由于项目的需要,需要对项目环境进行一些配置,主要是apache和tomcat的整合,并加入集群的功能,在apache中加入ssl,增加其安全性,
我在网上找了很长的时间,找到一些资料,但是都不完整,一般只介绍其中的一部分而已,在这些教程的基础上,加上官方网站的资料,经过努力终于搞定了。这些
都来自网络,我只是把他们都整合到一起,希望对你有所帮助,如果你有什么更好的配置方法,请联系我,谢谢。
目标:apache、tomcat,ssl,的整合,加入集群的功能
操作系统:FC4-i386,redhat as 4
所需软件:httpd-2.2.0,jakarta-tomcat-5.0.30,jdk1.4或者jdk1.5,openssl-0.9.8,ssl.ca-0.1.tar.gz
安装openssl
$ tar zxf openssl-0.9.8.tar.gz
$ cd openssl-0.98
$ ./config --prefix=/usr/local/ssl
$ make
$ make test
$ make install
安装httpd,并支持ssl
# tar zxf httpd-2.2.0.tar.gz
# cd httpd-2.2.0
apr和apr-util的安装
安装apr
# cd srclib/apr
# ./configure --prefix=/usr/local/apr
# make
# make install
安装apr-util
# cd ../apr-util/
# ./configure --prefix=/usr/local/apr-util \
--with-apr=/usr/local/apr
# make
# make install
# cd ../../
安装apache
# ./configure --prefix=/usr/local/apache \
--enable-so \
--enable-proxy-balancer \
--enable-rewrite=share \
--enable-proxy=share \
--enable-proxy-ajp=share \
--enable-dav=share \
--with-apr=/usr/local/apr \
--with-apr-util=/usr/local/apr-util/ \
--enable-ssl=static \
--with-ssl=/usr/local/ssl
--enable-mods-shared=all
# make
# make install
安装ssl临时证书:
ssl.ca-0.1.tar.gz
# cd /usr/local/apache2/conf
# tar zxvf ssl.ca-0.1.tar.gz
# cd ssl.ca-0.1
# ./new-root-ca.sh
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long modulus
...........................++++++
....++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:
......
Self-sign the root CA...
Enter pass phrase for ca.key:
........
........
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:ZheJiang
Locality Name (eg, city) [Sitiawan]:HangZhou
Organization Name (eg, company) [My Directory Sdn Bhd]:sc
Organizational Unit Name (eg, section) [Certification Services Division]:sc
Common Name (eg, MD Root CA) []:2
Email Address []:admin@admin.com
这样就生成了ca.key和ca.crt两个文件,接下来生成一个证书:
# ./new-server-cert.sh server
......
......
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:ZheJiang
Locality Name (eg, city) [Sitiawan]:HangZhou
Organization Name (eg, company) [My Directory Sdn Bhd]:sc
Organizational Unit Name (eg, section) [Secure Web Server]:sc
Common Name (eg, www.domain.com) []:2
Email Address []:admin@admin.com
这样就生成了server.csr和server.key这两个文件。
还需要签署一下才能使用的:
# ./sign-server-cert.sh server
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'JiangSu'
localityName :PRINTABLE:'NanJing'
organizationName :PRINTABLE:'Wiscom System Co.,Ltd'
organizationalUnitName:PRINTABLE:'ACSTAR'
commonName :PRINTABLE:'acmail.wiscom.com.cn'
emailAddress :IA5STRING:'acmail@wiscom.com.cn'
Certificate is to be certified until Jul 16 12:55:34 2005 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK
下面要按照ssl.conf里面的设置,将证书放在适当的位置。
最后是配置conf/httpd.conf
此文件中找到
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
把#Include conf/extra/httpd-ssl.conf前面的'#'号去掉保存
启动服务器,测试
$cd bin
$./apachectl start
浏览器中打入http://127.0.0.1/和https://127.0.0.1,如果看到同一个成功画面,说明apache+ssl配置成功.
jdk的安装
把jdk1.4或者jdk1.5复制到/usr/local
$chmod 755 jdk....bin
$./jdk....bin
配置全局变量,打开/etc/profile文件,加入
JAVA_HOME=这里为你jdk安装目录
JRE_HOME=$JAVA_HOME/jre
PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH:$HOME/bin
export JAVA_HOME JRE_HOME PATH
#ant
PATH=/usr/local/ant/bin:$PATH
export PATH
重起电脑.
配置完毕.
tomcat安装
首先把tomcat复制到目录/usr/local
$tar zxf jakarta-tomcat-5.0.30.tar.gz
$cd jakarta-tomcat-5.0.30/bin
$./startup.sh
浏览器中打入http://127.0.0.1:8080/,如果看到tomcat的欢迎画面,表示安装成功.
配置apache目录下conf/httpd.conf文件,
此文件中找到
#Include conf/extra/httpd-vhosts.conf
把#Include conf/extra/httpd-ssl.conf前面的'#'号去掉保存,然后打开conf/extra/httpd-vhosts.conf文件的找到<VirtualHost _default_:443>,在其里面加入
ServerAdmin admin@easyea.com
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
ServerName localhost
ServerAlias www.easyea.com
ErrorLog logs/easyea.com-error_log
CustomLog logs/easyea.com-access_log common
加入的设置有些是与它原先的默认设置是冲突的,请删掉相应冲突的设置.
启动服务器,测试,浏览器中打入https://127.0.0.1,如果看到tomcat的欢迎画面,表示配置成功.
集群和sesion复制
集群
在conf/extra/httpd-vhosts.conf文件的找到<VirtualHost _default_:443>,在其里面加入
<Proxy balancer://128.8.153.203>
BalancerMember ajp://localhost:8009
BalancerMember ajp://128.8.153.81:8009
</Proxy>
<Location /sc/>
ProxyPass balancer://128.8.153.203/sc/
</Location>
sesion复制
tomcat的conf/server.xml文件中,把Cluster
部分的注释去掉,最后一步是把你所要的session复制的项目中的web.xml中加入<distributable
/>,测试的话你需要两个配置一样的tomcat
配置到这里配置完成,在装的过程中因为环境的问题,配置可能有所不同.
aspirin
2006-3-14