一、安装 openssh
sudo apt-get install openssh-server
二、安装 mysql
sudo apt-get install mysql-server mysql-client
三、安装 java
sudo apt-get install python-software-properties
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer
四、安装 Tomcat
1、创建 tomcat 用户
sudo groupadd tomcat
sudo useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat
2、下载 tomcat 并解压
cd /opt
sudo wget http://www.apache.org/dist/tomcat/tomcat-8/v8.0.26/bin/apache-tomcat-8.0.26.tar.gz
sudo tar -xvf apache-tomcat-8.0.26.tar.gz
3、修改 tomcat 目录权限
sudo chown -R tomcat:tomcat /opt/apache-tomcat-8.0.26
4、设置环境变量
编辑 /etc/environment,在末尾添加
JAVA_HOME="/usr/lib/jvm/java-8-oracle"
CATALINA_HOME="/opt/apache-tomcat-8.0.26"
5、测试安装结果
sudo /opt/apache-tomcat-8.0.26/bin/startup.sh
控制台输出以下内容:
Using CATALINA_BASE: /opt/apache-tomcat-8.0.26
Using CATALINA_HOME: /opt/apache-tomcat-8.0.26
Using CATALINA_TMPDIR: /opt/apache-tomcat-8.0.26/temp
Using JRE_HOME: /usr
Using CLASSPATH: /opt/apache-tomcat-8.0.26/bin/bootstrap.jar:/opt/apache-tomcat-8.0.26/bin/tomcat-juli.jar
Tomcat started.
打开浏览器访问 http://localhost:8080
五、开机启动 tomcat
sudo vi /etc/init/tomcat.conf
内容如下:
description "Tomcat Server"
start on runlevel [2345]
stop on runlevel [!2345]
respawn
respawn limit 10 5
setuid tomcat
setgid tomcat
env JAVA_HOME=/usr/lib/jvm/java-8-oracle
env CATALINA_HOME=/opt/apache-tomcat-8.0.26
# Modify these options as needed
env JAVA_OPTS="-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom"
env CATALINA_OPTS="-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
exec $CATALINA_HOME/bin/catalina.sh run
# cleanup temp directory after stop
post-stop script
rm -rf $CATALINA_HOME/temp/*
end script
重载配置并启动
sudo initctl reload-configuration
sudo initctl start tomcat
六、启动多个 Tomcat 实例
1、建立新的 tomcat 实例目录 tomcat1,并复制必要的文件:
sudo mkdir /opt/tomcat-instance/tomcat1
cd /opt/tomcat-instance/tomcat1
sudo cp -r /opt/apache-tomcat-8.0.26/conf conf
sudo cp -r /opt/apache-tomcat-8.0.26/webapps webapps
sudo mkdir logs
sudo mkdir temp
2、修改 tomcat1 目录权限
sudo chown -R tomcat:tomcat /opt/tomcat-instance/tomcat1
3、修改端口设置
打开 server.xml 配置文件:
sudo vi /opt/tomcat-instance/tomcat1/conf/server.xml
找到以下几行,修改对应的端口后,使之与其他的 server 端口不冲突:
<Server port="8005" shutdown="SHUTDOWN">
...
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
...
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
4、编辑启动/停止脚本
sudo vi startup.sh
内容如下:
#! /bin/sh
export CATALINA_BASE="/opt/tomcat-instance/tomcat1"
exec "/opt/apache-tomcat-8.0.26/bin/startup.sh"
sudo vi shutdown.sh
内容如下:
#! /bin/sh
export CATALINA_BASE="/opt/tomcat-instance/tomcat1"
exec "/opt/apache-tomcat-8.0.26/bin/shutdown.sh"
设置权限
sudo chown tomcat/tomcat *.sh
sudo chmod +x *.sh
开机启动这个副本:
description "Tomcat Server 1"
start on runlevel [2345]
stop on runlevel [!2345]
respawn
respawn limit 10 5
setuid tomcat
setgid tomcat
env JAVA_HOME=/usr/lib/jvm/java-8-oracle
env CATALINA_HOME=/opt/tomcat
# Modify these options as needed
env JAVA_OPTS="-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom"
env CATALINA_OPTS="-Xms512M -Xmx1024M -XX:MaxPermSize=256m -server -XX:+UseParallelGC"
env CATALINA_BASE=/opt/tomcat-instance/tomcat1
exec $CATALINA_HOME/bin/catalina.sh run
# cleanup temp directory after stop
post-stop script
rm -rf $CATALINA_BASE/temp/*
end script
5、更多实例
需要建立更多实例,只需要复制 tomcat1 并修改对应的 server.xml 和启动脚本 CATALINA_BASE 设置。
七、安装 nginx
1、使用 apt-get 安装 nginx
sudo apt-get install nginx
2、配置 nginx 反向代理负载均衡 tomcat
upstream tomcat-server {
server 127.0.0.1:8080 weight=10;
server 127.0.0.1:8081 weight=10;
}
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost;
location / {
proxy_pass http://tomcat-server;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_request_headers on;
proxy_pass_request_body on;
}
}
八、配置iptables开放指定的端口
#允许本地回环接口(即运行本机访问本机)
iptables -A INPUT -i lo -j ACCEPT
# 允许已建立的或相关连的通行
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#允许所有本机向外的访问
iptables -A OUTPUT -j ACCEPT
# 允许访问22端口
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#允许访问80端口
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
#允许FTP服务的21和20端口
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -j ACCEPT
#如果有其他端口的话,规则也类似,稍微修改上述语句就行
#允许ping
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
#禁止其他未允许的规则访问
iptables -A INPUT -j REJECT #(注意:如果22端口未加入允许规则,SSH链接会直接断开。)
iptables -A FORWARD -j REJECT