# 检查JDK版本
# java -version
java version “17.0.10” 2026-01-16 LTS
Java(TM) SE Runtime Environment (build 17.0.10+9-LTS)
Java HotSpot(TM) 64-Bit Server VM (build 17.0.10+9-LTS, mixed mode, sharing)

# 下载Tomcat
# cd /opt
# wget https://downloads.apache.org/tomcat/tomcat-10/v10.1.19/bin/apache-tomcat-10.1.19.tar.gz
–2026-04-03 10:00:00– https://downloads.apache.org/tomcat/tomcat-10/v10.1.19/bin/apache-tomcat-10.1.19.tar.gz
Resolving downloads.apache.org… 192.168.1.100
Connecting to downloads.apache.org|192.168.1.100|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 12345678 (12M) [application/x-gzip]
Saving to: ‘apache-tomcat-10.1.19.tar.gz’

2026-04-03 10:00:30 (400 KB/s) – ‘apache-tomcat-10.1.19.tar.gz’ saved [12345678/12345678]

# 解压安装
# tar -xzf apache-tomcat-10.1.19.tar.gz
# ln -s apache-tomcat-10.1.19 tomcat

# 创建tomcat用户
# useradd -r -s /sbin/nologin tomcat

# 设置权限
# chown -R tomcat:tomcat /opt/tomcat
# chmod +x /opt/tomcat/bin/*.sh

# 配置环境变量
# cat > /etc/profile.d/tomcat.sh << 'EOF' export CATALINA_HOME=/opt/tomcat export PATH=$PATH:$CATALINA_HOME/bin EOF # source /etc/profile.d/tomcat.sh

# 创建systemd服务
# cat > /etc/systemd/system/tomcat.service << 'EOF' [Unit] Description=Apache Tomcat Web Application Container After=network.target [Service] Type=forking User=tomcat Group=tomcat Environment="JAVA_HOME=/usr/java/jdk-17" Environment="CATALINA_HOME=/opt/tomcat" Environment="CATALINA_BASE=/opt/tomcat" Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid" Environment="JAVA_OPTS=-Xms2g -Xmx4g -XX:+UseG1GC" ExecStart=/opt/tomcat/bin/startup.sh ExecStop=/opt/tomcat/bin/shutdown.sh Restart=on-failure RestartSec=10 [Install] WantedBy=multi-user.target EOF # 重载systemd # systemctl daemon-reload # 启动Tomcat # systemctl start tomcat # 设置开机自启 # systemctl enable tomcat Created symlink /etc/systemd/system/multi-user.target.wants/tomcat.service → /etc/systemd/system/tomcat.service. # 查看服务状态 # systemctl status tomcat ● tomcat.service - Apache Tomcat Web Application Container Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2026-04-03 10:00:00 CST; 1min ago Process: 12345 ExecStart=/opt/tomcat/bin/startup.sh (code=exited, status=0/SUCCESS) Main PID: 12346 (java) Tasks: 50 (limit: 49143) Memory: 2.5G CGroup: /system.slice/tomcat.service └─12346 /usr/java/jdk-17/bin/java -Djava.util.logging.config.file...

# server.xml核心配置
# cat /opt/tomcat/conf/server.xml

# 优化Connector配置
# cat > /opt/tomcat/conf/server.xml.d/connector-optimized.xml << 'EOF'
EOF

# JVM参数配置
# cat > /opt/tomcat/bin/setenv.sh << 'EOF' #!/bin/bash export JAVA_HOME=/usr/java/jdk-17 export CATALINA_HOME=/opt/tomcat JAVA_OPTS="-server" JAVA_OPTS="${JAVA_OPTS} -Xms4g" JAVA_OPTS="${JAVA_OPTS} -Xmx4g" JAVA_OPTS="${JAVA_OPTS} -XX:+UseG1GC" JAVA_OPTS="${JAVA_OPTS} -XX:MaxGCPauseMillis=200" JAVA_OPTS="${JAVA_OPTS} -XX:ParallelGCThreads=8" JAVA_OPTS="${JAVA_OPTS} -XX:ConcGCThreads=2" JAVA_OPTS="${JAVA_OPTS} -XX:+HeapDumpOnOutOfMemoryError" JAVA_OPTS="${JAVA_OPTS} -XX:HeapDumpPath=/opt/tomcat/logs/heapdump.hprof" JAVA_OPTS="${JAVA_OPTS} -Djava.awt.headless=true" JAVA_OPTS="${JAVA_OPTS} -Dfile.encoding=UTF-8" JAVA_OPTS="${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom" JAVA_OPTS="${JAVA_OPTS} -Dcatalina.logs=/opt/tomcat/logs" export JAVA_OPTS EOF # chmod +x /opt/tomcat/bin/setenv.sh # chown tomcat:tomcat /opt/tomcat/bin/setenv.sh

# 部署WAR应用
# cp fgedu-app.war /opt/tomcat/webapps/
# ls -la /opt/tomcat/webapps/
total 12345
drwxr-xr-x 4 tomcat tomcat 4096 Apr 3 10:00 fgedu-app
-rw-r–r– 1 tomcat tomcat 12345678 Apr 3 10:00 fgedu-app.war
drwxr-xr-x 14 tomcat tomcat 4096 Apr 3 10:00 docs
drwxr-xr-x 7 tomcat tomcat 4096 Apr 3 10:00 examples
drwxr-xr-x 5 tomcat tomcat 4096 Apr 3 10:00 host-manager
drwxr-xr-x 5 tomcat tomcat 4096 Apr 3 10:00 manager
drwxr-xr-x 3 tomcat tomcat 4096 Apr 3 10:0 ROOT

# 查看应用部署状态
# curl -s http://fgedudb:8080/manager/text/list | head -20
OK – Listed applications for virtual host fgedudb
/:running:0:ROOT
/examples:running:0:examples
/host-manager:running:0:host-manager
/manager:running:0:manager
/fgedu-app:running:0:fgedu-app
/docs:running:0:docs

# 使用Manager部署应用
# curl -u admin:Fgedu@123456 “http://fgedudb:8080/manager/text/deploy?path=/fgedu-new&war=file:/tmp/fgedu-new.war”
OK – Deployed application at context path [/fgedu-new]

# 重新加载应用
# curl -u admin:Fgedu@123456 “http://fgedudb:8080/manager/text/reload?path=/fgedu-app”
OK – Reloaded application at context path [/fgedu-app]

# 停止应用
# curl -u admin:Fgedu@123456 “http://fgedudb:8080/manager/text/stop?path=/fgedu-app”
OK – Stopped application at context path [/fgedu-app]

# 启动应用
# curl -u admin:Fgedu@123456 “http://fgedudb:8080/manager/text/start?path=/fgedu-app”
OK – Started application at context path [/fgedu-app]

# 配置Context部署描述符
# cat > /opt/tomcat/conf/Catalina/fgedudb/fgedu-app.xml << 'EOF'

EOF

# 查看应用状态
# curl -s http://fgedudb:8080/manager/text/serverinfo
OK – Server info
Tomcat Version: Apache Tomcat/10.1.19
OS Name: Linux
OS Version: 5.4.17-2136.302.7.2.el7uek.x86_64
Architecture: amd64
JVM Version: 17.0.10+9-LTS
JVM Vendor: Oracle Corporation

# 集群配置 – 节点1
# cat > /opt/tomcat/conf/server.xml << 'EOF'

EOF

# 集群配置 – 节点2（修改jvmRoute和Receiver端口）
# sed -i ‘s/jvmRoute=”node1″/jvmRoute=”node2″/’ /opt/tomcat/conf/server.xml
# sed -i ‘s/port=”4000″/port=”4001″/’ /opt/tomcat/conf/server.xml

# Nginx负载均衡配置
# cat > /etc/nginx/conf.d/tomcat-cluster.conf << 'EOF' upstream fgedu_cluster { least_conn; server 192.168.1.10:8080 weight=1 max_fails=3 fail_timeout=30s; server 192.168.1.11:8080 weight=1 max_fails=3 fail_timeout=30s; server 192.168.1.12:8080 weight=1 max_fails=3 fail_timeout=30s backup; keepalive 32; } server { listen 80; server_name fgedu.net.cn www.fgedu.net.cn; access_log /var/log/nginx/fgedu_access.log; error_log /var/log/nginx/fgedu_error.log; location / { proxy_pass http://fgedu_cluster; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; proxy_http_version 1.1; proxy_set_header Connection ""; } location /status { stub_status on; access_log off; allow 192.168.1.0/24; deny all; } } EOF # 测试负载均衡 # nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful # systemctl reload nginx

# 生成密钥库
# keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 \
-keystore /opt/tomcat/conf/.keystore \
-validity 3650 \
-dname “CN=fgedu.net.cn, OU=IT, O=FGedu, L=Beijing, ST=Beijing, C=CN”
Enter keystore password: Fgedu@123456
Re-enter new password: Fgedu@123456

# 查看密钥库
# keytool -list -keystore /opt/tomcat/conf/.keystore -storepass Fgedu@123456
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

tomcat, Apr 3, 2026, PrivateKeyEntry,
Certificate fingerprint (SHA-256): AB:CD:EF:12:34:56:78:90:AB:CD:EF:12:34:56:78:90:AB:CD:EF:12:34:56:78:90:AB:CD:EF:12:34:56:78:90

# 配置HTTPS连接器
# cat > /opt/tomcat/conf/server.xml.d/ssl-connector.xml << 'EOF'
EOF

# 重启Tomcat
# systemctl restart tomcat

# 测试HTTPS
# curl -k https://fgedudb:8443/

Welcome to Tomcat

# JVM性能调优
# cat > /opt/tomcat/bin/setenv.sh << 'EOF' #!/bin/bash JAVA_OPTS="-server" JAVA_OPTS="${JAVA_OPTS} -Xms8g" JAVA_OPTS="${JAVA_OPTS} -Xmx8g" JAVA_OPTS="${JAVA_OPTS} -XX:+UseG1GC" JAVA_OPTS="${JAVA_OPTS} -XX:MaxGCPauseMillis=200" JAVA_OPTS="${JAVA_OPTS} -XX:G1HeapRegionSize=16m" JAVA_OPTS="${JAVA_OPTS} -XX:InitiatingHeapOccupancyPercent=45" JAVA_OPTS="${JAVA_OPTS} -XX:ParallelGCThreads=16" JAVA_OPTS="${JAVA_OPTS} -XX:ConcGCThreads=4" JAVA_OPTS="${JAVA_OPTS} -XX:+UseStringDeduplication" JAVA_OPTS="${JAVA_OPTS} -XX:+OptimizeStringConcat" JAVA_OPTS="${JAVA_OPTS} -XX:+UseCompressedOops" JAVA_OPTS="${JAVA_OPTS} -XX:+UseCompressedClassPointers" JAVA_OPTS="${JAVA_OPTS} -XX:+HeapDumpOnOutOfMemoryError" JAVA_OPTS="${JAVA_OPTS} -XX:HeapDumpPath=/opt/tomcat/logs/heapdump.hprof" JAVA_OPTS="${JAVA_OPTS} -XX:+PrintGCDetails" JAVA_OPTS="${JAVA_OPTS} -XX:+PrintGCDateStamps" JAVA_OPTS="${JAVA_OPTS} -Xloggc:/opt/tomcat/logs/gc.log" JAVA_OPTS="${JAVA_OPTS} -XX:+UseGCLogFileRotation" JAVA_OPTS="${JAVA_OPTS} -XX:NumberOfGCLogFiles=10" JAVA_OPTS="${JAVA_OPTS} -XX:GCLogFileSize=100M" JAVA_OPTS="${JAVA_OPTS} -Djava.awt.headless=true" JAVA_OPTS="${JAVA_OPTS} -Dfile.encoding=UTF-8" JAVA_OPTS="${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom" JAVA_OPTS="${JAVA_OPTS} -Dorg.apache.catalina.connector.URI_ENCODING=UTF-8" JAVA_OPTS="${JAVA_OPTS} -Dorg.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING=true" export JAVA_OPTS EOF # 连接器性能调优 # cat > /opt/tomcat/conf/server.xml.d/performance-connector.xml << 'EOF'
EOF

# 查看Tomcat日志
# tail -100 /opt/tomcat/logs/catalina.out
03-Apr-2026 10:00:00.000 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name: Apache Tomcat/10.1.19
03-Apr-2026 10:00:00.001 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Jan 15 2026 10:00:00 UTC
03-Apr-2026 10:00:00.002 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 10.1.19.0
03-Apr-2026 10:00:00.003 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux
03-Apr-2026 10:00:00.004 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 5.4.17-2136.302.7.2.el7uek.x86_64
03-Apr-2026 10:00:00.005 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64
03-Apr-2026 10:00:00.006 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /usr/java/jdk-17
03-Apr-2026 10:00:00.007 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 17.0.10+9-LTS
03-Apr-2026 10:00:00.008 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle Corporation
03-Apr-2026 10:00:00.009 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [1234] milliseconds

# 查看访问日志
# tail -20 /opt/tomcat/logs/fgedudb_access_log.2026-04-03.txt
192.168.1.100 – – [03/Apr/2026:10:00:00 +0800] “GET /fgedu-app/ HTTP/1.1” 200 1234 50
192.168.1.101 – – [03/Apr/2026:10:00:01 +0800] “GET /fgedu-app/api/users HTTP/1.1” 200 5678 25
192.168.1.102 – – [03/Apr/2026:10:00:02 +0800] “POST /fgedu-app/api/login HTTP/1.1” 200 890 100
192.168.1.100 – – [03/Apr/2026:10:00:03 +0800] “GET /fgedu-app/static/css/main.css HTTP/1.1” 200 12345 5

# 使用JMX监控
# cat > /opt/tomcat/bin/setenv.sh << 'EOF' export JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote" export JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.port=9010" export JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.rmi.port=9010" export JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.authenticate=true" export JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.ssl=false" export JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.password.file=/opt/tomcat/conf/jmxremote.password" export JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.access.file=/opt/tomcat/conf/jmxremote.access" export JAVA_OPTS="${JAVA_OPTS} -Djava.rmi.server.hostname=192.168.1.10" EOF # 配置JMX访问权限 # cat > /opt/tomcat/conf/jmxremote.access << 'EOF' monitorRole readonly controlRole readwrite EOF # cat > /opt/tomcat/conf/jmxremote.password << 'EOF' monitorRole Fgedu@Monitor123 controlRole Fgedu@Control123 EOF # chmod 600 /opt/tomcat/conf/jmxremote.password # chown tomcat:tomcat /opt/tomcat/conf/jmxremote.*

# 删除默认应用
# rm -rf /opt/tomcat/webapps/{docs,examples,host-manager,manager,ROOT}

# 配置用户权限
# cat > /opt/tomcat/conf/tomcat-users.xml << 'EOF'

EOF

# 配置Manager访问限制
# cat > /opt/tomcat/webapps/manager/META-INF/context.xml << 'EOF'




EOF

# 隐藏版本信息
# cat > /opt/tomcat/conf/server.xml << 'EOF'
EOF

# 禁用目录列表
# cat > /opt/tomcat/conf/web.xml << 'EOF' listings false
EOF

# 检查端口占用
# netstat -tlnp | grep 8080
tcp6 0 0 :::8080 :::* LISTEN 12345/java

# 检查进程状态
# ps aux | grep tomcat
tomcat 12345 2.0 5.0 12345678 123456 ? Sl 10:00 0:30 /usr/java/jdk-17/bin/java …

# 检查内存使用
# jmap -heap 12345
Attaching to process ID 12345, please wait…
Debugger attached successfully.
Server compiler detected.
JVM version is 17.0.10+9-LTS

using thread-local object allocation.
Garbage-First (G1) GC with 16 thread(s)

Heap Configuration:
MinHeapFreeRatio = 10
MaxHeapFreeRatio = 20
MaxHeapSize = 8589934592 (8192.0MB)
NewSize = 1363144 (1.2999954223632812MB)
MaxNewSize = 5152702464 (4914.0MB)
OldSize = 5452592 (5.1999969482421875MB)

Heap Usage:
G1 Heap Regions
Region Size: 16384K
Regions: 512
Capacity: 8589934592 (8192.0MB)
Used: 123456789 (117.73MB)
Free: 8466477803 (8074.27MB)

# 检查线程状态
# jstack 12345 | head -50
2026-04-03 10:00:00
Full thread dump Java HotSpot(TM) 64-Bit Server VM (17.0.10+9-LTS mixed mode, sharing):

“main” #1 prio=5 os_prio=0 cpu=1234.56ms elapsed=3600.00s tid=0x00007f1234567890 nid=0x3039 waiting on condition [0x00007f1234567000]
java.lang.Thread.State: TIMED_WAITING (sleeping)
at java.lang.Thread.sleep(java.base@17/Native Method)
at org.apache.catalina.core.StandardServer.await(StandardServer.java:567)
at org.apache.catalina.startup.Catalina.await(Catalina.java:887)
at org.apache.catalina.startup.Catalina.start(Catalina.java:829)
at java.lang.invoke.DirectMethodHandle$Holder.invoke(java.base@17/DirectMethodHandle$Holder)
at java.lang.invoke.LambdaForm$MH/0x0000000800060800.invoke(java.base@17/LambdaForm$MH)

# 分析GC日志
# grep “Full GC” /opt/tomcat/logs/gc.log | tail -5
[2026-04-03T10:00:00.000+0800][gc,heap ] GC(123) Heap before GC: 123456789(14.73MB)
[2026-04-03T10:00:00.100+0800][gc,heap ] GC(123) Heap after GC: 56789012(6.78MB)