apache+tomcat+https
一、apache安装
1、下载apache
wget http://mirrors.tuna.tsinghua.edu.cn/apache//httpd/httpd-2.4.41.tar.gz
2、解压并建立安装目录
tar –zxvf httpd-2.4.41.tar.gz
mkdir /usr/local/apache2
3、配置
./configure --prefix=/usr/local/apache2 --enable-so
4、编译安装
make && make install
5、配置文件位置
/usr/local/apache2/conf/httpd.conf
6、apache常用命令
启动apache服务: /usr/local/apache2/bin/apachectl start
重启apache服务:/usr/local/apache2/bin/apachectl restart
停止apache服务:... stop
查看版本号:... -V
查看httpd进程:ps -ef | grep httpd
一、设置开机启动相关命令
1.查看所有系统服务
systemctl list-units --all --type=service
2.查询服务状态
systemctl status httpd.service
3.查询服务是否为开机启动
systemctl is-enabled httpd.service
enabled是 disabled否
4.设置服务为开机启动状态
systemctl enable httpd.service
会自动创建一个系统链接
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
5.设置服务为开机不启动状态
systemctl disable httpd.service
会自动移除系统链接
Removed symlink /etc/systemd/system/multi-user.target.wants/httpd.service.
二、jk安装
1、安装apxs依赖
yum install httpd-devel
2、下载解压jk
wget https://www-eu.apache.org/dist/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.46-src.tar.gz
tar -zxvf tomcat-connectors-1.2.46-src.tar.gz
3、进入native目录
cd tomcat-connectors-1.2.46-src/native/
4、配置安装
./configure --with-apxs=/usr/bin/apxs
5、编译安装
make && make install
该路径下会多出 mod_jk.so文件
/usr/tomcat-connectors-1.2.46-src/native/apache-2.0
6、将mod_jk.so拷贝到Apache安装目录modules下
cp /usr/tomcat-connectors-1.2.46-src/native/apache-2.0/mod_jk.so /usr/local/apache2/modules/
三、修改/usr/local/apache2/conf/httpd.conf
1、在文件末尾增加:
include /usr/local/apache2/conf/mod-jk.conf
2、usr/local/apache2/conf/下面建立两个配置文件mod_jk.conf和workers.properties。
mod_jk.conf内容
#加载mod_jk模块,注意名称与modules目录下的文件名保持一致.
LoadModule jk_module /usr/local/apache2/modules/mod_jk.so
#指定workers.properties文件目录.
JkWorkersFile /usr/local/apache2/conf/workers.properties
#指定哪些请求由tomcat处理,controller为workers.properties文件里指定的负载控制器.
JkMount /* controller
#JkMount /*.html controller
#JkMount /*.jsp controller
#JkMount /*.do controller
JkMount /servlet/* controller
#JkUnMount /index.html controller
#关掉主机Lookup,如果为on很影响性能.
HostnameLookups Off
worker.properties内容
worker.list=controller,tomcat1,tomcat2 #server群集列表,tomcat名称与Tomcat配置Service.xml的jvmRoute名称一致
#========tomcat1========
worker.tomcat1.port=8009 #指定tomcat1服务器AJP的端口,默认为8009
worker.tomcat1.host=localhost #指定tomcat1服务器IP或域名
worker.tomcat1.type=ajp13 #指定tomcat1与apache AJP通讯协议
worker.tomcat1.lbfactor=1 #指定负载平衡因数,只有启用了负载平衡才有用.
#========tomcat2========
worker.tomcat2.port=8010 #指定tomcat2服务器AJP的端口,默认为8009
worker.tomcat2.host=localhost #指定tomcat2服务器IP或域名
worker.tomcat2.type=ajp13 #指定tomcat2与apache AJP通讯协议
worker.tomcat2.lbfactor=1 #指定负载平衡因数,只有启用了负载平衡才有用.
#========controller负载平衡控制器========
worker.controller.type=lb #指定controller类型
worker.controller.balanced_workers=tomcat1,tomcat2#指定负载平衡的tomcat
worker.controller.sticky_session=true #指定是否粘性session
worker.controller.sticky_session_force=false
# session配置说明:
#当sticky_session,sticky_session_force都为true时不复制session,
#sticky_session_force=false指集群中某台服务器多次请求没有响应,则转发到其它服务器处理,
#sticky_session=false不使用粘性session,同时配置不复制session时,注意转发请求后可能会找不到原来的session.
四、tomcat配置
<Server port="8006" shutdown="SHUTDOWN">
<Connector port="8081" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8010" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost" jvmRoute="tomcat2">
#解开注释
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
说明:
这个配置根据官网来说,支持Tomcat的所有虚拟主机中的群集,并共享消息传递组件。简单点说,在虚拟主机或者局域网搭建tomcat集群可以实现session共享。
五、http集群测试
。。。依次启动tomcat7、tomcat7-1、httpd服务(默认轮询)
六、添加https支持
1、打开apache安装目录,找到httpd.conf,如下内容去除注释
#LoadModule ssl_module modules/mod_ssl.so (如果找不到请确认是否编译过 openssl 插件)
#Include conf/extra/httpd-ssl.conf
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule dir_module modules/mod_dir.so
proxy_module
proxy_balancer_module 这四个模块也得去掉注释,不要开启不必要的模块
proxy_ajp_module
ssl_module
Httpd -M 查看开启的module
2、Httpd-ssl.conf主要配置示例
#真正的反向代理
<VirtualHost *:443>
ServerName www.wzlinux.com:443
SSLCertificateFile /etc/httpd/cert/214226183630572.pem
SSLCertificateKeyFile /etc/httpd/cert/214226183630572.key
ProxyVia On
ProxyRequests Off
ProxyPreserveHost On #把主机名传给后端主机
ProxyPass / ajp://127.0.0.1:8009/ #反向代理给后端主机
ProxyPassReverse / ajp://127.0.0.1:8009/
</VirtualHost>
Httpd-ssl.Conf 完整配置
<VirtualHost _default_:443>
# General setup for the virtual host
ServerName 192.168.20.130:443
<Proxy balancer://wzlinux>
BalancerMember ajp://127.0.0.1:8009 loadfactor=1
BalancerMember ajp://127.0.0.1:8010 loadfactor=1
ProxySet lbmethod=bytraffic
</Proxy>
ProxyVia On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / balancer://wzlinux/
ProxyPassReverse / balancer://wzlinux/
ErrorLog "/usr/local/apache2/logs/error_log"
TransferLog "/usr/local/apache2/logs/access_log"
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCertificateFile "/ca/server/server.crt"
SSLCertificateKeyFile "/ca/server/server.key"
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/usr/local/apache2/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
3、tomcat server.xml添加配置
#开启AJP协议连接器
<Connector port="8009" protocol="AJP/1.3"
maxHttpHeaderSize="8192"
enableLookups="false"
connectionTimeout="20000"
URIEncoding="utf-8"
acceptCount="1000"
redirectPort="8443" />
#配置虚拟主机
<Host name="www.wzlinux.com" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase= "/usr/tomcat7/webapps/ROOT"
reloadable="true" crossContext="true" />
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="wzlinux_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
4、重启tomcat,apache
5、参考内容
https添加:https://yq.aliyun.com/articles/434213
openssl单/双向证书申请(本文只用了单向证书):https://www.jianshu.com/p/1d9334fd8179