8005端口导致的阿里云上的tomcat无法外部访问

前提：
Tomcat需要Java运行时环境的支持，如果Java和Tomcat的环境变量都已经配置成功，启动后bash会打印相应的log，比如用到了哪个位置的jdk。
解决方案：
1、安全组策略是否开启，开启8080之后，默认情况下，输入公网IP:8080就可以访问。如果开启的是80端口，则需要修改conf/server.xml文件中的Connector标签中的port端口号，将其改为80端口，然后在浏览器中直接输入公网IP即可访问。
2、端口问题
查看当前端口情况

[root@iz2zehjjhi300kynwdk13iz bin]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:8009            0.0.0.0:*               LISTEN      3592/java           
tcp        7      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      3592/java           
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2016/sshd      

每次访问tomcat，可以看见tomcat是可以收到消息的Recv-Q标志，但是结果是访问不到tomcat主页的。并且，当关闭tomcat的时候，会抛出如下的异常：

Sep 15, 2020 3:20:02 PM org.apache.catalina.startup.Catalina stopServer
SEVERE: Could not contact localhost:8005. Tomcat may not be running.
Sep 15, 2020 3:20:02 PM org.apache.catalina.startup.Catalina stopServer
SEVERE: Catalina.stop: 
java.net.ConnectException: Connection refusedat java.net.PlainSocketImpl.socketConnect(Native Method)at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:345)at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)at java.net.Socket.connect(Socket.java:589)at java.net.Socket.connect(Socket.java:538)at java.net.Socket.<init>(Socket.java:434)at java.net.Socket.<init>(Socket.java:211)at org.apache.catalina.startup.Catalina.stopServer(Catalina.java:450)at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)at java.lang.reflect.Method.invoke(Method.java:483)at org.apache.catalina.startup.Bootstrap.stopServer(Bootstrap.java:400)at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:487)

异常开头说明了8005端口并没有启用或者说没有被监听。
tomcat启动并且能够被外部所访问，必须开启的接口8080，8005，8009。
参考了一些网上对于tomcat8005端口不能够启动的帖子，解决方案就是修改/jre/lib/security/java.security文件中 securerandom.source 配置项:
将原本的：securerandom.source=file:/dev/random
修改为： securerandom.source=file:/dev/urandom
然后再次启动tomcat，这时候就可以在控制台看到8005端口启用了，并且tomcat也能够正常的关闭，外部也能够很快的进行访问。

Tomcat started.
[root@iz2zehjjhi300kynwdk13iz bin]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:8009            0.0.0.0:*               LISTEN      3756/java           
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      3756/java           
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2016/sshd           
tcp        0      0 127.0.0.1:8005          0.0.0.0:*               LISTEN      3756/java    

tomcat端口介绍：

• 8005端口：关闭TOMCAT服务的端口。

• 8009端口：负责和其他的HTTP服务器建立连接。在把Tomcat与其他HTTP服务器集成时，就需要用到这个连接器。

• 8080端口：连接器监听8080端口，负责建立HTTP连接。在通过浏览器访问Tomcat服务器的Web应用时，使用的就是这个连接器

8005端口只是一个关闭tomcat的端口，为什么当没有启用的时候，tomcat无法访问，以下均为个人见解，如有错误，一定不吝指教。查看server.xml文件，所有的标签都是包含在<Server port="8005" shutdown="SHUTDOWN">...</Server>这个标签下的，里面又监听器、连接器、主机、引擎等相关的配置，所以说8005端口可以看做是一个总阀，在它运转异常的情况下，其他组件也就不能正常的运转。

<Server port="8005" shutdown="SHUTDOWN"><Listener className="org.apache.catalina.startup.VersionLoggerListener" /><!-- Security listener. Documentation at /docs/config/listeners.html<Listener className="org.apache.catalina.security.SecurityListener" />--><!--APR library loader. Documentation at /docs/apr.html --><Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /><!-- Prevent memory leaks due to use of particular java/javax APIs--><Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /><Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /><Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /><!-- Global JNDI resourcesDocumentation at /docs/jndi-resources-howto.html--><GlobalNamingResources><!-- Editable user database that can also be used byUserDatabaseRealm to authenticate users--><Resource name="UserDatabase" auth="Container"type="org.apache.catalina.UserDatabase"description="User database that can be updated and saved"factory="org.apache.catalina.users.MemoryUserDatabaseFactory"pathname="conf/tomcat-users.xml" /></GlobalNamingResources><!-- A "Service" is a collection of one or more "Connectors" that sharea single "Container" Note:  A "Service" is not itself a "Container",so you may not define subcomponents such as "Valves" at this level.Documentation at /docs/config/service.html--><Service name="Catalina"><!--The connectors can use a shared executor, you can define one or more named thread pools--><!--<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"maxThreads="150" minSpareThreads="4"/>--><!-- A "Connector" represents an endpoint by which requests are receivedand responses are returned. Documentation at :Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)Java AJP  Connector: /docs/config/ajp.htmlAPR (HTTP/AJP) Connector: /docs/apr.htmlDefine a non-SSL/TLS HTTP/1.1 Connector on port 8080--><Connector port="8080" protocol="HTTP/1.1"connectionTimeout="20000"redirectPort="8443" /><!-- A "Connector" using the shared thread pool--><!--<Connector executor="tomcatThreadPool"port="8080" protocol="HTTP/1.1"connectionTimeout="20000"redirectPort="8443" />--><!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443This connector uses the NIO implementation that requires the JSSEstyle configuration. When using the APR/native implementation, theOpenSSL style configuration is required as described in the APR/nativedocumentation --><!--<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"maxThreads="150" SSLEnabled="true" scheme="https" secure="true"clientAuth="false" sslProtocol="TLS" />--><!-- Define an AJP 1.3 Connector on port 8009 --><Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /><!-- An Engine represents the entry point (within Catalina) that processesevery request.  The Engine implementation for Tomcat stand aloneanalyzes the HTTP headers included with the request, and passes themon to the appropriate Host (virtual host).Documentation at /docs/config/engine.html --><!-- You should set jvmRoute to support load-balancing via AJP ie :<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">--><Engine name="Catalina" defaultHost="localhost"><!--For clustering, please take a look at documentation at:/docs/cluster-howto.html  (simple how to)/docs/config/cluster.html (reference documentation) --><!--<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>--><!-- Use the LockOutRealm to prevent attempts to guess user passwordsvia a brute-force attack --><Realm className="org.apache.catalina.realm.LockOutRealm"><!-- This Realm uses the UserDatabase configured in the global JNDIresources under the key "UserDatabase".  Any editsthat are performed against this UserDatabase are immediatelyavailable for use by the Realm.  --><Realm className="org.apache.catalina.realm.UserDatabaseRealm"resourceName="UserDatabase"/></Realm><Host name="localhost"  appBase="webapps"unpackWARs="true" autoDeploy="true"><!-- SingleSignOn valve, share authentication between web applicationsDocumentation at: /docs/config/valve.html --><!--<Valve className="org.apache.catalina.authenticator.SingleSignOn" />--><!-- Access log processes all example.Documentation at: /docs/config/valve.htmlNote: The pattern used is equivalent to using pattern="common" --><Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"prefix="localhost_access_log" suffix=".txt"pattern="%h %l %u %t &quot;%r&quot; %s %b" /></Host></Engine></Service>
</Server>