CentOS常见操作背记

1. 初始化设置

#yum -y update  更新

#tzselect  时区设置

#5>9>1>1  

#cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 保存时区

 

安装中文支持

# yum install "@Chinese Support"

 

现在，我们再看VPS上的时间，已经更新为北京时间了

#date -R

Sat, 25 Feb 2012 18:57:58 +0800

 

如果需要定时更新的话，可以安装一个ntp服务

#yum install ntp

03 * * * *  /usr/sbin/ntpdate -u 0.asia.pool.ntp.org

 

安装编译环境及其依赖库

#yum -y install gcc gcc-c++ autoconf automake libtool libevent libevent-devel gmp gmp-devel

#yum -y install gd gd-devel freetype freetype-devel fontconfig fontconfig-devel libjpeg libjpeg-devel zlib zlib-devel pcre pcre-devel

#yum -y install ncurses ncurses-devel libmcrypt mhash

 

安装apache、MySQL、PHP

#yum -y install mysql mysql-server mysql-devel

#yum -y install httpd httpd-devel

#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

#rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt

#rpm -K rpmforge-release-0.5.2-2.el6.rf.*.rpm # Verifies the package

#rpm -i rpmforge-release-0.5.2-2.el6.rf.*.rpm

#yum install libmcrypt-devel

#rpm -Uvh http://repo.webtatic.com/yum/el6/latest.rpm

#yum -y install php54*

#yum upgrade php

 

启动apache

#/etc/init.d/httpd restart

 

启动mysql

#/etc/init.d/mysqld restart

#/usr/bin/mysql_secure_installation

 

开机自启动

#chkconfig httpd on

#chkconfig mysqld on

 

 2. JDK安装

2.1 卸载自带JDK

安装好的CentOS会自带OpenJdk，可通过如下命令查看

#java -version

java version "1.6.0"

OpenJDK Runtime Environment (build 1.6.0-b09)

OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode)

 

最好还是先卸载掉openjdk,在安装sun公司的jdk.

#rpm -qa | grep java

显示如下信息：

java-1.4.2-gcj-compat-1.4.2.0-40jpp.115

java-1.6.0-openjdk-1.6.0.0-1.7.b09.el5

卸载：

#rpm -e --nodeps java-1.4.2-gcj-compat-1.4.2.0-40jpp.115

#rpm -e --nodeps java-1.6.0-openjdk-1.6.0.0-1.7.b09.el5

还有一些其他的命令

#rpm -qa | grep gcj

#rpm -qa | grep jdk

如果出现找不到openjdk source的话，那么还可以这样卸载

#yum -y remove java java-1.4.2-gcj-compat-1.4.2.0-40jpp.115

#yum -y remove java java-1.6.0-openjdk-1.6.0.0-1.7.b09.el5

 

2.2 下载SUN官方JDk

wget http://download.oracle.com/otn-pub/java/jdk/7u67-b01/jdk-7u67-linux-x64.rpm?AuthParam=1410831324_73603725baa8fb8119999c7eece8704c

 

2.3 安装JDK

#rpm -ivh jdk-7u3-linux-x64.rpm

 

Preparing...                ########################################### [100%]

   1:jdk                    ########################################### [100%]

Unpacking JAR files...

    rt.jar...

    jsse.jar...

    charsets.jar...

    tools.jar...

 

    localedata.jar...

 

# vi /etc/profile

修改profile 最后面加入

export JAVA_HOME=/usr/java/jdk1.7.0_03

export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar

export PATH=$PATH:$JAVA_HOME/bin

保存退出。

 

#source /etc/profile

# update-alternatives --install /usr/bin/java java /usr/java/jdk1.7.0_03/bin/java 60

# update-alternatives --config java

 你会看到我的ssh中存在乱码。

*+ 1           /usr/java/jdk1.7.0_03/bin/java

 输入1 敲回车

然后一切ok

# java -version

java version "1.7.0_03"

Java(TM) SE Runtime Environment (build 1.7.0_03-b04)

 

Java HotSpot(TM) 64-Bit Server VM (build 22.1-b02, mixed mode)

 

3. 下载和安装最新版tomcat

Download apache-tomcat-7.0.29.tar.gz (or the latest version) here
and save it to /usr/local/src

 

# md5sum apache-tomcat-7.0.29.tar.gz  

 

307076fa3827e19fa9b03f3ef7cf1f3f *apache-tomcat-7.0.29.tar.gz

 

Compare the output above to the MD5 Checksum provided next to the download link and you used above and check that it matches. 

unpack the file using tar -xzf:

# tar -xzf apache-tomcat-7.0.29.tar.gz

This will create the directory /usr/share/apache-tomcat-7.0.29

 

4. Configure Tomcat to Run as a Service

We will now see how to run Tomcat as a service and create a simple Start/Stop/Restart script, as well as to start Tomcat at boot.

Change to the /etc/init.d directory and create a script called 'tomcat' as shown below.

# cd /etc/init.d

# vi tomcat

And here is the script we will use.

 

#!/bin/bash
# description: Tomcat Start Stop Restart
# processname: tomcat
# chkconfig: 234 20 80
JAVA_HOME=/usr/java/jdk1.7.0_05
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
CATALINA_HOME=/usr/share/apache-tomcat-7.0.29

case $1 in
start)
sh $CATALINA_HOME/bin/startup.sh
;; 
stop)   
sh $CATALINA_HOME/bin/shutdown.sh
;; 
restart)
sh $CATALINA_HOME/bin/shutdown.sh
sh $CATALINA_HOME/bin/startup.sh
;; 
esac    
exit 0

 The above script is simple and contains all of the basic elements you will need to get going. 

 

As you can see, we are simply calling the startup.sh and shutdown.sh scripts located in the Tomcat bin directory (/usr/share/apache-tomcat-7.0.29/bin). 

You can adjust your script according to your needs and, in subsequent posts, we'll look at additional examples.

CATALINA_HOME is the Tomcat home directory (/usr/share/apache-tomcat-7.0.29)

Now, set the permissions for your script to make it executable:

# chmod 755 tomcat

 

We now use the chkconfig utility to have Tomcat start at boot time. In my script above, I am using chkconfig: 234 20 80. 2345 are the run levels and 20 and 80 are the stop and start priorities respectively. You can adjust as needed. 

# chkconfig --add tomcat  

# chkconfig --level 234 tomcat on  

 

Verify it:

# chkconfig --list tomcat  

 

tomcat          0:off   1:off   2:on    3:on    4:on    5:off   6:off 

 

Now, let's test our script.

 

Start Tomcat:

# service tomcat start  

Using CATALINA_BASE:   /usr/share/apache-tomcat-7.0.29  

Using CATALINA_HOME:   /usr/share/apache-tomcat-7.0.29  

Using CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.29/temp  

Using JRE_HOME:        /usr/java/jdk1.7.0_05  

Using CLASSPATH:       /usr/share/apache-tomcat-7.0.29/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.29/bin/tomcat-juli.jar  

 

Stop Tomcat:

 

# service tomcat stop  

Using CATALINA_BASE:   /usr/share/apache-tomcat-7.0.29  

Using CATALINA_HOME:   /usr/share/apache-tomcat-7.0.29  

Using CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.29/temp  

Using JRE_HOME:        /usr/java/jdk1.7.0_05  

 

Using CLASSPATH:       /usr/share/apache-tomcat-7.0.29/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.29/bin/tomcat-juli.jar  

 

Restarting Tomcat (Must be started first):

# service tomcat restart

Using CATALINA_BASE:   /usr/share/apache-tomcat-7.0.29

Using CATALINA_HOME:   /usr/share/apache-tomcat-7.0.29

Using CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.29/temp

Using JRE_HOME:        /usr/java/jdk1.7.0_05

Using CLASSPATH:       /usr/share/apache-tomcat-7.0.29/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.29/bin/tomcat-juli.jar

Using CATALINA_BASE:   /usr/share/apache-tomcat-7.0.29

Using CATALINA_HOME:   /usr/share/apache-tomcat-7.0.29

Using CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.29/temp

Using JRE_HOME:        /usr/java/jdk1.7.0_05

 

Using CLASSPATH:       /usr/share/apache-tomcat-7.0.29/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.29/bin/tomcat-juli.jar

 

We should review the Catalina.out log located at /usr/share/apache-tomcat-7.0.29/logs/catalina.out and check for any errors.

# more /usr/share/apache-tomcat-7.0.29/logs/catalina.out  

We can now access the Tomcat Manager page at:

 

 

http://yourdomain.com:8080 or http://yourIPaddress:8080 and we should see the Tomcat home page.

 

Tomcat 7 contains a number of changes that offer finer-grain roles.

For security reasons, no users or passwords are created for the Tomcat manager roles by default. In a production deployment, it is always best to remove the Manager application.

To set roles, user name(s) and password(s), we need to configure the tomcat-users.xml file located at $CATALINA_HOME/conf/tomcat-users.xml.

In the case of our installation, $CATALINA_HOME is located at /usr/share/apache-tomcat-7.0.29.

By default the Tomcat 7 tomcat-users.xml file will have the elements between the and tags commented-out. .

New roles for Tomcat 7 offer finer-grained access and The following roles are now available:

manager-gui

manager-status

manager-jmx

manager-script

admin-gu

admin-script.

 

 

We can set the manager-gui role, for example as below

 

<tomcat-users>
<role rolename="manager-gui"/>
<user username="tomcat" password="secret" roles="manager-gui"/>
</tomcat-users>

 Caution should be exercised in granting multiple roles so as not to under-mind security.

 

 

5.Manage Memory Usage Using JAVA_OPTS.

Getting the right heap memory settings for your installation will depend on a number of factors. 

For simplicity, we will set our inital heap size, Xms, and our maximum heap size, Xmx, to the same value of 128 Mb

Simliarly, there are several approaches you can take as to where and how you set your JAVA_OPTS

Again, for simplicity, we will add our JAVA_OPTS memory parameters in our Catalina.sh file.

So, open the Catalina.sh file located under /usr/share/apache-tomcat-7.0.29/bin with a text editor or vi.

Since we are using 128 Mb for both initial and maximum heap size, add the following line to Catalina.sh

JAVA_OPTS="-Xms128m -Xmx128m"

I usually just add this in the second line of the file so it looks as so:

 

#!/bin/sh
JAVA_OPTS="-Xms128m -Xmx128m" 
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at

 

 

6. How to Run Tomcat using Minimally Privileged (non-root) User.   

In our Tomcat configuration above, we are running Tomcat as Root.

For security reasons, it is always best to run services with the only those privileges that are necessary. 

There are some who make a strong case that this is not required, but it's always best to err on the side of caution.

To run Tomcat as non-root user, we need to do the following:

 

 

1. Create the group 'tomcat':

# groupadd tomcat

 

2. Create the user 'tomcat' and add this user to the tomcat group we created above.

 

# useradd -s /bin/bash -g tomcat tomcat

The above will create a home directory for the user tomcat in the default user home as /home/tomcat

If we want the home directory to be elsewhere, we simply specify so using the -d switch.

# useradd -g tomcat -d /usr/share/apache-tomcat-7.0.29/tomcat tomcat  

The above will create the user tomcat's home directory as /usr/share/apache-tomcat-7.0.29/tomcat

 

3. Change ownership of the tomcat files to the user tomcat we created above:

# chown -Rf tomcat.tomcat /usr/share/apache-tomcat-7.0.29/  

Note: it is possible to enhance our security still further by making certain files and directories read-only. This will not be covered in this post and care should be used when setting such permissions.

 

4. Adjust the start/stop service script we created above. In our new script, we need to su to the user tomcat:

#!/bin/bash
# description: Tomcat Start Stop Restart
# processname: tomcat
# chkconfig: 234 20 80
JAVA_HOME=/usr/java/jdk1.7.0_05
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
CATALINA_HOME=/usr/share/apache-tomcat-7.0.29/bin

case $1 in
start)
/bin/su tomcat $CATALINA_HOME/startup.sh
;; 
stop)   
/bin/su tomcat $CATALINA_HOME/shutdown.sh
;; 
restart)
/bin/su tomcat $CATALINA_HOME/shutdown.sh
/bin/su tomcat $CATALINA_HOME/startup.sh
;; 
esac    
exit 0

 

7. How to Run Tomcat on Port 80 as Non-Root User.

Note: the following applies when you are running Tomcat in "stand alone" mode with Tomcat running under the minimally privileged user Tomcat we created in the previous step. 

To run services below port 1024 as a user other than root, you can add the following to your IP tables:

# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080    

# iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080    

 

Be sure to save and restart your IP Tables. 

 

8 (Optional): Running Tomcat behind Apache

As an alternative to running Tomcat on port 80, if you have Apache in front of Tomcat, you can use mod_proxy as well as ajp connector to map your domain to your Tomcat application(s) using an Apache vhost as shown below.

 

While Tomcat has improved it's 'standalone performance', I still prefer to have Apace in front of it for a number of reasons.

 

In your Apache config, be sure to set KeepAlive to 'on'. Apache tuning, of course, is a whole subject in itself...

VHOST with mod_proxy:

<VirtualHost *:80>
    ServerAdmin admin@yourdomain.com
    ServerName yourdomain.com
    ServerAlias www.yourdomain.com


    ProxyRequests Off
    ProxyPreserveHost On
    <Proxy *>
       Order allow,deny
       Allow from all
    </Proxy>


    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/


    ErrorLog logs/yourdomain.com-error_log
    CustomLog logs/yourdomain.com-access_log common

</VirtualHost>

 

VHOST with ajp connector and mod_proxy:

<VirtualHost *:80>
	ServerAdmin admin@yourdomain.com
	ServerName yourdomain.com
	ServerAlias www.yourdomain.com


	ProxyRequests Off
	ProxyPreserveHost On
	<Proxy *>
	Order allow,deny
	Allow from all
	</Proxy>

	ProxyPass / ajp://localhost:8009/
	ProxyPassReverse / ajp://localhost:8009/


	ErrorLog logs/yourdomain.com-error_log
	CustomLog logs/yourdomain.com-access_log common
</VirtualHost>

 In both vhost examples above, we are "mapping" the domain to Tomcat's ROOT directory. 

If we wish to map to an application such as yourdomain.com/myapp, we can add some rewrite as shown below.

This will rewrite all requests for yourdomain.com to yourdomain.com/myapp.

 

VHOST with rewrite:

<VirtualHost *:80>
	ServerAdmin admin@yourdomain.com
	ServerName yourdomain.com
	ServerAlias www.yourdomain.com


	RewriteEngine On
	RewriteRule ^/$ myapp/ [R=301]

	ProxyRequests Off
	ProxyPreserveHost On
	<Proxy *>
	Order allow,deny
	Allow from all
	</Proxy>

	ProxyPass / ajp://localhost:8009/
	ProxyPassReverse / ajp://localhost:8009/


	ErrorLog logs/yourdomain.com-error_log
	CustomLog logs/yourdomain.com-access_log common
</VirtualHost>

 

参考：http://www.davidghedini.com/pg/entry/install_tomcat_7_on_centos