#!/bin/bash

#####################################setup##########################################################

yum install -i gcc zlib1g zlib1g-dev openssl libssl-dev libpcre3 libpcre3-dev libevent-dev;#http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html;cd /usr/local/srctar -zxvf jdk-8u102-linux-x64.tar.gzmv /usr/local/src/jdk1.8.0_102 /usr/local/jdk#配置JDK环境变量sed -i '$a ulimit -n 65535' /etc/profilesed -i '$a export JAVA_HOME=/usr/local/jdk' /etc/profilesed -i '$a export JRE_HOME=$JAVA_HOME/jre' /etc/profilesed -i '$a export CLASSPATH=.:$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH' /etc/profilesed -i '$a export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH' /etc/profilesource /etc/profilecd /usr/local/srcwget https://mirrors.cnnic.cn/apache/tomcat/tomcat-8/v8.5.23/bin/apache-tomcat-8.5.23.tar.gz;tar -zxvf apache-tomcat-8.5.23.tar.gzcd apache-tomcat-8.5.23/lib#下载加入lib文件以支持共享sessionwget http://central.maven.org/maven2/de/javakaffee/msm/memcached-session-manager/2.1.1/memcached-session-manager-2.1.1.jarwget http://central.maven.org/maven2/de/javakaffee/msm/memcached-session-manager-tc8/2.1.1/memcached-session-manager-tc8-2.1.1.jarwget http://central.maven.org/maven2/net/spy/spymemcached/2.11.1/spymemcached-2.11.1.jarwget http://central.maven.org/maven2/de/javakaffee/msm/msm-javolution-serializer/2.1.1/msm-javolution-serializer-2.1.1.jarwget http://central.maven.org/maven2/javolution/javolution/5.4.5/javolution-5.4.5.jarcd .. && cd ..#禁止TLDs扫描新加入的jar包sed -i '134c xom-*.jar,javolution-5.4.5.jar,memcached-session-manager-2.1.1.jar,memcached-session-manager-tc8-2.1.1.jar,msm-javolution-serializer-2.1.1.jar,spymemcached-2.11.1.jar' apache-tomcat-8.5.23/conf/catalina.properties#tomcat的优化配置,在102行处插入内容sed -i '102c export JAVA_OPTS="-server -Xms1000M -Xmx1000M -Xss512k -XX:+AggressiveOpts -XX:+UseBiasedLocking -XX:+DisableExplicitGC -XX:MaxTenuringThreshold=15 -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:+CMSParallelRemarkEnabled -XX:+UseCMSCompactAtFullCollection -XX:LargePageSizeInBytes=128m -XX:+UseFastAccessorMethods -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=true"' apache-tomcat-8.5.23/bin/catalina.shcp -r apache-tomcat-8.5.23 /usr/local/tomcat#cat <~/aaa.txt##EOF#sed -i '20 r ~/aaa.txt' /usr/local/tomcat/conf/context.xmlcd /usr/local/srcwget http://mirror.bit.edu.cn/apache/apr/apr-1.6.3.tar.gz tar -zxvf apr-1.6.3.tar.gz cd apr-1.6.3 && ./configure --prefix=/usr/local/aprmake && make installcd .. && rm -rf apr-1.6.3 && rm -rf apr-1.6.3.tar.gz wget http://mirror.bit.edu.cn/apache/apr/apr-util-1.6.1.tar.gz tar -zxvf apr-util-1.6.1.tar.gz cd apr-util-1.6.1 && ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/aprmake && make installcd .. && rm -rf apr-util-1.6.1 && rm -rf apr-util-1.6.1.tar.gz wget https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-connectors/native/1.2.16/source/tomcat-native-1.2.16-src.tar.gz tar -zxvf tomcat-native-1.2.16-src.tar.gz cd tomcat-native-1.2.16-src/native && ./configure --with-apr=/usr/local/aprmake && make installcd .. && cd .. && rm -rf tomcat-native-1.2.16-src && rm -rf tomcat-native-1.2.16-src.tar.gz sed -i '$a export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/apr/lib' /etc/profilesource /etc/profile#####################################end setup#####################################################################添加管理员 # vi /usr/local/tomcat/conf/tomcat-users.xml

    # vi /usr/local/tomcat/conf/Catalina/localhost/下  添加manager.xml  #################################sed '1,10y/abcde/ABCDE/' file 来自: http://man.linuxde.net/sedCATALINA_BASE,CATALINA_HOMEstartup securityhttp://localhost:8080/adminserver.xml context.xml tomcat-users.xml web.xml catalina.policy catalinat.propertiesserver service connector engine host context realmengine valve host contextvalve:日志 单点登录 请求过滤Manager: context.xmlJNDI/????JDBC连接###########################################JavaMail发送邮件context.xmlmail.smtp.hostlocalhostweb.xmlmail/Sessionjavax.mail.SessionContainer#download,setup javamail activationweb.xmlSendMailServletSendMailServletSendMailServlet/mail/SendMailServlet###################添加管理员权限http://localhost:8080/manager/###三种部署方式manager,ant,http##三种连接器：http,nio,arp##支持CGI：web.xml删除注释,context.xml:##支持SSI：同上ssi 

          org.apache.catalina.ssi.SSIServlet 

        buffered1debug0expires666isVirtualWebappRelative04ssi*.shtmlssi 

          org.apache.catalina.ssi.SSIFilter 

        contentTypetext/x-server-parsed-html(;.*)?debug0expires666isVirtualWebappRelative0inputEncodingutf-8outputEncodingutf-8#################################################tomcat性能调优linux修改TOMCAT_HOME/bin/catalina.sh，在前面加入JAVA_OPTS="-XX:PermSize=64M -XX:MaxPermSize=128m -Xms512m -Xmx1024m -Duser.timezone=Asia/Shanghai"tomcat 线程优化maxThreads="600"      ///最大线程数minSpareThreads="100"///初始化时创建的线程数maxSpareThreads="500"///一旦创建的线程超过这个值，Tomcat就会关闭不再需要的socket线程。acceptCount="700"//指定当所有可以使用的处理请求的线程数都被使用时，可以放到处理队列中的请求数，超过这个数的请求将不予处理这里是http connector的优化，如果使用apache和tomcat做集群的负载均衡，并且使用ajp协议做apache和tomcat的协议转发，那么还需要优化ajp connector。##配置线程池由于tomcat有多个connector，所以tomcat线程的配置，又支持多个connector共享一个线程池。首先。打开/conf/server.xml，增加最大线程500（一般服务器足以），最小空闲线程数20，线程最大空闲时间60秒。然后，修改节点，增加executor属性，executor设置为线程池的名字：可以多个connector公用1个线程池，所以ajp connector也同样可以设置使用tomcatThreadPool线程池。禁用DNS查询 enableLookups="false"##安装并启动APR:更好的支持并发(1)安装APR tomcat-native    apr-1.3.8.tar.gz  安装在/usr/local/apr    #tar zxvf apr-1.3.8.tar.gz    #cd apr-1.3.8    #./configure;make;make install        apr-util-1.3.9.tar.gz  安装在/usr/local/apr/lib    #tar zxvf apr-util-1.3.9.tar.gz    #cd apr-util-1.3.9      #./configure --with-apr=/usr/local/apr ----with-java-home=JDK;make;make install        #cd apache-tomcat-6.0.20/bin      #tar zxvf tomcat-native.tar.gz      #cd tomcat-native/jni/native      #./configure --with-apr=/usr/local/apr;make;make install      (2)设置 Tomcat 整合 APR    修改 tomcat 的启动 shell （startup.sh），在该文件中加入启动参数：      CATALINA_OPTS="$CATALINA_OPTS -Djava.library.path=/usr/local/apr/lib" 。 #############################################ajp#worker.propeties worker1.list=worker1worker.worker1.type=ajp13worker.worker1.host=192.168.1.12#apache:confLoadModule jk_module modules/mod_jk.soJkWorkersFile conf/workers.propertiesJkLogFile logs/httpd/mod_jk.logJkLogLevel debugJkRequestLogFormat "%w %U %T"JkMount /exapmle/* worker1SetEnvIf Request_URL "nojk/*" no-jk###############################mod_proxyLoadModule proxy_module modules/mod_proxy.soLoadModule proxy_ajp_module modules/mod_proxy_ajp.soLoadModule proxy_balancer_module modules/mod_proxy_balancer.soProxyRequests offProxyPreserveHost OnOrder deny,allow

Allow from allProxyPass /example/jsp ajp://192.168.1.12:8009/example/jspProxyPassReverse /example/jsp ajp://192.168.1.12:8009/example/jspOrder deny,allow

Allow from all#################################worker.list=xx,yy,zzworker.xx.type=ajp13worker.xx.host=localhostworker.xx.port=8009IIS与Tomcat连接：ISAPI####resource配置JDBC server.xml#grant all privileges on *.* to 'xx' identified by 'xxx'#flush privileges###########################tomcat安全删除/webapps/examples更改shutdown端口用tomcat账号启动 /bin/su tomcat $CATALINA_HOME/bin/startup.shjre: chmod -R o=rx /jre/*    tomcat: chown -R tomcat:tomcat /tomcat/#tomcat启用security manager: catalina.sh start -security##catalina.policy 启用类装载器grant codeBase "file:${catalina.home}/webapps/youapp/-"{permission java.lang.RuntimePermission "createClassLoader"}##启用JDBC驱动打开数据库grant codeBase "file:${catalina.home}/webapps/-" {permission java.net.SocketPermission "db.server.com:54213", "connect";}##允许访问25端口grant codeBase "file:${catalina.home}/webapps/-"{permission java.net.SocketPermission "mail.server.com:25","connect";}##读写所有文件grant {java.io.FilePermission "<>","read,write,execute,delete";}###serlvet:BASIC,摘要，FORM,HTTPS客户端证书##禁用目录列表listingsfalse###禁用SSI，CGI，关闭privileged='true'#########################################apache 加入 sslListen 192.168.10.10:80NameVirtualHost 192.168.10.10ServerName xx.com

DocumentRoot /xx/xx

ServerAdmin xx@qq.com

ErrorLog /xx/xx.log

CustomLog /xx/xx.log common##tomcat虚拟主机###########################apache tomcat互联###################################httpd.confListen 80LoadModule jk_module modules/mod_jk.soJKWorkdersFile /etc/httpd/conf/workers.propertiesJKShmFile /var/log/httpd/mod_jk.shmJKLogFile /var/log/httpd/mod_jk.logJKLogLevel infoJKLogStampFormat "[%a %b %d %H:%M:%S %Y]"NameVirtualHost 192.168.1.2ServerName aa.com

DocumentRoot /home/websites/aa

ErrorLog /home/websites/aa/error

CustomLog /home/websites/aa/access common

JKMount /*.jsp aa-workerworkers.propertiesworker.list=aa-worker,bb-workerworker.aa-worker.type=ajp13worker.aa-worker.host=aa.comworker.aa-worker.port=8009##########################end apache tomcat互联#######################################启用managertomcat-users.xmlhttp://xx:8080/host-manager/html

#######

JVM_OPTIONS='-Xms512m -Xmm1024m'  初始堆大小，最大堆大小

export JVM_OPTIONS

grant codeBase "file:/home/xx/xx/-"{

permission java.io.FilePermission "/some/cc/xx/*","read";

}

################################################################################

/manager/jmxproxy

################################################jmx监控tomcat

bin/catalina.sh

#加入

  [ $1 != "stop" ] && JAVA_OPTS="-Dcom.sun.management.jmxremote \ 

-Dcom.sun.management.jmxremote.port=9008 \ 

-Dcom.sun.management.jmxremote.ssl=false \ 

-Dcom.sun.management.jmxremote.authenticate=false $JAVA_OPTS" 

export JAVA_OPTS 

#java/bin/jconsole启动,输入

service:jmx:rmi:///jndi/rmi://localhost:9008/jmxrmi 

##################################################################################

负载均衡：

DNS负载均衡

硬件负载均衡(F5 big-ip:4-7层，15万以上；梭子鱼负载均衡：比较便宜)

软件负载均衡(LVS,Nginx,HAProxy)

#mod_jk,mod_proxy通信

##http head:get,accept,referer,accept-language,accept-encoding,host,connection

##request,response

#nginx

          proxy_pass http://geeboo;

              proxy_redirect off;

              proxy_set_header X-Real-IP $remote_addr; 

              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

              proxy_set_header Host $host;

              client_max_body_size 1024m;

              client_body_buffer_size 1024000k;

              proxy_connect_timeout 40s;

              proxy_send_timeout 40s;

              proxy_read_timeout 40s;

              proxy_buffer_size 102400k;

              proxy_buffers 6 102400k;

              proxy_busy_buffers_size 102400k;

              proxy_temp_file_write_size 102400k;

##############

##扫描参数  -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9

##扫描端口 nmap -p80,443,55,110 192.168.10.10

##扫描端口 nmap -sP 192.168.10.10

##扫描网段 nmap -sP 10.10.10.0/24

##扫描操作系统 nmap -O 10.10.10.0/24

##扫描所有  nmap -A 10.10.10.0/24

##扫描版本检测 nmap -sV 10.10.10.0