本文章是以 CentOS 為作業系統進行安裝與操作設定
使用 CentOS yum 進行 Apache httpd
與 mod_ssl
套件
yum -y install httpd mod_ssl
systemctl enable httpd
systemctl start httpd
強制使用 https 連線
/etc/httpd/conf/
export HTTPD='/etc/httpd/conf/'
httpd.conf
裡的 Options 設定為 nonesed -i 's/Options Indexes FollowSymLinks/Options None/' ${HTTPD}httpd.conf
httpd.conf
裡設定自動轉導加密連線cat >> ${HTTPD}httpd.conf << "EOF"
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
EOF
unset HTTPD
Apache 設定 ProxyPass 到 Tomcat
ssl.conf
檔案,檔案路徑為 /etc/httpd/conf.d/ssl.conf
,添加 ProxyPass</VirtualHost>
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
setsebool -P httpd_can_network_connect 1
httpd
服務systemctl restart httpd.service
安裝 JRE
yum -y install java-1.8.0-openjdk.x86_64
java -version
update-alternatives --config java
Tomcat 安裝步驟
wget -P /opt http://ftp.mirror.tw/pub/apache/tomcat/tomcat-8/v8.5.57/bin/apache-tomcat-8.5.57.tar.gz
/opt/
目錄tar -zxf /opt/apache-tomcat-8.5.57.tar.gz -C /opt
ln -s /opt/apache-tomcat-8.5.57 /opt/tomcat
tomcat
並指定家目錄為 /opt/tomcat
useradd -r tomcat -s /sbin/nologin -d /opt/tomcat
chown -Rh tomcat:tomcat /opt/tomcat /opt/apache-tomcat-8.5.57
設定 Tomcat 啟用、關閉調用腳本
cat > /etc/systemd/system/tomcat.service << "EOF"
[Unit]
Description=Tomcat
After=syslog.target network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment="CATALINA_BASE=/opt/tomcat"
Environment="CATALINA_HOME=/opt/tomcat"
Environment="CATALINA_PID=/opt/tomcat/tomcat.pid"
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable tomcat.service
systemctl start tomcat.service
4. 編輯 Tomcat 的 `server.xml` 設定檔,筆者檔案路徑為 `/opt/tomcat/conf/server.xml`
- 將 Tomcat 8080 埠轉 8443 埠註解掉
```
<!-- comment this
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
```
- 針對 8009 埠重寫設定
```
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" secretRequired="false" />
```
- 將 Valve 註解
```
<!-- comment this
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
-->
```
- 重啟 Tomcat
```
systemctl restart tomcat.service
```
5. 本機測試是否能連線成功
```
curl -k https://localhost
```