匿名用户7 Answers
oneinstack answered 9 年 ago
建议nginx反向代理tomcat,而且tomcat用80端口,必须root用户启动tomcat,为了安全和性能建议nginx+tomcat
tomcat配置文件:/usr/local/tomcat/conf/server.xml
还有iptables
tomcat配置文件:/usr/local/tomcat/conf/server.xml
还有iptables
gtdragon198 answered 9 年 ago
议nginx反向代理tomcat,而且tomcat用80端口,必须root用户启动tomcat,为了安全和性能建议nginx+tomcat
tomcat配置文件:/usr/local/tomcat/conf/server.xml
还有iptables
我就装了TOMCAT+JDK
还编辑了IPTABLES
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
加入了这两个,重启服务器
还是不行,80端口和443端口都不行,我用TOMCAT8+JDK1.8
<Service name="Catalina">
<Connector port="8080"
protocol="org.apache.coyote.http11.Http11AprProtocol"
connectionTimeout="20000"
redirectPort="443"
maxThreads="1000"
minSpareThreads="20"
acceptCount="1000"
debug="0"
disableUploadTimeout="true"
useBodyEncodingForURI="true"
enableLookups="false"
URIEncoding="UTF-8" />
不行啊,啊里有问题?
tomcat配置文件:/usr/local/tomcat/conf/server.xml
还有iptables
我就装了TOMCAT+JDK
还编辑了IPTABLES
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
加入了这两个,重启服务器
还是不行,80端口和443端口都不行,我用TOMCAT8+JDK1.8
<Service name="Catalina">
<Connector port="8080"
protocol="org.apache.coyote.http11.Http11AprProtocol"
connectionTimeout="20000"
redirectPort="443"
maxThreads="1000"
minSpareThreads="20"
acceptCount="1000"
debug="0"
disableUploadTimeout="true"
useBodyEncodingForURI="true"
enableLookups="false"
URIEncoding="UTF-8" />
不行啊,啊里有问题?
gtdragon198 answered 9 年 ago
INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
UTPUT ACCEPT [1:140]
:syn-flood - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
# -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
# -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p icmp -m limit --limit 100/sec --limit-burst 100 -j ACCEPT
-A INPUT -p icmp -m limit --limit 1/sec --limit-burst 10 -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall0-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A syn-flood -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Mon Jan 4 20:20:00 2016
~
~
:FORWARD ACCEPT [0:0]
UTPUT ACCEPT [1:140]
:syn-flood - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
# -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
# -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p icmp -m limit --limit 100/sec --limit-burst 100 -j ACCEPT
-A INPUT -p icmp -m limit --limit 1/sec --limit-burst 10 -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall0-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A syn-flood -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Mon Jan 4 20:20:00 2016
~
~
oneinstack answered 9 年 ago
80端口要开放的,nginx放心代理tomcat,不要开80端口即可,和其它没关系.
lnmt模式,不需要懂任何配置,./vhost.sh 绑定即可。
lnmt模式,不需要懂任何配置,./vhost.sh 绑定即可。
Please login or Register to submit your answer