1.Tomcat快速安装
1.准备Java基础环境
[root@lb01 ~]# yum install java -y[root@lb01 ~]# mkdir /server && cd /server
2.下载并安装Tomcat服务
[root@lb01 server]# wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-9/v9.0.11/bin/apache-tomcat-9.0.11.tar.gz[root@lb01 server]# tar xf apache-tomcat-9.0.11.tar.gz[root@lb01 server]# ln -s /server/apache-tomcat-9.0.11 /server/tomcat-8080
3.启动Tomcat服务
[root@lb01 ~]# /server/tomcat-8080/bin/startup.sh[root@lb01 ~]# netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 28272/java tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 28272/java tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN 28272/java
4.通过浏览器访问http://IP:800测试访问
2.Tomcat配置实战
3.Tomcat多个实例
4.Tomcat配置Https
Tomcat支持JKS格式证书,从Tomcat7开始也支持PFX格式证书,两种证书格式任选其一.
1、证书格式转换,在tomcat安装目录创建ssl目录,并将阿里云下载的证书全部拷贝该目录中。(如果是系统创建的CSR,请直接到第2步)
[root@lb01 ~]# mkdir /server/tomcat-8080/ssl[root@lb01 ~]# cd /server/tomcat-8080/ssl[root@lb01 ~]# 上传对应证书[root@lb01 ssl]# unzip 1524377920931.zip# 执行如下命令完成PFX格式转换命令,此处要设置PFX证书密码,请牢记[root@lb01 ssl]# openssl pkcs12 -export -out 1524377920931.pfx -inkey 1524377920931.key -in 1524377920931.pem
2.修改tomcat安装目录中conf/server.xml
[root@lb01 ~]# vim /server/tomcat-8080/conf/server.xml<!-- 1.修改Host name为nginx.bjstack.com --><Host name="nginx.bjstack.com" appBase="webapps" unpackWARs="true" autoDeploy="true"><!-- 2.修改redirectPort="8443"为redirectPort="443"--><Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" /><!-- 3.增加如下内容--><Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" keystoreFile="ssl/1524377920931.pfx" keystoreType="PKCS12" keystorePass="123456" clientAuth="false" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>
3.重启Tomcat服务
[root@lb01 ~]# /server/apache-tomcat-9.0.11/bin/shutdown.sh[root@lb01 ~]# /server/apache-tomcat-9.0.11/bin/startup.sh[root@lb01 ~]# netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 29331/java tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 29331/java tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 29331/java tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN 29331/java
4.使用浏览器访问https://IP可访问, 如果是http://IP则会访问失败
5.Tomcat+Nginx集群架构概述
Tomcat集群能带来什么
1.提高服务的性能、并发能力、以及高可用性
2.提高项目架构的扩展能力
Tomcat集群实现原理
1.通过Nginx负载均衡进行请求转发
Tomcat集群架构演进
6.Tomcat+Nginx集群架构实战
实践环境
| 服务器系统 | 角色 | 外网IP | 内网IP |
|---|---|---|---|
| CentOS 7.5 | NginxProxy | eth0:10.0.0.5 | eth1:172.16.1.5 |
| CentOS 7.5 | Tomcat-Node1 | eth1:172.16.1.7 | |
| CentOS 7.5 | Tomcat-Node2 | eth1:172.16.1.8 | |
| CentOS 7.5 | Tomcat-Node3 | eth1:172.16.1.9 |
1.Tomcat节点按如下安装好Tomcat即可
#1.准备`Java`基础环境[root@lb01 ~]# yum install java -y[root@lb01 ~]# mkdir /server && cd /server#2.下载并安装`Tomcat`服务[root@lb01 server]# wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-9/v9.0.11/bin/apache-tomcat-9.0.11.tar.gz[root@lb01 server]# tar xf apache-tomcat-9.0.11.tar.gz[root@lb01 server]# ln -s /server/apache-tomcat-9.0.11 /server/tomcat-8080
2.安装NginxProxy
[root@lb01 ~]# cat /etc/yum.repos.d/nginx.repo[nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/7/$basearch/ gpgcheck=0enabled=1[root@lb01 ~]# yum install nginx -y
3.准备Proxy相关优化参数文件
[root@lb01 ~]# cat /etc/nginx/proxy_paramsproxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 30; proxy_send_timeout 60; proxy_read_timeout 60;
4.配置NginxProxy
[root@lb01 ~]# cat /etc/nginx/conf.d/proxy.conf.bak
upstream java {
server 172.16.1.7:8080;
server 172.16.1.8:8080;
server 172.16.1.9:8080;
}
server {
server_name nginx.bjstack.com;
listen 80;
location / {
proxy_pass http://java;
include proxy_params;
}
}7.Tomcat+Nginx集群实战Https
如需要Nginx+Tomcat架构支持Https
1.Tomcat配置好Https服务4.Tomcat配置Https已提供文档
2.NginxProxy准备好证书,按如下文档即可完成配置
1.Tomcat所有节点配置Https
[root@lb01 ~]# mkdir /server/tomcat-8080/ssl [root@lb01 ~]# cd /server/tomcat-8080/ssl [root@lb01 ~]# 上传对应证书 [root@lb01 ssl]# unzip 1524377920931.zip # 执行如下命令完成PFX格式转换命令,此处要设置PFX证书密码,请牢记 [root@lb01 ssl]# openssl pkcs12 -export -out 1524377920931.pfx -inkey 1524377920931.key -in 1524377920931.pem # 2.修改`tomcat`安装目录中`conf/server.xml` [root@lb01 ~]# vim /server/tomcat-8080/conf/server.xml<!-- 1.修改Host name为nginx.bjstack.com --><Host name="nginx.bjstack.com" appBase="webapps" unpackWARs="true" autoDeploy="true"><!-- 2.修改redirectPort="8443"为redirectPort="443"--><Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" /><!-- 3.增加如下内容--><Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" keystoreFile="ssl/1524377920931.pfx" keystoreType="PKCS12" keystorePass="123456" clientAuth="false" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/># 3.重启`Tomcat`服务 [root@lb01 ~]# /server/apache-tomcat-9.0.11/bin/shutdown.sh [root@lb01 ~]# /server/apache-tomcat-9.0.11/bin/startup.sh
2.配置NginxProxy
#1.创建ssl目录,并将证书存放至该目录即可[root@lb01 ~]# mkdir /etc/nginx/ssl && /etc/nginx/ssl[root@lb01 ~]# rz #上传证书#2.配置Proxy调度策略以及支持https[root@lb01 ~]# cat /etc/nginx/conf.d/proxy.confupstream java {
server 172.16.1.7:443;
server 172.16.1.8:443;
server 172.16.1.9:443;
}
server {
server_name nginx.bjstack.com; listen 443;
ssl on;
ssl_certificate ssl/1524377920931.pem;
ssl_certificate_key ssl/1524377920931.key;
ssl_session_timeout 5m;
location / {
proxy_pass https://java;
include proxy_params;
}
}
server {
server_name nginx.bjstack.com; listen 80; return 302 https://$server_name$request_uri;
}#3.重启Nginx[root@lb01 ~]# systemctl restart nginx3.测试访问nginx.bjstack.com会强制跳转至https://nginx.bjstack.com