1. Download:
http://www.eu.apache.org/dist/jakarta/tomcat-5/5/5/5/5/5/
http://www.apache.org/dist/jakarta/tomcat-5/v5.5.x/bin/jakarta-tomcat-5.5.x-admin.zip
http://www.apache.org/dist/jakarta/tomcat-5/v5.5.x/bin/jakarta-tomcat-5.5.x-compat.zip
http://www.apache.org/dist/jakarta/tomcat-5/v5.5.x/bin/jakarta-tomcat-5.5.x.zip
http://www.apache.org/dist/jakarta/tomcat-5/v5.5.x/bin/jakarta-tomcat-5.5.x-deployer.zip
Put
Jakarta-Tomcat-5.5.x.zip
with
Jakarta-tomcat-5.5.x-compat.zip
with
Jakarta-tomcat-5.5.x-admin.zip
(Tomcat default is no built-in Admin module)
Tomcat's Administration Web Application IS No Longer Installed by Default. Download and Install The "admin" package to use it.)
They are decompressed below the same directory. For example: d: /jakarta-tomcat-5.5.x/
(If you use JDK1.4, you need it.
Compat.zip can be free from JDK1.5. )
2. Modify Jakarta-Tomcat-5.5.x / conf / tomcat-users.xml.
Add administrator account lizongbo, password is lizongbopass.
The new XML is as follows:
3. Modify Jakarta-Tomcat-5.5.x / conf / server.xml to resolve the code problem.
(Add uRiencoding parameters to Connector, refer to
http://blog.9cbs.net/darkxie/archive/2004/10/25/tomcatapp.aspx (can be set to GB18030)
Maxthreads = "150" MINSPARETHREADS = "25" maxsparethreads = "75" Enablelookups = "false" redirectport = "8443" acceptcount = "200" ConnectionTIMEOUT = "20000" disableuploadtimeout = "true" uriencoding = "gbk" Compression = "on" compressionminsize = "2048" NocompressionUseragents = "Gozilla, Traviata" CompressableMimeType = "text / html, text / xml" /> Enablelookups = "false" redirectport = "8443" protocol = "ajp / 1.3" uriencoding = "gbk" /> 4. Enable support Gzip compression. ( http://www.linuxaid.com.cn/forum/showdoc.jsp?l=1&i=81169) Add the following properties Compression = "on" CompressionminSize = "2048" NocompressionUseragents = "Gozilla, Traviata" CompressableMimeType = "text / html, text / xml" 5. Set the virtual host. Create a folder vhost / www.mydomain.com in Jakarta-Tomcat-5.5.x /. Then modify jakarta-tomcat-5.5.x / conf / server.xml 6. Add database driver, update mail.jar and actiovation.jar Copy MySQL-Connector-Java-3.0.16-Ga-bin.jar, pg74.215.jdbc3.jar to Jakarta-Tomcat-5.5.x / Common / LIB / There is also a mail.jar, Javamail 1.3.2, JAF-1_0_2 Activation.jar MSSQL 2000 JDBC SP3, MSBase.jar, Msutil, Jar, MSSQLServer.jar7. Configuring SSL reference Http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html D: /J2SDK1.4.2_06/bin>% java_home% / bin / keytool -genkey -alias tomcat -keyalg rsa Enter keystore password: lizongbossl What is your name and last name? [Tomcat5.5.x]: Tomcat5.5.x What is your organizational unit name? [JAKARTA]: JAKARTA What is your organization name? [Apache]: Apache What is your city or region name? [hzcity]: hzcity What is your state or provincial name? [GDP]: GDP What is the two-letter country code in this unit? [CN]: CN CN = Tomcat5.5.x, ou = jakarta, o = apache, l = hzcity, ST = GDP, c = CN correct? [No]: Y Enter (If you pass the keystore password, press Enter): (The password must be consistent, so go directly to the car) Then then copy UserHome (for example: c: / documents and settings / lizongbo /). KeyStore Tomcat's conf / directory. (For example: d: /jakarta-tomcat-5.5.x/conf/.keystore) Configure jakarta-tomcat-5.5.x / conf / server.xml Plus Maxthreads = "150" MINSPARETHREADS = "25" maxsparethreads = "75" Enablelookups = "false" disableuploadtimeout = "true" AcceptCount = "100" scheme = "https" secure = "true" ClientAuth = "false" sslprotocol = "tls" KeyStorefile = "conf / .keystore" KeyStorePass = "lizongbossl"> 8. Prohibit the file directory list, Modify Jakarta-Tomcat-5.5.x / conf / web.xml, set the listing to false 9. Specify your own javaencoding (reference http://gceclub.sun.com.cn/staticcontent/html/sunone/app7/app7-dg-webapp/ch6/ch6-4.html) 10. Add RAR, ISO, etc. MIME-TYPE mapping Avoid direct opening directly in the browser. 10.1 Setting up the HTML static page 2312 2312 11. Add Welcome-File-List and adjust the order. 12. If your webapp needs only HTTPS way access, then in WebApp's Web.xml plus: reference: http://jakarta.apache.org/tomcat/faq/security.html# https Http://marc.theaimsgroup.com/?l=tomcat-useer&m=104951559722619&w=2 13. Modify the command of the remote shutdown server. Server.xml has the following line: This allows anyone to enter "Shutdown" as long as the Telnet is 8005 port, then enter "shutdown", then carries back, the server is turned off immediately. From a secure perspective, we need to change this Shutdown directive to a string that is not easy to guess. For example, modifications are as follows: Note: This modification does not affect the execution of Shutdown.bat. You can turn off the server like running shutdown.bat. reference: http://jakarta.apache.org/tomcat/faq/security.html#8005 You can refer to: Http://www.cnjsp.org/document/User/tuman/valve.html 14. Configure the HTTP access log. Tomcat comes with recordable HTTP access logs have been very detailed. Cancel the comment below: Directory = "Logs" prefix = "localhost_access_log." suffix = ". txt" Pattern = "Common" resolvehosts = "false" /> Then modified to: Directory = "Logs" prefix = "localhost_access_log." suffix = ". txt" Pattern = "combined" resolvehosts = "false" filedateformat = "YYYY-mm-dd.hh" /> The log content recorded by pattern = "combined" is more detailed. FileDateFormat = "YYYY-mm-dd.hh" will make the log file to roll on hours, It is better than the default, especially where the number of visits is large, can consider writing FileDateFormat = "YYYY-MM-DD.HH.MM", it will be a log file per minute. And can be pressed separately ENGINE, Host, OR Context to record your log Details reference: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/valve.html http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/logger.html Http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/host.html#access logs And you can cooperate AWSTATS for log statistics analysis: http://www.chedong.com/tech/awstats.html 15. Restrict IP, limit host access, and so on. If you want to prohibit the specified IP or host name to reject some machine access, or specify some machines to access. Also support ENGINE, Host, OR Context, make the following configuration: Allow = "*. Mycompany.com, www.yourcompany.com" /> Deny = "192.168.1. *" /> reference: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html 16. Publish webapp to the website root directory 1. Copy directly to the root directory. 2. Because you can't create an unnamed XML file, and in the XML file, it is also invalid (Tomcat relying on file name to judge), Therefore, you must write the following: in Server.xml: Privileged = "true" AntiresourceLocking = "false" Antijarlocking = "false"> Entropy = "SuijisiFuchuansuijisifuchuansuijisifuchuanuijisifuchuan" MaxAntive Researchions = "800" /> Directory = "Logs" prefix = "localhost_mytest_access_log." suffix = ". txt" Pattern = "Combined" resolvehosts = "true" filedateformat = "YYYY-mm-dd.hh" /> And you must delete the root directory, otherwise Tomcat is preferred to deploy the root directory as "/". 17. When restarting Tomcat's WebApp, it is forbidden to write the session into the file. Modify Conf / Web.xml Cancel notes: 18. Enhance the generation algorithm and length of SessiIONID. (The default is MD5, the length is 16 bits.) 19. Configure log :( http://jakarta.apache.org/tomcat/tomcat-5.5-doc/logging.html) New log4j.properties in d: /jakarta-tomcat-5.5.8/common/classes/ content: Log4j.rootlogger = debug, r Log4j.Appender.r = org.apache.log4j.rollingfileappender Log4j.Appender.r.file = $ {catalina.home} /logs/tomcat5.5.log Log4j.Appender.r.maxFileSize = 10MB Log4j.Appender.r.maxbackupindex = 10 Log4j.Appender.r.Layout = org.apache.log4j.patternlayout Log4j.Appender.r.Layout.conversionPattern =% P% T% C -% M% N Log4j.logger.org.apache.catalina = debug, r Log4j.logger.org.apache.catalina.core.containerbase.catalina.localhost = Debug, R Log4j.logger.org.apache.catalina.core = Debug, R Log4j.logger.org.Apache.catalina.Session = Debug, R Copy log4j-1.2.9.jar and commons-logging.jar to D: /jakarta-tomcat-5.5.8/common/lib 20. Using Windows Domain Verification http://jcifs.samba.org/src/docs/ntlmhttpauth.html
