centos安装时预装了tomcat,但是默认不启用。
用systemctl is-enabled tomcat 进行检查,返回disabled。
首先启用并启动tomcat
执行:
systemctl enable tomcat
systemctl start tomcat
用ps -ef | grep tomcat检查
可见tomcat运行在tomcat用户下,pid是1235
- [username@hostname ~]$ ps -ef | grep tomcat
- tomcat 1235 1 1 19:07 ? 00:00:08 java -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/shar
- e/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tom
- cat/temp -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManage
- r org.apache.catalina.startup.Bootstrap start
用 sudo netstat -tupln检查端口(注意,这里要使用sudo,否则看不到pid)
可见8080端口已经listen
- [fuxiaodong@fxd ~]$ sudo netstat -tupln | grep 1235
- tcp6 0 0 :::8080 :::* LISTEN 1235/java
- tcp6 0 0 127.0.0.1:8005 :::* LISTEN 1235/java
- tcp6 0 0 :::8009 :::* LISTEN 1235/java
但是由于防火墙,这时候用浏览器还是无法访问。
在centos 7上,防火墙是firewalld。可以用 systemctl status firewalld查看防火墙状态。
- [root@fxd ~]# systemctl status firewalld
- ?firewalld.service - firewalld - dynamic firewall daemon
- Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
- Active: active (running) since ?2017-03-09 19:58:50 CST; 1min 40s ago
- Docs: man:firewalld(1)
- Main PID: 864 (firewalld)
- CGroup: /system.slice/firewalld.service
- 忖864 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
- 3?09 19:58:50 fxd.test.zte systemd[1]: Starting firewalld - dynamic firew....
- 3?09 19:58:50 fxd.test.zte systemd[1]: Started firewalld - dynamic firewa....
- Hint: Some lines were ellipsized,use -l to show in full.
用systemctl stop firewalld可以规避这个问题,但是不好。
执行 firewall-cmd --list-all-zones,可以看到默认网卡设置为public区域,仅允许 dhcpv6-client ssh
- public (active)
- target: default
- icmp-block-inversion: no
- interfaces: enp0s25
- sources:
- services: dhcpv6-client ssh
- ports:
- protocols:
- masquerade: no
- forward-ports:
- sourceports:
- icmp-blocks:
- rich rules:
当前在办公室,修改固网为internal。执行 firewall-cmd --zone=internal --change-interface=enp0s25
启用internal区域的http和https服务
firewall-cmd --permanent --zone=internal --add-service=https
启用tomcat使用的端口
firewall-cmd --permanent --zone=internal --add-port=8080/tcp
firewall-cmd --permanent --zone=internal --add-port=8005/tcp
firewall-cmd --permanent --zone=internal --add-port=8009/tcp
重新加载防火墙: firewall-cmd --reload
在查看防火墙状态 firewall-cmd --list-all-zones
- internal (active)
- target: default
- icmp-block-inversion: no
- interfaces: enp0s25
- sources:
- services: dhcpv6-client http https mdns samba-client ssh
- ports: 8009/tcp 8005/tcp 8080/tcp
- protocols:
- masquerade: no
- forward-ports:
- sourceports:
- icmp-blocks:
- rich rules:
用浏览器访问,网页可以打开。
参考资料:
linux下如何使用systemctl管理systemd服务与单元 http://blog.csdn.net/drdairen/article/details/51441040
CentOS7下Firewall防火墙配置用法详解 http://www.centoscn.com/CentOS/Intermediate/2015/0313/4879.html
