赞
踩
在Linux系统上运行了httpd和tomcat,又绑定了域名后, 想通过Apache自动转发请求到tomcat
这一步比较简单,直接在Apache的配置文件里新增虚拟主机监听80端口,对指定路径下的请求做代理转发就行
这里http请求默认是80端口,而且apache默认监听端口也是80端口,如果特殊配置则对着修改
转发请求给tomcat的是8080端口,如果有额外配置同理
<VirtualHost *:80>
ServerName www.domain.com
ProxyRequests Off
# 这里声明默认‘/’ 路径下的请求,映射到project项目路径下
Alias / /var/www/html/project/
<Location />
Satisfy Any
</Location>
# 这里声明/app 路径下的请求,自动转发给tomcat以及返回
ProxyPass /app http://localhost:8080/app/
ProxyPassReverse /app http://localhost:8080/app/
</VirtualHost>
LoadModule ssl_module modules/mod_ssl.so
Listen 443 https SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog SSLSessionCache shmcb:/run/httpd/sslcache(512000) SSLSessionCacheTimeout 300 SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 SSLCryptoDevice builtin <VirtualHost _default_:443> # 第一个要点 ServerName www.domain.com ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA # 第二个要点 SSLCertificateFile 证书路径 SSLCertificateKeyFile 证书key路径 SSLCertificateChainFile 如果有chain文件则添加该配置,没有则#注释掉即可 <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" # 这里需要注意的是,路径代表着你请求的映射的根目录 # 假设我apache下有a,b两个项目,我可以通过www.domain.com/a,www.domain.com/b分别访问各个项目下的静态文件 # 但是如果想要访问/var/www/html/a/index.html文件时,不同配置下的结果是: # DocumentRoot "/var/www/html" www.domain.com/a/index.html # DocumentRoot "/var/www/html/a" www.domain.com/index.html # 具体根据实际需求来 # 第三个要点 DocumentRoot "/var/www/html/project" </VirtualHost>
这时候会发现,apache的静态资源可以通过http跟https成功访问了,但是https下请求tomcat动态资源失败,因为https请求是通过443端口请求的,而我们的动态转发只监听了80端口,所以新增一个443端口监听
<VirtualHost *:443>
ServerName www.domain.com
ProxyRequests Off
# 静态资源
Alias / /var/www/html/project/
<Location />
Satisfy Any
</Location>
# 动态tomcat
ProxyPass /app http://localhost:8080/app/
ProxyPassReverse /app http://localhost:8080/app/
</VirtualHost>
这时候会提示ERR_SSL_PROTOCOL_ERROR
默认监听的8080端口配置不变动,用于接收http请求,新增监听端口8081(这里使用的是pfx证书)用于接收https请求
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8081" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="证书路径" keystoreType="PKCS12" keystorePass="证书密码"
clientAuth="false"
SSLProtocol="TLSv1.1+TLSv1.2+TLSv1.3"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"
redirectPort="8443"
/>
修改apache对于443监听转发的配置,新增ssl代理配置,传递给tomcat
<VirtualHost *:443> ServerName domain.top:443 ProxyRequests Off # 静态资源 Alias / /var/www/html/project/ <Location /> Satisfy Any </Location> # SSL代理 ProxyPreserveHost On SSLProxyEngine on SSLEngine on # 根据实际配置ssl SSLCertificateFile xxx.crt SSLCertificateKeyFile xxx.key SSLCertificateChainFile xxx.crt # 动态tomcat ProxyPass /app https://localhost:8081/app/ ProxyPassReverse /app https://localhost:8081/app/ </VirtualHost>
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。