Apache Tomcat 8.5 安全配置与高并发优化
https://www.renwole.com/archives/357
1.编辑修改配置文件:
# vim /usr/program/tomcat8/conf/server.xml
2.禁用8005端口
默认值:
<Server port="8005" shutdown="SHUTDOWN">
修改为:
<Server port="-1" shutdown="SHUTDOWN">
3.应用程序安全&关闭自动部署
默认值:
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
修改为:
<Host name="localhost" appBase="webapps"
unpackWARs="false" autoDeploy="false" reloadable="false">
4.maxThreads 连接数限制修改配置
默认值:
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
修改为:
<Executor
name="tomcatThreadPool"
namePrefix="catalina-exec-"
maxThreads="500"
minSpareThreads="30"
maxIdleTime="60000"
prestartminSpareThreads = "true"
maxQueueSize = "100"
/>
5.Connector 参数优化配置
默认值:
<Connector
port="8080"
protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
/>
修改为:
<Connector
executor="tomcatThreadPool"
port="8080"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"###__###protocol="HTTP/1.1"默认配置
connectionTimeout="60000"
maxConnections="10000"
redirectPort="8443"
enableLookups="false"
acceptCount="100"
maxPostSize="10485760"
maxHttpHeaderSize="8192"
compression="on"
disableUploadTimeout="true"
compressionMinSize="2048"
acceptorThreadCount="2"
compressableMimeType="text/html,text/plain,text/css,application/javascript,application/json,application/x-font-ttf,application/x-font-otf,image/svg+xml,image/jpeg,image/png,image/gif,audio/mpeg,video/mp4"
URIEncoding="utf-8"
processorCache="20000"
tcpNoDelay="true"
connectionLinger="5"
server="Server Version 11.0"
/>
6.隐藏或修改 Tomcat 版本号
# cd /usr/local/tomcat/lib/
# unzip catalina.jar
# cd org/apache/catalina/util
# vim ServerInfo.properties
server.info=Apache Tomcat/8.5.16
server.number=8.5.16.0
server.built=Jun 21 2017 17:01:09 UTC
将以上去掉或修改版本号即可。
7.删除禁用默认管理页面以及相关配置文件
# rm -rf /usr/local/apache-tomcat-8.5.16/webapps/*
# rm -rf /usr/local/apache-tomcat-8.5.16/conf/tomcat-users.xml
