通过apache代理tomcat实现tomcat的负载均衡,并实现https。
apache中包含proxy模块,ssl模块。
安装apache:
./configure --prefix=/usr/local/apache --with-included-apr --enable-so --enable-deflate=shared --enable-expires=shared --enable-rewrite=shared --enable-mods-shared="all proxy" --enable-ssl=shared --with-pcre
httpd.conf中包括httpd-ssl.conf配置文件。(后来明白了,不一定非要包括这个文件,只是在需要的配置文件中进行配置s就好)
在httpd-ssl.conf中配置中修改:
# General setup for the virtual host
#DocumentRoot "/usr/local/apache/htdocs"
ServerName www.test.com //与服务器证书中的域名一致。
#ServerAdmin you@example.com
ErrorLog "/usr/local/apache/logs/ssl_error_log"
TransferLog "/usr/local/apache/logs/ssl_access_log"
Proxypass /images/ !
ProxyPass /js/ !
ProxyPass /css/ !
ProxyPass /dhtmlx/ ! //以上4行为静态由apache处理
ProxyPass / http://127.0.0.1:8081/ //proxy转发到本地8081端口,即tomcat的connectort连接端口
上面是代理一个tomcat,下面是代理两个tomcat,实现负载均衡。
列子:apache转发到后端两个tomcat上。并实现https访问。
在配置文件中添加,
ProxyRequests Off
# BalancerMember ajp://10.161.72.2:8009 loadfactor=1 route=appjvm1
BalancerMember ajp://10.161.60.154:8009 loadfactor=1 route=appjvm2
BalancerMember ajp://10.163.177.180:8009 loadfactor=1 route=appjvm3
# BalancerMember ajp://10.161.72.2:8019 loadfactor=1 route=cloudjvm1
BalancerMember ajp://10.161.60.154:8019 loadfactor=1 route=cloudjvm2
BalancerMember ajp://10.163.177.180:8019 loadfactor=1 route=cloudjvm3
NameVirtualHost *:8000
ServerName app.dabai.com
RewriteEngine on
RewriteRule ^/app_web/h5/(.*)$ http://ykfstatic.oss-cn-qingdao-internal.aliyuncs.com/h5/$1 [ P]
ProxyPassReverse /app_web/h5/ http://ykfstatic.oss-cn-qingdao-internal.aliyuncs.com/h5/
RewriteLog "logs/h5-rewrite.log"
RewriteLogLevel 0
ProxyPass / balancer://cluster/ stickysession=JSESSIONID|jsessionid scolonpathdelim=On //session共享
ProxyPassReverse / balancer://cluster/
Options FollowSymLinks
ErrorLog "logs/lb-error.log"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
SSLCACertificateFile /etc/httpd/ssl/ca.crt
#SSLVerifyClient require
#SSLVerifyDepth 1 //双向认证
NameVirtualHost *:8500
ServerName app.dabai.com
ProxyPass / balancer://cluster_cloud/ stickysession=JSESSIONID|jsessionid scolonpathdelim=On
ProxyPassReverse / balancer://cluster_cloud/
Options FollowSymLinks
ErrorLog "logs/lb-cloud-error.log"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
SSLCACertificateFile /etc/httpd/ssl/ca.crt
#SSLVerifyClient require
#SSLVerifyDepth 1 //双向认证
根据需要我这里是代理了两个端口,即8000端口代理的是后面两台机器上的tomcat1,两台机器上的tomcat1再去访问各个机器桑的tomcat2,8500端口是直接代理到后面两台机器上的tomcat2.
若需要支持http和https都可以访问,只需要将以上配置的ssl部分注释掉并另外开两个端口即可http和https共同访问。
注意:上面主要说的是apache中的配置,tomcat中还需要的配置很简单,这里就没说了。
参考文献:http://www.open-open.com/lib/view/open1350702594664.html
apache中包含proxy模块,ssl模块。
安装apache:
./configure --prefix=/usr/local/apache --with-included-apr --enable-so --enable-deflate=shared --enable-expires=shared --enable-rewrite=shared --enable-mods-shared="all proxy" --enable-ssl=shared --with-pcre
httpd.conf中包括httpd-ssl.conf配置文件。(后来明白了,不一定非要包括这个文件,只是在需要的配置文件中进行配置s就好)
在httpd-ssl.conf中配置中修改:
# General setup for the virtual host
#DocumentRoot "/usr/local/apache/htdocs"
ServerName www.test.com //与服务器证书中的域名一致。
#ServerAdmin you@example.com
ErrorLog "/usr/local/apache/logs/ssl_error_log"
TransferLog "/usr/local/apache/logs/ssl_access_log"
Proxypass /images/ !
ProxyPass /js/ !
ProxyPass /css/ !
ProxyPass /dhtmlx/ ! //以上4行为静态由apache处理
ProxyPass / http://127.0.0.1:8081/ //proxy转发到本地8081端口,即tomcat的connectort连接端口
上面是代理一个tomcat,下面是代理两个tomcat,实现负载均衡。
列子:apache转发到后端两个tomcat上。并实现https访问。
在配置文件中添加,
ProxyRequests Off
# BalancerMember ajp://10.161.72.2:8009 loadfactor=1 route=appjvm1
BalancerMember ajp://10.161.60.154:8009 loadfactor=1 route=appjvm2
BalancerMember ajp://10.163.177.180:8009 loadfactor=1 route=appjvm3
# BalancerMember ajp://10.161.72.2:8019 loadfactor=1 route=cloudjvm1
BalancerMember ajp://10.161.60.154:8019 loadfactor=1 route=cloudjvm2
BalancerMember ajp://10.163.177.180:8019 loadfactor=1 route=cloudjvm3
NameVirtualHost *:8000
ServerName app.dabai.com
RewriteEngine on
RewriteRule ^/app_web/h5/(.*)$ http://ykfstatic.oss-cn-qingdao-internal.aliyuncs.com/h5/$1 [ P]
ProxyPassReverse /app_web/h5/ http://ykfstatic.oss-cn-qingdao-internal.aliyuncs.com/h5/
RewriteLog "logs/h5-rewrite.log"
RewriteLogLevel 0
ProxyPass / balancer://cluster/ stickysession=JSESSIONID|jsessionid scolonpathdelim=On //session共享
ProxyPassReverse / balancer://cluster/
Options FollowSymLinks
ErrorLog "logs/lb-error.log"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
SSLCACertificateFile /etc/httpd/ssl/ca.crt
#SSLVerifyClient require
#SSLVerifyDepth 1 //双向认证
NameVirtualHost *:8500
ServerName app.dabai.com
ProxyPass / balancer://cluster_cloud/ stickysession=JSESSIONID|jsessionid scolonpathdelim=On
ProxyPassReverse / balancer://cluster_cloud/
Options FollowSymLinks
ErrorLog "logs/lb-cloud-error.log"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
SSLCACertificateFile /etc/httpd/ssl/ca.crt
#SSLVerifyClient require
#SSLVerifyDepth 1 //双向认证
根据需要我这里是代理了两个端口,即8000端口代理的是后面两台机器上的tomcat1,两台机器上的tomcat1再去访问各个机器桑的tomcat2,8500端口是直接代理到后面两台机器上的tomcat2.
若需要支持http和https都可以访问,只需要将以上配置的ssl部分注释掉并另外开两个端口即可http和https共同访问。
注意:上面主要说的是apache中的配置,tomcat中还需要的配置很简单,这里就没说了。
参考文献:http://www.open-open.com/lib/view/open1350702594664.html
编辑回复