centos安装时预装了tomcat,但是默认不启用。
用systemctl is-enabled tomcat 进行检查,返回disabled。
首先启用并启动tomcat
执行:
systemctl enable tomcat
systemctl start tomcat
用ps -ef | grep tomcat检查
[username@hostname ~]$ ps -ef | grep tomcat tomcat 1235 1 1 19:07 ? 00:00:08 java -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/shar e/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tom cat/temp -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManage r org.apache.catalina.startup.Bootstrap start可见tomcat运行在tomcat用户下,pid是1235
用 sudo netstat -tupln检查端口(注意,这里要使用sudo,否则看不到pid)
[fuxiaodong@fxd ~]$ sudo netstat -tupln | grep 1235 tcp6 0 0 :::8080 :::* LISTEN 1235/java tcp6 0 0 127.0.0.1:8005 :::* LISTEN 1235/java tcp6 0 0 :::8009 :::* LISTEN 1235/java可见8080端口已经listen
但是由于防火墙,这时候用浏览器还是无法访问。
在centos 7上,防火墙是firewalld。可以用 systemctl status firewalld查看防火墙状态。
[root@fxd ~]# systemctl status firewalld ?firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since ?2017-03-09 19:58:50 CST; 1min 40s ago Docs: man:firewalld(1) Main PID: 864 (firewalld) CGroup: /system.slice/firewalld.service 忖864 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid 3?09 19:58:50 fxd.test.zte systemd[1]: Starting firewalld - dynamic firew.... 3?09 19:58:50 fxd.test.zte systemd[1]: Started firewalld - dynamic firewa.... Hint: Some lines were ellipsized,use -l to show in full.
用systemctl stop firewalld可以规避这个问题,但是不好。
执行 firewall-cmd --list-all-zones,可以看到默认网卡设置为public区域,仅允许 dhcpv6-client ssh
public (active) target: default icmp-block-inversion: no interfaces: enp0s25 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
当前在办公室,修改固网为internal。执行 firewall-cmd --zone=internal --change-interface=enp0s25
启用internal区域的http和https服务
firewall-cmd --permanent --zone=internal --add-service=https
启用tomcat使用的端口
firewall-cmd --permanent --zone=internal --add-port=8080/tcp
firewall-cmd --permanent --zone=internal --add-port=8005/tcp
firewall-cmd --permanent --zone=internal --add-port=8009/tcp
重新加载防火墙: firewall-cmd --reload
在查看防火墙状态 firewall-cmd --list-all-zones
internal (active) target: default icmp-block-inversion: no interfaces: enp0s25 sources: services: dhcpv6-client http https mdns samba-client ssh ports: 8009/tcp 8005/tcp 8080/tcp protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
用浏览器访问,网页可以打开。
参考资料:
linux下如何使用systemctl管理systemd服务与单元 http://blog.csdn.net/drdairen/article/details/51441040
CentOS7下Firewall防火墙配置用法详解 http://www.centoscn.com/CentOS/Intermediate/2015/0313/4879.html