JWorld@TW the best professional Java site in Taiwan
      註冊 | 登入 | 全文檢索 | 排行榜  

» JWorld@TW » Application Server » Tomcat  

按列印兼容模式列印這個話題 列印話題    把這個話題寄給朋友 寄給朋友   
reply to topicthreaded modego to previous topicgo to next topic
己加入精華區
by koji at 2009-09-14 13:38
本主題所含的標籤
無標籤
作者 Apache+Tomcat+Loadbalance+Cluster+SSL 安裝設定記錄 [精華]
moder





發文: 2
積分: 1
於 2009-09-14 13:34 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
以下是小弟最近安裝和設定
Apache+Tomcat+loadbalance+cluster+SSL 的紀錄
與大家分享與討論....

2010-05-05 補充設定
一個Apache上要設定兩組以上的SSL憑證的作法

A)安裝套件與系統設定
作業系統 : RHEL 5.3 , IP:192.168.1.1

準備工作
1. 更新套件清單: yum –y update
2. 安裝wget: yum –y install wget
3. 安裝相關編譯套件: yum -y install libtool automake make gcc gcc-c++ openssl-devel

下載與安裝Java JDK
1. 下載Java JDK: 這裡用的版本為jdk-1_5_0_06-linux-i586 ,請至http://java.sun.com下載
2. mkdir /usr/java/
3. mv jdk-1_5_0_06-linux-i586.bin /usr/java/
4. chmod 775 /usr/java/jdk-1_5_0_06-linux-i586.bin
5. /usr/java/./jdk-1_5_0_06-linux-i586.bin
設定Java環境變數
1. vi /etc/profile ,
2. 加入下列這幾行
export JAVA_HOME=/usr/java/jdk1.5.0_06
export CLASSPATH=$JAVA_HOME/bin:$JAVA_HOME/lib/tools.jar
export PATH=$PATH:$JAVA_HOME/bin:$CATALINA_HOME
3. source /etc/profile 不用重開機讓環境變數生效

下載與安裝Apache
1. 下載Apache: wget http://ftp.mirror.tw/pub/apache/httpd/httpd-2.2.11.tar.gz
2. tar -zxvf httpd-2.2.11.tar.gz
3. /httpd-2.2.11/./configure --prefix=/usr/httpd --enable-ssl --enable-rewrite --with-mpm=prefork
(註.
--prefix: 安裝目錄設定
--enable-ssl: 加入SSL模組
--enable-rewrite: URL Redirect 規則定義模組
--with-mpm=prefork: 關於Apache效能調教模組,可參考http://blog.tinwong.com/?p=36 , http://www.l-penguin.idv.tw/ )
4. make
5. make install
6. vi /usr/httpd/conf/httpd.conf ,找到ServerName 取消註解#,填入IP or DomainName
7. 啟動Apache: /usr/httpd/bin/./apachectl start
8. 檢查是否有成功啟動: ps aux | grep httpd; netstat -ntulp | grep :80
9. 檢查是否有成功啟動: http://192.168.1.1/
10. 檢查模組是否有正確編譯載入: /usr/httpd/bin/httpd -l

下載與安裝Tomcat
1. 下載Tomcat: wget http://apache.cdpa.nsysu.edu.tw/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.gz
2. mv apache-tomcat-6.0.18.tar.gz /usr/java/
3. tar -zxvf /usr/java/apache-tomcat-6.0.18.tar.gz
4. 啟動Tomcat: /usr/java/apache-tomcat-6.0.18/bin/./catalina.sh start
5. 檢查是否有成功啟動 http://localhost:8080/

下載與編譯Tomcat Connector (Tomcat + Apache 所需套件,產生mod_jk.so模組)
1. 下載Tomcat Connector: wget http://ftp.twaren.net/Unix/Web/apache/tomcat/tomcat-connectors/jk/source/jk-1.2.28/tomcat-connectors-1.2.28-src.tar.gz
2. mv tomcat-connectors-1.2.28-src.tar.gz /usr/java/
3. tar -zxvf /usr/java/tomcat-connectors-1.2.28-src.tar.gz
4. cd /usr/java/tomcat-connectors-1.2.28-src/native/
5. ./configure --with-java-home=/usr/java/jdk1.5.0_06 --with-apxs=/usr/httpd/bin/apxs
6. make
7. cp apache-2.0/mod_jk.so /usr/httpd/modules/

B)設定Apache + Tomcat

載入mod_jk.so模組
1. vi /usr/httpd/conf/httpd.conf
2. 加入下列這幾行
#Load Module mod_jk
LoadModule jk_module modules/mod_jk.so
Include conf/mod_jk.conf

設定mod_jk.conf
1. vi /usr/httpd/conf/mod_jk.conf
2. 加入下列設定
#setup the workers.properties file path, default prefix path is httpd's home (/usr/local/httpd)
JkWorkersFile conf/workers.properties
JkLogFile /var/log/jk.log
JkShmFile /var/log/jk-runtime-status
JkLogLevel error
JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"

JkMountFile conf/uriworkermap.properties

# Deny direct access to WEB-INF
<LocationMatch ".*WEB-INF.*">
deny from all
</LocationMatch>

設定 uriworkermap.properties
1. vi /usr/httpd/conf/uriworkermap.properties
2. 加入下列設定
#
# generate uriworkermap.properties
#
/*.jsp=worker1
/*.do=worker1
/*.page=worker1
/*.action=worker1
/dwr/*=worker1
/servlet/*=worker1
/manager/*=worker1

設定workers.properties
1. vi /usr/httpd/conf/workers.properties
2. 輸入下列設定
# workers.properties
# setting tomcat_home and java_home
workers.tomcat_home=/usr/java/apache-tomcat-6.0.18
workers.java_home=/usr/java/jdk1.5.0_06
# List workers
worker.list=worker1
#
# Define worker1
#
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009
worker.worker1.lbfactor=1

設定Tomcat web
1. vi /usr/java/apache-tomcat-6.0.18/conf/server.xml
2. 加入Host設定(以本網站為例)
<Host name="192.168.1.1" debug="0" appBase="webapps" uppackWARs="true">
<Context path="" docBase="/home/httpd/My-WEB" reloadable="true" debug="0" crossContext="true"/>
</Host>

3. 啟動Apache: /usr/httpd/bin/./apachectl start
4. 啟動Tomcat: /usr/java/apache-tomcat-6.0.18/bin/./catalina.sh start
5. 檢查是否有成功設定 http://localhost/ 出現JSP網頁的畫面,就成功了

C)設定cluster + loadbalance (Apache-->loadbalance , Tomact X2 -->cluster)

修改workers.properties
1. vi /usr/httpd/conf/workers.properties
2. 修改為下列設定
# workers.properties - ajp13
# setting tomcat_home and java_home
#workers.tomcat_home=/usr/java/apache-tomcat-6.0.18
#workers.java_home=/usr/java/jdk1.5.0_06

# List workers
#
worker.list=loadbalancer, jkstatus

#
# Define worker1
#
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009
worker.worker1.socket_timeout=1200
worker.worker1.connection_pool_size=1
worker.worker1.connection_pool_timeout=1300
worker.worker1.lbfactor=1

#
# Define worker2
#
worker.worker2.type=ajp13
worker.worker2.host=localhost
worker.worker2.port=8109
worker.worker2.socket_timeout=1200
worker.worker2.connection_pool_size=1
worker.worker2.connection_pool_timeout=1300
worker.worker2.lbfactor=1

#
# Defining a load balancer
#
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=worker1, worker2
worker.loadbalancer.sticky_session=true
worker.loadbalancer.sticky_session_force=false

#
# Define status worker
#
worker.jkstatus.type=status

修改 uriworkermap.properties
1. vi /usr/httpd/conf/uriworkermap.properties
2. 修改為下列設定
#
# generate uriworkermap.properties
#
/jkmanager/*=jkstatus
/*.jsp=loadbalancer
/*.do=loadbalancer
/*.action=loadbalancer
/*.page=loadbalancer
/dwr/*=loadbalancer
/servlet/*=loadbalancer
/manager/*=loadbalancer

設定Tomcat X2 cluster(同一台機器上兩個Tomcat worker1,worker2)
1. 建立2個Tomcat:
先將原來的Tomcat 目錄 remane: mv /usr/java/apache-tomcat-6.0.18/ /usr/java/apache-tomcat-6.0.18_worker1/
cp -R /usr/java/apache-tomcat-6.0.18_worker1/ /usr/java/apache-tomcat-6.0.18_worker2/

2. 修改Tomcat worker1 (apache-tomcat-6.0.18_worker1)
vi /usr/java/apache-tomcat-6.0.18_worker/conf/server.xml
修改位置內容如下
<Server port="8005" shutdown="SHUTDOWN">(註. 同一台裡Tomcat 2個以上需修改port)
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />(註. 同一台裡Tomcat 2個以上需修改port)
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />(註. 同一台裡Tomcat 2個以上需修改port)
<Engine name="Catalina" defaultHost="localhost" jvmRoute="worker1">, 依 workers.properties,填入id jvmRoute="worker1"

加入下列內容(註. Receiver 的port 範圍為4000~4100 ,可參考http://tomcat.apache.org/tomcat-6.0-doc/cluster-howto.html)
<!--Cluster Start -->
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"
channelSendOptions="6">

<Manager className="org.apache.catalina.ha.session.BackupManager"
expireSessionsOnShutdown="false"
notifyListenersOnReplication="true"
mapSendOptions="6"/>

<Channel className="org.apache.catalina.tribes.group.GroupChannel">
<Membership className="org.apache.catalina.tribes.membership.McastService"
address="228.0.0.4"
port="45564"
frequency="500"
dropTime="3000"/>
<Receiver className="org.apache.catalina.tribes.transport.nio.NioReceiver"
address="auto"
port="4000"
selectorTimeout="100"
maxThreads="6"/>

<Sender className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
<Transport className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
</Sender>
<Interceptor className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
<Interceptor className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/>
<Interceptor className="org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor"/>
</Channel>

<Valve className="org.apache.catalina.ha.tcp.ReplicationValve"
filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;"/>

<Deployer className="org.apache.catalina.ha.deploy.FarmWarDeployer"
tempDir="/tmp/war-temp/"
deployDir="/tmp/war-deploy/"
watchDir="/tmp/war-listen/"
watchEnabled="false"/>

<ClusterListener className="org.apache.catalina.ha.session.ClusterSessionListener"/>
</Cluster>
<!--Cluster End-->

修改Host設定(Session Replication), 加入distributable="true"
<Host name="192.168.1.1" debug="0" appBase="webapps" uppackWARs="true">
<Context path="" docBase="/home/httpd/My-WEB" reloadable="true" debug="0" distributable="true" crossContext="true"/>
</Host>

3. 修改Tomcat worker2 (apache-tomcat-6.0.18_worker2)
vi /usr/java/apache-tomcat-6.0.18_worker2/conf/server.xml
修改位置內容如下
<Server port="8105" shutdown="SHUTDOWN">(註. 同一台裡Tomcat 2個以上需修改port)
<Connector port="8109" protocol="AJP/1.3" redirectPort="8443" />(註. 同一台裡Tomcat 2個以上需修改port)
<Connector port="8081" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />(註. 同一台裡Tomcat 2個以上需修改port)
<Engine name="Catalina" defaultHost="localhost" jvmRoute="worker2">, 依 workers.properties,填入id jvmRoute="worker2"

加入下列內容(註. Receiver 的port 範圍為4000~4100 ,可參考http://tomcat.apache.org/tomcat-6.0-doc/cluster-howto.html)
<!--Cluster Start -->
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"
channelSendOptions="6">

<Manager className="org.apache.catalina.ha.session.BackupManager"
expireSessionsOnShutdown="false"
notifyListenersOnReplication="true"
mapSendOptions="6"/>

<Channel className="org.apache.catalina.tribes.group.GroupChannel">
<Membership className="org.apache.catalina.tribes.membership.McastService"
address="228.0.0.4"
port="45564"
frequency="500"
dropTime="3000"/>
<Receiver className="org.apache.catalina.tribes.transport.nio.NioReceiver"
address="auto"
port="4001"
selectorTimeout="100"
maxThreads="6"/>

<Sender className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
<Transport className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
</Sender>
<Interceptor className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
<Interceptor className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/>
<Interceptor className="org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor"/>
</Channel>

<Valve className="org.apache.catalina.ha.tcp.ReplicationValve"
filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;"/>

<Deployer className="org.apache.catalina.ha.deploy.FarmWarDeployer"
tempDir="/tmp/war-temp/"
deployDir="/tmp/war-deploy/"
watchDir="/tmp/war-listen/"
watchEnabled="false"/>

<ClusterListener className="org.apache.catalina.ha.session.ClusterSessionListener"/>
</Cluster>
<!--Cluster End-->

修改Host設定(Session Replication), 加入distributable="true"
<Host name="192.168.1.1" debug="0" appBase="webapps" uppackWARs="true">
<Context path="" docBase="/home/httpd/My-WEB" reloadable="true" debug="0" distributable="true" crossContext="true"/>
</Host>

4. 修改httpd.conf 設定
vi /usr/httpd/conf/httpd.conf
加入下列內容
NameVirtualHost *:80
<VirtualHost *:80>
ServerName 192.168.1.1
ServerAlias 192.168.1.1
ErrorLog logs/myweb-erro_log.txt
CustomLog logs/myweb-access_log.txt common
JkMountFile conf/uriworkermap.properties
</VirtualHost>

5. 重啟Apache:
/usr/httpd/bin/./apachectl stop
/usr/httpd/bin/./apachectl start
6. 重啟Tomcat worker1:
/usr/java/apache-tomcat-6.0.18_worker1/bin/./catalina.sh stop
/usr/java/apache-tomcat-6.0.18_worker1/bin/./catalina.sh start
重啟Tomcat worker2:
/usr/java/apache-tomcat-6.0.18_worker2/bin/./catalina.sh stop
/usr/java/apache-tomcat-6.0.18_worker2/bin/./catalina.sh start
測試Session Replication

D)設定SSL(註. 以Global Trust SSL憑證為例)
相關SSL憑證申請或cer,key製作請問Google大神
修改httpd-ssl.conf (註. Apache編譯時要加入--enable-ssl)
1. vi /usr/httpd/conf/extra/httpd-ssl.conf
2. 修改<VirtualHost _default_:443> 內容如下
ServerName 192.168.1.1
ServerAlias 192.168.1.1
ErrorLog logs/myweb-erro_log.txt
CustomLog logs/myweb-access_log.txt common
JkMountFile conf/uriworkermap.properties

3. 修改 SSLCertificateFile "/usr/httpd/conf/ca/my.crt" (註. 憑證中心所發的Server憑證)
4. 修改 SSLCertificateKeyFile "/usr/httpd/conf/ca/my.key" (註. Server憑證金鑰)
5. 修改 SSLCertificateChainFile "/usr/httpd/conf/ca/XXX.crt" (註. Chain CA Root憑證)
6. 修改 SSLCACertificateFile "/usr/httpd/conf/ca/XXX.crt" (註. CA Root憑證)
7. 重啟 Apache 在網址列輸入https://192.168.1.1/ 看憑證是否成功顯示
8. 若是要讓這個網站一定要用https來連線的話可以利用Apache mod_rewrite來達成
修改httpd.conf
vi /usr/httpd/conf/httpd.conf
修改如下
<VirtualHost *:80>
ServerName 192.168.1.1
ServerAlias 192.168.1.1
ErrorLog logs/myweb-erro_log.txt
CustomLog logs/myweb-access_log.txt common
JkMountFile conf/uriworkermap.properties
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://192.168.1.1%{REQUEST_URI} [L,R]
</VirtualHost>

D-2)設定SSL (2010-05-05 補充)
一個Apache上要設定兩組以上的SSL憑證的作法如下
修改httpd-ssl.conf (註. Apache編譯時要加入--enable-ssl)
1. vi /usr/httpd/conf/extra/httpd-ssl.conf
2. 新增另一組<VirtualHost *:443>的設定,將<VirtualHost *:443>區塊複製一份並貼上
3. 修改剛剛新增VirtualHost 的設定並設定憑證相關檔案
4. 將<VirtualHost *:443>修改為
examp01.com --> <VirtualHost examp01.com:443>
examp02.com --> <VirtualHost examp02.com:443>
5. 修改httpd.conf
vi /usr/httpd/conf/httpd.conf
新增
NameVirtualHost examp01.com:443
NameVirtualHost examp02.com:443
6. 重啟 Apache
7. 開啟瀏覽器輸入網址https://examp01.com or https://examp02.com 檢查憑證是否有錯誤或是警告
沒有就大功告成

補充說明
有設定iptables 的請開啟udp 45564 port 這樣cluster server 之間的溝通才不會出問題


moder edited on 2010-07-26 16:17
reply to postreply to post
作者 Re:Apache+Tomcat+Loadbalance+Cluster+SSL 安裝設定記錄 [Re:moder]
tuu

每天搬資料的工蜂



發文: 96
積分: 0
於 2009-09-14 18:35 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
好詳細!
可以當作SOP了。
推推推


reply to postreply to post
作者 Re:Apache+Tomcat+Loadbalance+Cluster+SSL 安裝設定記錄 [Re:moder]
puremonkey2006





發文: 112
積分: 0
於 2009-09-15 10:03 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
超強~~ Cool
這裡跟進也Share 一下自己的安裝心得
Apache 安裝
http://tw.myblog.yahoo.com/jw!i35IM3aCBQV.c_1HuKarkcKsre6A5A--/article?mid=200&prev=201&next=199
Configure web application
http://tw.myblog.yahoo.com/jw!i35IM3aCBQV.c_1HuKarkcKsre6A5A--/article?mid=169&prev=172&l=f&fid=13
使用 mod_jk 連接 Tomcat 與 Apache
http://tw.myblog.yahoo.com/jw!i35IM3aCBQV.c_1HuKarkcKsre6A5A--/article?mid=131&prev=132&next=126&l=f&fid=13


reply to postreply to post
Where there is a will, there is a way
作者 Re:Apache+Tomcat+Loadbalance+Cluster+SSL 安裝設定記錄 [Re:moder]
liuqing9382





發文: 3
積分: 0
於 2010-01-08 15:38 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
非常感激樓主大哥無私的分享!!!
寫的太詳細了!
贊!


reply to postreply to post
» JWorld@TW »  Application Server » Tomcat

reply to topicthreaded modego to previous topicgo to next topic
  已讀文章
  新的文章
  被刪除的文章
Jump to the top of page

JWorld@TW 本站商標資訊

Powered by Powerful JuteForum® Version Jute 1.5.8