Category Archives: Tomcat

How to Install Apache Tomcat on CentOS

Apache Tomcat is an open source Java Servlet implementation developed by the Apache Software Foundation. Beside Java Servlets, Tomcat implements several other Java server technologies including  JavaServer Pages (JSP), Java Expression Language, and Java WebSocket. Tomcat provides an HTTP Web Server for Java applications with support for HTTP/2, OpenSSL for JSSE and TLS virtual hosting.

In this tutorial, I will show you how to install and configure Apache Tomcat 8.5 on a CentOS 7 server and how to install and configure Java on a CentOS server which is one of the prerequisites for Tomcat.


  • Server with CentOS 7 – 64bit
  • 2 GB or more RAM (Recommended)
  • Root Privileges on the server

Step 1 – Install Java (JRE and JDK)

In this step, we will install the Java JRE and JDK from the CentOS repository. We will install Java 1.8.11 on the server with the yum command.

Run this command to install Java JRE and JDK from CentOS repository with yum:

yum -y install java-1.8.0-openjdk.x86_64 java-1.8.0-openjdk-devel.x86_64

It will take some time, wait until the installation finished.

Then you should check the Java version with the command below:

java -version

You should see results similar to the ones below:

openjdk version “1.8.0_111”
OpenJDK Runtime Environment (build 1.8.0_111-b15)
OpenJDK 64-Bit Server VM (build 25.111-b15, mixed mode)

Check the Java version

Step 2 – Configure the Java Home Environment

In the first step, we’ve installed Java. Now we need to configure the JAVA_HOME environment variable on the CentOS server so that Java applications can find the right Java version and Tomcat requires the JAVA_HOME environment to be setup properly, so we need to configure it.

Before we configure the JAVA_HOME environment, we need to know where the Java directory is. Check the Java directory with the command below:

sudo update-alternatives –config java

Java directory = “/usr/lib/jvm/java-1.8.0-openjdk-

Then edit the environment file with vim:

vim /etc/environment

Add the JAVA_HOME environment variable by adding the configuration below:


Save the /etc/environment file and exit vim.

Next, edit the .bash_profile file and add the JAVA_HOME variable as well:

vim ~/.bash_profile

At the end of the file, paste the configuration below:

export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-
export PATH=$JAVA_HOME/bin:$PATH

Save the file, then reload the bash_profile file.

source ~/.bash_profile

Make sure there is no error, Finally check the JAVA_HOME environment variable:


You will see Java path directory.

Setup the Java home environment variable

Step 3 – Install Apache Tomcat 8.5

In this step, we will install Apache Tomcat under the user tomcat (which we have to create first).

Create a user and group named tomcat:

groupadd tomcat
useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat

-s /bin/false = disable shell access
-g tomcat = assign new user to the group tomcat
-d /opt/tomcat = define the home directory for the user

Next, go to the /opt directory and download tomcat with the wget command:

cd /opt/

Extract Tomcat and move all the files and directories that are in the ‘apache-tomcat-8.5.6’ directory to the ‘tomcat’ directory.

tar -xzvf apache-tomcat-8.5.6.tar.gz
mv apache-tomcat-8.5.6/* tomcat/

Now change the owner of the tomcat directory to the tomcat user and group.

chown -hR tomcat:tomcat tomcat

Step 4 – Test Apache Tomcat

In step 3, we installed and configure tomcat. In this step, we just want to run a short test to make sure there are no errors.

Go to the tomcat/bin directory and run the command ‘’ to test Apache Tomcat:

cd /opt/tomcat/bin/

Make sure the result is ‘Tomcat started’.

Tomcat is using port 8080 now, check the open port on the server with the netstat command.

netstat -plntu

Check that Tomcat has been started with netstat

Or visit the server IP address with port 8080 – in my case – with a web browser. You will see the Apache Tomcat default page.

Test Apache Tomcat with a Browser

Next, stop Apache Tomcat and because we will run it Tomcat with a systemd service file in the final configuration. Make sure the tomcat directory is owned by the tomcat user and group.

cd /opt/tomcat/bin/
chown -hR tomcat:tomcat /opt/tomcat/

Shutdown Apache Tomcat server test.

Step 5 – Setup Apache Tomcat Service

In this tutorial, we will run Apache Tomcat as tomcat user with a systemd service file for easy starting and stopping of the service. So the next step is to create a ‘tomcat.service’ file.

Go to the systemd system directory and create a new file ‘tomcat.service’.

cd /etc/systemd/system/
vim tomcat.service

Paste the configuration below:

Description=Apache Tomcat 8 Servlet Container

Save the file and exit vim.

Reload the systemd daemon, then start and add the Apache Tomcat service at boot time.

systemctl daemon-reload
systemctl start tomcat
systemctl enable tomcat

Now check that tomcat is running by checking the open port 8080.

netstat -plntu

And check the tomcat status, make sure the service is active.

systemctl status tomcat

Check Tomcat service started with Systemd

Step 6 – Configure Apache Tomcat Users

In this step, we will configure the users for Apache Tomcat. Tomcat is installed, and it’s running by default on port 8080, we can access it with a web browser, but we can not access the site-manager dashboard yet. To enable and configure Tomcat users, edit the file ‘tomcat-users.xml’.

Go to the tomcat configuration directory and edit the tomcat-users.xml file with vim.

cd /opt/tomcat/conf/
vim tomcat-users.xml

Create a new line under line 43 and paste configuration below:

<role rolename="manager-gui"/>
<user username="admin" password="password" roles="manager-gui,admin-gui"/>

Save the file and exit vim.

Next, go to the manager directory and edit the context.xml file.

cd /opt/tomcat/webapps/manager/META-INF/
vim context.xml

Comment out line 19 and 20.

<Context antiResourceLocking=”false” privileged=”true” >
<!–  <Valve className=”org.apache.catalina.valves.RemoteAddrValve”
allow=”127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1″ /> –>

Save the file and exit vim.

Go to the host-manager directory and edit the context.xml file again.

cd /opt/tomcat/webapps/host-manager/META-INF/
vim context.xml

Comment out again line 19 and 20.

<Context antiResourceLocking=”false” privileged=”true” >
<!–  <Valve className=”org.apache.catalina.valves.RemoteAddrValve”
allow=”127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1″ /> –>

Save the file and exit, then restart tomcat.

systemctl restart tomcat

Step 7 – Configure Firewalld

In CentOS 7, we have a default firewall tool named firewalld. It replaces the iptables interface and connects to the Netfilter kernel code.

In this step, we will start the firewalld service and open port 8080 so we can access the Apache Tomcat server from the outside of the network.

Start the firewalld service and add it to start at boot time with the systemctl command.

systemctl start firewalld
systemctl enable firewalld

Next, add the apache tomcat port 8080 to the firewall with the firewall-cmd command, and reload the firewalld service.

firewall-cmd –zone=public –permanent –add-port=8080/tcp
firewall-cmd –reload

Check that all the services are available in the firewall and check that the Apache Tomcat port 8080 is open.

firewall-cmd –list-ports
firewall-cmd –list-services

Apache Tomcat port 8080 is accessible from outside of the network, and the ssh port is open by default as well.

Start Apache Tomcat Service with Systemd

Step 8 – Testing

Open your web browser and type in your server IP with port 8080. You will see the Apache Tomcat default page.

Apache Tomcat Home page

Go to the manager dashboard with URL below:

Type in the admin username ‘admin‘ with password ‘mypassword‘, the configuration that we made on step 5.

Apache Tomcat Manager Dashboard

Now go to the host-manager dashboard with URL below:

Enter the admin user and password that you set in step 5, you will see the Tomcat Virtual host Manager.

Apache Tomcat Virtual Host Manager Dashboard

Apache Tomcat 8.5 has been installed on a CentOS 7 Server.



Tomcat作为服务运行时,JACOB调用Excel失败解决方案 – – ITeye博客




3,如果仔细查看Tomcat日志会发现以下错误: Invoke of: OpenSource: Microsoft Office Excel Description: Microsoft Office Excel

• 文件名称或路径不存在。
• 文件正被其他程序使用。
• 您正要保存的工作簿与当前打开的工作簿同名。



1,如果是windows 2008 操作系统














8,在里面找到一个名为”Microsoft Excel Application”的节点

9,右键单击该节点,选属性 ,切换到标识选项卡


如果在第8步里,你没有找到”Microsoft Excel Application”的节点,恭喜你,又被微软这个垃圾公司给坑了,据说是微软忘了在windows2008 64位的dcom配置里加入32位程序,诅****咒微软1000000遍。






11,输入 mmc comexp.msc /32 这个命令




LB 负载均衡的层次结构




在七、八年前那时我在做 Java 的企业软件开发,开发出来的企业级 Java 应用程序就部署在像 Weblogic 之类的应用容器中。而这类应用容器软件又跑在 Unix 的小型机上。把硬件和软件一体打包作为企业应用解决方案卖给客户。这类应用部署的方案十分简单,层级也比较浅。为了保证可靠性,使用两套小型机上各部署一个 Weblogic Server,在应用服务前面使用像 F5 之类的硬件负载均衡器,如下图所示。

由于小型机和前面的 F5 负载均衡硬件都比较贵,所以出于可靠性、可维护性和成本的综合考虑,一般应用部署两套跑在两台小型机上,在前面共享一个 F5 做负载均衡。而一般 F5 和小型机这类硬件设备都至少是 5 个 9 的可靠性保障,所以整体的系统可靠性基本有保障。

进入互联网时代后,应用开发拥抱开源,部署使用更廉价的 PC Server 和免费开源的应用容器。负载均衡也逐步从硬负载向软负载变迁,由于互联网应用的海量特性和部署规模的急剧膨胀,前端负载均衡也开始变得丰富起来。


进入互联网公司后,我们刚开始开发应用时,业务规模小用户量还不大,机器数量也少(<10)。所以一开始的负载均衡的结构也是很简单的,类似硬负载只是把硬件换成了免费的开源软件并跑在可用性是有 3 个 9 的廉价 PC Server 上。

前面一个 LVS 后面跟着几个应用服务,后来为了方便做按域名的分流和适配切流量上线,中间又加了一层 Nginx。

这样就变成了两层软负载结构了,LVS 负责 4 层,Nginx 负责 7 层。 但 Nginx 只负责了单机内多实例的负载均衡,这里主要是因为当时 PC Server 是物理机,CPU 16/32 core,内存 32/64G 不等,为了更充分的利用资源,一台物理机上都部署了多个应用服务实例,而考虑到 Nginx 工作在 7 层的开销远高于 LVS/DR 模式,所以一般在一个 Nginx 后面挂的实例数也不会超过 10 个。

但随着业务发展和用户流量上升,机器规模也在不断扩张,导致一个网段内的 IP 都不够用了,这套负载结构又遇到了横向扩展的瓶颈,因为 LVS/DR 模式下跨不了网段。所以后来又在 LVS 和 Nginx 之间加了一层 HAProxy,负载结构就变成了下面这样。

其实加了 HAProxy 之后,它也是工作在 7 层,这样 Nginx 这层看起来就不是很有必要。但三层的负载结构能支撑更大规模的集群,而原本在 Nginx 层做了一套方便研发切流量上线的运维管理系统,所以牺牲一点性能换取现在的可维护性和将来扩展性,Nginx 这层就一直保留下来了。而且 Nginx 相比 HAProxy 不是纯粹的负载均衡器,它还能提供 cache 功能,对于某些 HTTP 请求实际只走到 Nginx 这层就可以通过缓存命中而返回。


随着业务发展,公司开始了多个 IDC 的建设,考虑到 IDC 级别的容灾,集群开始部署到多个 IDC。跨 IDC 的负载均衡方案可以简单通过 DNS 轮询来实现,但可控性不好。所以我们没有采用这种,而是采用一主加多子域名的方式来基于业务场景实现动态域名调度和负载。主域名下实际是一个动态流量调度器,跨多个 IDC 部署,对于 HTTP 请求基于重定向方式跳子域名,对于 TCP 方式每次建立长连接前请求分配实际连接的子域名,如下图所示。


最后再加上互联网应用必不可少的 CDN 将静态资源请求的负载分流,那么整个负载的层次结构就完整了。

SSL 带来的负载结构变化

随着互联网的普及,安全问题益发严重,原本早期只有银行网银等使用 HTTPS 方式访问,现在电商类网站也开始启用全站 HTTPS 了。引入 SSL 后对负载结构带来了什么影响么?SSL 属于应用层的协议,所以只能在 7 层上来做,而 HAProxy 也是支持 SSL 协议的,所以一种方式是只需简单的让 HAProxy 开启 SSL 支持完成对内解密对外加密的处理。

但 HAProxy 的作者不太赞同这种方案,因为引入 SSL 处理是有额外的性能开销的。那么在承担确定流量的情况下,假设原本需要 M 台 HAProxy,在开启了 SSL 后可能需要 M + N 台 HAProxy。随着流量增长,这种方式的横向扩展成本较高(毕竟 SSL 证书按服务器数量来收费的)。他给出的解决方案是再独立一层 SSL 代理缓存层,像下面这样。

L4 和 L7 之间独立的 SSL 代理缓存层只负责 SSL 协议的处理,把 HTTPS 转换成 HTTP,并检查本地缓存是否命中。若未命中再转发请求到后端的 L7 层应用负载均衡层。这样的好处是每个层次都可以根据流量来独立伸缩,而且 SSL 层显然可以跨多个应用共享,更节省成本。如果按这个思路来重新调整我们前面的负载均衡结构层次,将会演变成下面这样。

其实,这时我觉得应用前面的那层 Nginx 可能就显得多余了点,不是必需的。但如果现实这么演进下来很可能就会有这么一层冗余的东西存在很长一段时间,这就是理想和现实之间的差距吧。


好了,本文到此为止。作为一名后台开发我其实对上面提及的各类开源软件如何配置、调优和管理并不熟悉,这属于运维开发的问题域范畴。但这并不妨碍我去了解我所开发的应用所处的整个环境是怎样的,多了解些你工作领域范围边界外的 What 和 Why,有时也能帮助我们更好的设计和解决自身问题域内的问题,别为自己设限而最终画地为牢。

本来以为负载均衡这个古老的课题已经定型了,在写本文时又看到新闻,在近日举办的第十三届网络系统设计与实现 USENIX 研讨会上,来自 Google 的工程师又分享了其自研的 Maglev 负载均衡器。刚下了论文还没看,回头看了再来写写。


[1] HAProxy Documentation.  HAProxy Management Guide
[2] HAProxy Documentation.  HAProxy Starter Guide
[3] Willy Tarreau.  Making applications scalable with Load Balancing
[4] LVS wiki.  Load balancing
[5] Wikipedia.  Virtual Router Redundancy Protocol
[6] shuming.  LVS 工作模式以及工作原理


How to install Tomcat on CentOS

How to Install Tomcat 8 on CentOS 7.0 (Multiple Instances)

Install Oracle Java JDK 8 On CentOS 7

yum install java-1.8.0-openjdk.x86_64

# java -version

# cd /usr/share
# wget
# tar zxvf apache-tomcat-8.0.9.tar.gz

# groupadd tomcat
# useradd -g tomcat -s /bin/bash -d /usr/share/apache-tomcat-8.0.9 tomcat
# chown -Rf tomcat.tomcat /usr/share/apache-tomcat-8.0.9/

# su – tomcat

$ cd bin
$ ./

start the service: sh or ./

stop the service sh or ./

netstat -an | grep 8080

ps -ef  | grep tomcat



<connector port=”80“protocol=”HTTP/1.1″connectionTimeout=”20000”      redirectPort=”8443″/>


<Host name=””  appBase=”webapps”     unpackWARs=”true”/>


腾讯云 SSL证书管理

tomcat 配置SSl:


port=”443″ maxThreads=”200″
scheme=”https” secure=”true” SSLEnabled=”true”
keystoreFile=”conf/xxx.jks” keystorePass=”password”
clientAuth=”false” sslProtocol=”TLS”/>