# 安装Java(以JDK 8为例)
yum install -y java-1.8.0-openjdk-devel
# 验证Java安装
java -version
# 下载Tomcat(以Tomcat 9为例)
wget https://downloads.apache.org/tomcat/tomcat-9/v9.0.85/bin/apache-tomcat-9.0.85.tar.gz
# 解压
tar -xzf apache-tomcat-9.0.85.tar.gz -C /opt/
# 创建软链接
ln -s /opt/apache-tomcat-9.0.85 /opt/tomcat# 创建虚拟主机目录结构
mkdir -p /var/www/example1.com/{WEB-INF,public_html}
mkdir -p /var/www/example2.com/{WEB-INF,public_html}
# 创建测试页面
cat > /var/www/example1.com/public_html/index.jsp << 'EOF'
<!DOCTYPE html>
<html>
<head>
<title>Example1 Site</title>
</head>
<body>
<h1>Welcome to Example1.com</h1>
<p>Server time: <%= new java.util.Date() %></p>
</body>
</html>
EOF
cat > /var/www/example2.com/public_html/index.jsp << 'EOF'
<!DOCTYPE html>
<html>
<head>
<title>Example2 Site</title>
</head>
<body>
<h1>Welcome to Example2.com</h1>
<p>This is the second virtual host</p>
</body>
</html>
EOF
# 设置权限
chown -R tomcat:tomcat /var/www/编辑 /opt/tomcat/conf/server.xml:
<?xml version="1.0" encoding="UTF-8"?>
<Server port="8005" shutdown="SHUTDOWN">
<!-- 原有配置保持不变 -->
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- ... 其他监听器 ... -->
<Service name="Catalina">
<!-- 修改默认连接器,支持更多主机 -->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
URIEncoding="UTF-8" />
<!-- 虚拟主机配置 -->
<Engine name="Catalina" defaultHost="localhost">
<!-- 默认localhost主机 -->
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="ROOT" reloadable="true" />
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
<!-- 第一个虚拟主机 example1.com -->
<Host name="example1.com" appBase="/var/www/example1.com"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="public_html" reloadable="true" />
<Alias>www.example1.com</Alias>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="/var/www/example1.com/logs"
prefix="example1_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
<!-- 第二个虚拟主机 example2.com -->
<Host name="example2.com" appBase="/var/www/example2.com"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="public_html" reloadable="true" />
<Alias>www.example2.com</Alias>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="/var/www/example2.com/logs"
prefix="example2_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
<!-- 更多虚拟主机可以继续添加 -->
</Engine>
</Service>
</Server>创建独立的Context配置文件:
# 创建example1的context配置
cat > /opt/tomcat/conf/Catalina/example1.com/ROOT.xml << 'EOF'
<?xml version="1.0" encoding="UTF-8"?>
<Context docBase="/var/www/example1.com/public_html"
reloadable="true"
crossContext="true">
<!-- 资源链接配置 -->
<Resources className="org.apache.catalina.webresources.StandardRoot">
<PreResources className="org.apache.catalina.webresources.DirResourceSet"
base="/var/www/example1.com/shared-lib"
webAppMount="/WEB-INF/lib" />
</Resources>
<!-- 环境变量 -->
<Environment name="app_name" value="Example1 Application"
type="java.lang.String" override="false"/>
</Context>
EOF
# 创建example2的context配置
cat > /opt/tomcat/conf/Catalina/example2.com/ROOT.xml << 'EOF'
<?xml version="1.0" encoding="UTF-8"?>
<Context docBase="/var/www/example2.com/public_html"
reloadable="true">
<!-- Session配置 -->
<Manager className="org.apache.catalina.session.PersistentManager"
saveOnRestart="true"
maxActiveSessions="1000">
<Store className="org.apache.catalina.session.FileStore"
directory="/var/www/example2.com/sessions" />
</Manager>
</Context>
EOF编辑 /opt/tomcat/conf/tomcat-users.xml:
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users>
<!-- 添加管理员用户 -->
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="admin-gui"/>
<user username="admin" password="your_secure_password"
roles="manager-gui,manager-script,admin-gui"/>
</tomcat-users>编辑 /opt/tomcat/webapps/manager/META-INF/context.xml,修改远程访问限制:
<Context antiResourceLocking="false" privileged="true" >
<!-- 修改Valve配置,允许特定IP -->
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192\.168\.\d+\.\d+" />
</Context># 在测试客户端机器上修改hosts
echo "192.168.1.100 example1.com www.example1.com" >> /etc/hosts
echo "192.168.1.100 example2.com www.example2.com" >> /etc/hosts# 启动服务
/opt/tomcat/bin/startup.sh
# 查看日志
tail -f /opt/tomcat/logs/catalina.out# 使用curl测试
curl http://example1.com:8080/
curl http://example2.com:8080/
# 或者直接在浏览器访问
# http://example1.com:8080
# http://example2.com:8080# 生成自签名证书(生产环境请使用正规CA证书)
keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/tomcat/conf/keystore.jks -validity 365 -keysize 2048
# 修改server.xml添加HTTPS连接器
cat >> /opt/tomcat/conf/server.xml << 'EOF'
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/keystore.jks"
certificateKeystorePassword="changeit"
type="RSA" />
</SSLHostConfig>
</Connector>
EOF在Context配置中添加:
<Context>
<Resource name="jdbc/mydb" auth="Container"
type="javax.sql.DataSource"
maxTotal="100" maxIdle="30"
maxWaitMillis="10000"
username="dbuser" password="dbpass"
driverClassName="com.mysql.cj.jdbc.Driver"
url="jdbc:mysql://localhost:3306/mydb"/>
</Context>创建systemd服务文件 /etc/systemd/system/tomcat.service:
[Unit]
Description=Apache Tomcat Web Application Container
After=network.target
[Service]
Type=forking
Environment="JAVA_HOME=/usr/lib/jvm/jre"
Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid"
Environment="CATALINA_HOME=/opt/tomcat"
Environment="CATALINA_BASE=/opt/tomcat"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
Environment="JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom"
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
User=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always
[Install]
WantedBy=multi-user.target启用服务:
systemctl daemon-reload
systemctl enable tomcat
systemctl start tomcat问题1:虚拟主机无法访问
# 检查日志
tail -f /opt/tomcat/logs/catalina.out
tail -f /opt/tomcat/logs/localhost.log
# 检查端口
netstat -tlnp | grep 8080
# 检查SELinux
setenforce 0 # 临时关闭测试问题2:权限错误
# 修复目录权限
chown -R tomcat:tomcat /var/www/
chmod -R 755 /var/www/问题3:内存不足
# 修改内存设置
export JAVA_OPTS="-Xms512m -Xmx1024m -XX:MaxPermSize=256m"创建维护脚本 /usr/local/bin/tomcat-manager.sh:
#!/bin/bash
TOMCAT_HOME="/opt/tomcat"
LOG_DIR="/var/log/tomcat"
case "$1" in
start)
$TOMCAT_HOME/bin/startup.sh
;;
stop)
$TOMCAT_HOME/bin/shutdown.sh
;;
restart)
$0 stop
sleep 5
$0 start
;;
status)
ps aux | grep tomcat | grep -v grep
;;
clean-logs)
find $TOMCAT_HOME/logs -name "*.log" -mtime +7 -delete
find $TOMCAT_HOME/logs -name "*.txt" -mtime +7 -delete
;;
*)
echo "Usage: $0 {start|stop|restart|status|clean-logs}"
exit 1
esac通过以上配置,您可以在单台CentOS服务器上运行多个Tomcat虚拟主机。每个站点都有独立的:
建议在生产环境中结合Nginx/Apache作为反向代理,实现负载均衡和SSL终端。
