以下操作配置參考Tomcat的官方網站:[url]http://tomcat.apache.org[/url]
Tomcat6.0安裝簡介:
1、下載下傳最新版本的JDK SE
[url]http://java.sun.com/j2se[/url]
如果你的系統有JDK就不需要安裝了,不過Tomcat6.0需要jre5.0版本以上來支援運作。
我下載下傳的是Linux平台二進制版本 jdk-6u12-linux-i586.bin
# chmod +x jdk-6u12-linux-i586.bin
# ./jdk-6u12-linux-i586.bin
下面根據提示回答yes解壓,然後将jdk移動到/usr/local
# mv jdk1.6.0_12 /usr/local/
# cd /usr/local
# ln -s jdk1.6.0_12 jdk
2、下載下傳Tomcat目前最新的版本,安裝到 /usr/local/tomcat:
# wget [url]http://apache.mirror.phpchina.com/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.gz[/url]
# tar zxf apache-tomcat-6.0.18.tar.gz -C /usr/local
# ln -s apache-tomcat-6.0.18 tomcat
設定JAVA_HOME環境變量,修改 tomcat/bin/startup.sh, tomcat/bin/shutdown.sh 在前面部分添加以下兩行:
JAVA_HOME="/usr/local/jdk"
export JAVA_HOME
(或者修改 /etc/profile 在裡面添加上述兩行)
啟動tomcat測試是否成功:
# cd /usr/local/tomcat
# ./bin/startup.sh
[root@pps tomcat]# ./bin/startup.sh
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/local/jdk
在浏覽器輸入:[url]http://localhost:8080/[/url] 看看那隻“貓”是否出來了。
如果Linux沒有安裝或沒啟用X界面的話,可以在區域網路的機器輸入 [url]http://ip:8080[/url] 通路。
3、配置SSL加密傳輸
【概念了解】keystore 是一個密碼保護的檔案,用來存儲密鑰和證書
(1)生成一個keystore檔案(包含證書),檔案位置/usr/local/tomcat/conf/.keystore
# cd /usr/local/jdk/bin/
# ./keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/local/tomcat/conf/.keystore
輸入密碼、提供你的資訊即可。如果不是用來“玩”的話,請如實的填寫自己以及機關的資訊吧。
【注意】它會在前後問你兩次密碼,第二次直接回車就行了,如果兩個密碼不一樣,将會出現java.io.IOException錯誤。詳情請見:[url]http://issues.apache.org/bugzilla/show_bug.cgi?id=38217[/url]
(2)修改 tomcat/conf/server.xml
啟用這一段:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
并修改為:
keystoreFile="/usr/local/tomcat/conf/.keystore"
keystorePass="snailwarrior"
(3)重新開機Tomcat
# /usr/local/tomcat/bin/shutdown.sh
# /usr/local/tomcat/bin/startup.sh
(4)防火牆開啟8443端口
浏覽器輸入:[url]https://192.168.32.50:8443/[/url]
嘿嘿,安全的看到那隻“貓”了!
【溫馨提示】開啟SSL消耗CPU資源
【注意】虛拟機使用SSL有可能出問題,以下是官方網站的資訊:
Finally, using name-based virtual hosts a secured connection can be problematic. This is a design limitation of the SSL protocol itself. The SSL handshake, where the client browser accepts the server certificate, must occur before the HTTP request is accessed. As a result, the request information containing the virtual host name cannot be determined prior to authentication, and it is therefore not possible to assign multiple certificates to a single IP address. If all virtual hosts a single IP address need to authenticate against the same certificate, the addition of multiple virtual hosts should not interfere with normal SSL operations the server. Be aware, however, that most client browsers will compare the server's domain name against the domain name listed in the certificate, if any (applicable primarily to official, CA-signed certificates). If the domain names do not match, these browsers will display a warning to the client user. In general, ly address-based virtual hosts are commonly used with SSL in a production environment.
------------------------------------------------------------------------------------------
趙小蝸牛
QQ: 755721501
E-mail: [email protected]
在不斷奉獻中謀求生存發展、打造自己的優秀品質,用人性最本質最動人的一面“營銷”自己!
本文出自 “小蝸牛技術之家” 部落格,請務必保留此出處http://snailwarrior.blog.51cto.com/680306/139971