文章目录
- 实验环境
- 实验步骤
- 准备好对应的软件包数据
- 安装JDk
- 安装Tomcat
- 修改Tomcat配置文件,设置访问站点目录
- 在db01上安装MySQL
- 访问网页进行网站注册
- 配置tomcat basic认证
此实验简单操作使用Tomcat进行部署网站
实验环境
| 主机名字 | IP | 服务 |
|---|---|---|
| web01 | 10.0.0.7 | tomcat9.0 提供网页web服务 |
| db01 | 10.0.0.51 | 存储数据 |
实验步骤
准备好对应的软件包数据
Tomcat 最常用的安装方式就是二进制压缩包(tar.gz/zip)方式,yum安装速度快、自动配置系统依赖,但是系统源中的 Tomcat 版本通常较旧(无法获取最新版)
1、从官网获取tomcat和jdk安装包 下载Tomcat9.0软件包[root@web02 ~]# wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.85/bin/apache-tomcat-9.0.85.tar.gz--2025-12-1917:47:36-- https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.85/bin/apache-tomcat-9.0.85.tar.gz Resolving archive.apache.org(archive.apache.org)...65.108.204.189, 2a01:4f9:1a:a084::2 Connecting to archive.apache.org(archive.apache.org)|65.108.204.189|:443... connected. HTTP request sent, awaiting response...200OK Length:11809177(11M)[application/x-gzip]Saving to: ‘apache-tomcat-9.0.85.tar.gz’#下载JDK8.0软件包# 下载最新版Temurin JDK 8(64位)wgethttps://github.com/adoptium/temurin8-binaries/releases/download/jdk8u402-b06/OpenJDK8U-jdk_x64_linux_hotspot_8u402b06.tar.gz[root@web02 ~]# lsanaconda-ks.cfg epel-release-7-14.noarch.rpm jdk-8u281-linux-x64.rpm 下载 图片 桌面 视频 apache-tomcat-9.0.85.tar.gz initial-setup-ks.cfg system_init_service.sh 公共 文档 模板 音乐安装JDk
# 把JDK解压到指定目录[root@web02 ~]# mkdir /app[root@web02 ~]# tar -zxvf jdk-8u411-linux-x64.tar.gz -C /app[root@web02 app]# mv jdk1.8.0_411/ jdk1.8.0[root@web02 app]# lsjdk1.8.0 配置JAVA环境[root@web02 jdk1.8.0]# vim /etc/profileexportJAVA_HOME=/app/jdk1.8.0[root@web02 jdk1.8.0]# source /etc/profile#测试是否成功安装[root@web02 jdk1.8.0]# java -versionopenjdk version"1.8.0_222-ea"OpenJDK Runtime Environment(build1.8.0_222-ea-b03)OpenJDK64-Bit Server VM(build25.222-b03, mixed mode)安装Tomcat
#将二进制包解压到指定目录[root@web02 ~]# tar xf apache-tomcat-9.0.85.tar.gz -C /app[root@web02 ~]# cd /app/[root@web02 app]# lsapache-tomcat-9.0.85 jdk1.8.0[root@web02 app]# mv apache-tomcat-9.0.85/ tomcat-9.0[root@web02 app]# lsjdk1.8.0 tomcat-9.0#启动Tomcat[root@web02 app]# /app/tomcat-9.0/bin/startup.shUsing CATALINA_BASE: /app/tomcat-9.0 Using CATALINA_HOME: /app/tomcat-9.0 Using CATALINA_TMPDIR: /app/tomcat-9.0/temp Using JRE_HOME: /app/jdk1.8.0/ Using CLASSPATH: /app/tomcat-9.0/bin/bootstrap.jar:/app/tomcat-9.0/bin/tomcat-juli.jar Using CATALINA_OPTS: Tomcat started.#检查端口是否正常启动[root@web02 app]# netstat -lnpt | grep 8080tcp600:::8080 :::* LISTEN76013/java修改Tomcat配置文件,设置访问站点目录
#创建站点资源目录 并且下载zrlog[root@web02 ~]# mkdir /html[root@web02 ~]# wget -O /html/ROOT.war http://dl.zrlog.com/release/zrlog.war--2025-12-1919:22:25-- http://dl.zrlog.com/release/zrlog.war Resolving dl.zrlog.com(dl.zrlog.com)...172.67.139.31,104.21.94.182,2606:4700:3033::6815:5eb6,... Connecting to dl.zrlog.com(dl.zrlog.com)|172.67.139.31|:80... connected. HTTP request sent, awaiting response...200OK Length:10535252(10M)Saving to: ‘/html/ROOT.war’100%[=============================================================================================================================>]10,535,252 137KB/sin83s2025-12-1919:23:50(124KB/s)- ‘/html/ROOT.war’ saved[10535252/10535252][root@web02 ~]# cd /html/#.war结尾的包不需要解压 在重启运行Tomcat的时候会自动解压的[root@web02 html]# lsROOT.war#修改配置文件[root@web02 html]# cd /app/tomcat-9.0/conf/[root@web02 conf]# vim server.xml<Hostname="blog.jy.com"appBase="/html"#设置访问的名字和访问资源的路径unpackWARs="true"autoDeploy="true"><!-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html --><!--<ValveclassName="org.apache.catalina.authenticator.SingleSignOn"/>--><!-- Access log processes all example. Documentation at: /docs/config/valve.html Note: The pattern used is equivalent to usingpattern="common"--><ValveclassName="org.apache.catalina.valves.AccessLogValve"directory="logs"prefix="blog.jy.com_access_log"suffix=".txt"pattern="%h %l %u %t "%r" %s %b"/>#重启Tomcat[root@web02 conf]# /app/tomcat-9.0/bin/shutdown.sh && /app/tomcat-9.0/bin/startup.shUsing CATALINA_BASE: /app/tomcat-9.0 Using CATALINA_HOME: /app/tomcat-9.0 Using CATALINA_TMPDIR: /app/tomcat-9.0/temp Using JRE_HOME: /app/jdk1.8.0/ Using CLASSPATH: /app/tomcat-9.0/bin/bootstrap.jar:/app/tomcat-9.0/bin/tomcat-juli.jar Using CATALINA_OPTS: Using CATALINA_BASE: /app/tomcat-9.0 Using CATALINA_HOME: /app/tomcat-9.0 Using CATALINA_TMPDIR: /app/tomcat-9.0/temp Using JRE_HOME: /app/jdk1.8.0/ Using CLASSPATH: /app/tomcat-9.0/bin/bootstrap.jar:/app/tomcat-9.0/bin/tomcat-juli.jar Using CATALINA_OPTS: Tomcat started.在db01上安装MySQL
在之前的LNMP架构中有步骤,已经多次安装过了可以参考,这里的db01是已经装好了数据库的,进行创建对应数据库和授权用户
#登入账号[root@db01 ~]# mysql -uroot -pJy123.commysql:[Warning]Using a password on thecommandline interface can be insecure. Welcome to the MySQL monitor. Commands end with;or\g. Your MySQL connectionidis49Server version:5.7.44 MySQL Community Server(GPL)Copyright(c)2000,2023, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type'help;'or'\h'forhelp. Type'\c'toclearthe current input statement. 创建连接数据 mysql>create database zrlog;Query OK,1row affected(0.00sec)创建连接数据库用户 mysql>createUSERzrlog identified by'Jy123.com';Query OK,0rows affected(0.00sec)授权 mysql>grant all on zrlog.* to zrlog@'10.0.0.%'identified by'Jy123.com';Query OK,0rows affected,1warning(0.00sec)刷新权限 mysql>flush privileges;Query OK,0rows affected(0.00sec)验证用户能否登入[root@db01 ~]# mysql -uzrlog -pJy123.commysql:[Warning]Using a password on thecommandline interface can be insecure. Welcome to the MySQL monitor. Commands end with;or\g. Your MySQL connectionidis51Server version:5.7.44 MySQL Community Server(GPL)Copyright(c)2000,2023, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type'help;'or'\h'forhelp. Type'\c'toclearthe current input statement. mysql>访问网页进行网站注册
配置tomcat basic认证
Basic认证是 Tomcat 对HTTP/1.1 协议定义的 HTTP Basic 认证机制的实现,是一种简单的、基于用户名和密码的身份验证方式,目的是限制对 Tomcat 部署的 Web 应用 / 资源的访问—— 只有输入正确用户名和密码的用户,才能访问受保护的内容,未认证的用户会被拒绝(返回 401 错误)
basic工作原理
1、客户端发起请求:用户用浏览器访问 Tomcat 中受保护的资源
2、Tomcat 返回认证提示:Tomcat 检测到用户未认证,返回401 Unauthorized响应,并在响应头中添加WWW-Authenticate: Basic realm=“xxx”(realm是认证域,用于标识受保护的资源范围),浏览器会弹出一个默认的登录弹窗。
3、用户输入账号密码:用户在弹窗中输入用户名和密码,浏览器将用户名和密码用Base64 编码(注意:是编码而非加密,可逆)后,放在请求头的Authorization: Basic [编码后的字符串]中,再次发送请求
4、Tomcat 验证并授权:Tomcat 解码请求头中的字符串,验证用户名和密码是否正确(通常验证 Tomcat 本地配置的用户,或 LDAP 等外部用户),正确则允许访问资源,错误则再次返回 401
修改配置文件[root@web02 ~]# cd /html/ROOT/WEB-INF[root@web02 WEB-INF]# vim web.xml<!-- Tomcat Basic认证配置 --><security-constraint><web-resource-collection><web-resource-name>admin test</web-resource-name><!-- 修复点2:修改受保护路径为后台资源(/admin/*),而非登录入口 --><url-pattern>/admin/*</url-pattern><!-- 可选:如果需要保护多个路径,可添加多个url-pattern --><!--<url-pattern>/api/*</url-pattern>--></web-resource-collection><auth-constraint><role-name>test</role-name></auth-constraint></security-constraint><login-config><auth-method>BASIC</auth-method><realm-name>Default</realm-name></login-config><!-- 修复点3:添加security-role,显式声明test角色 --><security-role><role-name>test</role-name></security-role></web-app>添加系统角色[root@web02 WEB-INF]# vim /app/tomcat-9.0/conf/tomcat-users.xml结尾添加<rolerolename="test"/>#登入用户名称username 密码password<userusername="tomcat"password="123456"roles="test"/>重启服务 /app/tomcat-9.0/bin/shutdown.sh&&/app/tomcat-9.0/bin/startup.sh访问后台管理页面http://blog.jy.com:8080/admin/
