Apache Tomcat 8.5 安全配置与高并发优化

https://www.renwole.com/archives/357

1.编辑修改配置文件：

# vim /usr/program/tomcat8/conf/server.xml

2.禁用8005端口

默认值:

<Server port="8005" shutdown="SHUTDOWN">

修改为:

<Server port="-1" shutdown="SHUTDOWN">

3.应用程序安全&关闭自动部署

默认值:

<Host name="localhost" appBase="webapps"

unpackWARs="true" autoDeploy="true">

修改为:

<Host name="localhost" appBase="webapps"

unpackWARs="false" autoDeploy="false" reloadable="false">

4.maxThreads 连接数限制修改配置

默认值:

<!--

<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"

maxThreads="150" minSpareThreads="4"/>

-->

修改为:

<Executor

name="tomcatThreadPool"

namePrefix="catalina-exec-"

maxThreads="500"

minSpareThreads="30"

maxIdleTime="60000"

prestartminSpareThreads = "true"

maxQueueSize = "100"

/>

5.Connector 参数优化配置

默认值:

<Connector

port="8080"

protocol="HTTP/1.1"

connectionTimeout="20000"

redirectPort="8443"

/>

修改为:

<Connector

executor="tomcatThreadPool"

port="8080"

protocol="org.apache.coyote.http11.Http11Nio2Protocol"###__###protocol="HTTP/1.1"默认配置

connectionTimeout="60000"

maxConnections="10000"

redirectPort="8443"

enableLookups="false"

acceptCount="100"

maxPostSize="10485760"

maxHttpHeaderSize="8192"

compression="on"

disableUploadTimeout="true"

compressionMinSize="2048"

acceptorThreadCount="2"

compressableMimeType="text/html,text/plain,text/css,application/javascript,application/json,application/x-font-ttf,application/x-font-otf,image/svg+xml,image/jpeg,image/png,image/gif,audio/mpeg,video/mp4"

URIEncoding="utf-8"

processorCache="20000"

tcpNoDelay="true"

connectionLinger="5"

server="Server Version 11.0"

/>

6.隐藏或修改 Tomcat 版本号

# cd /usr/local/tomcat/lib/

# unzip catalina.jar

# cd org/apache/catalina/util

# vim ServerInfo.properties

server.info=Apache Tomcat/8.5.16

server.number=8.5.16.0

server.built=Jun 21 2017 17:01:09 UTC

将以上去掉或修改版本号即可。

7.删除禁用默认管理页面以及相关配置文件

# rm -rf /usr/local/apache-tomcat-8.5.16/webapps/*

# rm -rf /usr/local/apache-tomcat-8.5.16/conf/tomcat-users.xml