/apache-tomcat-7.0.29

 

4. Configure Tomcat to Run as a Service

We will now see how to run Tomcat as a service and create a simple Start/Stop/Restart script, as well as to start Tomcat at boot.

Change to the /etc/init.d directory and create a script called tomcat as shown below.

# cd /etc/init.d

# vi tomcat

And here is the script we will use.

 

#!/bin/bash
# description: Tomcat Start Stop Restart
# processname: tomcat
# chkconfig: 234 20 80
JAVA_HOME=/usr/java/jdk1.7.0_05
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
CATALINA_HOME=/usr/share/apache-tomcat-7.0.29
case $1 in
start)
sh $CATALINA_HOME/bin/startup.sh
stop) 
sh $CATALINA_HOME/bin/shutdown.sh
restart)
sh $CATALINA_HOME/bin/shutdown.sh
sh $CATALINA_HOME/bin/startup.sh
esac 
exit 0
 The above script is simple and contains all of the basic elements you will need to get going. 

 

As you can see, we are simply calling the startup.sh and shutdown.sh scripts located in the Tomcat bin directory (/usr/share/apache-tomcat-7.0.29/bin). 

You can adjust your script according to your needs and, in subsequent posts, well look at additional examples.

CATALINA_HOME is the Tomcat home directory (/usr/share/apache-tomcat-7.0.29)

Now, set the permissions for your script to make it executable:

# chmod 755 tomcat

 

We now use the chkconfig utility to have Tomcat start at boot time. In my script above, I am using chkconfig: 234 20 80. 2345 are the run levels and 20 and 80 are the stop and start priorities respectively. You can adjust as needed. 

# chkconfig --add tomcat  

# chkconfig --level 234 tomcat on  

 

Verify it:

# chkconfig --list tomcat  

 

tomcat          0:off   1:off   2:on    3:on    4:on    5:off   6:off 

 

Now, lets test our script.

 

Start Tomcat:

# service tomcat start  

Using CATALINA_BASE:   /usr/share/apache-tomcat-7.0.29  

Using CATALINA_HOME:   /usr/share/apache-tomcat-7.0.29  

Using CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.29/temp  

Using JRE_HOME:        /usr/java/jdk1.7.0_05  

Using CLASSPATH:       /usr/share/apache-tomcat-7.0.29/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.29/bin/tomcat-juli.jar  

 

Stop Tomcat:

 

# service tomcat stop  

Using CATALINA_BASE:   /usr/share/apache-tomcat-7.0.29  

Using CATALINA_HOME:   /usr/share/apache-tomcat-7.0.29  

Using CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.29/temp  

Using JRE_HOME:        /usr/java/jdk1.7.0_05  

 

Using CLASSPATH:       /usr/share/apache-tomcat-7.0.29/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.29/bin/tomcat-juli.jar  

 

Restarting Tomcat (Must be started first):

# service tomcat restart

Using CATALINA_BASE:   /usr/share/apache-tomcat-7.0.29

Using CATALINA_HOME:   /usr/share/apache-tomcat-7.0.29

Using CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.29/temp

Using JRE_HOME:        /usr/java/jdk1.7.0_05

Using CLASSPATH:       /usr/share/apache-tomcat-7.0.29/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.29/bin/tomcat-juli.jar

Using CATALINA_BASE:   /usr/share/apache-tomcat-7.0.29

Using CATALINA_HOME:   /usr/share/apache-tomcat-7.0.29

Using CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.29/temp

Using JRE_HOME:        /usr/java/jdk1.7.0_05

 

Using CLASSPATH:       /usr/share/apache-tomcat-7.0.29/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.29/bin/tomcat-juli.jar

 

We should review the Catalina.out log located at /usr/share/apache-tomcat-7.0.29/logs/catalina.out and check for any errors.

# more /usr/share/apache-tomcat-7.0.29/logs/catalina.out  

We can now access the Tomcat Manager page at:

 

 

http://yourdomain.com:8080 or http://yourIPaddress:8080 and we should see the Tomcat home page.

 

Tomcat 7 contains a number of changes that offer finer-grain roles.

For security reasons, no users or passwords are created for the Tomcat manager roles by default. In a production deployment, it is always best to remove the Manager application.

To set roles, user name(s) and password(s), we need to configure the tomcat-users.xml file located at $CATALINA_HOME/conf/tomcat-users.xml.

In the case of our installation, $CATALINA_HOME is located at /usr/share/apache-tomcat-7.0.29.

By default the Tomcat 7 tomcat-users.xml file will have the elements between the and tags commented-out. .

New roles for Tomcat 7 offer finer-grained access and The following roles are now available:

manager-gui

manager-status

manager-jmx

manager-script

admin-gu

admin-script.

 

 

We can set the manager-gui role, for example as below

 

 tomcat-users 
 role rolename="manager-gui"/ 
 user username="tomcat" password="secret" roles="manager-gui"/ 
 /tomcat-users 
 Caution should be exercised in granting multiple roles so as not to under-mind security.

 

 

5.Manage Memory Usage Using JAVA_OPTS.

Getting the right heap memory settings for your installation will depend on a number of factors. 

For simplicity, we will set our inital heap size, Xms, and our maximum heap size, Xmx, to the same value of 128 Mb

Simliarly, there are several approaches you can take as to where and how you set your JAVA_OPTS

Again, for simplicity, we will add our JAVA_OPTS memory parameters in our Catalina.sh file.

So, open the Catalina.sh file located under /usr/share/apache-tomcat-7.0.29/bin with a text editor or vi.

Since we are using 128 Mb for both initial and maximum heap size, add the following line to Catalina.sh

JAVA_OPTS="-Xms128m -Xmx128m"

I usually just add this in the second line of the file so it looks as so:

 

#!/bin/sh
JAVA_OPTS="-Xms128m -Xmx128m" 
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at

 

6. How to Run Tomcat using Minimally Privileged (non-root) User.   

In our Tomcat configuration above, we are running Tomcat as Root.

For security reasons, it is always best to run services with the only those privileges that are necessary. 

There are some who make a strong case that this is not required, but its always best to err on the side of caution.

To run Tomcat as non-root user, we need to do the following:

 

 

1. Create the group tomcat:

# groupadd tomcat

 

2. Create the user tomcat and add this user to the tomcat group we created above.

 

# useradd -s /bin/bash -g tomcat tomcat

The above will create a home directory for the user tomcat in the default user home as /home/tomcat

If we want the home directory to be elsewhere, we simply specify so using the -d switch.

# useradd -g tomcat -d /usr/share/apache-tomcat-7.0.29/tomcat tomcat  

The above will create the user tomcats home directory as /usr/share/apache-tomcat-7.0.29/tomcat

 

3. Change ownership of the tomcat files to the user tomcat we created above:

# chown -Rf tomcat.tomcat /usr/share/apache-tomcat-7.0.29/  

Note: it is possible to enhance our security still further by making certain files and directories read-only. This will not be covered in this post and care should be used when setting such permissions.

 

4. Adjust the start/stop service script we created above. In our new script, we need to su to the user tomcat:

#!/bin/bash
# description: Tomcat Start Stop Restart
# processname: tomcat
# chkconfig: 234 20 80
JAVA_HOME=/usr/java/jdk1.7.0_05
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
CATALINA_HOME=/usr/share/apache-tomcat-7.0.29/bin
case $1 in
start)
/bin/su tomcat $CATALINA_HOME/startup.sh
stop) 
/bin/su tomcat $CATALINA_HOME/shutdown.sh
restart)
/bin/su tomcat $CATALINA_HOME/shutdown.sh
/bin/su tomcat $CATALINA_HOME/startup.sh
esac 
exit 0

 

7. How to Run Tomcat on Port 80 as Non-Root User.

Note: the following applies when you are running Tomcat in "stand alone" mode with Tomcat running under the minimally privileged user Tomcat we created in the previous step. 

To run services below port 1024 as a user other than root, you can add the following to your IP tables:

# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080    

# iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080    

 

Be sure to save and restart your IP Tables. 

 

8 (Optional): Running Tomcat behind Apache

As an alternative to running Tomcat on port 80, if you have Apache in front of Tomcat, you can use mod_proxy as well as ajp connector to map your domain to your Tomcat application(s) using an Apache vhost as shown below.

 

While Tomcat has improved its standalone performance, I still prefer to have Apace in front of it for a number of reasons.

 

In your Apache config, be sure to set KeepAlive to on. Apache tuning, of course, is a whole subject in itself...

VHOST with mod_proxy:

 VirtualHost *:80 
 ServerAdmin admin@yourdomain.com
 ServerName yourdomain.com
 ServerAlias www.yourdomain.com                          
			
版权声明
本文来源于网络,版权归原作者所有,其内容与观点不代表威尼斯人立场。转载文章仅为传播更有价值的信息,如采编人员采编有误或者版权原因,请与我们联系,我们核实后立即修改或删除。

猜您喜欢的文章