由於項目的需要,需要對項目環境進行一些配置,主要是apache和tomcat的整合,並加入集羣的功能,在apache中加入ssl,增加其安全性,我在網上找了很長的時間,找到一些資料,但是都不完整,一般只介紹其中的一部分而已,在這些教程的基礎上,加上官方網站的資料,經過努力終於搞定了。這些都來自網絡,我只是把他們都整合到一起,希望對你有所幫助,如果你有什麼更好的配置方法,請聯繫我,謝謝。
目標:apache、tomcat,ssl,的整合,加入集羣的功能
操作系統:FC4-i386,redhat as 4
所需軟件:httpd-2.2.0,jakarta-tomcat-5.0.30,jdk1.4或者jdk1.5,openssl-0.9.8,ssl.ca-0.1.tar.gz
安裝openssl
$ tar zxf openssl-0.9.8.tar.gz
$ cd openssl-0.98
$ ./config --prefix=/usr/local/ssl
$ make
$ make test
$ make install
安裝httpd,並支持ssl
# tar zxf httpd-2.2.0.tar.gz
# cd httpd-2.2.0
apr和apr-util的安裝
安裝apr
# cd srclib/apr
# ./configure --prefix=/usr/local/apr
# make
# make install
安裝apr-util
# cd ../apr-util/
# ./configure --prefix=/usr/local/apr-util /
--with-apr=/usr/local/apr
# make
# make install
# cd ../../
安裝apache
# ./configure --prefix=/usr/local/apache /
--enable-so /
--enable-proxy-balancer /
--enable-rewrite=share /
--enable-proxy=share /
--enable-proxy-ajp=share /
--enable-dav=share /
--with-apr=/usr/local/apr /
--with-apr-util=/usr/local/apr-util/ /
--enable-ssl=static /
--with-ssl=/usr/local/ssl
--enable-mods-shared=all
# make
# make install
安裝ssl臨時證書:
ssl.ca-0.1.tar.gz
# cd /usr/local/apache2/conf
# tar zxvf ssl.ca-0.1.tar.gz
# cd ssl.ca-0.1
# ./new-root-ca.sh
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long modulus
...........................++++++
....++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:
......
Self-sign the root CA...
Enter pass phrase for ca.key:
........
........
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:ZheJiang
Locality Name (eg, city) [Sitiawan]:HangZhou
Organization Name (eg, company) [My Directory Sdn Bhd]:sc
Organizational Unit Name (eg, section) [Certification Services Division]:sc
Common Name (eg, MD Root CA) []:2
Email Address []:[email protected]
這樣就生成了ca.key和ca.crt兩個文件,接下來生成一個證書:
# ./new-server-cert.sh server
......
......
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:ZheJiang
Locality Name (eg, city) [Sitiawan]:HangZhou
Organization Name (eg, company) [My Directory Sdn Bhd]:sc
Organizational Unit Name (eg, section) [Secure Web Server]:sc
Common Name (eg, www.domain.com) []:2
Email Address []:[email protected]
這樣就生成了server.csr和server.key這兩個文件。
還需要簽署一下才能使用的:
# ./sign-server-cert.sh server
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'JiangSu'
localityName :PRINTABLE:'NanJing'
organizationName :PRINTABLE:'Wiscom System Co.,Ltd'
organizationalUnitName:PRINTABLE:'ACSTAR'
commonName :PRINTABLE:'acmail.wiscom.com.cn'
emailAddress :IA5STRING:'[email protected]'
Certificate is to be certified until Jul 16 12:55:34 2005 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK
下面要按照ssl.conf裏面的設置,將證書放在適當的位置。
最後是配置conf/httpd.conf
此文件中找到
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
把#Include conf/extra/httpd-ssl.conf前面的'#'號去掉保存
啓動服務器,測試
$cd bin
$./apachectl start
瀏覽器中打入http://127.0.0.1/和https://127.0.0.1,如果看到同一個成功畫面,說明apache+ssl配置成功.
jdk的安裝
把jdk1.4或者jdk1.5複製到/usr/local
$chmod 755 jdk....bin
$./jdk....bin
配置全局變量,打開/etc/profile文件,加入
JAVA_HOME=這裏爲你jdk安裝目錄
JRE_HOME=$JAVA_HOME/jre
PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH:$HOME/bin
export JAVA_HOME JRE_HOME PATH
#ant
PATH=/usr/local/ant/bin:$PATH
export PATH
重起電腦.
配置完畢.
tomcat安裝
首先把tomcat複製到目錄/usr/local
$tar zxf jakarta-tomcat-5.0.30.tar.gz
$cd jakarta-tomcat-5.0.30/bin
$./startup.sh
瀏覽器中打入http://127.0.0.1:8080/,如果看到tomcat的歡迎畫面,表示安裝成功.
配置apache目錄下conf/httpd.conf文件,
此文件中找到
#Include conf/extra/httpd-vhosts.conf
把#Include conf/extra/httpd-ssl.conf前面的'#'號去掉保存,然後打開conf/extra/httpd-vhosts.conf文件的找到<VirtualHost _default_:443>,在其裏面加入
ServerAdmin [email protected]
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
ServerName localhost
ServerAlias www.easyea.com
ErrorLog logs/easyea.com-error_log
CustomLog logs/easyea.com-access_log common
加入的設置有些是與它原先的默認設置是衝突的,請刪掉相應衝突的設置.
啓動服務器,測試,瀏覽器中打入https://127.0.0.1,如果看到tomcat的歡迎畫面,表示配置成功.
集羣和sesion複製
集羣
在conf/extra/httpd-vhosts.conf文件的找到<VirtualHost _default_:443>,在其裏面加入
<Proxy balancer://128.8.153.203>
BalancerMember ajp://localhost:8009
BalancerMember ajp://128.8.153.81:8009
</Proxy>
<Location /sc/>
ProxyPass balancer://128.8.153.203/sc/
</Location>
sesion複製
tomcat的conf/server.xml文件中,把Cluster 部分的註釋去掉,最後一步是把你所要的session複製的項目中的web.xml中加入<distributable />,測試的話你需要兩個配置一樣的tomcat
配置到這裏配置完成,在裝的過程中因爲環境的問題,配置可能有所不同.
