8月 032016
 

apache-tomcat-connector-parameters-01

https://tomcat.apache.org/tomcat-7.0-doc/config/http.html

连接超时时间设置(毫秒,默认值为60秒,Tomcat server.xml配置为20秒)
connectionTimeout
The number of milliseconds this Connector will wait, after accepting a connection, for the request URI line to be
presented. Use a value of -1 to indicate no (i.e. infinite) timeout. The default value is 60000 (i.e. 60 seconds) but note
that the standard server.xml that ships with Tomcat sets this to 20000 (i.e. 20 seconds). Unless disableUploadTimeout is
set to false, this timeout will also be used when reading the request body (if any).

重定向端口
redirectPort
If this Connector is supporting non-SSL requests, and a request is received for which a matching <security-constraint>
requires SSL transport, Catalina will automatically redirect the request to the port number specified here.

保持运行状态线程的最小数量
minSpareThreads
The minimum number of threads always kept running. If not specified, the default of 10 is used.

连接器可处理的最大线程数量
maxThreads
The maximum number of request processing threads to be created by this Connector, which therefore determines the maximum
number of simultaneous requests that can be handled. If not specified, this attribute is set to 200. If an executor is
associated with this connector, this attribute is ignored as the connector will execute tasks using the executor rather
than an internal thread pool.

在超过连接器可处理的最大线程数量后允许继续连接请求的队列长度
acceptCount
The maximum queue length for incoming connection requests when all possible request processing threads are in use. Any
requests received when the queue is full will be refused. The default value is 100.

DNS反向解析(默认关闭)
enableLookups
Set to true if you want calls to request.getRemoteHost() to perform DNS lookups in order to return the actual host name of
the remote client. Set to false to skip the DNS lookup and return the IP address in String form instead (thereby improving
performance). By default, DNS lookups are disabled.

URI编码字符集
URIEncoding
This specifies the character encoding used to decode the URI bytes, after %xx decoding the URL. If not specified, ISO-8859
-1 will be used.

在达到连接器可处理最大线程数量75%时关闭HTTP keeep-alives功能(默认75%,仅bio类型)
disableKeepAlivePercentage
The percentage of processing threads that have to be in use before HTTP keep-alives are disabled to improve scalability.
Values less than 0 will be changed to 0 and values greater than 100 will be changed to 100. If not specified, the default
value is 75.

最大连接数(bio类型默认最大为maxThreads大小,nio类型为10000,apr类型为8192)
maxConnections
The maximum number of connections that the server will accept and process at any given time. When this number has been
reached, the server will accept, but not process, one further connection. This additional connection be blocked until the
number of connections being processed falls below maxConnections at which point the server will start accepting and
processing new connections again. Note that once the limit has been reached, the operating system may still accept
connections based on the acceptCount setting. The default value varies by connector type. For BIO the default is the value
of maxThreads unless an Executor is used in which case the default will be the value of maxThreads from the executor. For
NIO the default is 10000. For APR/native, the default is 8192.

Note that for APR/native on Windows, the configured value will be reduced to the highest multiple of 1024 that is less than
or equal to maxConnections. This is done for performance reasons.
If set to a value of -1, the maxConnections feature is disabled and connections are not counted.

keepAlive超时时间设置(默认为connectionTimeout大小)
keepAliveTimeout
The number of milliseconds this Connector will wait for another HTTP request before closing the connection. The default
value is to use the value that has been set for the connectionTimeout attribute. Use a value of -1 to indicate no (i.e.
infinite) timeout.

压缩相关参数

压缩文件类型
compressableMimeType
The value is a comma separated list of MIME types for which HTTP compression may be used. The default value is
text/html,text/xml,text/plain,text/css,text/javascript,application/javascript .

压缩开关(默认为关闭)
compression
The Connector may use HTTP/1.1 GZIP compression in an attempt to save server bandwidth. The acceptable values for the
parameter is “off” (disable compression), “on” (allow compression, which causes text data to be compressed), “force”
(forces compression in all cases), or a numerical integer value (which is equivalent to “on”, but specifies the minimum
amount of data before the output is compressed). If the content-length is not known and compression is set to “on” or more
aggressive, the output will also be compressed. If not specified, this attribute is set to “off”.

Note: There is a tradeoff between using compression (saving your bandwidth) and using the sendfile feature (saving your CPU
cycles). If the connector supports the sendfile feature, e.g. the NIO connector, using sendfile will take precedence over
compression. The symptoms will be that static files greater that 48 Kb will be sent uncompressed. You can turn off sendfile
by setting useSendfile attribute of the connector, as documented below, or change the sendfile usage threshold in the
configuration of the DefaultServlet in the default conf/web.xml or in the web.xml of your web application.

最小压缩前大小(默认为2048字节)
compressionMinSize
If compression is set to “on” then this attribute may be used to specify the minimum amount of data before the output is
compressed. If not specified, this attribute is defaults to “2048”.

http连接器类型

org.apache.coyote.http11.Http11Protocol – blocking Java connector
org.apache.coyote.http11.Http11NioProtocol – non blocking Java connector
org.apache.coyote.http11.Http11AprProtocol – the APR/native connector.

8月 012016
 

 

按用户和登录时间保存命令操作记录

[root@localhost ~]# vi /etc/profile
LOGIP=`who -u am i 2>/dev/null| awk '{print $7}'|sed -e 's/[()]//g'`
LOG_DIR=/var/log/history
if [ -z $LOGIP ]
then
LOGIP=`hostname -s`
fi
if [ ! -d $LOG_DIR ]
then
mkdir -p $LOG_DIR
chmod 777 $LOG_DIR
fi
if [ ! -d $LOG_DIR/${LOGNAME} ]
then
mkdir -p $LOG_DIR/${LOGNAME}
chmod 300 $LOG_DIR/${LOGNAME}
fi
export HISTSIZE=4096
LOGTM=`date +"%Y%m%d_%H%M%S"`
export HISTFILE="$LOG_DIR/${LOGNAME}/${LOGIP}-$LOGTM"
chmod 600 $LOG_DIR/${LOGNAME}/*-* 2>/dev/null
[root@localhost ~]# source /etc/profile
[root@localhost ~]# exit

linux-centos-history-logs-01

使用 script 命令记录用户操作行为
[root@localhost ~]# vi .bash_profile
/usr/bin/script -qaf /root/$USER-`date +%Y%m%d%H%M`.log’
[root@localhost ~]# exit

-q,script以静默的方式运行,用户没有感知,不然会有一行script start的提示。
-a,该选项将会让记录附加到文件中,而不会擦除先前的记录。
-f,实时更新文件,只要用户退出后,新上的用户会自动又创建一个时间记录日志。

使用more命令查看,包含屏幕输出

显示为一次登录两个用户,使用exit退出是需要执行两次
[root@localhost ~]# w
14:56:32 up 48 days, 22:44, 2 users, load average: 0.04, 0.04, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.2.144 14:56 0.00s 0.00s 0.00s -bash
root pts/1 – 14:56 0.00s 0.00s 0.00s w
[root@localhost ~]#

配置 history 命令显示操作时间、用户和登录 IP
[root@localhost ~]# vi /etc/profile
HISTFILESIZE=4000 #默认保存命令是1000条,这里修改为4000条
HISTSIZE=4000
USER_IP=`who -u am i 2>/dev/null| awk ‘{print $NF}’|sed -e ‘s/[()]//g’` #取得登录客户端的IP
if [ -z $USER_IP ]
then
USER_IP=`hostname`
fi
HISTTIMEFORMAT=”%F %T $USER_IP:`whoami` ” #设置新的显示history的格式
export HISTTIMEFORMAT
[root@localhost ~]# source /etc/profile