Tomcat 8.0.52

Contents

Tomcatとは


JavaEEの機能の内、Javaサーブレットのみを実行できるサーブレットコンテナの一種。
単独でWebサーバとしての機能も持つ。

各種URL



サーバー構築


構築環境





OS設定


ネットワーク


固定IPアドレス割り当て


次のファイルを編集する
# ifcfg-loはループバックインタフェースであるため、触らない
vi /etc/sysconfig/network-scripts/ifcfg-<インタフェース名>

以下では例として192.168.0.51/24を割り当てた
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.0.51
NETMASK=255.255.255.0
NETWORK=192.168.0.0
GATEWAY=192.168.0.1

ネットワークを再起動する
systemctl restart network

ip addressコマンドにより、インタフェースが有効になっていることを確認する
これによりホストマシンなどからSSHでログイン可能となる


firewalld


TomcatのデフォルトポートはTCP/8080であるが、単体でWEBサーバとして動作させるので、TCP/80を開ける。
接続元IPアドレス制限は行わない。

HTTPを開ける

  1. 現在ルールが定義されていることを確認
    firewall-cmd --permanent --info-service=http
  2. 現在ルールが適用されていないことを確認する
    firewall-cmd --list-services --zone=public --permanent | sed -e "s/ /\n/g" | grep http
  3. ルールを適用する
    firewall-cmd --add-service=http --zone=public --permanent
  4. ルールが適用されていることを確認する
    firewall-cmd --list-services --zone=public --permanent | sed -e "s/ /\n/g" | grep http
  5. 設定を再読み込みして反映させる
    firewall-cmd --reload

HTTPSも開ける場合

  1. 現在ルールが定義されていることを確認
    firewall-cmd --permanent --info-service=https
  2. 現在ルールが適用されていないことを確認する
    firewall-cmd --list-services --zone=public --permanent | sed -e "s/ /\n/g" | grep https
  3. ルールを適用する
    firewall-cmd --add-service=https --zone=public --permanent
  4. ルールが適用されていることを確認する
    firewall-cmd --list-services --zone=public --permanent | sed -e "s/ /\n/g" | grep https
  5. 設定を再読み込みして反映させる
    firewall-cmd --reload

TCP/8080を開ける場合

  1. 現在ルールが定義されていないか確認
    firewall-cmd --permanent --info-service=tomcat
  2. 新しいルールを定義
    firewall-cmd --new-service=tomcat --permanent
    firewall-cmd --service=tomcat --add-port=8080/tcp --permanent
  3. ルールが定義されていることを確認
    firewall-cmd --permanent --info-service=tomcat
  4. 現在ルールが適用されていないことを確認する
    firewall-cmd --list-services --zone=public --permanent | sed -e "s/ /\n/g" | grep tomcat
  5. ルールを適用する
    firewall-cmd --add-service=tomcat --zone=public --permanent
  6. ルールが適用されていることを確認する
    firewall-cmd --list-services --zone=public --permanent | sed -e "s/ /\n/g" | grep tomcat
  7. 設定を再読み込みして反映させる
    firewall-cmd --reload

TCP/8443を開ける場合

  1. 現在ルールが定義されていないか確認
    firewall-cmd --permanent --info-service=tomcat
  2. 新しいルールを定義
    既に定義がされていればこちらは行わない。
    firewall-cmd --new-service=tomcat --permanent
    こちらは行う。
    firewall-cmd --service=tomcat --add-port=8443/tcp --permanent
  3. ルールが定義されていることを確認
    firewall-cmd --permanent --info-service=tomcat
  4. 現在ルールが適用されていないことを確認する
    firewall-cmd --list-services --zone=public --permanent | sed -e "s/ /\n/g" | grep tomcat
  5. ルールを適用する
    firewall-cmd --add-service=tomcat --zone=public --permanent
  6. ルールが適用されていることを確認する
    firewall-cmd --list-services --zone=public --permanent | sed -e "s/ /\n/g" | grep tomcat
  7. 設定を再読み込みして反映させる
    firewall-cmd --reload

ホスト名


ホスト名としてtomcatを設定する
hostname tomcat.corp
# 再起動しても有効にする
echo tomcat.corp > /etc/hostname
再ログインすることで有効になる。

Java環境の構築


JavaSE (JRE)をインストールする

ダウンロード



今回は2018/06/07時点の8系最新版「Java SE Runtime Environment 8u172」をダウンロードする。
9系以降はrt.jarがなくなり、依存関係で問題になる可能性がある。その為、8系を採用した。
展開するだけで使用できる圧縮版(jre-8u172_linux-x64_bin.tar.gz)をダウンロードする。
ダウンロードの前に「Accept License Agreement」ラジオボタンにチェックを入れること。

ダウンロードの際はページに記載のハイパーリンク(http://download.oracle.com/otn-pub/java/jdk/8u172-b11/a58eab1ec242421181065cdc37240b08/jre-8u172-linux-x64.tar.gz)からwgetしようとすると、エラーが発生するので、一旦PCでダウンロードを試み、それをキャンセル。
その際ダウンロードを行おうとしたURL(http://download.oracle.com/otn-pub/java/jdk/8u172-b11/XXX/jre-8u172-linux-x64.tar.gz?AuthParam=XXXのようになる)をコピーし、そこから改めてダウンロードする。
※Chromeではダウンロード元URLを取得できない。
※PCにダウンロードしてSCP転送でもよい。

curl -s -O http://download.oracle.com/otn-pub/java/jdk/8u172-b11/XXX/jre-8u172-linux-x64.tar.gz?AuthParam=XXX

インストール


tar xzfv jre-*.tar.gz*
rm -f jre-*.tar.gz*

mv jre* /usr/local/
rm -f /usr/local/jre
ln -s /usr/local/jre* /usr/local/jre

環境変数


環境変数を設定し、パスを通す。
export JAVA_HOME=/usr/local/jre
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar

これによって「java」コマンドが実行できるようになったので、確認する。
java -version

更に再起動・再ログインしても自動で設定されるようにbashrcに設定を追加する
echo "" >> /etc/bashrc
echo "# JAVA ENVIRONMENT VARIABLE" >> /etc/bashrc。
echo export JAVA_HOME=/usr/local/jre >> /etc/bashrc
echo export PATH=\$JAVA_HOME/bin:\$PATH >> /etc/bashrc
echo export CLASSPATH=.:\$JAVA_HOME/lib/tools.jar:\$JAVA_HOME/lib/dt.jar >> /etc/bashrc

Tomcatの構築


ダウンロード


ダウンロードページから最新のものをダウンロードする。
今回ダウンロードするバージョンのリンクはこちら

curl -s -O http://ftp.meisei-u.ac.jp/mirror/apache/dist/tomcat/tomcat-8/v8.0.52/bin/apache-tomcat-8.0.52.tar.gz

インストール


インストールは展開して任意の場所に配置するだけである。

tar xzfv apache-tomcat-*.tar.gz
rm -f apache-tomcat-*.tar.gz

mv apache-tomcat-* /usr/local/`ls | grep apache-tomcat-* | sed -e "s/apache-//g"`
ln -s /usr/local/tomcat-* /usr/local/tomcat

cd /usr/local/tomcat

環境変数の追加


環境変数を設定して簡単に使えるようにしておく。
export TOMCAT_HOME=/usr/local/tomcat
export CATALINA_HOME=$TOMCAT_HOME
export CATALINA_BASE=$TOMCAT_HOME
export PATH=$TOMCAT_HOME/bin:$PATH

次回ログイン時にも設定されるようにする。
echo "" >> /etc/bashrc
echo "# TOMCAT ENVIRONMENT VARIABLE" >> /etc/bashrc
echo "export TOMCAT_HOME=$TOMCAT_HOME" >> /etc/bashrc
echo "export CATALINA_HOME=\$TOMCAT_HOME" >> /etc/bashrc
echo "export CATALINA_BASE=\$TOMCAT_HOME" >> /etc/bashrc
echo "export PATH=\$TOMCAT_HOME/bin:\$PATH" >> /etc/bashrc

不要ファイルの削除


ドキュメントなど、サーバの実行に不要なファイルは消しておく。



権限付与


Linux用実行ファイルに実行権限を与える。
chmod 554 bin/*.sh

インストール確認


インストールできているか確認する。
version.sh

このコマンドを実行した際、インストールしたJavaとTomcatの情報が表示されているか確認しておく。


更に次のコマンドで実際に起動するか確認可能。
確認後は自動で停止する。
catalina.sh configtest

デフォルトアプリケーションの削除


TomcatにはデフォルトのWebアプリケーションがインストールされており、起動するとアクセス可能になる。
これを防ぐため、削除する。
rm -rf webapps/*
mkdir webapps/ROOT

Well-Knownポートの解放権限の付与


Tomcatの専用ユーザーを使用して80や443などの1024未満のポートを使用する場合、javaプログラムに権限(ケイパビリティ)の付与をする必要がある。

setcap CAP_NET_BIND_SERVICE+ep $JAVA_HOME/bin/java
JLI_PATH=`find $JAVA_HOME/ -name libjli.so`
# ln -s $JLI_PATH /usr/lib/
ln -s $JLI_PATH /usr/lib64/

確認は次のように行う
getcap $JAVA_HOME/bin/java

権限を削除する場合、次のように行う。
setcap CAP_NET_BIND_SERVICE-ep $JAVA_HOME/bin/java

実行ユーザ設定


Tomcatを起動するユーザとそのグループを作成する。




サービス登録


systemdのサービスとして登録する。
  1. サービスファイルを作成する
    cat > /etc/systemd/system/tomcat.service << EOT
    [Unit]
    Description=Tomcat Servlet Container & HTTP/HTTPS server
    After=local-fs.target network.target network-online.target
    
    [Service]
    Type=forking
    User=tomcat
    Group=tomcat
    EnvironmentFile=$TOMCAT_HOME/conf/service-env
    ExecStart=$TOMCAT_HOME/bin/startup.sh
    ExecStop=$TOMCAT_HOME/bin/shutdown.sh
    
    [Install]
    WantedBy=multi-user.target
    EOT
  2. サービス用環境変数ファイルを作成する
    cat > $TOMCAT_HOME/conf/service-env << EOT
    JAVA_HOME=$JAVA_HOME
    EOT
  3. サービスを有効化する
    systemctl enable tomcat
  4. サービスが有効化されていることを確認する
    systemctl list-unit-files --type service --no-pager | grep tomcat

所有者の変更


ユーザ”tomcat”で起動するので所有者を変更しておく
chown tomcat:tomcat -R /usr/local/tomcat*

起動確認


systemctl start tomcat
systemctl status tomcat
# active (running)であることを確認

次のサイトにアクセスする
※firewalldで開放している必要がある
http://<サーバのIPアドレス>:8080/
Tomcatのページが表示されると正常に起動している

停止は次のコマンドで行う
systemctl stop tomcat

Apacheとの連携


Apacheで一旦リクエストを受け付け、Tomcatに転送する場合、AJPというAapcheのモジュールをインストールして行う。
以下の手順でインストールするが、Apacheは既にインストールされているものとする。

  1. ダウンロードサイトからアーカイブのURLを取得し、ダウンロードする
    curl -s -O http://ftp.riken.jp/net/apache//httpd/httpd-XXXXX.tar.gz
  2. アーカイブファイルを展開する
    tar zfxv httpd-*.tar.gz
  3. アーカイブは削除する
    rm -f httpd-*.tar.gz
  4. AJPのディレクトリに移動する
    cd httpd-*/modules/proxy/
  5. AJPをインストールする
    apxs -c -i -a mod_proxy_ajp.c ajp*
    ※「mod_proxy_ajp.c」のみしか対象にしないと、モジュールのロード時に次のようなエラーが出る
    httpd: Syntax error on line 132 of /usr/local/apache-2.4.34/conf/httpd.conf: Cannot load modules/mod_proxy_ajp.so into server: /usr/local/apache-2.4.34/modules/mod_proxy_ajp.so: undefined symbol: ajp_send_header
  6. proxy_moduleをロードする
    1. ロードしているか確認する
      grep proxy_module $APACHE_HOME/conf/httpd.conf
      ロードしていない場合、コメントアウトされている
      #LoadModule proxy_module modules/mod_proxy.so
    2. ロードしていなかった場合、ロードする
      sed "s/#LoadModule proxy_module/LoadModule proxy_module/" -i $APACHE_HOME/conf/httpd.conf
  7. AJPがロードできていることを確認する
    httpd -M | grep ajp
    # proxy_ajp_module (shared)


ツール


startup.sh


Tomcatを起動する。ただし、実行ユーザーで起動するので、Tomcatユーザーで起動する場合は必ず、systemctlから起動する。
systemctl start tomcat
このスクリプトにsuidをセットしてもやはり実行ユーザーで起動する。



設定


server.xml


Tomcatの基本的な設定を行う。


初期設定


<?xml version='1.0' encoding='utf-8'?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!-- Note:  A "Server" is not itself a "Container", so you may not
     define subcomponents such as "Valves" at this level.
     Documentation at /docs/config/server.html
 -->
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <!-- Security listener. Documentation at /docs/config/listeners.html
  <Listener className="org.apache.catalina.security.SecurityListener" />
  -->
  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <!-- Global JNDI resources
       Documentation at /docs/jndi-resources-howto.html
  -->
  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <!-- A "Service" is a collection of one or more "Connectors" that share
       a single "Container" Note:  A "Service" is not itself a "Container",
       so you may not define subcomponents such as "Valves" at this level.
       Documentation at /docs/config/service.html
   -->
  <Service name="Catalina">

    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
    <!--
    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
        maxThreads="150" minSpareThreads="4"/>
    -->


    <!-- A "Connector" represents an endpoint by which requests are received
         and responses are returned. Documentation at :
         Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
         Java AJP  Connector: /docs/config/ajp.html
         APR (HTTP/AJP) Connector: /docs/apr.html
         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
    -->
    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    -->
    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
         This connector uses the NIO implementation that requires the JSSE
         style configuration. When using the APR/native implementation, the
         OpenSSL style configuration is required as described in the APR/native
         documentation -->
    <!--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
    -->

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />


    <!-- An Engine represents the entry point (within Catalina) that processes
         every request.  The Engine implementation for Tomcat stand alone
         analyzes the HTTP headers included with the request, and passes them
         on to the appropriate Host (virtual host).
         Documentation at /docs/config/engine.html -->

    <!-- You should set jvmRoute to support load-balancing via AJP ie :
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
    -->
    <Engine name="Catalina" defaultHost="localhost">

      <!--For clustering, please take a look at documentation at:
          /docs/cluster-howto.html  (simple how to)
          /docs/config/cluster.html (reference documentation) -->
      <!--
      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
      -->

      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->

        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>

Server




Service




属性


className

Serviceとして使用するクラス名。
未設定の場合、デフォルトのクラスが使用される。

name

Service要素の名前。
Server要素で一意である必要がある。

Executor



Engine




Listener



GlobalNamingResources




Connector(HTTP)



次の4種類の実装方法が用意されている。
基本的にNIOかAPR/nativeを使用するが、SSL実装にOpenSSLを使用する場合は、APR/nativeを使用する。

属性



allowTrace

A boolean value which can be used to enable or disable the TRACE HTTP method. If not specified, this attribute is set to false.

asyncTimeout


The default timeout for asynchronous requests in milliseconds. If not specified, this attribute is set to the Servlet specification default of 30000 (30 seconds).

enableLookups


Set to true if you want calls to request.getRemoteHost() to perform DNS lookups in order to return the actual host name of the remote client. Set to false to skip the DNS lookup and return the IP address in String form instead (thereby improving performance). By default, DNS lookups are disabled.

maxHeaderCount


The maximum number of headers in a request that are allowed by the container. A request that contains more headers than the specified limit will be rejected. A value of less than 0 means no limit. If not specified, a default of 100 is used.

maxParameterCount


The maximum number of parameter and value pairs (GET plus POST) which will be automatically parsed by the container. Parameter and value pairs beyond this limit will be ignored. A value of less than 0 means no limit. If not specified, a default of 10000 is used. Note that FailedRequestFilter filter can be used to reject requests that hit the limit.

maxPostSize


The maximum size in bytes of the POST which will be handled by the container FORM URL parameter parsing. The limit can be disabled by setting this attribute to a value less than zero. If not specified, this attribute is set to 2097152 (2 megabytes). Note that the FailedRequestFilter can be used to reject requests that exceed this limit.

maxSavePostSize


The maximum size in bytes of the POST which will be saved/buffered by the container during FORM or CLIENT-CERT authentication. For both types of authentication, the POST will be saved/buffered before the user is authenticated. For CLIENT-CERT authentication, the POST is buffered for the duration of the SSL handshake and the buffer emptied when the request is processed. For FORM authentication the POST is saved whilst the user is re-directed to the login form and is retained until the user successfully authenticates or the session associated with the authentication request expires. The limit can be disabled by setting this attribute to -1. Setting the attribute to zero will disable the saving of POST data during authentication. If not specified, this attribute is set to 4096 (4 kilobytes).

parseBodyMethods


A comma-separated list of HTTP methods for which request bodies will be parsed for request parameters identically to POST. This is useful in RESTful applications that want to support POST-style semantics for PUT requests. Note that any setting other than POST causes Tomcat to behave in a way that goes against the intent of the servlet specification. The HTTP method TRACE is specifically forbidden here in accordance with the HTTP specification. The default is POST

port


The TCP port number on which this Connector will create a server socket and await incoming connections. Your operating system will allow only one server application to listen to a particular port number on a particular IP address. If the special value of 0 (zero) is used, then Tomcat will select a free port at random to use for this connector. This is typically only useful in embedded and testing applications.

protocol

リクエストを処理するプロトコル。









proxyName


If this Connector is being used in a proxy configuration, configure this attribute to specify the server name to be returned for calls to request.getServerName(). See Proxy Support for more information.

proxyPort


If this Connector is being used in a proxy configuration, configure this attribute to specify the server port to be returned for calls to request.getServerPort(). See Proxy Support for more information.

redirectPort

security-constraint設定で規定したSSLを使用するべきリクエストをSSLなしで受け取った場合にリダイレクトするポート番号。

scheme


Set this attribute to the name of the protocol you wish to have returned by calls to request.getScheme(). For example, you would set this attribute to “https” for an SSL Connector. The default value is “http”.

secure


Set this attribute to true if you wish to have calls to request.isSecure() to return true for requests received by this Connector. You would want this on an SSL Connector or a non SSL connector that is receiving data from a SSL accelerator, like a crypto card, a SSL appliance or even a webserver. The default value is false.

URIEncoding


This specifies the character encoding used to decode the URI bytes, after %xx decoding the URL. If not specified, UTF-8 will be used unless the org.apache.catalina.STRICT_SERVLET_COMPLIANCE system property is set to true in which case ISO-8859-1 will be used.

useBodyEncodingForURI


This specifies if the encoding specified in contentType should be used for URI query parameters, instead of using the URIEncoding. This setting is present for compatibility with Tomcat 4.1.x, where the encoding specified in the contentType, or explicitly set using Request.setCharacterEncoding method was also used for the parameters from the URL. The default value is false.

Notes: 1) This setting is applied only to the query string of a request. Unlike URIEncoding it does not affect the path portion of a request URI. 2) If request character encoding is not known (is not provided by a browser and is not set by SetCharacterEncodingFilter or a similar filter using Request.setCharacterEncoding method), the default encoding is always “ISO-8859-1”. The URIEncoding setting has no effect on this default.

useIPVHosts


Set this attribute to true to cause Tomcat to use the IP address that the request was received on to determine the Host to send the request to. The default value is false.

xpoweredBy


Set this attribute to true to cause Tomcat to advertise support for the Servlet specification using the header recommended in the specification. The default value is false.

acceptCount


The maximum queue length for incoming connection requests when all possible request processing threads are in use. Any requests received when the queue is full will be refused. The default value is 100.





address


For servers with more than one IP address, this attribute specifies which address will be used for listening on the specified port. By default, this port will be used on all IP addresses associated with the server.


allowHostHeaderMismatch


By default Tomcat will allow requests that specify a host in the request line but specify a different host in the host header. This check can be enabled by setting this attribute to false. If not specified, the default is true.

allowedTrailerHeaders


By default Tomcat will ignore all trailer headers when processing chunked input. For a header to be processed, it must be added to this comma-separated list of header names.

bindOnInit


Controls when the socket used by the connector is bound. By default it is bound when the connector is initiated and unbound when the connector is destroyed. If set to false, the socket will be bound when the connector is started and unbound when it is stopped.

compressibleMimeType


The value is a comma separated list of MIME types for which HTTP compression may be used. The default value is text/html,text/xml,text/plain,text/css,text/javascript,application/javascript .

compression


The Connector may use HTTP/1.1 GZIP compression in an attempt to save server bandwidth. The acceptable values for the parameter is “off” (disable compression), “on” (allow compression, which causes text data to be compressed), “force” (forces compression in all cases), or a numerical integer value (which is equivalent to “on”, but specifies the minimum amount of data before the output is compressed). If the content-length is not known and compression is set to “on” or more aggressive, the output will also be compressed. If not specified, this attribute is set to “off”.

Note: There is a tradeoff between using compression (saving your bandwidth) and using the sendfile feature (saving your CPU cycles). If the connector supports the sendfile feature, e.g. the NIO connector, using sendfile will take precedence over compression. The symptoms will be that static files greater that 48 Kb will be sent uncompressed. You can turn off sendfile by setting useSendfile attribute of the connector, as documented below, or change the sendfile usage threshold in the configuration of the DefaultServlet in the default conf/web.xml or in the web.xml of your web application.

compressionMinSize


If compression is set to “on” then this attribute may be used to specify the minimum amount of data before the output is compressed. If not specified, this attribute is defaults to “2048”.

connectionLinger


The number of seconds during which the sockets used by this Connector will linger when they are closed. The default value is -1 which disables socket linger.

connectionTimeout


The number of milliseconds this Connector will wait, after accepting a connection, for the request URI line to be presented. Use a value of -1 to indicate no (i.e. infinite) timeout. The default value is 60000 (i.e. 60 seconds) but note that the standard server.xml that ships with Tomcat sets this to 20000 (i.e. 20 seconds). Unless disableUploadTimeout is set to false, this timeout will also be used when reading the request body (if any).

connectionUploadTimeout


Specifies the timeout, in milliseconds, to use while a data upload is in progress. This only takes effect if disableUploadTimeout is set to false.

disableUploadTimeout


This flag allows the servlet container to use a different, usually longer connection timeout during data upload. If not specified, this attribute is set to true which disables this longer timeout.

executorTerminationTimeoutMillis


The time that the private internal executor will wait for request processing threads to terminate before continuing with the process of stopping the connector. If not set, the default is 0 (zero) for the BIO connector and 5000 (5 seconds) for the NIO, NIO2 and APR/native connectors.

keepAliveTimeout


The number of milliseconds this Connector will wait for another HTTP request before closing the connection. The default value is to use the value that has been set for the connectionTimeout attribute. Use a value of -1 to indicate no (i.e. infinite) timeout.

maxConnections

同時に処理できるコネクション数を設定する。
この数を超えるとacceptCountまで接続はされるが、処理中のコネクションが終了するまで処理は行われない。


maxCookieCount


The maximum number of cookies that are permitted for a request. A value of less than zero means no limit. If not specified, a default value of 200 will be used.

maxExtensionSize


Limits the total length of chunk extensions in chunked HTTP requests. If the value is -1, no limit will be imposed. If not specified, the default value of 8192 will be used.

maxHttpHeaderSize


The maximum size of the request and response HTTP header, specified in bytes. If not specified, this attribute is set to 8192 (8 KB).

maxKeepAliveRequests


The maximum number of HTTP requests which can be pipelined until the connection is closed by the server. Setting this attribute to 1 will disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and pipelining. Setting this to -1 will allow an unlimited amount of pipelined or keep-alive HTTP requests. If not specified, this attribute is set to 100.

maxSwallowSize


The maximum number of request body bytes (excluding transfer encoding overhead) that will be swallowed by Tomcat for an aborted upload. An aborted upload is when Tomcat knows that the request body is going to be ignored but the client still sends it. If Tomcat does not swallow the body the client is unlikely to see the response. If not specified the default of 2097152 (2 megabytes) will be used. A value of less than zero indicates that no limit should be enforced.


maxTrailerSize


Limits the total length of trailing headers in the last chunk of a chunked HTTP request. If the value is -1, no limit will be imposed. If not specified, the default value of 8192 will be used.

minSpareThreads


The minimum number of threads always kept running. If not specified, the default of 10 is used. If an executor is associated with this connector, this attribute is ignored as the connector will execute tasks using the executor rather than an internal thread pool. Note that if an executor is configured any value set for this attribute will be recorded correctly but it will be reported (e.g. via JMX) as -1 to make clear that it is not used.

noCompressionUserAgents


The value is a regular expression (using java.util.regex) matching the user-agent header of HTTP clients for which compression should not be used, because these clients, although they do advertise support for the feature, have a broken implementation. The default value is an empty String (regexp matching disabled).

processorCache


The protocol handler caches Processor objects to speed up performance. This setting dictates how many of these objects get cached. -1 means unlimited, default is 200. If not using Servlet 3.0 asynchronous processing, a good default is to use the same as the maxThreads setting. If using Servlet 3.0 asynchronous processing, a good default is to use the larger of maxThreads and the maximum number of expected concurrent requests (synchronous and asynchronous).

rejectIllegalHeaderName


If an HTTP request is received that contains an illegal header name (i.e. the header name is not a token) this setting determines if the request will be rejected with a 400 response (true) or if the illegal header be ignored (false). The default value is false which will cause the request to be processed but the illegal header will be ignored.

relaxedPathChars


The HTTP/1.1 specification requires that certain characters are %nn encoded when used in URI paths. Unfortunately, many user agents including all the major browsers are not compliant with this specification and use these characters in unencoded form. To prevent Tomcat rejecting such requests, this attribute may be used to specify the additional characters to allow. If not specified, no addtional characters will be allowed. The value may be any combination of the following characters: ” < > [ \ ] ^ ` { | } . Any other characters present in the value will be ignored.

relaxedQueryChars


The HTTP/1.1 specification requires that certain characters are %nn encoded when used in URI query strings. Unfortunately, many user agents including all the major browsers are not compliant with this specification and use these characters in unencoded form. To prevent Tomcat rejecting such requests, this attribute may be used to specify the additional characters to allow. If not specified, no addtional characters will be allowed. The value may be any combination of the following characters: ” < > [ \ ] ^ ` { | } . Any other characters present in the value will be ignored.

restrictedUserAgents


The value is a regular expression (using java.util.regex) matching the user-agent header of HTTP clients for which HTTP/1.1 or HTTP/1.0 keep alive should not be used, even if the clients advertise support for these features. The default value is an empty String (regexp matching disabled).

server


Overrides the Server header for the http response. If set, the value for this attribute overrides the Tomcat default and any Server header set by a web application. If not set, any value specified by the application is used. If the application does not specify a value then Apache-Coyote/1.1 is used. Unless you are paranoid, you won’t need this feature.

socketBuffer


The size (in bytes) of the buffer to be provided for socket output buffering. -1 can be specified to disable the use of a buffer. By default, a buffers of 9000 bytes will be used.

SSLEnabled


Use this attribute to enable SSL traffic on a connector. To turn on SSL handshake/encryption/decryption on a connector set this value to true. The default value is false. When turning this value true you will want to set the scheme and the secure attributes as well to pass the correct request.getScheme() and request.isSecure() values to the servlets See SSL Support for more information.

tcpNoDelay


If set to true, the TCP_NO_DELAY option will be set on the server socket, which improves performance under most circumstances. This is set to true by default.

threadPriority


The priority of the request processing threads within the JVM. The default value is 5 (the value of the java.lang.Thread.NORM_PRIORITY constant). See the JavaDoc for the java.lang.Thread class for more details on what this priority means. If an executor is associated with this connector, this attribute is ignored as the connector will execute tasks using the executor rather than an internal thread pool. Note that if an executor is configured any value set for this attribute will be recorded correctly but it will be reported (e.g. via JMX) as -1 to make clear that it is not used.

upgradeAsyncWriteBufferSize


The default size of the buffer to allocate to for asynchronous writes that can not be completed in a single operation, specified in bytes. Data that can’t be written immediately will be stored in this buffer until it can be written. If more data needs to be stored than space is available in the buffer than the size of the buffer will be increased for the duration of the write. If not specified the default value of 8192 will be used.


スレッド関連属性


executor

使用するExecutor要素名を指定する。
指定した場合、その他の全てのスレッド関連属性は無視される
指定しなかった場合、専用のスレッドプールを使用する。

acceptorThreadCount

コネクションの待ち受けを行うスレッドの数。
新規コネクションが多い場合、CPUのコア数まで上げて設定するとよい。



acceptorThreadPriority


The priority of the acceptor threads. The threads used to accept new connections. The default value is 5 (the value of the java.lang.Thread.NORM_PRIORITY constant). See the JavaDoc for the java.lang.Thread class for more details on what this priority means.

maxThreads

生成するスレッドの最大数。
並列に処理できる最大数と言える。




Connector(AJP)




Valve



リクエスト処理時のパイプラインに追加して行う処理を設定する。
className属性にて処理するクラスを指定し、その他の属性でそのクラス特有のパラメータを指定する。


AccessLogValve


アクセスログを記録する処理を行う。

className



directory

出力ディレクトリ


prefix


ログファイル名に付けるプレフィックス


suffix


ログファイル名に付けるサフィックス



fileDateFormat


Allows a customized timestamp in the access log file name. The file is rotated whenever the formatted timestamp changes. The default value is .yyyy-MM-dd. If you wish to rotate every hour, then set this value to .yyyy-MM-dd.HH. The date format will always be localized using the locale en_US.

rotatable


Flag to determine if log rotation should occur. If set to false, then this file is never rotated and fileDateFormat is ignored. Default value: true

renameOnRotate


By default for a rotatable log the active access log file name will contain the current timestamp in fileDateFormat. During rotation the file is closed and a new file with the next timestamp in the name is created and used. When setting renameOnRotate to true, the timestamp is no longer part of the active log file name. Only during rotation the file is closed and then renamed to include the timestamp. This is similar to the behavior of most log frameworks when doing time based rotation. Default value: false

pattern

ログに出力する内容。


There is also support to write information incoming or outgoing headers, cookies, session or request attributes and special timestamp formats. It is modeled after the Apache HTTP Server log configuration syntax. Each of them can be used multiple times with different xxx keys:








A formatting layout identifying the various information fields from the request and response to be logged, or the word common or combined to select a standard format. See below for more information on configuring this attribute.




              pattern="%h %l %u %t "%r" %s %b" />



encoding


Character set used to write the log file. An empty string means to use the system default character set. Default value: use the system default character set.

locale


The locale used to format timestamps in the access log lines. Any timestamps configured using an explicit SimpleDateFormat pattern (%{xxx}t) are formatted in this locale. By default the default locale of the Java process is used. Switching the locale after the AccessLogValve is initialized is not supported. Any timestamps using the common log format (CLF) are always formatted in the locale en_US.

requestAttributesEnabled


Set to true to check for the existence of request attributes (typically set by the RemoteIpValve and similar) that should be used to override the values returned by the request for remote address, remote host, server port and protocol. If the attributes are not set, or this attribute is set to false then the values from the request will be used. If not set, the default value of false will be used.

conditionIf


Turns on conditional logging. If set, requests will be logged only if ServletRequest.getAttribute() is not null. For example, if this value is set to important, then a particular request will only be logged if ServletRequest.getAttribute(“important”) != null. The use of Filters is an easy way to set/unset the attribute in the ServletRequest on many different requests.

conditionUnless


Turns on conditional logging. If set, requests will be logged only if ServletRequest.getAttribute() is null. For example, if this value is set to junk, then a particular request will only be logged if ServletRequest.getAttribute(“junk”) == null. The use of Filters is an easy way to set/unset the attribute in the ServletRequest on many different requests.

buffered

アクセスログ処理でバッファを使用するかどうか



maxLogMessageBufferSize

アクセスログ処理で使用されるバッファサイズの最大値






              


web.xml


次のパスにTomcat全体の設定ファイルがある。
$TOMCAT_HOME/conf/web.xml

しかし通常は各アプリケーションごとに配置する。
$TOMCAT_HOME/webapps/<アプリケーション名>/WEB-INF/web.xml

設定が重複した場合、各アプリケーションの設定が優先される。

初期設定


次のパスにTomcat全体の設定ファイルがある。
$TOMCAT_HOME/conf/web.xml

MIMEマッピングの設定やウェルカムページのファイル名の設定等がされている。

基本形


<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
                      http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
  version="3.1">

</web-app>

servlet


 <!-- The default servlet for all web applications, that serves static     -->
 <!-- resources.  It processes all requests that are not mapped to other   -->
 <!-- servlets with servlet mappings (defined either here or in your own   -->
 <!-- web.xml file).  This servlet supports the following initialization   -->
 <!-- parameters (default values are in square brackets):                  -->
 <!--                                                                      -->
 <!--   debug               Debugging detail level for messages logged     -->
 <!--                       by this servlet. Useful values are 0, 1, and   -->
 <!--                       11 where higher values mean more detail. [0]   -->
 <!--                                                                      -->
 <!--   fileEncoding        Encoding to be used to read static resources   -->
 <!--                       [platform default]                             -->
 <!--                                                                      -->
 <!--   input               Input buffer size (in bytes) when reading      -->
 <!--                       resources to be served.  [2048]                -->
 <!--                                                                      -->
 <!--   listings            Should directory listings be produced if there -->
 <!--                       is no welcome file in this directory?  [false] -->
 <!--                       WARNING: Listings for directories with many    -->
 <!--                       entries can be slow and may consume            -->
 <!--                       significant proportions of server resources.   -->
 <!--                                                                      -->
 <!--   output              Output buffer size (in bytes) when writing     -->
 <!--                       resources to be served.  [2048]                -->
 <!--                                                                      -->
 <!--   readonly            Is this context "read only", so HTTP           -->
 <!--                       commands like PUT and DELETE are               -->
 <!--                       rejected?  [true]                              -->
 <!--                                                                      -->
 <!--   readmeFile          File to display together with the directory    -->
 <!--                       contents. [null]                               -->
 <!--                                                                      -->
 <!--   sendfileSize        If the connector used supports sendfile, this  -->
 <!--                       represents the minimal file size in KB for     -->
 <!--                       which sendfile will be used. Use a negative    -->
 <!--                       value to always disable sendfile.  [48]        -->
 <!--                                                                      -->
 <!--   useAcceptRanges     Should the Accept-Ranges header be included    -->
 <!--                       in responses where appropriate? [true]         -->
 <!--                                                                      -->
 <!--  For directory listing customization. Checks localXsltFile, then     -->
 <!--  globalXsltFile, then defaults to original behavior.                 -->
 <!--                                                                      -->
 <!--   localXsltFile       Make directory listings an XML doc and         -->
 <!--                       pass the result to this style sheet residing   -->
 <!--                       in that directory. This overrides              -->
 <!--                       contextXsltFile and globalXsltFile[null]       -->
 <!--                                                                      -->
 <!--   contextXsltFile     Make directory listings an XML doc and         -->
 <!--                       pass the result to this style sheet which is   -->
 <!--                       relative to the context root. This overrides   -->
 <!--                       globalXsltFile[null]                           -->
 <!--                                                                      -->
 <!--   globalXsltFile      Site wide configuration version of             -->
 <!--                       localXsltFile. This argument must either be an -->
 <!--                       absolute or relative (to either                -->
 <!--                       $CATALINA_BASE/conf or $CATALINA_HOME/conf)    -->
 <!--                       path that points to a location below either    -->
 <!--                       $CATALINA_BASE/conf (checked first) or         -->
 <!--                       $CATALINA_HOME/conf (checked second).[null]    -->
 <!--                                                                      -->
 <!--   showServerInfo      Should server information be presented in the  -->
 <!--                       response sent to clients when directory        -->
 <!--                       listings is enabled? [true]                    -->

   <servlet>
       <servlet-name>default</servlet-name>
       <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
       <init-param>
           <param-name>debug</param-name>
           <param-value>0</param-value>
       </init-param>
       <init-param>
           <param-name>listings</param-name>
           <param-value>false</param-value>
       </init-param>
       <load-on-startup>1</load-on-startup>
   </servlet>


 <!-- The JSP page compiler and execution servlet, which is the mechanism  -->
 <!-- used by Tomcat to support JSP pages.  Traditionally, this servlet    -->
 <!-- is mapped to the URL pattern "*.jsp".  This servlet supports the     -->
 <!-- following initialization parameters (default values are in square    -->
 <!-- brackets):                                                           -->
 <!--                                                                      -->
 <!--   checkInterval       If development is false and checkInterval is   -->
 <!--                       greater than zero, background compilations are -->
 <!--                       enabled. checkInterval is the time in seconds  -->
 <!--                       between checks to see if a JSP page (and its   -->
 <!--                       dependent files) needs to  be recompiled. [0]  -->
 <!--                                                                      -->
 <!--   classdebuginfo      Should the class file be compiled with         -->
 <!--                       debugging information?  [true]                 -->
 <!--                                                                      -->
 <!--   classpath           What class path should I use while compiling   -->
 <!--                       generated servlets?  [Created dynamically      -->
 <!--                       based on the current web application]          -->
 <!--                                                                      -->
 <!--   compiler            Which compiler Ant should use to compile JSP   -->
 <!--                       pages.  See the jasper documentation for more  -->
 <!--                       information.                                   -->
 <!--                                                                      -->
 <!--   compilerSourceVM    Compiler source VM. [1.7]                      -->
 <!--                                                                      -->
 <!--   compilerTargetVM    Compiler target VM. [1.7]                      -->
 <!--                                                                      -->
 <!--   development         Is Jasper used in development mode? If true,   -->
 <!--                       the frequency at which JSPs are checked for    -->
 <!--                       modification may be specified via the          -->
 <!--                       modificationTestInterval parameter. [true]     -->
 <!--                                                                      -->
 <!--   displaySourceFragment                                              -->
 <!--                       Should a source fragment be included in        -->
 <!--                       exception messages? [true]                     -->
 <!--                                                                      -->
 <!--   dumpSmap            Should the SMAP info for JSR45 debugging be    -->
 <!--                       dumped to a file? [false]                      -->
 <!--                       False if suppressSmap is true                  -->
 <!--                                                                      -->
 <!--   enablePooling       Determines whether tag handler pooling is      -->
 <!--                       enabled. This is a compilation option. It will -->
 <!--                       not alter the behaviour of JSPs that have      -->
 <!--                       already been compiled. [true]                  -->
 <!--                                                                      -->
 <!--   engineOptionsClass  Allows specifying the Options class used to    -->
 <!--                       configure Jasper. If not present, the default  -->
 <!--                       EmbeddedServletOptions will be used.           -->
 <!--                       This option is ignored when running under a    -->
 <!--                       SecurityManager.                               -->
 <!--                                                                      -->
 <!--   errorOnUseBeanInvalidClassAttribute                                -->
 <!--                       Should Jasper issue an error when the value of -->
 <!--                       the class attribute in an useBean action is    -->
 <!--                       not a valid bean class?  [true]                -->
 <!--                                                                      -->
 <!--   fork                Tell Ant to fork compiles of JSP pages so that -->
 <!--                       a separate JVM is used for JSP page compiles   -->
 <!--                       from the one Tomcat is running in. [true]      -->
 <!--                                                                      -->
 <!--   genStringAsCharArray                                               -->
 <!--                       Should text strings be generated as char       -->
 <!--                       arrays, to improve performance in some cases?  -->
 <!--                       [false]                                        -->
 <!--                                                                      -->
 <!--   ieClassId           The class-id value to be sent to Internet      -->
 <!--                       Explorer when using <jsp:plugin> tags.         -->
 <!--                       [clsid:8AD9C840-044E-11D1-B3E9-00805F499D93]   -->
 <!--                                                                      -->
 <!--   javaEncoding        Java file encoding to use for generating java  -->
 <!--                       source files. [UTF8]                           -->
 <!--                                                                      -->
 <!--   keepgenerated       Should we keep the generated Java source code  -->
 <!--                       for each page instead of deleting it? [true]   -->
 <!--                                                                      -->
 <!--   mappedfile          Should we generate static content with one     -->
 <!--                       print statement per input line, to ease        -->
 <!--                       debugging?  [true]                             -->
 <!--                                                                      -->
 <!--   maxLoadedJsps       The maximum number of JSPs that will be loaded -->
 <!--                       for a web application. If more than this       -->
 <!--                       number of JSPs are loaded, the least recently  -->
 <!--                       used JSPs will be unloaded so that the number  -->
 <!--                       of JSPs loaded at any one time does not exceed -->
 <!--                       this limit. A value of zero or less indicates  -->
 <!--                       no limit. [-1]                                 -->
 <!--                                                                      -->
 <!--   jspIdleTimeout      The amount of time in seconds a JSP can be     -->
 <!--                       idle before it is unloaded. A value of zero    -->
 <!--                       or less indicates never unload. [-1]           -->
 <!--                                                                      -->
 <!--   modificationTestInterval                                           -->
 <!--                       Causes a JSP (and its dependent files) to not  -->
 <!--                       be checked for modification during the         -->
 <!--                       specified time interval (in seconds) from the  -->
 <!--                       last time the JSP was checked for              -->
 <!--                       modification. A value of 0 will cause the JSP  -->
 <!--                       to be checked on every access.                 -->
 <!--                       Used in development mode only. [4]             -->
 <!--                                                                      -->
 <!--   recompileOnFail     If a JSP compilation fails should the          -->
 <!--                       modificationTestInterval be ignored and the    -->
 <!--                       next access trigger a re-compilation attempt?  -->
 <!--                       Used in development mode only and is disabled  -->
 <!--                       by default as compilation may be expensive and -->
 <!--                       could lead to excessive resource usage.        -->
 <!--                       [false]                                        -->
 <!--                                                                      -->
 <!--   scratchdir          What scratch directory should we use when      -->
 <!--                       compiling JSP pages?  [default work directory  -->
 <!--                       for the current web application]               -->
 <!--                       This option is ignored when running under a    -->
 <!--                       SecurityManager.                               -->
 <!--                                                                      -->
 <!--   suppressSmap        Should the generation of SMAP info for JSR45   -->
 <!--                       debugging be suppressed?  [false]              -->
 <!--                                                                      -->
 <!--   trimSpaces          Should template text that consists entirely of -->
 <!--                       whitespace be removed from the output? [false] -->
 <!--                                                                      -->
 <!--   xpoweredBy          Determines whether X-Powered-By response       -->
 <!--                       header is added by generated servlet.  [false] -->
 <!--                                                                      -->
 <!--   strictQuoteEscaping When scriptlet expressions are used for        -->
 <!--                       attribute values, should the rules in JSP.1.6  -->
 <!--                       for the escaping of quote characters be        -->
 <!--                       strictly applied? [true]                       -->
 <!--                       The default can be changed with the            -->
 <!--                       org.apache.jasper.compiler.Parser.             -->
 <!--                       STRICT_QUOTE_ESCAPING system property.         -->
 <!--                                                                      -->
 <!--   quoteAttributeEL    When EL is used in an attribute value on a     -->
 <!--                       JSP page should the rules for quoting of       -->
 <!--                       attributes described in JSP.1.6 be applied to  -->
 <!--                       the expression? [true]                         -->

   <servlet>
       <servlet-name>jsp</servlet-name>
       <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
       <init-param>
           <param-name>fork</param-name>
           <param-value>false</param-value>
       </init-param>
       <init-param>
           <param-name>xpoweredBy</param-name>
           <param-value>false</param-value>
       </init-param>
       <load-on-startup>3</load-on-startup>
   </servlet>


 <!-- NOTE: An SSI Filter is also available as an alternative SSI          -->
 <!-- implementation. Use either the Servlet or the Filter but NOT both.   -->
 <!--                                                                      -->
 <!-- Server Side Includes processing servlet, which processes SSI         -->
 <!-- directives in HTML pages consistent with similar support in web      -->
 <!-- servers like Apache.  Traditionally, this servlet is mapped to the   -->
 <!-- URL pattern "*.shtml".  This servlet supports the following          -->
 <!-- initialization parameters (default values are in square brackets):   -->
 <!--                                                                      -->
 <!--   buffered            Should output from this servlet be buffered?   -->
 <!--                       (0=false, 1=true)  [0]                         -->
 <!--                                                                      -->
 <!--   debug               Debugging detail level for messages logged     -->
 <!--                       by this servlet.  [0]                          -->
 <!--                                                                      -->
 <!--   expires             The number of seconds before a page with SSI   -->
 <!--                       directives will expire.  [No default]          -->
 <!--                                                                      -->
 <!--   isVirtualWebappRelative                                            -->
 <!--                       Should "virtual" paths be interpreted as       -->
 <!--                       relative to the context root, instead of       -->
 <!--                       the server root? [false]                       -->
 <!--                                                                      -->
 <!--   inputEncoding       The encoding to assume for SSI resources if    -->
 <!--                       one is not available from the resource.        -->
 <!--                       [Platform default]                             -->
 <!--                                                                      -->
 <!--   outputEncoding      The encoding to use for the page that results  -->
 <!--                       from the SSI processing. [UTF-8]               -->
 <!--                                                                      -->
 <!--   allowExec           Is use of the exec command enabled? [false]    -->

<!–
   <servlet>
       <servlet-name>ssi</servlet-name>
       <servlet-class>
         org.apache.catalina.ssi.SSIServlet
       </servlet-class>
       <init-param>
         <param-name>buffered</param-name>
         <param-value>1</param-value>
       </init-param>
       <init-param>
         <param-name>debug</param-name>
         <param-value>0</param-value>
       </init-param>
       <init-param>
         <param-name>expires</param-name>
         <param-value>666</param-value>
       </init-param>
       <init-param>
         <param-name>isVirtualWebappRelative</param-name>
         <param-value>false</param-value>
       </init-param>
       <load-on-startup>4</load-on-startup>
   </servlet>


 <!-- Common Gateway Includes (CGI) processing servlet, which supports     -->
 <!-- execution of external applications that conform to the CGI spec      -->
 <!-- requirements.  Typically, this servlet is mapped to the URL pattern  -->
 <!-- "/cgi-bin/*", which means that any CGI applications that are         -->
 <!-- executed must be present within the web application.  This servlet   -->
 <!-- supports the following initialization parameters (default values     -->
 <!-- are in square brackets):                                             -->
 <!--                                                                      -->
 <!--   cgiPathPrefix        The CGI search path will start at             -->
 <!--                        webAppRootDir + File.separator + this prefix. -->
 <!--                        If not set, then webAppRootDir is used.       -->
 <!--                        Recommended value: WEB-INF/cgi                -->
 <!--                                                                      -->
 <!--   enableCmdLineArguments                                             -->
 <!--                        Are command line parameters generated from    -->
 <!--                        the query string as per section 4.4 of 3875   -->
 <!--                        RFC? [true]                                  -->
 <!--                                                                      -->
 <!--   executable           Name of the executable used to run the        -->
 <!--                        script. [perl]                                -->
 <!--                                                                      -->
 <!--   envHttpHeaders       A regular expression used to select the HTTP  -->
 <!--                        headers passed to the CGI process as          -->
 <!--                        environment variables. Note that headers are  -->
 <!--                        converted to upper case before matching and   -->
 <!--                        that the entire header name must match the    -->
 <!--                        pattern.                                      -->
 <!--                        [ACCEPT[-0-9A-Z]*|CACHE-CONTROL|COOKIE|HOST|  -->
 <!--                         IF-[-0-9A-Z]*|REFERER|USER-AGENT]            -->
 <!--                                                                      -->
 <!--  environment-variable- An environment to be set for the execution    -->
 <!--                        environment of the CGI script. The name of    -->
 <!--                        variable is taken from the parameter name.    -->
 <!--                        To configure an environment variable named    -->
 <!--                        FOO, configure a parameter named              -->
 <!--                        environment-variable-FOO. The parameter value -->
 <!--                        is used as the environment variable value.    -->
 <!--                        The default is no environment variables.      -->
 <!--                                                                      -->
 <!--   parameterEncoding    Name of parameter encoding to be used with    -->
 <!--                        CGI servlet.                                  -->
 <!--                        [System.getProperty("file.encoding","UTF-8")] -->
 <!--                                                                      -->
 <!--   passShellEnvironment Should the shell environment variables (if    -->
 <!--                        any) be passed to the CGI script? [false]     -->
 <!--                                                                      -->
 <!--   stderrTimeout        The time (in milliseconds) to wait for the    -->
 <!--                        reading of stderr to complete before          -->
 <!--                        terminating the CGI process. [2000]           -->

<!–
   <servlet>
       <servlet-name>cgi</servlet-name>
       <servlet-class>org.apache.catalina.servlets.CGIServlet</servlet-class>
       <init-param>
         <param-name>cgiPathPrefix</param-name>
         <param-value>WEB-INF/cgi</param-value>
       </init-param>
       <load-on-startup>5</load-on-startup>
   </servlet>


servlet-mapping


 <!-- The servlet mappings for the built in servlets defined above.  Note  -->
 <!-- that, by default, the CGI and SSI servlets are *not* mapped.  You    -->
 <!-- must uncomment these mappings (or add them to your application's own -->
 <!-- web.xml deployment descriptor) to enable these services              -->

   <!-- The mapping for the default servlet -->
   <servlet-mapping>
       <servlet-name>default</servlet-name>
       <url-pattern>/</url-pattern>
   </servlet-mapping>

   <!-- The mappings for the JSP servlet -->
   <servlet-mapping>
       <servlet-name>jsp</servlet-name>
       <url-pattern>*.jsp</url-pattern>
       <url-pattern>*.jspx</url-pattern>
   </servlet-mapping>

   <!-- The mapping for the SSI servlet -->
<!–
   <servlet-mapping>
       <servlet-name>ssi</servlet-name>
       <url-pattern>*.shtml</url-pattern>
   </servlet-mapping>

   <!-- The mapping for the CGI Gateway servlet -->

<!–
   <servlet-mapping>
       <servlet-name>cgi</servlet-name>
       <url-pattern>/cgi-bin/*</url-pattern>
   </servlet-mapping>

filter


 <!-- A filter that sets various security related HTTP Response headers.   -->
 <!-- This filter supports the following initialization parameters         -->
 <!-- (default values are in square brackets):                             -->
 <!--                                                                      -->
 <!--   hstsEnabled         Should the HTTP Strict Transport Security      -->
 <!--                       (HSTS) header be added to the response? See    -->
 <!--                       RFC 6797 for more information on HSTS. [true]  -->
 <!--                                                                      -->
 <!--   hstsMaxAgeSeconds   The max age value that should be used in the   -->
 <!--                       HSTS header. Negative values will be treated   -->
 <!--                       as zero. [0]                                   -->
 <!--                                                                      -->
 <!--   hstsIncludeSubDomains                                              -->
 <!--                       Should the includeSubDomains parameter be      -->
 <!--                       included in the HSTS header.                   -->
 <!--                                                                      -->
 <!--   antiClickJackingEnabled                                            -->
 <!--                       Should the anti click-jacking header           -->
 <!--                       X-Frame-Options be added to every response?    -->
 <!--                       [true]                                         -->
 <!--                                                                      -->
 <!--   antiClickJackingOption                                             -->
 <!--                       What value should be used for the header. Must -->
 <!--                       be one of DENY, SAMEORIGIN, ALLOW-FROM         -->
 <!--                       (case-insensitive). [DENY]                     -->
 <!--                                                                      -->
 <!--   antiClickJackingUri IF ALLOW-FROM is used, what URI should be      -->
 <!--                       allowed? []                                    -->
 <!--                                                                      -->
 <!--   blockContentTypeSniffingEnabled                                    -->
 <!--                       Should the header that blocks content type     -->
 <!--                       sniffing be added to every response? [true]    -->
<!–
   <filter>
       <filter-name>httpHeaderSecurity</filter-name>
       <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
       <async-supported>true</async-supported>
   </filter>

 <!-- A filter that sets character encoding that is used to decode -->
 <!-- parameters in a POST request -->
<!–
   <filter>
       <filter-name>setCharacterEncodingFilter</filter-name>
       <filter-class>org.apache.catalina.filters.SetCharacterEncodingFilter</filter-class>
       <init-param>
           <param-name>encoding</param-name>
           <param-value>UTF-8</param-value>
       </init-param>
       <async-supported>true</async-supported>
   </filter>

 <!-- A filter that triggers request parameters parsing and rejects the    -->
 <!-- request if some parameters were skipped because of parsing errors or -->
 <!-- request size limitations.                                            -->
<!–
   <filter>
       <filter-name>failedRequestFilter</filter-name>
       <filter-class>
         org.apache.catalina.filters.FailedRequestFilter
       </filter-class>
       <async-supported>true</async-supported>
   </filter>


 <!-- NOTE: An SSI Servlet is also available as an alternative SSI         -->
 <!-- implementation. Use either the Servlet or the Filter but NOT both.   -->
 <!--                                                                      -->
 <!-- Server Side Includes processing filter, which processes SSI          -->
 <!-- directives in HTML pages consistent with similar support in web      -->
 <!-- servers like Apache.  Traditionally, this filter is mapped to the    -->
 <!-- URL pattern "*.shtml", though it can be mapped to "*" as it will     -->
 <!-- selectively enable/disable SSI processing based on mime types. For   -->
 <!-- this to work you will need to uncomment the .shtml mime type         -->
 <!-- definition towards the bottom of this file.                          -->
 <!-- The contentType init param allows you to apply SSI processing to JSP -->
 <!-- pages, javascript, or any other content you wish.  This filter       -->
 <!-- supports the following initialization parameters (default values are -->
 <!-- in square brackets):                                                 -->
 <!--                                                                      -->
 <!--   contentType         A regex pattern that must be matched before    -->
 <!--                       SSI processing is applied.                     -->
 <!--                       [text/x-server-parsed-html(;.*)?]              -->
 <!--                                                                      -->
 <!--   debug               Debugging detail level for messages logged     -->
 <!--                       by this servlet.  [0]                          -->
 <!--                                                                      -->
 <!--   expires             The number of seconds before a page with SSI   -->
 <!--                       directives will expire.  [No default]          -->
 <!--                                                                      -->
 <!--   isVirtualWebappRelative                                            -->
 <!--                       Should "virtual" paths be interpreted as       -->
 <!--                       relative to the context root, instead of       -->
 <!--                       the server root? [false]                       -->
 <!--                                                                      -->
 <!--   allowExec           Is use of the exec command enabled? [false]    -->

<!–
   <filter>
       <filter-name>ssi</filter-name>
       <filter-class>
         org.apache.catalina.ssi.SSIFilter
       </filter-class>
       <init-param>
         <param-name>contentType</param-name>
         <param-value>text/x-server-parsed-html(;.*)?</param-value>
       </init-param>
       <init-param>
         <param-name>debug</param-name>
         <param-value>0</param-value>
       </init-param>
       <init-param>
         <param-name>expires</param-name>
         <param-value>666</param-value>
       </init-param>
       <init-param>
         <param-name>isVirtualWebappRelative</param-name>
         <param-value>false</param-value>
       </init-param>
   </filter>

filter-mapping


 <!-- The mapping for the HTTP header security Filter -->
<!–
   <filter-mapping>
       <filter-name>httpHeaderSecurity</filter-name>
       <url-pattern>/*</url-pattern>
       <dispatcher>REQUEST</dispatcher>
   </filter-mapping>

 <!-- The mapping for the Set Character Encoding Filter -->
<!–
   <filter-mapping>
       <filter-name>setCharacterEncodingFilter</filter-name>
       <url-pattern>/*</url-pattern>
   </filter-mapping>

 <!-- The mapping for the Failed Request Filter -->
<!–
   <filter-mapping>
       <filter-name>failedRequestFilter</filter-name>
       <url-pattern>/*</url-pattern>
   </filter-mapping>

 <!-- The mapping for the SSI Filter -->
<!–
   <filter-mapping>
       <filter-name>ssi</filter-name>
       <url-pattern>*.shtml</url-pattern>
   </filter-mapping>


session-config


 <!-- ==================== Default Session Configuration ================= -->
 <!-- You can set the default session timeout (in minutes) for all newly   -->
 <!-- created sessions by modifying the value below.                       -->

   <session-config>
       <session-timeout>30</session-timeout>
   </session-config>

mime-mapping


 <!-- ===================== Default MIME Type Mappings =================== -->
 <!-- When serving static resources, Tomcat will automatically generate    -->
 <!-- a "Content-Type" header based on the resource's filename extension,  -->
 <!-- based on these mappings.  Additional mappings can be added here (to  -->
 <!-- apply to all web applications), or in your own application's web.xml -->
 <!-- deployment descriptor.                                               -->
 <!-- Note: Extensions are always matched in a case-insensitive manner.    -->

   <mime-mapping>
       <extension>123</extension>
       <mime-type>application/vnd.lotus-1-2-3</mime-type>
   </mime-mapping>

 <!-- ==================== Default Welcome File List ===================== -->
 <!-- When a request URI refers to a directory, the default servlet looks  -->
 <!-- for a "welcome file" within that directory and, if present, to the   -->
 <!-- corresponding resource URI for display.                              -->
 <!-- If no welcome files are present, the default servlet either serves a -->
 <!-- directory listing (see default servlet configuration on how to       -->
 <!-- customize) or returns a 404 status, depending on the value of the    -->
 <!-- listings setting.                                                    -->
 <!--                                                                      -->
 <!-- If you define welcome files in your own application's web.xml        -->
 <!-- deployment descriptor, that list *replaces* the list configured      -->
 <!-- here, so be sure to include any of the default values that you wish  -->
 <!-- to use within your application.                                       -->

welcome-file-list


   <welcome-file-list>
       <welcome-file>index.html</welcome-file>
       <welcome-file>index.htm</welcome-file>
       <welcome-file>index.jsp</welcome-file>
   </welcome-file-list>


Tips


トラブルシューティング


起動しない


オーナーが誤り


systemctlからtomcatユーザーでTomcatを起動しようとしてもすぐに終了して起動しない



運用


SSL/TLS対応


server.xmlに次の設定を行う。

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
           keystoreFile="<パス>/.keystore" keystorePass="<パスワード>"
           clientAuth="false" sslProtocol="TLS" />

標準のserver.xmlの場合、既に一部の設定があるので、次の属性のみ上記のように追加する。
           keystoreFile="<パス>/.keystore" keystorePass="<パスワード>"

Notice: Trying to get property 'queue' of non-object in /usr/local/wordpress/wp-includes/script-loader.php on line 2876

Warning: Invalid argument supplied for foreach() in /usr/local/wordpress/wp-includes/script-loader.php on line 2876