10.Tomcat架构实战

1.Tomcat快速安装

1.准备Java基础环境

[root@lb01 ~]# yum install java -y[root@lb01 ~]# mkdir /server && cd /server

2.下载并安装Tomcat服务

[root@lb01 server]# wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-9/v9.0.11/bin/apache-tomcat-9.0.11.tar.gz[root@lb01 server]# tar xf apache-tomcat-9.0.11.tar.gz[root@lb01 server]# ln -s /server/apache-tomcat-9.0.11 /server/tomcat-8080

3.启动Tomcat服务

[root@lb01 ~]# /server/tomcat-8080/bin/startup.sh[root@lb01 ~]# netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      28272/java
tcp        0      0 127.0.0.1:8005          0.0.0.0:*               LISTEN      28272/java
tcp        0      0 0.0.0.0:8009            0.0.0.0:*               LISTEN      28272/java

4.通过浏览器访问http://IP:800测试访问

2.Tomcat配置实战

3.Tomcat多个实例

4.Tomcat配置Https

Tomcat支持JKS格式证书,从Tomcat7开始也支持PFX格式证书,两种证书格式任选其一.

1、证书格式转换,在tomcat安装目录创建ssl目录,并将阿里云下载的证书全部拷贝该目录中。(如果是系统创建的CSR,请直接到第2步)

[root@lb01 ~]# mkdir /server/tomcat-8080/ssl[root@lb01 ~]# cd /server/tomcat-8080/ssl[root@lb01 ~]#   上传对应证书[root@lb01 ssl]# unzip 1524377920931.zip# 执行如下命令完成PFX格式转换命令,此处要设置PFX证书密码,请牢记[root@lb01 ssl]# openssl pkcs12 -export -out 1524377920931.pfx -inkey 1524377920931.key -in 1524377920931.pem

2.修改tomcat安装目录中conf/server.xml

[root@lb01 ~]# vim /server/tomcat-8080/conf/server.xml<!-- 1.修改Host name为nginx.bjstack.com --><Host name="nginx.bjstack.com"  appBase="webapps"
    unpackWARs="true" autoDeploy="true"><!-- 2.修改redirectPort="8443"为redirectPort="443"--><Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" /><!-- 3.增加如下内容--><Connector port="443"
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150"
    SSLEnabled="true"
    scheme="https"
    secure="true"
    keystoreFile="ssl/1524377920931.pfx"
    keystoreType="PKCS12"
    keystorePass="123456"
    clientAuth="false"
    SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
    ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>

3.重启Tomcat服务

[root@lb01 ~]# /server/apache-tomcat-9.0.11/bin/shutdown.sh[root@lb01 ~]# /server/apache-tomcat-9.0.11/bin/startup.sh[root@lb01 ~]# netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      29331/java
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      29331/java
tcp        0      0 127.0.0.1:8005          0.0.0.0:*               LISTEN      29331/java
tcp        0      0 0.0.0.0:8009            0.0.0.0:*               LISTEN      29331/java

4.使用浏览器访问https://IP可访问, 如果是http://IP则会访问失败

5.Tomcat+Nginx集群架构概述

  • Tomcat集群能带来什么

    • 1.提高服务的性能、并发能力、以及高可用性

    • 2.提高项目架构的扩展能力

  • Tomcat集群实现原理

    • 1.通过Nginx负载均衡进行请求转发

  • Tomcat集群架构演进

6.Tomcat+Nginx集群架构实战

实践环境

服务器系统角色外网IP内网IP
CentOS 7.5NginxProxyeth0:10.0.0.5eth1:172.16.1.5
CentOS 7.5Tomcat-Node1
eth1:172.16.1.7
CentOS 7.5Tomcat-Node2
eth1:172.16.1.8
CentOS 7.5Tomcat-Node3
eth1:172.16.1.9

1.Tomcat节点按如下安装好Tomcat即可

#1.准备`Java`基础环境[root@lb01 ~]# yum install java -y[root@lb01 ~]# mkdir /server && cd /server#2.下载并安装`Tomcat`服务[root@lb01 server]# wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-9/v9.0.11/bin/apache-tomcat-9.0.11.tar.gz[root@lb01 server]# tar xf apache-tomcat-9.0.11.tar.gz[root@lb01 server]# ln -s /server/apache-tomcat-9.0.11 /server/tomcat-8080

2.安装NginxProxy

[root@lb01 ~]# cat /etc/yum.repos.d/nginx.repo[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0enabled=1[root@lb01 ~]# yum install nginx -y

3.准备Proxy相关优化参数文件

[root@lb01 ~]# cat /etc/nginx/proxy_paramsproxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;

4.配置NginxProxy

[root@lb01 ~]# cat /etc/nginx/conf.d/proxy.conf.bak
upstream java {
    server 172.16.1.7:8080;
    server 172.16.1.8:8080;
    server 172.16.1.9:8080;
}

server {
    server_name nginx.bjstack.com;
    listen 80;
    location / {
        proxy_pass http://java;
        include proxy_params;
    }
}

7.Tomcat+Nginx集群实战Https

如需要Nginx+Tomcat架构支持Https
1.Tomcat配置好Https服务4.Tomcat配置Https已提供文档
2.NginxProxy准备好证书,按如下文档即可完成配置

1.Tomcat所有节点配置Https

[root@lb01 ~]# mkdir /server/tomcat-8080/ssl
[root@lb01 ~]# cd /server/tomcat-8080/ssl
[root@lb01 ~]#   上传对应证书
[root@lb01 ssl]# unzip 1524377920931.zip
# 执行如下命令完成PFX格式转换命令,此处要设置PFX证书密码,请牢记
[root@lb01 ssl]# openssl pkcs12 -export -out 1524377920931.pfx -inkey 1524377920931.key -in 1524377920931.pem


# 2.修改`tomcat`安装目录中`conf/server.xml`
[root@lb01 ~]# vim /server/tomcat-8080/conf/server.xml<!-- 1.修改Host name为nginx.bjstack.com --><Host name="nginx.bjstack.com"  appBase="webapps"
    unpackWARs="true" autoDeploy="true"><!-- 2.修改redirectPort="8443"为redirectPort="443"--><Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" /><!-- 3.增加如下内容--><Connector port="443"
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150"
    SSLEnabled="true"
    scheme="https"
    secure="true"
    keystoreFile="ssl/1524377920931.pfx"
    keystoreType="PKCS12"
    keystorePass="123456"
    clientAuth="false"
    SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
    ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/># 3.重启`Tomcat`服务
[root@lb01 ~]# /server/apache-tomcat-9.0.11/bin/shutdown.sh
[root@lb01 ~]# /server/apache-tomcat-9.0.11/bin/startup.sh

2.配置NginxProxy

#1.创建ssl目录,并将证书存放至该目录即可[root@lb01 ~]# mkdir /etc/nginx/ssl && /etc/nginx/ssl[root@lb01 ~]# rz #上传证书#2.配置Proxy调度策略以及支持https[root@lb01 ~]# cat /etc/nginx/conf.d/proxy.confupstream java {
    server 172.16.1.7:443;
    server 172.16.1.8:443;
    server 172.16.1.9:443;
}

server {
    server_name nginx.bjstack.com;    listen 443;
        ssl on;
        ssl_certificate   ssl/1524377920931.pem;
        ssl_certificate_key  ssl/1524377920931.key;
        ssl_session_timeout 5m;
    location / {
        proxy_pass https://java;
        include proxy_params;
    }
}
server {
    server_name nginx.bjstack.com;    listen 80;    return 302 https://$server_name$request_uri;
}#3.重启Nginx[root@lb01 ~]# systemctl restart nginx

3.测试访问nginx.bjstack.com会强制跳转至https://nginx.bjstack.com


本文 暂无 评论

Top
×