|
基本结构
首先要明白两个基本知识点:
-
平时我们在地址栏里面输入http://www.domain.com 访问的是80端口,相当于http://www.domain.com:80
-
而 https://www.domain.com 使用的是443端口
那么问题就来了,如果多个系统都要单独使用一个二级域名的话,直接修改tomcat的配置会导致端口冲突。
下面我的解决办法是在Internet和tomcat之间加一个nginx反向代理。
基本结构
https请求发送到nginx,nginx将请求代理到tomcat
nginx解决了单ip多域名的问题,多站点就需要tomcat来解决了
网上找到的最好的解决方案是多实例tomcat配置实现单机多站点
什么意思呢?
就是把tomcat拷贝多份,然后修改各个tomcat的server.xml中的shutdown,http以及AJP1.3的端口,然后将tomcat实例启动即可。
如果你们公司好比较重视技术基础设施最好是不要在一台server上部署太多的应用,这个方案对内存要求比较高,因为每个tomcat跑起来之后可能会占200M左右内存,这还是对并发量比较小的,如果实例数一多起来,内存会吃不消。
实操步骤
首先默认你有两个以上指向你的服务器的域名,顶级域名或二级域名都可以。
默认你的服务器上已经安装好了jdk环境。后文中使用的tomcat是8.5版本的。
有两个站点:a.domain.com 和 b.domain.com ,a.domain.com使用https访问,b.domain.com使用http访问
-
1.安装nginx
-
-
yum install nginx
-
2.下载tomcat,解压到你需要的路径下
-
-
假定tomcat解压在/home/admin/app/tomcat 下
-
3.配置各独立站点
-
-
为A、B站点各新建一个目录,分别为是/home/admin/app/a.domain.com 和 /home/admin/app/b.domain.com
-
将/home/admin/app/tomcat下的 conf、logs、temp、webapps、work分别拷贝一份到/home/admin/app/a.domain.com 和 /home/admin/app/b.domain.com下
-
建一个目录/home/admin/app/a.domain.com/https_certificate 存放ssl证书
-
分别修改两个站点目录下的conf/server.xml文件,修改原则就是:凡是涉及到端口的地方全都修改成唯一的
-
/home/admin/app/a.domain.com/conf/server.xml
-
-
...
-
<Server port="8105" shutdown="SHUTDOWN">
-
-
...
-
<Connector port="8180" protocol="HTTP/1.1"
-
connectionTimeout="20000"
-
redirectPort="443"
-
proxyPort="443" />
-
-
...
-
<Connector port="8109" protocol="AJP/1.3" redirectPort="8543" />
-
...
-
/home/admin/app/b.domain.com/conf/server.xml
-
-
...
-
<Server port="8205" shutdown="SHUTDOWN">
-
-
...
-
<Connector port="8280" protocol="HTTP/1.1"
-
connectionTimeout="20000"
-
redirectPort="8543" />
-
-
...
-
<Connector port="8209" protocol="AJP/1.3" redirectPort="8643" />
-
...
-
为各独立站点配置独立的启动脚本,实际上就是把tomcat原来的startup.sh做了一点修改
-
/home/admin/app/a.domain.com/startup.sh
-
-
export CATALINA_BASE=/home/admin/app/a.domain.com
-
export CATALINA_HOME=/home/admin/app/tomcat
-
-
#!/bin/sh
-
-
# Licensed to the Apache Software Foundation (ASF) under one or more
-
# contributor license agreements. See the NOTICE file distributed with
-
# this work for additional information regarding copyright ownership.
-
# The ASF licenses this file to You under the Apache License, Version 2.0
-
# (the "License"); you may not use this file except in compliance with
-
# the License. You may obtain a copy of the License at
-
#
-
# http://www.apache.org/licenses/LICENSE-2.0
-
#
-
# Unless required by applicable law or agreed to in writing, software
-
# distributed under the License is distributed on an "AS IS" BASIS,
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-
# See the License for the specific language governing permissions and
-
# limitations under the License.
-
-
# -----------------------------------------------------------------------------
-
# Start Script for the CATALINA Server
-
# -----------------------------------------------------------------------------
-
-
# Better OS/400 detection: see Bugzilla 31132
-
os400=false
-
case "`uname`" in
-
OS400*) os400=true;;
-
esac
-
-
# resolve links - $0 may be a softlink
-
PRG="$0"
-
-
while [ -h "$PRG" ] ; do
-
ls=`ls -ld "$PRG"`
-
link=`expr "$ls" : '.*-> \(.*\)
-
[/align]`
-
if expr "$link" : '/.*' > /dev/null; then
-
PRG="$link"
-
else
-
PRG=`dirname "$PRG"`/"$link"
-
fi
-
done
-
-
PRGDIR=`dirname "$PRG"`
-
EXECUTABLE=/home/admin/app/tomcat/bin/catalina.sh
-
-
# Check that target executable exists
-
if $os400; then
-
# -x will Only work on the os400 if the files are:
-
# 1. owned by the user
-
# 2. owned by the PRIMARY group of the user
-
# this will not work if the user belongs in secondary groups
-
eval
-
else
-
if [ ! -x "$EXECUTABLE" ]; then
-
echo "Cannot find $PRGDIR/$EXECUTABLE"
-
echo "The file is absent or does not have execute permission"
-
echo "This file is needed to run this program"
-
exit 1
-
fi
-
fi
-
-
exec "$EXECUTABLE" start "$@"
-
/home/admin/app/b.domain.com/startup.sh
-
-
export CATALINA_BASE=/home/admin/app/b.domain.com
-
export CATALINA_HOME=/home/admin/app/tomcat
-
-
#!/bin/sh
-
-
# Licensed to the Apache Software Foundation (ASF) under one or more
-
# contributor license agreements. See the NOTICE file distributed with
-
# this work for additional information regarding copyright ownership.
-
# The ASF licenses this file to You under the Apache License, Version 2.0
-
# (the "License"); you may not use this file except in compliance with
-
# the License. You may obtain a copy of the License at
-
#
-
# http://www.apache.org/licenses/LICENSE-2.0
-
#
-
# Unless required by applicable law or agreed to in writing, software
-
# distributed under the License is distributed on an "AS IS" BASIS,
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-
# See the License for the specific language governing permissions and
-
# limitations under the License.
-
-
# -----------------------------------------------------------------------------
-
# Start Script for the CATALINA Server
-
# -----------------------------------------------------------------------------
-
-
# Better OS/400 detection: see Bugzilla 31132
-
os400=false
-
case "`uname`" in
-
OS400*) os400=true;;
-
esac
-
-
# resolve links - $0 may be a softlink
-
PRG="$0"
-
-
while [ -h "$PRG" ] ; do
-
ls=`ls -ld "$PRG"`
-
link=`expr "$ls" : '.*-> \(.*\)
-
[/align]`
-
if expr "$link" : '/.*' > /dev/null; then
-
PRG="$link"
-
else
-
PRG=`dirname "$PRG"`/"$link"
-
fi
-
done
-
-
PRGDIR=`dirname "$PRG"`
-
EXECUTABLE=/home/admin/app/tomcat/bin/catalina.sh
-
-
# Check that target executable exists
-
if $os400; then
-
# -x will Only work on the os400 if the files are:
-
# 1. owned by the user
-
# 2. owned by the PRIMARY group of the user
-
# this will not work if the user belongs in secondary groups
-
eval
-
else
-
if [ ! -x "$EXECUTABLE" ]; then
-
echo "Cannot find $PRGDIR/$EXECUTABLE"
-
echo "The file is absent or does not have execute permission"
-
echo "This file is needed to run this program"
-
exit 1
-
fi
-
fi
-
-
exec "$EXECUTABLE" start "$@"
-
4. 修改nginx配置
-
-
为两个站点分别准备一份nginx配置文件
-
su - root
-
cd /etc/nginx/conf.d
-
cp default.conf a.domain.com.conf
-
cp default.conf b.domain.com.conf
-
修改配置文件
-
a.domain.com.conf
-
-
server {
-
listen 443;
-
server_name a.domain.com;
-
-
ssl on;
-
ssl_certificate /home/admin/app/a.domain.com/https_certificate/Nginx/1_a.domain.com_bundle.crt;
-
ssl_certificate_key /home/admin/app/a.domain.com/https_certificate/Nginx/2_a.domain.com.key;
-
ssl_session_timeout 5m;
-
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
-
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
-
ssl_prefer_server_ciphers on;
-
-
location / {
-
proxy_set_header Host $host;
-
proxy_set_header X-Real-IP $remote_addr;
-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
proxy_set_header X-Forwarded-Proto $scheme;
-
-
# note, there is not SSL here! plain HTTP is used
-
-
proxy_pass http://127.0.0.1:8180;
-
}
-
}
-
b.domain.com.conf
-
-
server {
-
client_max_body_size 2000M; ##上传文件时body的最大值(如:2G 、200K)
-
listen 80;
-
server_name b.domain.com;
-
-
location / {
-
proxy_pass http://127.0.0.1:8280;
-
}
-
}
-
测试配置文件测正确性
-
-
nginx -t -c b.domain.com.conf
-
nginx -t -c a.domain.com.conf
-
重启nginx
-
-
service nginx restart
|
