java – Tomcat7在Ubuntu 14.04 x64上启动为时已晚[Digitalocean]

问题描述

我正在使用digitalocean并尝试在ubuntu上安装并启动tomcat，但是不幸的是我做不到。 (创建新的液滴并尝试了10次)

1GB Ram 30GB SSD磁盘Amsterdam 2 Ubuntu 14.04 x64

当我启动tomcat时，它说”Tomcat started”。但是我无法从浏览器访问页面。和./shutdown.sh返回错误。

可能是什么问题？

我现在注意到了。当我编写此问题时，将显示tomcat页面。显示该页面花费了28分钟

catalina.out表示：信息：使用[SHA1PRNG]创建用于生成会话ID的SecureRandom实例花费了[1,718,769]毫秒。

这是我的安装步骤(这些步骤适用于不同的vps，但不适用于Digitalocean Droplet)：

安装Oracle JDK

 sudo apt-get install python-software-properties
 sudo add-apt-repository ppa:webupd8team/java
 sudo apt-get update
 sudo apt-get install oracle-java7-installer
 sudo apt-get install oracle-java7-set-default
      java -version
      java version "1.7.0_72"
      Java(TM) SE Runtime Environment (build 1.7.0_72-b14)
      Java HotSpot(TM) 64-Bit Server VM (build 24.72-b04, mixed mode)

设置java路径

      sudo nano /etc/environment
      JAVA_HOME="/usr/lib/jvm/java-7-oracle"
      source /etc/environment
      wget http://ftp.itu.edu.tr/Mirror/Apache/tomcat/tomcat-7/v7.0.56/bin/apache-tomcat-7.0.56.tar.gz
      tar xvzf apache-tomcat-7.0.56.tar.gz
      mv apache-tomcat-7.0.56/ apache-tomcat-7.0.56-server-1/

启动Tomcat

        ./startup.sh
            Using CATALINA_BASE:   /usr/local/apache-tomcat-7.0.56-server-1
            Using CATALINA_HOME:   /usr/local/apache-tomcat-7.0.56-server-1
            Using CATALINA_TMPDIR: /usr/local/apache-tomcat-7.0.56-server-1/temp
            Using JRE_HOME:        /usr/lib/jvm/java-7-oracle/jre
            Using CLASSPATH:       /usr/local/apache-tomcat-7.0.56-server-1/bin/bootstrap.jar:/usr/local/apache-tomcat-7.0.56-server-1/bin/tomcat-juli.jar
            Tomcat started.

结帐端口8080

        netstat -ln 
            tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
            tcp6       0      0 :::8009                 :::*                    LISTEN
            tcp6       0      0 :::8080                 :::*                    LISTEN
            tcp6       0      0 :::22                   :::*                    LISTEN

结帐流程

            ps -ef | grep tomcat
            root      2825     1  1 14:23 pts/0    00:00:03 /usr/lib/jvm/java-7-oracle/jre/bin/java -Djava.util.logging.config.file=/usr/local/apache-tomcat-7.0.56-server-1/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/local/apache-tomcat-7.0.56-server-1/endorsed -classpath /usr/local/apache-tomcat-7.0.56-server-1/bin/bootstrap.jar:/usr/local/apache-tomcat-7.0.56-server-1/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/apache-tomcat-7.0.56-server-1 -Dcatalina.home=/usr/local/apache-tomcat-7.0.56-server-1 -Djava.io.tmpdir=/usr/local/apache-tomcat-7.0.56-server-1/temp org.apache.catalina.startup.Bootstrap start

正在打开端口8080上的网站http://5.101.107.56:8080/页面正在等待… [内容在28分钟或更长时间后显示]

如果尚未显示内容，请尝试关闭tomcat(在tomcat正常启动之前)。

      ./shutdown.sh 
            SEVERE: Could not contact localhost:8005. Tomcat may not be running.
            Oct 17, 2014 2:40:29 PM org.apache.catalina.startup.Catalina stopServer
            SEVERE: Catalina.stop:
                java.net.ConnectException: Connection refused
                at java.net.PlainSocketImpl.socketConnect(Native Method)
                at java.net.AbstractPlainSoc

结帐日志

      catalina.out
            Oct 17, 2014 2:31:47 PM org.apache.coyote.AbstractProtocol init
            INFO: Initializing ProtocolHandler ["ajp-bio-8009"]
            Oct 17, 2014 2:31:47 PM org.apache.catalina.startup.Catalina load
            INFO: Initialization processed in 1492 ms
            Oct 17, 2014 2:31:47 PM org.apache.catalina.core.StandardService startInternal
            INFO: Starting service Catalina
            Oct 17, 2014 2:31:47 PM org.apache.catalina.core.StandardEngine startInternal
            INFO: Starting Servlet Engine: Apache Tomcat/7.0.56
            Oct 17, 2014 2:31:47 PM org.apache.catalina.startup.HostConfig deployDirectory
            INFO: Deploying web application directory /usr/local/apache-tomcat-7.0.56-server-1/webapps/host-manager

我还安装了nginx并导航到http://5.XXX.XXX.XX/ nginx欢迎页面立即打开

当我在浏览器中看到页面时，我检查了catalina.out，它说：

    Oct 17, 2014 2:31:47 PM org.apache.catalina.startup.HostConfig deployDirectory
    INFO: Deploying web application directory /usr/local/apache-tomcat-7.0.56-server-1/webapps/host-manager
    Oct 17, 2014 3:00:27 PM org.apache.catalina.util.SessionIdGenerator createSecureRandom
    INFO: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took **[1,718,769] milliseconds.**

memory ：

               total       used       free     shared    buffers     cached
  Mem:       1017912     849512     168400        332      18780     688468

最佳答案

在$JAVA_PATH/jre/lib/security/java.security中用securerandom.source=file:/dev/./urandom替换securerandom.source=file:/dev/urandom解决了我的问题。

即使指定了file:/dev/urandom，JRE仍将/dev/random用于SHA1PRNG(请参阅错误JDK-4705093)：

In SHA1PRNG, there is a SeedGenerator which does various things depending on the configuration.

1. If java.security.egd or securerandom.source point to “file:/dev/random” or “file:/dev/urandom”, we will use NativeSeedGenerator, which calls super() which calls SeedGenerator.URLSeedGenerator(/dev/random). (A nested class within SeedGenerator.) The only things that changed in this bug was that urandom will also trigger use of this code path.

2. If those properties point to another URL that exists, we’ll initialize SeedGenerator.URLSeedGenerator(url). This is why “file:///dev/urandom”, “file:/./dev/random”, etc. will work.

从Wikipedia on /dev/random：

In this implementation, the generator keeps an estimate of the number of bits of noise in the entropy pool. From this entropy pool random numbers are created. When read, the /dev/random device will only return random bytes within the estimated number of bits of noise in the entropy pool. /dev/random should be suitable for uses that need very high quality randomness such as one-time pad or key generation.

When the entropy pool is empty, reads from /dev/random will block until additional environmental noise is gathered. The intent is to serve as a cryptographically secure pseudorandom number generator, delivering output with entropy as large as possible. This is suggested for use in generating cryptographic keys for high-value or long-term protection.

环境噪音？

The random number generator gathers environmental noise from device drivers and other sources into an entropy pool. The generator also keeps an estimate of the number of bits of noise in the entropy pool. From this entropy pool random numbers are created.

这意味着实际上，可以在未知的时间内阻止tomcat。

次佳答案

这也适用：

Actually, by setting the following in /etc/default/tomcat7, I was fine:

JAVA_OPTS=”-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Xmx1024m -XX:MaxPermSize=512m -XX:+UseConcMarkSweepGC”

来自的评论：

https://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-7-on-ubuntu-14-04-via-apt-get

第三种答案

虽然使用/dev/urandom作为熵的来源是一种减少Tomcat启动时间的解决方法，但这不是一个好主意，因为它可能会产生意想不到的副作用。

在Tomcat服务器中运行的其他组件(例如Web应用程序)可能取决于安全初始化的SecureRandom实例，并且当随机数的熵不足时，可能会存在安全问题。

实际上，这是使用/dev/urandom不起作用，但是使用/dev/./urandom起作用的原因之一。 SHA1PRNG严重依赖良好的种子。如果种子不好，则随机数是可预测的。因此，即使JVM配置为使用/dev/urandom，开发人员也确保为此目的将/dev/random用作熵的源。关于此的错误报告有两个(bug 1，bug 2)。

因此，与其将熵源更改为/dev/urandom，不如确保/dev/random具有足够的熵。如果系统具有硬件RNG，则应安装rng-tools。否则，安装haveged会提供一个很好的熵源，而不依赖于特殊的硬件RNG。在虚拟机中，rng-tools可以通过虚拟硬件RNG使用来自主机的熵。作为替代方案，可以使用EGD，但是此软件目前未包含在Ubuntu存储库中，因此使用起来很麻烦。

参考资料

• Tomcat7 starts too late on Ubuntu 14.04 x64 [Digitalocean]