一、安装 openssh 1 sudo apt-get install openssh-server
二、安装 mysql 1 sudo apt-get install mysql-server mysql-client
三、安装 java 1 2 3 4 sudo apt-get install python-software-properties sudo add-apt-repository ppa:webupd8team/java sudo apt-get update sudo apt-get install oracle-java8-installer
四、安装 Tomcat 1、创建 tomcat 用户 1 2 sudo groupadd tomcat sudo useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat
2、下载 tomcat 并解压 1 2 3 cd /opt sudo wget http: sudo tar -xvf apache-tomcat-8.0 .26.tar.gz
3、修改 tomcat 目录权限 1 sudo chown -R tomcat:tomcat /opt/apache-tomcat-8.0 .26
4、设置环境变量 编辑 /etc/environment,在末尾添加
1 2 JAVA_HOME="/usr/lib/jvm/java-8-oracle" CATALINA_HOME="/opt/apache-tomcat-8.0.26"
5、测试安装结果 1 sudo /opt/apache-tomcat-8.0 .26/bin/startup.sh
控制台输出以下内容:
1 2 3 4 5 6 Using CATALINA_BASE: /opt/apache-tomcat-8.0 .26 Using CATALINA_HOME: /opt/apache-tomcat-8.0 .26 Using CATALINA_TMPDIR: /opt/apache-tomcat-8.0 .26/temp Using JRE_HOME: /usr Using CLASSPATH: /opt/apache-tomcat-8.0 .26/bin/bootstrap.jar:/opt/apache-tomcat-8.0 .26/bin/tomcat-juli.jar Tomcat started.
打开浏览器访问 http://localhost:8080
五、开机启动 tomcat 1 sudo vi /etc/init/tomcat.conf
内容如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 description "Tomcat Server" start on runlevel [2345] stop on runlevel [!2345] respawn respawn limit 10 5 setuid tomcat setgid tomcat env JAVA_HOME=/usr/lib/jvm/java-8-oracle env CATALINA_HOME=/opt/apache-tomcat-8.0.26 # Modify these options as needed env JAVA_OPTS="-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom" env CATALINA_OPTS="-Xms512M -Xmx1024M -server -XX:+UseParallelGC" exec $CATALINA_HOME/bin/catalina.sh run # cleanup temp directory after stop post-stop script rm -rf $CATALINA_HOME/temp/* end script
重载配置并启动
1 2 sudo initctl reload-configuration sudo initctl start tomcat
1 $ vim $JAVA_HOME/jre/lib/security/java.security
securerandom.source=file:/dev/random
->
securerandom.source=file:/dev/urandom
六、启动多个 Tomcat 实例 1、建立新的 tomcat 实例目录 tomcat1,并复制必要的文件: 1 2 3 4 5 6 sudo mkdir /opt/tomcat-instance/tomcat1 cd /opt/tomcat-instance/tomcat1 sudo cp -r /opt/apache-tomcat-8.0 .26/conf conf sudo cp -r /opt/apache-tomcat-8.0 .26/webapps webapps sudo mkdir logs sudo mkdir temp
2、修改 tomcat1 目录权限 1 sudo chown -R tomcat:tomcat /opt/tomcat-instance/tomcat1
3、修改端口设置 打开 server.xml 配置文件:
1 sudo vi /opt/tomcat-instance/tomcat1/conf/server.xml
找到以下几行,修改对应的端口后,使之与其他的 server 端口不冲突:
1 2 3 4 5 6 7 <Server port="8005" shutdown="SHUTDOWN" > ... <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> ... <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
4、编辑启动/停止脚本 内容如下:
1 2 3 #! /bin/sh export CATALINA_BASE="/opt/tomcat-instance/tomcat1" exec "/opt/apache-tomcat-8.0.26/bin/startup.sh"
内容如下:
1 2 3 #! /bin/sh export CATALINA_BASE="/opt/tomcat-instance/tomcat1" exec "/opt/apache-tomcat-8.0.26/bin/shutdown.sh"
设置权限
1 2 sudo chown tomcat:tomcat *.sh sudo chmod +x *.sh
开机启动这个副本:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 description "Tomcat Server 1" start on runlevel [2345] stop on runlevel [!2345] respawn respawn limit 10 5 setuid tomcat setgid tomcat env JAVA_HOME=/usr/lib/jvm/java-8-oracle env CATALINA_HOME=/opt/tomcat # Modify these options as needed env JAVA_OPTS="-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom" env CATALINA_OPTS="-Xms512M -Xmx1024M -XX:MaxPermSize=256m -server -XX:+UseParallelGC" env CATALINA_BASE=/opt/tomcat-instance/tomcat1 exec $CATALINA_HOME/bin/catalina.sh run # cleanup temp directory after stop post-stop script rm -rf $CATALINA_BASE/temp/* end script
5、更多实例 需要建立更多实例,只需要复制 tomcat1 并修改对应的 server.xml 和启动脚本 CATALINA_BASE 设置。
七、安装 nginx 1、使用 apt-get 安装 nginx 添加 apt 源到 /etc/apt/sources.list 中
导入证书
1 2 gpg --keyserver keyserver.ubuntu.com --recv-key ABF5BD827BD9BF62 gpg -a --export ABF5BD827BD9BF62 | apt-key add -
安装 nginx
1 2 sudo apt-get update sudo apt-get install nginx
2、配置 nginx 反向代理负载均衡 tomcat 修改 /etc/nginx/conf.d/default.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 upstream tomcat-server { server 127.0.0.1:8080 weight=10; server 127.0.0.1:8081 weight=10; } server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; root /usr/share/nginx/html; index index.html index.htm; # Make site accessible from http://localhost/ server_name localhost; location / { proxy_pass http://tomcat-server; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass_request_headers on; proxy_pass_request_body on; } }
八、配置iptables开放指定的端口 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 #允许本地回环接口(即运行本机访问本机) iptables -A INPUT -i lo -j ACCEPT # 允许已建立的或相关连的通行 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #允许所有本机向外的访问 iptables -A OUTPUT -j ACCEPT # 允许访问22端口 iptables -A INPUT -p tcp --dport 22 -j ACCEPT #允许访问80端口 iptables -A INPUT -p tcp --dport 80 -j ACCEPT #允许FTP服务的21和20端口 iptables -A INPUT -p tcp --dport 21 -j ACCEPT iptables -A INPUT -p tcp --dport 20 -j ACCEPT #如果有其他端口的话,规则也类似,稍微修改上述语句就行 #允许ping iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT #禁止其他未允许的规则访问 iptables -A INPUT -j REJECT #(注意:如果22端口未加入允许规则,SSH链接会直接断开。) iptables -A FORWARD -j REJECT
九、安装 vsftpd 安装 1 2 sudo apt-get update sudo apt-get install vsftpd
配置 修改 /etc/vsftpd.conf,添加
1 2 3 4 userlist_deny=NO userlist_enable=YES userlist_file=/etc/vsftpd_allowed_users seccomp_sandbox=NO
修改以下几项配置如下:
1 2 3 4 5 6 anonymous_enable=NO local_enable=YES write_enable=YES chroot_local_user=YES local_root=/home/uftp
创建用户 uftp 并允许 ftp 登录 1 2 3 sudo mkdir /home/uftp sudo useradd -d /home/uftp -s /bin/bash uftp sudo passwd uftp
创建 /etc/vsftpd_allowed_users 文件,添加允许 ftp 登录用户:
编辑 /etc/ftpusers,删除允许 ftp 登录的用户。(该文件记录不允许登录用户)
编辑 /etc/pam.d/vsftpd, 注销所有 #auth required 行
修改目录权限 重启 vsftpd 1 sudo service vsftpd restart
