Tomcat规定非root用户不能使用1024以下端口,如果要使用80端口可使用端口转发功能来实现。
##开启允许数据包转发,如果值为1,那么就是开启状态,如果为0,则需要开启
$ sysctl -a |grep ip_forwrad
$ echo 0 > /proc/sys/net/ipv4/ip_forward //此方法为临时,重启后失效
$ echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf //此方法永久,重启后生效
##当前tomcat启动端口为8080,监听本机80端口将数据包转发至8080端口,本机防火墙只需要开启8080
$ firewall-cmd --permanent --add-rich-rule='rule family="ipv4" forward-port to-port="8080" protocol="tcp" port="80"'
$ firewall-cmd --add-port=8080/tcp ##临时重启会失效
$ firewall-cmd --add-port=8080/tcp --permanent
shell>useradd -r tomcat
shell>cat /etc/systemd/system/tomcat.service
[Unit]
Description=tomcat7
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
User=tomcat
Type=forking
ExecStart=/usr/local/apache-tomcat-7.0.70/bin/startup.sh
PrivateTmp=true
[Install]
WantedBy=multi-user.target
shell>cat /usr/local/apache-tomcat-7.0.70/bin/setenv.sh
#JDK安装路径
JAVA_HOME="/usr/local/jdk1.8.0_101"
#JDK运行参数
JAVA_OPTS="-Xms1024m -Xmx4096m -XX:PermSize=128m -XX:MaxPermSize=256m"
#add tomcat pid
#CATALINA_PID="$CATALINA_BASE/tomcat.pid"
# Do not set the variables in this script. Instead put them into a script
# setenv.sh in CATALINA_BASE/bin to keep your customizations separate.
#
# CATALINA_HOME May point at your Catalina "build" directory.
#
# CATALINA_BASE (Optional) Base directory for resolving dynamic portions
# of a Catalina installation. If not present, resolves to
# the same directory that CATALINA_HOME points to.
#
# CATALINA_OUT (Optional) Full path to a file where stdout and stderr
# will be redirected.
# Default is $CATALINA_BASE/logs/catalina.out
# Ensure that any user defined CLASSPATH variables are not used on startup,
# but allow them to be specified in setenv.sh, in rare case when it is needed.
CLASSPATH=
if [ -r "$CATALINA_BASE/bin/setenv.sh" ]; then
. "$CATALINA_BASE/bin/setenv.sh"
elif [ -r "$CATALINA_HOME/bin/setenv.sh" ]; then
. "$CATALINA_HOME/bin/setenv.sh"
fi