Tomcat集群apache摘要认证https加密
1.环境准备:
· linux虚拟机两个【一个也行,这是为了更好的测试】
· JDK1.7左右
· tomcat7.0两个以上:http://tomcat.apache.org/download-70.cgi下载如图所示:
· httpd-2.2.27.tar.gz:http://httpd.apache.org/download.cgi下载如图所示:
· openssl-1.0.1g.tar.gz:http://www.openssl.org/source/openssl-1.0.1g.tar.gz
2. 软件安装
2.1错误集中地
· ERROR1安装gcc:【yum install gcc】在服务器任意地方直接copy这段语句运行(它会问你y/N,回答它y)。
错误为:configure: error: in`/root/httpd-2.2.27/srclib/apr':
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details
configure failed for srclib/apr
· ERROR2安装zlib:【yum install zlib-devel -y】在服务器任意地方直接copy这段语句运行。
错误为:checking for zliblocation... not found
2.2 安装 openssl
tar zxf openssl-1.0.1g.tar.gz
cd openssl-1.0.1g
./config--prefix=/home/admin/app/openssl
make;make install
如果出现
./configure --prefix=/ytxt/apache2/ --enable-ssl --enable-rewrite --enable-so --with-ssl=/usr/local/openssl/
报错:
configure: error: ... Error, SSL/TLS libraries were missing or unusable
在服务器上执行 export LDFLAGS=-ldl
2.3 安装apache httpd
你需要按照如下方式进行(配置有可能出ERROR1与ERROR2,解决这两个错误之后请重新把配置语句执行一遍):
· 使用root用户(最好是root)上传:httpd-2.2.27.tar.gz
· 解压:tar -xvfhttpd-2.2.27.tar.gz
- ①配置:./configure --prefix=/usr/local/apache2 --enable-modules=so --enable-mods-shared=most --enable-proxy --enable-proxy-connect --enable-proxy-ftp --enable-proxy-http --enable-proxy-ajp --enable-proxy-balancer --enable-rewrite --enable-so --enable-ssl=static --with-ssl=/usr/local/ssl
· 制作:make
· 安装:make install
· Over,安装完成。
3. 软件配置
3.1 tomcat配置
· tomcat_A,配置server.xml(${tomcatHome}/conf/server.xml),我的配置是:
1. <!--
2. Licensed to the Apache Software Foundation (ASF) under one or more
3. contributor license agreements. See the NOTICE file distributed with
4. this work for additional information regarding copyright ownership.
5. The ASF licenses this file to You under the Apache License, Version 2.0
6. (the "License"); you may not use this file except in compliance with
7. the License. You may obtain a copy of the License at
8.
9. http://www.apache.org/licenses/LICENSE-2.0
10.
11. Unless required by applicable law or agreed to in writing, software
12. distributed under the License is distributed on an "AS IS" BASIS,
13. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14. See the License for the specific language governing permissions and
15. limitations under the License.
16.-->
17.<!-- Note: A "Server" is not itself a "Container", so you may not
18. define subcomponents such as "Valves" at this level.
19. Documentation at /docs/config/server.html
20. -->
21.<Server port="8005" shutdown="SHUTDOWN">
22. <!-- Security listener. Documentation at /docs/config/listeners.html
23. <Listener className="org.apache.catalina.security.SecurityListener" />
24. -->
25. <!--APR library loader. Documentation at /docs/apr.html -->
26. <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
27. <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
28. <Listener className="org.apache.catalina.core.JasperListener" />
29. <!-- Prevent memory leaks due to use of particular java/javax APIs-->
30. <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
31. <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
32. <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
33.
34. <!-- Global JNDI resources
35. Documentation at /docs/jndi-resources-howto.html
36. -->
37. <GlobalNamingResources>
38. <!-- Editable user database that can also be used by
39. UserDatabaseRealm to authenticate users
40. -->
41. <Resource name="UserDatabase" auth="Container"
42. type="org.apache.catalina.UserDatabase"
43. description="User database that can be updated and saved"
44. factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
45. pathname="conf/tomcat-users.xml" />
46. </GlobalNamingResources>
47.
48. <!-- A "Service" is a collection of one or more "Connectors" that share
49. a single "Container" Note: A "Service" is not itself a "Container",
50. so you may not define subcomponents such as "Valves" at this level.
51. Documentation at /docs/config/service.html
52. -->
53. <Service name="Catalina">
54.
55. <!--The connectors can use a shared executor, you can define one or more named thread pools-->
56.
57. <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
58. maxThreads="500" minSpareThreads="20" maxIdleTime="60000"/>
59.
60. <!-- A "Connector" represents an endpoint by which requests are received
61. and responses are returned. Documentation at :
62. Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
63. Java AJP Connector: /docs/config/ajp.html
64. APR (HTTP/AJP) Connector: /docs/apr.html
65. Define a non-SSL HTTP/1.1 Connector on port 8080
66. -->
67. <!--
68. <Connector port="8080" protocol="HTTP/1.1"
69. connectionTimeout="20000"
70. redirectPort="8443" />
71. -->
72. <!-- A "Connector" using the shared thread pool-->
73.
74. <Connector executor="tomcatThreadPool"
75. port="8080" protocol="HTTP/1.1"
76. connectionTimeout="20000"
77. redirectPort="8443" URIEncoding="UTF-8" acceptCount="256"/>
78.
79. <!-- Define a SSL HTTP/1.1 Connector on port 8443
80. This connector uses the JSSE configuration, when using APR, the
81. connector should be using the OpenSSL style configuration
82. described in the APR documentation -->
83. <!--
84. <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
85. maxThreads="150" scheme="https" secure="true"
86. clientAuth="false" sslProtocol="TLS" />
87. -->
88.
89. <!-- Define an AJP 1.3 Connector on port 8009 -->
90. <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
91.
92.