五、Apache使用mod_jk和mod_proxy反向代理tomcat
5.1基本介绍
httpd通过mod_proxy或者mod_jk模块来对tomcat进行反向代理,而且其比Nginx的强大,Nginx的反向代理只能通过http协议进行代理,而apache既可以代理http协议,还可以代理ajp协议,而且mod_proxy 还可以实现session会话的绑定。mod_jk其开发就是对tomcat做反向代理的,通过apache反向代理tomcat的时候,我们可以在tomcat上禁止http连接器,从而来防止前端客户和tomcat通信,所有的连接都是通过apache的代理进来,这样可以增加后端主机的安全性!
5.2、环境配置和架构
Apache上网络基本配置
1
2
3
4
5
6
7
8
9
10
11
12
|
外网IP DEVICE=eth0 BOOTPROTO= static IPADDR= 172.16 . 7.6 NETMASK= 255.255 . 0.0 ONBOOT=yes 内网IP DEVICE=eth1 BOOTPROTO= static IPADDR= 192.168 . 0.2 NATMASK= 255.255 . 255.0 ONBOOT=yes |
Tomcat1上基本网络设置和域名解析文件
1
2
3
4
5
6
7
8
9
10
11
12
|
vim /etc/sysconfig/network-scripts/ifcfg-eth0 修改为如下内容 DEVICE= "eth0" BOOTPROTO= "static" GATEWAY= "192.168.0.2" IPADDR= "192.168.0.1" NETMASK= "255.255.255.0" NM_CONTROLLED= "yes" ONBOOT= "yes" TYPE= "Ethernet" 设置域名解析hosts文件 vim /etc/hosts 192.168 . 0.1 tomcat1.chris.com |
Tomcat2上基本网络配置和域名解析文件
1
2
3
4
5
6
7
8
9
10
11
12
|
vim /etc/sysconfig/network-scripts/ifcfg-eth0 修改为如下内容 DEVICE= "eth0" BOOTPROTO= "static" GATEWAY= "192.168.0.2" IPADDR= "192.168.0.3" NETMASK= "255.255.255.0" NM_CONTROLLED= "yes" ONBOOT= "yes" TYPE= "Ethernet" 设置域名解析hosts文件 vim /etc/hosts 192.168 . 0.3 tomcat2.chris.com |
5.3、在tomcat1和tomcat2上配置Java环境并设置,然后建立测试主页
配置和设置环境上面已经详细介绍过,这里不在重述,只配置下虚拟主机和测试网页
tomcat1
虚拟主机的配置
1
2
3
4
5
6
7
|
[root@localhost ~]# vim /usr/local/tomcat/conf/server.xml #编辑配置文件,修改为以下内容 <Engine name= "Catalina" defaultHost= "tomcat1.chris.com" > <Host name= "tomcat1.chris.com" appBase= "/web" unpackWARs= "true" autoDeploy= "true" > <Context path= "/" docBase= "webapp" reloadable= "ture" /> </Host> 测试页面为前面搭建的jscent |
tomcat2
1
2
3
4
5
6
|
[root@localhost ~]# vim /usr/local/tomcat/conf/server.xml #编辑配置文件,修改为以下内容 <Engine name= "Catalina" defaultHost= "tomcat2.chris.com" > <Host name= "tomcat2.chris.com" appBase= "/web" unpackWARs= "true" autoDeploy= "true" > <Context path= "/" docBase= "webapp" reloadable= "ture" /> </Host> |
设置数据库并创建用户名和设置权限
1
2
3
4
5
|
[root@localhost webapp]# mysql mysql> create database jsprun; mysql> grant all on jsprun.* to 'jsprun' @ 'localhost' identified by 'chris' ; 安装、初始化jsprun http: //192.168.0.3/install.jsp |
测试页面为前面搭建的jsprun,页面如下
5.4、安装配置apache
httpd-2.4.4安装依赖的较新apr-1.4.6.tar.bz2和 apr-util-1.5.2.tar.bz2,由于系统上的apr还被别软件所依赖,不能直接卸载,所以这里采用编译源码安装的方式进行
编译安装apr
1
2
3
4
|
[root@node1 ~]# tar xf apr- 1.4 . 6 .tar.bz2 [root@node1 ~]# cd apr- 1.4 . 6 [root@node1 apr- 1.4 . 6 ]# ./configure --prefix=/usr/local/apr --disable-ipv6 [root@node1 apr- 1.4 . 6 ]# make && make install |
编译安装apr-util
1
2
3
4
|
[root@node1 ~]# tar xf apr-util- 1.5 . 2 .tar.bz2 [root@node1 ~]# cd apr-util- 1.5 . 2 [root@node1 apr-util- 1.5 . 2 ]# ./configure --prefix=/usr/local/apr-util -- with -apr=/usr/local/apr [root@node1 apr-util- 1.5 . 2 ]# make && make install |
编译安装httpd
1
2
3
4
|
[root@node1 ~]# tar xf httpd- 2.4 . 4 .tar.bz2 [root@node1 ~]# cd httpd- 2.4 . 4 [root@node1 httpd- 2.4 . 4 ]# ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd --enable-so --enable-ssl --enable-cgi --enable-rewrite -- with -zlib -- with -pcre -- with -apr=/usr/local/apr -- with -apr-util=/usr/local/apr-util --enable-mpms-shared=all -- with -mpm=event --enable-proxy --enable-proxy-http --enable-proxy-ajp --enable-proxy-balancer --enable-lbmethod-heartbeat --enable-heartbeat --enable-slotmem-shm --enable-slotmem-plain --enable-watchdog [root@node1 httpd- 2.4 . 4 ]# make && make install |
配置httpd服务,增加服务脚本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
[root@node1 httpd- 2.4 . 4 ]# vim /etc/init.d/httpd #!/bin/bash # # httpd Startup script for the Apache HTTP Server # # chkconfig: - 85 15 # description: Apache is a World Wide Web server. It is used to serve \ # HTML files and CGI. # processname: httpd # config: /etc/httpd/conf/httpd.conf # config: /etc/sysconfig/httpd # pidfile: / var /run/httpd.pid # Source function library. . /etc/rc.d/init.d/functions if [ -f /etc/sysconfig/httpd ]; then . /etc/sysconfig/httpd fi # Start httpd in the C locale by default . HTTPD_LANG=${HTTPD_LANG- "C" } # This will prevent initlog from swallowing up a pass-phrase prompt if # mod_ssl needs a pass-phrase from the user. INITLOG_ARGS= "" # Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server # with the thread-based "worker" MPM; BE WARNED that some modules may not # work correctly with a thread-based MPM; notably PHP will refuse to start. # Path to the apachectl script, server binary, and short-form for messages. apachectl=/usr/local/apache/bin/apachectl httpd=${HTTPD-/usr/local/apache/bin/httpd} prog=httpd pidfile=${PIDFILE-/ var /run/httpd.pid} lockfile=${LOCKFILE-/ var /lock/subsys/httpd} RETVAL= 0 start() { echo -n $ "Starting $prog: " LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS RETVAL=$? echo [ $RETVAL = 0 ] && touch ${lockfile} return $RETVAL } stop() { echo -n $ "Stopping $prog: " killproc -p ${pidfile} -d 10 $httpd RETVAL=$? echo [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile} } reload() { echo -n $ "Reloading $prog: " if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/ null ; then RETVAL=$? echo $ "not reloading due to configuration syntax error" failure $ "not reloading $httpd due to configuration syntax error" else killproc -p ${pidfile} $httpd -HUP RETVAL=$? fi echo } # See how we were called. case "$1" in start) start ;; stop) stop ;; status) status -p ${pidfile} $httpd RETVAL=$? ;; restart) stop start ;; condrestart) if [ -f ${pidfile} ] ; then stop start fi ;; reload) reload ;; graceful|help|configtest|fullstatus) $apachectl $@ RETVAL=$? ;; *) echo $ "Usage: $prog {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}" exit 1 esac exit $RETVAL |
增加执行权限
1
|
[root@node1 httpd- 2.4 . 4 ]# chmod +x /etc/init.d/httpd |
加入系统服务列表
1
2
3
|
[root@node1 httpd- 2.4 . 4 ]# chkconfig --add httpd [root@node1 httpd- 2.4 . 4 ]# chkconfig httpd on [root@node1 httpd- 2.4 . 4 ]# chkconfig --list httpd |
增加环境变量
1
2
3
|
[root@node1 ~]# vim /etc/profile.d/httpd.sh 添加如下内容 export PATH=$PATH:/usr/local/apache/bin [root@node1 ~]# . /etc/profile.d/httpd.sh |
反向代理的配置
1
2
3
4
5
6
7
8
|
httpd -D DUMP_MODULES 查看httpd的模块 proxy_module (shared) proxy_http_module (shared) proxy_ajp_module (shared) lbmethod_byrequests_module (shared) #根据请求做负载均衡 lbmethod_bytraffic_module (shared) #根据流量做负载均衡 lbmethod_bybusyness_module (shared) #根据繁忙程度负载均衡 lbmethod_heartbeat_module (shared) #heartbeat模块 |
修改配置文件/etc/httpd/httpd.conf
1
2
3
4
5
6
7
8
9
10
|
注释中心主机 增加虚拟主机的配置文件 #DocumentRoot "/usr/local/apache/htdocs" ServerRoot "/usr/local/apache" PidFile "/var/run/httpd.pid" # 增加pid # Virtual hosts #Include /etc/httpd/extra/httpd-vhosts.conf Include /etc/httpd/extra/httpd-proxy.conf LoadModule slotmem_shm_module modules/mod_slotmem_shm.so #启动这两个模块,被proxy使用的 LoadModule slotmem_plain_module modules/mod_slotmem_plain.so |
增加虚拟主机配置
1
2
3
4
5
6
7
8
9
10
11
12
|
[root@node1 logs]# vim /etc/httpd/extra/httpd-proxy.conf 添加如下内容 <VirtualHost *: 80 > ProxyRequests Off ProxyPass / http: //192.168.0.1:80/ #前面把tomcat的8080端口修改为了80 ProxyPassReverse / http: //192.168.0.1:80/ <Proxy *> Require all granted </Proxy> <Location / > Require all granted </Location> </VirtualHost> |
配置参数解释
ProxyPreserveHost {On|Off}:如果启用此功能,代理会将用户请求报文中的Host:行发送给后端的服务器,而不再使用ProxyPass指定的服务器地址。如果想在反向代理中支持虚拟主机,则需要开启此项,否则就无需打开此功能。
ProxyVia {On|Off|Full|Block}:用于控制在http首部是否使用Via:,主要用于在多级代理中控制代理请求的流向。默认为Off,即不启用此功能;On表示每个请求和响应报文均添加Via:;Full表示每个Via:行都会添加当前apache服务器的版本号信息;Block表示每个代理请求报文中的Via:都会被移除。
ProxyRequests {On|Off}:是否开启apache正向代理的功能;启用此项时为了代理http协议必须启用mod_proxy_http模块。同时,如果为apache设置了ProxyPass,则必须将ProxyRequests设置为Off。
ProxyPass [path] !|url [key=value key=value ...]]:将后端服务器某URL与当前服务器的某虚拟路径关联起来作为提供服务的路径,path为当前服务器上的某虚拟路径,url为后端服务器上某URL路径。使用此指令时必须将ProxyRequests的值设置为Off。需要注意的是,如果path以“/”结尾,则对应的url也必须以“/”结尾,反之亦然。
重启服务,测试如下
至此我们实现了利用mod_proxy实现了一个tomcat的代理