Notice
Recent Posts
Recent Comments
Link
일 | 월 | 화 | 수 | 목 | 금 | 토 |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 |
Tags
- SSL
- window
- Kotlin
- SPC
- hadoop
- Python
- GIT
- NPM
- Spring
- xPlatform
- JavaScript
- Express
- 공정능력
- es6
- vaadin
- Sqoop
- react
- IntelliJ
- mybatis
- Java
- R
- MSSQL
- plugin
- SQL
- table
- mapreduce
- tomcat
- Eclipse
- Android
- 보조정렬
Archives
- Today
- Total
DBILITY
apache 1 + tomcat 4 설정 proxypass 본문
반응형
분리구성
1. portal
2. report
3 ipsi,ipsiweb
4. ncs, scm
ssl관련 확인 필요.
groupadd tomcat
useradd -g tomcat -s /usr/sbin/nologin -d /opt/instance01 instance01
useradd -g tomcat -s /usr/sbin/nologin -d /opt/instance02 instance02
useradd -g tomcat -s /usr/sbin/nologin -d /opt/instance03 instance03
useradd -g tomcat -s /usr/sbin/nologin -d /opt/instance04 instance04
cd /opt
mkdir instance01
mkdir instance02
mkdir instance03
mkdir instance04
mkdir instance01/logs
mkdir instance02/logs
mkdir instance03/logs
mkdir instance04/logs
mkdir instance01/work
mkdir instance02/work
mkdir instance03/work
mkdir instance04/work
cd apache-tomcat-8.0.35/
cp -a conf /opt/instance01
cp -a conf /opt/instance02
cp -a conf /opt/instance03
cp -a conf /opt/instance04
cp -a webapps /opt/instance01
cp -a webapps /opt/instance02
cp -a webapps /opt/instance03
cp -a webapps /opt/instance04
chown instance01:tomcat -R /opt/instance01
chown instance02:tomcat -R /opt/instance02
chown instance03:tomcat -R /opt/instance03
chown instance04:tomcat -R /opt/instance04
각 server.xml의
<Server port="8105" shutdown="SHUTDOWN">
<Connector port="8180" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="18443" />
<Connector port="8109" protocol="AJP/1.3" redirectPort="18443" />
<Server port="8205" shutdown="SHUTDOWN">
<Connector port="8280" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="28443" />
<Connector port="8209" protocol="AJP/1.3" redirectPort="28443" />
<Server port="8305" shutdown="SHUTDOWN">
<Connector port="8380" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="38443" />
<Connector port="8309" protocol="AJP/1.3" redirectPort="38443" />
<Server port="8405" shutdown="SHUTDOWN">
<Connector port="8480" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="48443" />
<Connector port="8409" protocol="AJP/1.3" redirectPort="48443" />
Host name="domain" 으로
<Context path="/" docBase="aritifact_name" reloadable="true" />
<Alias>domain</Alias>
추가
설치가 안되어 있다면 yum install mod_ssl
setsebool -P httpd_can_network_connect 1
/*
VHost추가 또는 확인
<VirtualHost portal.dbility.com:80>
ServerName portal.dbility.com
ErrorLog logs/portal.dbility.com-error_log
ProxyPass / ajp://portal.dbility.com:8109/
ProxyPassReverse / ajp://portal.dbility.com:8109/
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://portal.dbility.com:8180/$1" [P,L]
</VirtualHost>
<VirtualHost report.dbility.com:80>
ServerName report.dbility.com
ErrorLog logs/report.dbility.com-error_log
ProxyPass / ajp://report.dbility.com:8209/
ProxyPassReverse / ajp://report.dbility.com:8209/
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://report.dbility.com:8280/$1" [P,L]
</VirtualHost>
<VirtualHost ipsi.dbility.com:80>
ServerName ipsi.dbility.com
ErrorLog logs/ipsi.dbility.com-error_log
ProxyPass / ajp://ipsi.dbility.com:8309/
ProxyPassReverse / ajp://ipsi.dbility.com:8309/
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://ipsi.dbility.com:8380/$1" [P,L]
</VirtualHost>
<VirtualHost ncs.dbility.com:80>
ServerName ncs.dbility.com
ErrorLog logs/ncs.dbility.com-error_log
ProxyPass / ajp://ncs.dbility.com:8409/
ProxyPassReverse / ajp://ncs.dbility.com:8409/
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://ncs.dbility.com:8480/$1" [P,L]
</VirtualHost>
*/
#letscrypt
#참고 https://hbesthee.tistory.com/1575
yum -y install yum-utils epel-release
yum-config-manager --enable rhui-REGION-rhel-server-extra rhui-REGION-rhel-server-optional
yum -y install certbot python2-certbot-apache
#위는 제외하고
#테스트용 인증서
1.개인키생성
openssl genrsa -out private.key 2048
2.공개키생성
openssl rsa -in private.key -pubout -out public.key
3.CSR(인증요청서) 생성
openssl req -new -key private.key -out private.csr
4.CRT(인증서)만들기
1)CA 역할을 할 CA 대칭키 생성
openssl genrsa -aes256 -out rootCA.key 2048
2)rootCA.key를 이용해서 rootCA.pem 생성
openssl req -x509 -new -nodes -key rootCA.key -days 3650 -out rootCA.pem
3)웹서버에 HTTPS적용을 위해 필요한 CRT 인증서를 생성
openssl x509 -req -in private.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out private.crt -days 3650
<VirtualHost portal.dbility.com:443>
ServerName portal.dbility.com:443
ErrorLog logs/portal.dbility.com-error_log
SSLProxyEngine on
SSLEngine on
SSLProxyVerify none
SSLProtocol all -SSLv3
SSLCertificateKeyFile /opt/private.key
SSLCertificateFile /opt/private.crt
#SSLCACertificateFile /opt/private.csr
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
AllowEncodedSlashes NoDecode
ProxyRequests off
ProxyPreserveHost on
ProxyPass / ajp://portal.dbility.com:8109/ connectiontimeout=5 timeout=2400
ProxyPassReverse / ajp://portal.dbility.com:8109/ timeout=2400
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://portal.dbility.com:8180/$1" [P,L]
</VirtualHost>
<VirtualHost report.dbility.com:443>
ServerName report.dbility.com:443
ErrorLog logs/report.dbility.com-error_log
SSLProxyEngine on
SSLEngine on
SSLProxyVerify none
SSLProtocol all -SSLv3
SSLCertificateKeyFile /opt/private.key
SSLCertificateFile /opt/private.crt
#SSLCACertificateFile /opt/private.csr
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
AllowEncodedSlashes NoDecode
ProxyRequests off
ProxyPreserveHost on
ProxyPass / ajp://report.dbility.com:8209/ connectiontimeout=5 timeout=2400
ProxyPassReverse / ajp://report.dbility.com:8209/ timeout=2400
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://report.dbility.com:8280/$1" [P,L]
</VirtualHost>
<VirtualHost ipsi.dbility.com:443>
ServerName ipsi.dbility.com:443
ErrorLog logs/ipsi.dbility.com-error_log
SSLProxyEngine on
SSLEngine on
SSLProxyVerify none
SSLProtocol all -SSLv3
SSLCertificateKeyFile /opt/private.key
SSLCertificateFile /opt/private.crt
#SSLCACertificateFile /opt/private.csr
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
AllowEncodedSlashes NoDecode
ProxyRequests off
ProxyPreserveHost on
ProxyPass / ajp://ipsi.dbility.com:8309/ connectiontimeout=5 timeout=2400
ProxyPassReverse / ajp://ipsi.dbility.com:8309/ timeout=2400
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://ipsi.dbility.com:8380/$1" [P,L]
</VirtualHost>
<VirtualHost ncs.dbility.com:443>
ServerName ncs.dbility.com:443
ErrorLog logs/ncs.dbility.com-error_log
SSLProxyEngine on
SSLEngine on
SSLProxyVerify none
SSLProtocol all -SSLv3
SSLCertificateKeyFile /opt/private.key
SSLCertificateFile /opt/private.crt
#SSLCACertificateFile /opt/private.csr
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
AllowEncodedSlashes NoDecode
ProxyRequests off
ProxyPreserveHost on
ProxyPass / ajp://ncs.dbility.com:8409/ connectiontimeout=5 timeout=2400
ProxyPassReverse / ajp://ncs.dbility.com:8409/ timeout=2400
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://ncs.dbility.com:8480/$1" [P,L]
</VirtualHost>
반응형
'was' 카테고리의 다른 글
linux tomcat catalina.out log rotate (0) | 2021.06.25 |
---|---|
tomcat post max size limit configuration (0) | 2021.05.18 |
tomcat upload file size limit configuration ( 제한 해제 ) (0) | 2020.03.14 |
tomcat local session clearing (0) | 2019.03.19 |
websphere liberty profile 17 jvm option 설정 (0) | 2017.09.30 |
Comments