惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
有赞技术团队
有赞技术团队
T
The Blog of Author Tim Ferriss
F
Fortinet All Blogs
D
DataBreaches.Net
F
Full Disclosure
腾讯CDC
博客园 - 【当耐特】
MyScale Blog
MyScale Blog
Stack Overflow Blog
Stack Overflow Blog
小众软件
小众软件
Hugging Face - Blog
Hugging Face - Blog
Last Week in AI
Last Week in AI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
爱范儿
爱范儿
The GitHub Blog
The GitHub Blog
Engineering at Meta
Engineering at Meta
大猫的无限游戏
大猫的无限游戏
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
SegmentFault 最新的问题
The Register - Security
The Register - Security
WordPress大学
WordPress大学
博客园 - 聂微东
雷峰网
雷峰网
J
Java Code Geeks
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Privacy International News Feed
酷 壳 – CoolShell
酷 壳 – CoolShell
A
Arctic Wolf
Scott Helme
Scott Helme
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tor Project blog
博客园 - 三生石上(FineUI控件)
Know Your Adversary
Know Your Adversary
AWS News Blog
AWS News Blog
G
Google Developers Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
C
CERT Recently Published Vulnerability Notes
O
OpenAI News
Project Zero
Project Zero
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Application and Cybersecurity Blog
Application and Cybersecurity Blog
云风的 BLOG
云风的 BLOG
N
News and Events Feed by Topic
MongoDB | Blog
MongoDB | Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Microsoft Security Blog
Microsoft Security Blog
Cisco Talos Blog
Cisco Talos Blog
P
Palo Alto Networks Blog
Schneier on Security
Schneier on Security

博客园 - I love I think

eclipse+tomcat python的对象与名字绑定(转贴,此文甚好) 单引号、双引号和三双引号的区别 - I love I think 这几天一直在看Latex,试着排版了一份试卷。 开机即打开Numlock - I love I think Keep track of own postings using Summary Highlighting (Submitted by dzimmerm on Sun, 12/28/2003 - 18:31. ) 哈夫曼树(调试没通过,郁闷) 新闻组上看到一篇关于linux内核编译的文章,留待日后参考。 调整显示屏幕偏移和刷新频率[zt] The best way to predict future is to invent it.------Alan Kay 数学学科分类标准 KMP算法 有趣的东西太多了。 nvidia驱动安装 linux内核源码目录结构 Linux打印介绍【转贴】 矩阵的相似对角化到底有什么用?该不会是纯粹的理论吧? 宫崎骏的动画片真有意思啊。 elisp1
Tomcat 配置集锦
I love I think · 2005-08-11 · via 博客园 - I love I think

1.下载http://www.eu.apache.org/dist/jakarta/tomcat-5/
这里注意,在jakarta-tomcat-5.0.28.exe以前是有默认的admin模块,在jakarta-tomcat-5.5.9.exe则没有安装默认的admin模块,这时http://127.0.0.1:8080/admin打开时则会出现
Tomcat's administration web application is no longer installed by default. Download and install the "admin" package to use it.
因此我们现在需要下载"admin"package 包
把jakarta-tomcat-5.5.x.zip  与   jakarta-tomcat-5.5.x-compat.zip  与  jakarta-tomcat-5.5.x-admin.zip
三个文件解压在同一个目录中
(如果使用jdk1.4,才需要compat.zip用jdk1.5就可以免了这个。)

2.修改jakarta-tomcat-5.5.x\conf\tomcat-users.xml.
添加管理员账号lizongbo,密码为lizongbopass.
新xml如下:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="role1" password="tomcat" roles="role1"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="lizongbo" password="lizongbopass" roles="admin,manager"/>
</tomcat-users>


有时在%CATALINA_HOME%\server\webapps\admin\WEB-INF\web.xml里面也要做些修改


<!-- Security is active on entire directory -->
  <security-constraint>
    <display-name>Tomcat Server Configuration Security Constraint</display-name>
    <web-resource-collection>
      <web-resource-name>Protected Area</web-resource-name>
      <!-- Define the context-relative URL(s) to be protected -->
      <url-pattern>*.jsp</url-pattern>
      <url-pattern>*.do</url-pattern>
      <url-pattern>*.html</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <!-- Anyone with one of the listed roles may access this area -->
      <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>

  <!-- Login configuration uses form-based authentication -->
  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>Tomcat Server Configuration Form-Based Authentication Area</realm-name>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/error.jsp</form-error-page>
    </form-login-config>
  </login-config>

  <!-- Security roles referenced by this web application -->
  <security-role>
    <description>
      The role that is required to log in to the Administration Application
    </description>
    <role-name>admin</role-name>
  </security-role>
无论是 Authetication ( 身份验证  还是 Authorization ( 权限管控  都只有设置相关的 admin ROLE, 当你想要新增或修改相关的 AA, 就必须修改这一个文件, 来符合你的环境.
3.修改jakarta-tomcat-5.5.x\conf\server.xml来解决编码问题。
(给Connector 添加URIEncoding参数,参考http://blog.csdn.net/darkxie/archive/2004/10/25/TOMCATAPP.aspx)
(可以设置成GB18030)
    <Connector port="8080"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="200"
               connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="GBK"
               compression="on" compressionMinSize="2048"
      noCompressionUserAgents="gozilla, traviata"
      compressableMimeType="text/html,text/xml"/>
 
    <Connector port="8009"
               enableLookups="false" redirectPort="8443" protocol="AJP/1.3" URIEncoding="GBK"/>
 

4.启用支持gzip压缩.
(http://www.linuxaid.com.cn/forum/showdoc.jsp?l=1&i=81169)
添加下列属性
 compression="on"
      compressionMinSize="2048"
      noCompressionUserAgents="gozilla, traviata"
      compressableMimeType="text/html,text/xml"
 
5.设置虚拟主机。
在jakarta-tomcat-5.5.x\下建立文件夹vhost\www.mydomain.com。
然后修改jakarta-tomcat-5.5.x\conf\server.xml
 
<Engine defaultHost="localhost" name="Catalina">
      <Host appBase="vhost/www.mydomain.com" name="http://www.mydomain.com/">
      </Host>
      <Host appBase="webapps" name="localhost">
      </Host>
      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"/>
    </Engine>
 
6.添加数据库驱动,更新mail.jar和actiovation.jar
复制mysql-connector-java-3.0.16-ga-bin.jar,pg74.215.jdbc3.jar到 jakarta-tomcat-5.5.x\common\lib\
还有javamail 1.3.2的mail.jar,jaf-1_0_2的 activation.jar
msSQl 2000 JDBC sp3,msbase.jar,msutil,jar,mssqlserver.jar
 
 
7.配置SSL
参考 http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html
D:\j2sdk1.4.2_06\bin>%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
输入keystore密码:  lizongbossl
您的名字与姓氏是什么?
  [tomcat5.5.x]:  tomcat5.5.x
您的组织单位名称是什么?
  [jakarta]:  jakarta
您的组织名称是什么?
  [apache]:  apache
您所在的城市或区域名称是什么?
  [hzcity]:  hzcity
您所在的州或省份名称是什么?
  [gdp]:  gdp
该单位的两字母国家代码是什么
  [CN]:  CN
CN=tomcat5.5.x, OU=jakarta, O=apache, L=hzcity, ST=gdp, C=CN 正确吗?
  [否]:  y
 
输入<tomcat>的主密码
        (如果和 keystore 密码相同,按回车):

(必须密码一致,因此直接回车)
然后再把userhome(例如:C:\Documents and Settings\lizongbo\)下的.keystore复制到
tomcat的conf\目录下。
 (例如:D:\jakarta-tomcat-5.5.x\conf\.keystore
配置jakarta-tomcat-5.5.x\conf\server.xml
加上
    <Connector port="8443"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
           keystoreFile="conf/.keystore"
           keystorePass="lizongbossl"> <!--与先前设置的密码一致-->
    </Connector>
8.禁止文件目录列表,
修改jakarta-tomcat-5.5.x\conf\web.xml,把listing设置为false
 
    <servlet>
        <servlet-name>default</servlet-name>
        <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
        <init-param>
            <param-name>debug</param-name>
            <param-value>0</param-value>
        </init-param>
        <init-param>
            <param-name>listings</param-name>
            <param-value>true</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
 
 9.指定了自己的javaEncoding
(参考 http://gceclub.sun.com.cn/staticcontent/html/sunone/app7/app7-dg-webapp/ch6/ch6-4.html 

    <servlet>
        <servlet-name>jsp</servlet-name>
        <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
        <init-param>
            <param-name>fork</param-name>
            <param-value>false</param-value>
        </init-param>
                <init-param>
            <param-name>javaEncoding</param-name>
            <param-value>GB18030</param-value>
        </init-param>
        <init-param>
            <param-name>xpoweredBy</param-name>
            <param-value>true</param-value>
        </init-param>
        <load-on-startup>3</load-on-startup>
    </servlet>
 10.添加rar,iso等的mime-type映射
避免在浏览器里直接打开。
<mime-mapping>
<extension>mht</extension>
<mime-type>text/x-mht</mime-type>
</mime-mapping>
<mime-mapping>
        <extension>rar</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>iso</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ape</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rmvb</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ico</extension>
        <mime-type>image/x-icon</mime-type>
    </mime-mapping>
10.1对html静态页面设置编码
<!--  修改下面两行以支持静态超文本的自动编码
  -->
 <mime-mapping>
  <extension>htm</extension>
  <mime-type>text/html;charset=gb2312</mime-type>
  </mime-mapping>
 <mime-mapping>
  <extension>html</extension>
  <mime-type>text/html;charset=gb2312</mime-type>
  </mime-mapping>
  </web-app>
 
11.添加welcome-file-list,并调整顺序。
 <welcome-file-list>   
        <welcome-file>index.jsp</welcome-file>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>default.html</welcome-file>
        <welcome-file>default.htm</welcome-file>
        <welcome-file>default.jsp</welcome-file>
    </welcome-file-list>