迷彩 潜伏 隐蔽 伪装
分类: 服务器与存储
2013-02-07 22:03:00
原文地址:tomcat部署web服务(二) 作者:junwei_7702
该协议使在网络上传输的数据以二进制格式代替纯文本格式,通过TCP协议及分组协 议,因此通过该协议传输数据增加了web服务的性能,另外解密请求在web服务器上 完成,使得应用程序服务器拥有更小的负载,减少通过TCP协议的网络流量;
Mod_jk和mod_proxy模块基于AJP协议,对通过浏览器传输大量内容很有帮助;
1、mod_jk:是一种基于AJP协议整合apache或者IIS和Tomcat的AJP连接器模块,对隐藏后端 tomcat服务和消除浏览器中的tomcat服务端口很有用;
2、mod_proxy:apache连接tomcat服务器自带的模块;
mod_proxy子模块:
mod_proxy_http
mod_proxy_ajp
mod_proxy_balancer (负载均衡模块)
注1:tomcat只处理静态内容,是个应用程序服务器;
注2:使用最新版本的mod_jk模块整合apache和tomcat可以在浏览器中存储64k大小的相应报文头;
注3:用到的相关命令:
httpd -D -DUMP_MODULES //列出当前系统上已经启用的模块//
安装前准备:
安装yum开发环境“Development Libraries”
源码包:
apr-1.4.6.tar.bz2
apr-util-1.4.1.tar.bz2
httpd-2.4.2.tar.bz2
从获取apr和apr-util源码包,目前apr最新的版本是1.4.6,apr- util的最新版本为1.4.1,apr-util是apr的工具库,其可以让程序员更好的使用apr的功能。
# tar xf apr-1.4.6.tar.bz2
# cd apr-1.4.6
#./buildconf
#./configure --prefix=/usr/local/apr
#make && make install
#cd
#tar xf apr-util-1.4.1.tar.bz2
#cd apr-util-1.4.1
#./buildconf --with-apr=/root/apr-1.4.6
#./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
#make && make install
# yum -y install pcre-devel //安装pcre的开发库//# tar xf httpd-2.4.2# ./configure \--prefix=/usr/local/apache \--sysconfdir=/etc/httpd \--enable-so \--enable-ssl \--enable-cgi \--enable-rewrite \--with-zlib \--with-pcre \--with-apr=/usr/local/apr \--with-apr-util=/usr/local/apr-util \--enable-proxy \--enable-proxy-http \--enable-proxy-ajp //cgi proxy proxy-http proxy-ajp模块一定要编译进去//# make && make install# vim /etc/rc.d/init.d/httpd //为apache提供init脚本,实现服务的控制//添加如下内容#!/bin/bash## httpd Startup script for the Apache HTTP Server
## chkconfig: - 85 15# description: Apache is a World Wide Web server. It is used to serve \# HTML files and CGI.# processname: httpd
# config: /etc/httpd/httpd.conf# config: /etc/sysconfig/httpd# pidfile: /var/run/httpd.pid# Source function library./etc/rc.d/init.d/functionsif [ -f /etc/sysconfig/httpd ]; then. /etc/sysconfig/httpdfi# Start httpd in the C locale by default.HTTPD_LANG=${HTTPD_LANG-"C"}# This will prevent initlog from swallowing up a pass-phrase prompt if# mod_ssl needs a pass-phrase from the user.INITLOG_ARGS=""# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server# with the thread-based "worker" MPM; BE WARNED that some modules may not# work correctly with a thread-based MPM; notably PHP will refuse to start.# Path to the apachectl script, server binary, and short-form for messages.apachectl=/usr/local/apache/bin/apachectlhttpd=${HTTPD-/usr/local/apache/bin/httpd}prog=httpdpidfile=${PIDFILE-/var/run/httpd.pid}lockfile=${LOCKFILE-/var/lock/subsys/httpd}RETVAL=0start() {echo -n $"Starting $prog: "LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONSRETVAL=$?echo[ $RETVAL = 0 ] && touch ${lockfile}return $RETVAL}stop() {echo -n $"Stopping $prog: "killproc -p ${pidfile} -d 10 $httpdRETVAL=$?echo[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}}reload() {echo -n $"Reloading $prog: "if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; thenRETVAL=$?echo $"not reloading due to configuration syntax error"failure $"not reloading $httpd due to configuration syntax error"elsekillproc -p ${pidfile} $httpd -HUPRETVAL=$?fiecho}# See how we were called.case "$1" instart)start;;stop)stop;;status)status -p ${pidfile} $httpdRETVAL=$?;;restart)stopstart;;condrestart)if [ -f ${pidfile} ] ; thenstopstartfi;;reload)reload;;graceful|help|configtest|fullstatus)$apachectl $@
RETVAL=$?;;*)echo $"Usage: $prog {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}"exit 1esacexit $RETVAL以上为apache的启动脚本内容#chmod +x /etc/rc.d/init.d/httpd#chkconfig --add httpd#chkconfig httpd on#vim /etc/profile添加:PATH=/usr/local/apache/bin:$PATH#export PATH=/usr/local/apache/bin:$PATH#vim /etc/man.config添加:MANPATH /usr/local/apache/man#ln -sv /usr/local/apache/include /usr/include/httpd#vim /etc/httpd/httpd.conf //修改httpd的主配置文件,设置其Pid文件的路径//
PidFile "/var/run/httpd.pid"LoadModule slotmem_shm_module modules/mod_slotmem_shm.so //打开LoadModule模块#service httpd start#httpd -D DUMP_MODULES | grep proxy // 确保当前系统上已经装载了与proxy相关的模块//proxy_module (shared)proxy_connect_module (shared)proxy_ftp_module (shared)proxy_http_module (shared)proxy_fcgi_module (shared)proxy_scgi_module (shared)proxy_ajp_module (shared)proxy_balancer_module (shared) //实现Tomcat集群时用到的模块//proxy_express_module (shared)
下面为http服务建立虚拟主机来提供反向代理,当然也可以在全局文件中提供反向代理功能
# vim /etc/httpd/httpd.confInclude /etc/httpd/extra/httpd-vhosts.conf //打开虚拟主机选项#DocumentRoot "/usr/local/apache/htdocs" //禁用中心主机# vim /etc/httpd/extra/httpd-vhosts.conf //编辑虚拟主机文件关闭虚拟主机样例并添加虚拟主机# # ServerAdmin webmaster@dummy-host.example.com# DocumentRoot "/usr/local/apache/docs/dummy-host.example.com"# ServerName dummy-host.example.com# ServerAlias# ErrorLog "logs/dummy-host.example.com-error_log"# CustomLog "logs/dummy-host.example.com-access_log" common### # ServerAdmin webmaster@dummy-host2.example.com# DocumentRoot "/usr/local/apache/docs/dummy-host2.example.com"# ServerName dummy-host2.example.com# ErrorLog "logs/dummy-host2.example.com-error_log"# CustomLog "logs/dummy-host2.example.com-access_log" common#在全局配置段或虚拟主机中添加如下两项内容,这里我添加到了全局配置段中:ProxyRequests Off //关闭正向代理//ProxyPreserveHost Off //将用户请求apache上某虚拟主机转发到tomcat服务器上对应虚拟主机上,不定义该项表示用户请求将被转发到tomcat默认虚拟主机上/将Apache跟Tomcat的ajp连接器进行整合 ServerName tomcat.wjw.comProxyPass / ajp://172.16.11.11:8009/ //注意当前服务器上的某虚拟路径必须与后端服务器上某URL路径对应,后面也如此//ProxyPassReverse / ajp://172.16.11.11:8009/
ServerName tomcat.wjw.comProxyPass /ProxyPassReverse /# service httpd restart //重启httpd服务并访问验证
a)编译安装mod_jk模块
下载tomcat-connectors-1.2.37-src.tar.gz安装包至本地/root目录
# tar xf tomcat-connectors-1.2.37-src.tar.gz# cd tomcat-connectors-1.2.37-src/native# ./configure –with-apxs=/usr/local/apache/bin/apxs# make && make install# ls /usr/local/apache/modules/mod_jk.so //确保mod_jk模块已经存在//
# vim /etc/httpd/extra/httpd-jk.confLoadModule jk_module modules/mod_jk.soJkWorkersFile /etc/httpd/extra/workers.properties //用于指定保存了worker相关工作属性定义的配置文件//JkLogFile logs/mod_jk.log //指定mod_jk模块的日志文件//JkLogLevel debug //指定日志的级别(info, error, debug),这里使用debug级别显得过低,因为是第一次用,使用该级别可以用来排错//JkMount /* TomcatA //指定则用于控制URL与Tomcat workers的对应关系,/*表示根下的所有路径均转发给tomcat中的worker,TomcatA需要自己定/JkMount /status/ stat1 //将用户请求的status信息转发至stat1//
对于Apache代理来说,每一个后端的Tomcat实例中的engine都可以视作一个worker,定义tomcat的worker名称:
# vim /usr/local/tomcat/conf/server.xml修改如下行:
# vim /etc/httpd/extra/workers.properties添加如下内容:worker.list=TomcatA,stat1 //定义TomcatA,stat1//worker.TomcatA.port=8009 //TomcatA上AJP1.3连接器的端口//worker.TomcatA.host=172.16.11.11 //TomcatA所在的主机//worker.TomcatA.type=ajp13 //定义TomcatA所属类型//worker.TomcatA.lbfactor=1 //定义TomcatA权重,这里我们使用的不是负载均衡,所以该项定义为1//worker.stat1.type=status //定义stat1所属类型status(定义用户显示分布式环境中各实际worker工作状态的特殊worker,它不处理任何请求,也不关联到任何实际工作的worker实例)//
# vim /etc/httpd/httpd.confInclude /etc/httpd/extra/httpd-jk.conf //添加该行//#Include /etc/httpd/extra/httpd-vhosts.conf //禁用虚拟主机//
# vim /usr/local/tomcat/conf/tomcat-users.xml添加如下行// username和password可以根据自己需要来定义//
# /usr/local/tomcat/bin/catalina.sh stop# /usr/local/tomcat/bin/catalina.sh start
关闭TomcatA,验证对后端tomcat上的worker健康状况检查效果