构建HTTPD+JBOSS网站应用平台
2010-06-01 TsengYia#126.com http://tsengyia.blog.chinaunix.net/
####################################################################
系统环境:
RHEL5.3 [ 2.6.18-128.el5PAE ]
软件环境:
Web服务相关:
httpd-2.2.15.tar.bz2
mod_jk-1.2.28-httpd-2.2.X.so
mod-cband-0.9.7.5.tgz //用于虚拟主机带宽限制
awstats-6.95.tar.gz //用于网站日志分析
JAVA应用系统:
jdk-6u20-linux-i586.bin
jboss-5.1.0.GA.zip
远程管理相关:
vsftpd-...
openssh-server-...
####################################################################
一、构建基本网站系统
1. 编译安装httpd软件包
[root@localhost ~]# tar jxf httpd-2.2.15.tar.bz2 -C /usr/src/
[root@localhost ~]# cd /usr/src/httpd-2.2.15/
[root@localhost httpd-2.2.15]# ./configure --prefix=/usr/local/httpd --enable-so --enable-rewrite --enable-ssl --with-
ssl=/usr/lib --enable-charset-lite --disable-info --enable-cgi
[root@localhost httpd-2.2.15]# make
[root@localhost httpd-2.2.15]# make install
[root@localhost ~]# cp /usr/local/httpd/bin/apachectl /etc/init.d/httpd
[root@localhost ~]# vi /etc/init.d/httpd //在文件头部添加chkconfig配置
#!/bin/bash
# chkconfig: - 85 15
# description: Apache is a World Wide Web server. It is used to server HTML files and CGI.
. /etc/rc.d/functions
……
[root@localhost ~]# chmod +x /etc/init.d/httpd
[root@localhost ~]# chkconfig --add httpd
[root@localhost ~]# service httpd start
[root@localhost ~]# ln -s /usr/local/httpd/bin/* /usr/local/bin/
2. 安装awstats日志分析系统
[root@localhost ~]# tar zxf awstats-6.95.tar.gz
[root@localhost ~]# mv awstats-6.95 /usr/local/awstats
[root@localhost ~]# cd /usr/local/awstats/tools/
[root@localhost tools]# ./awstats_configure.pl
…… 选择y将日志格式改为combined ……
[root@localhost tools]# vi /etc/awstats/awstats.
……
LogFile="/var/log/httpd/testcom_access_log" //确认要分析的日志文件路径
[root@localhost tools]# crontab -e
*/5 * * * * perl /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=
[root@localhost tools]# htasswd -c /usr/local/awstats/wwwroot/.htpasswd logviewer //添加查看日志统计的Web帐号
[root@localhost tools]# vi /var/www/html/awstats.html //创建访问awstats系统的快捷页面
网站访问日志分析系统
3. 安装mod_cband模块
[root@localhost ~]# tar zxf mod-cband-0.9.7.5.tgz -C /usr/src/
[root@localhost ~]# cd /usr/src/mod-cband-0.9.7.5/
[root@localhost mod-cband-0.9.7.5]# ./configure
[root@localhost mod-cband-0.9.7.5]# make && make install
[root@localhost mod-cband-0.9.7.5]# vi /var/www/html/cbstats.html //创建访问cband带宽状态监控的快捷页面
网站流量/带宽负载统计
4. 配置httpd服务器
[root@localhost ~]# vi /usr/local/httpd/conf/httpd.conf
……
User daemon
Group daemon
ServerName
ServerAdmin
Listen 80
ServerTokens Prod //简化HTTP响应包中的Server信息,仅产品(product),不含版本等详细信息
ServerSignature off //禁止在服务端页面的页脚中显示版本信息
HostnameLookups off //禁用反向域名查询
LoadModule cband_module modules/mod_cband.so
CharsetDefault UTF-8
DirectoryIndex index.html index.jsp
DocumentRoot "/var/www/html"
Options None
AllowOverride None
Order allow,deny
Allow from all
PidFile "/var/run/httpd.pid"
CustomLog "logs/access_log" combined
ErrorLog "logs/error_log"
LogLevel warn
……
Timeout 30
KeepAlive on
MaxkeepAliveRequests 240
StartServers 24
MinSpareServers 20
MaxSpareServers 32
ServerLimit 1250
MaxClients 1200
MaxRequestPerChild 10000
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^{TRACE|TRACK}
RewriteRule .* -[F]
NameVirtualHost x.x.x.x
ServerName
DocumentRoot "/var/www/html"
SetEnv IMFILES 1
CustomLog "logs/testcom_access_log" combined env=!IMFILES
ErrorLog "logs/testcom_error_log"
CBandSpeed 102400kb/s 0 48000 //此虚拟机的最大带宽为100MB/s,每个连接的带宽不限制,最多48000个并发连接
CbandRemoteSpeed 768kb/s 0 20 //每客户机的最大并发带宽为768KB/s,每个连接的带宽不限制,最多20个并发连接
CbandExceededURL
CbandScoreboard /var/log/httpd/.scoreboard
SetHandler cband-status
AuthName "Authorization Requirred !!" //查看负载情况时做简单的用户验证
AuthType Bas
AuthUserFile "/usr/local/awstats/wwwroot/.htpasswd" //与访问awstats的Web用户相同
Require valid-user
[root@localhost ~]# mkdir -p /var/www/html
[root@localhost ~]# mv /usr/local/httpd/logs /var/log/httpd
[root@localhost ~]# ln -s /var/log/httpd /usr/local/httpd/logs
[root@localhost ~]# vi /var/www/html/bw_exceed.html
403:There are too many connections from your IP address. Please retry later.
[root@localhost ~]# service httpd reload
5. 测试基本网站系统是否正常
1) 确认httpd服务能够正常启动、运行。
2) 确认能够查看awstats网站访问统计:
3) 确认能够查看cband流量负载统计:
二、安装Jboss系统,连接httpd->Jboss
1. 安装JDK环境
[root@localhost ~]# cp /var/ftp/upload/jdk-6u20-linux-i586.bin /usr/local/
[root@localhost ~]# cd /usr/local/
[root@localhost local]# chmod a+x jdk-6u0-linux-i586.bin
[root@localhost local]# ./jdk-6u20-linux-i586.bin
…… //根据提示完成安装
[root@localhost local]# ln -s /usr/local/jdk1.6.0_20 /usr/local/jdk
[root@localhost local]# vi /etc/profile
JAVA_HOME=/usr/local/jdk
JBOSS_HOME=/usr/local/jboss
CLASSATH=$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
PATH=$PATH:%JAVA_HOME/bin
export JAVA_HOME JBOSS_HOME CLASSPATH PATH
[root@localhost local]# source /etc/profile
[root@localhost local]# alternatives --install /usr/bin/java java /usr/local/jdk1.6.0_20/bin/java 1
[root@localhost local]# alternatives --install /usr/bin/javac javac /usr/local/jdk1.6.0_20/bin/javac 1
[root@localhost local]# alternatives --config java
[root@localhost local]# alternatives --config javac
2. 安装Jboss系统
[root@localhost ~]# unzip jboss-5.1.0.GA.zip
[root@localhost ~]# mv jboss-5.1.0.GA /usr/local/jboss
[root@localhost ~]# cd /usr/local/jboss
[root@localhost jboss]# cp bin/jboss_init_redhat.sh /etc/init.d/jbossd //在服务脚本开头添加chkconfig配置
[root@localhost jboss]# vi /etc/init.d/jbossd
#!/bin/bash
# chkconfig: 3 80 20
# description: The scripts to control Jboss Web Application Server.
……
[root@localhost jboss]# chkconfig --add jbossd
[root@localhost jboss]# service jbossd start
[root@localhost jboss]# mkdir /var/www/html/apps/
[root@localhost jboss]# vi /var/www/html/apps/showtime.jsp //创建JSP测试网页
< language="java" import="java.util.*" %>
现在的日期/时间是:<%out.println(new Date(0); %>
3. 安装mod_jk模块
[root@localhost ~]# cp mod_jk-1.2.28-httpd-2.2.X.so /usr/local/httpd/modules/
4. 调整httpd.conf配置
[root@localhost ~]# vi /usr/local/httpd/conf/httpd.conf
……
LoadModule jk_module modules/mod_jk.so
JkWorkersFile conf/workers.properties
JkLogFile logs/mod_jk.log
JkShmFile logs/mod_jk.shm
JkLoglevel warn
JkLogStampFormat "[%a %b F%d %H:%M:%s %Y]"
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"
JkMount /*.jsp worker1
JkMount /apps/*.jsp worker1
……
[root@localhost ~]# vi /usr/local/httpd/conf/workers.properties
worker.worker1.type=ajp13
worker.worker1.host=127.0.0.1
worker.worker1.port=8009
worker.worker1.lbfactor=50
worker.worker1.cachesize=10
worker.worker1.cache_timeout=120
worker.worker1.socket_keepalive=1
worker.worker1.socket_timeout=60
5. 测试JSP网页是否正常
确认能够正常显示JSP网页,
三、配置FTP、SSH服务辅助管理
1. 配置vsftpd服务器
[root@localhost ~]# vi /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=NO
vsftpd_log_file=/var/log/vsftpd.log
idle_session_timeout=600
data_connection_timeout=120
listen=YES
listen_port=2121
listen_address=x.x.x.x
chroot_local_user=YES
port_enable=YES
pasv_enable=YES
pasv_min_port=4200
pasv_max_port=4250
pam_service_name=vsftpd
userlist_enable=YES
userlist_deny=NO
tcp_wrappers=YES
hide_file={.*,awstat.html,cbstat.html,bw_exceed.html} //隐藏特定的文件,FTP访问时不可见
use_localtime=YES //服务器使用本地系统时间
max_clients=50
max_per_ip=10
local_max_rate=2048000
ftpd_banner=Serv-U FTP Server v10.0.0.7 for WinSock ready //修改FTP版本信息
[root@localhost ~]# useradd -d /var/www/html webadm
[root@localhost ~]# passwd webadm
[root@localhost ~]# vi /etc/vsftpd/userlist
webadm
[root@localhost ~]# setfacl -R -m user:webadm:rwx /var/www/html
[root@localhost ~]# chkconfig vsftpd on
[root@localhost ~]# service vsftpd start
2. 配置openssh服务器
[root@localhost ~]# vi /etc/ssh/sshd_config
Port 2122
#ListenAddress x.x.x.x
PermitRootLogin no
PermitEmptyPasswords no
useDNS noPidFile /var/run/ssh.pid
AllowUsers webadm
[root@localhost ~]# chkconfig sshd on
[root@localhost ~]# service sshd start
阅读(1764) | 评论(0) | 转发(0) |
