马哥 47_01 _Tomcat系列之apache使用mod_jk和mod_proxy反向代理tomcat 有大用

星期六, 2021-06-26 07:50 — adminshiping1

如下图,同一个物理主机上,运行的一个tomcat进程,就是一个server,一个jvm,,,tomcat自身是java程序,要一个额外的加载类(额外的组件)(bootstrap)加载tomcat进JVM进行运行,,,,,,,借助于bootstrap组件(类加载器),完成启动一个JVM,将tomcat自身所需要的类完成加载,而且tomcat自己都运行在这里面了,在JVM内部部署一个 servlet container,,,,,tomcat实例本身就是一个JVM虚拟机,,,,在一个物理主机上,每一个tomcat实例就是一个虚拟机进程,,,能不能启动两个tomcat实例?每一个tomcat实例要能够接受外部连接的请求,必须要有一个连接器(http连接器或https连接器或ajp连接器)

连接器种类:

AJP

HTTP(web服务器)

HTTPs(web服务器)

proxy

tomcat自身用java语言实现了一个web服务器,这个web服务器就是http连接器的实现,

每一类连接器都需要java类来实现,把连接器种类理解成协议,能让协议真正工作的,是需要软件,这个软件,就叫实现,叫做Implementation,,,,,真正实现是在tomcat里面,tomcat自身就是java程序,因为在java内部,这些连接器也是靠一个一个java类来实现的,,,,,,

不同的程序为了实现这些java类,开发出的程序不同,但可实现同一个连接器,

APR: Apache Portable Runtime,,,阿帕其可移植运行时环境,,如果tomcat支持APR, 那么AJP的实现至少有两种以上的格式(支持APR的格式,不支持APR的格式),,,,,,APR是一种高性能的让apache的各组件之间能够实现通信的,而且能够实现让apache跨平台的进行通信的一种组件,方便apache移植的一种组件,

如果有一个tomcat实例,则至少要注册一个connector,否则无法与外界通信,

假如: TI1: (tomcat instance 1 ) 监听 http:80,ajp:8009

同一台主机上的 TI2: (tomcat instance 2 ) 不能监听 http:80,ajp:8009

两个不同的tomcat 实例,就是两个不同的彼此间独立的进程,各自独立的JVM,每一个JVM是一个完整的组件,所以不能监听在同一端口,

多实例,就是两个 tomcat 实例监听在不同的端口

mysql:同一个物理服务器上,也支持多实例,

默认监听在3306,再启一个监听在3307上,是可以的,,可以做主从,一主一从,我们可以让主的提供服务,从的为了将来做冷备份,

tomcat多实例在某些级别的服务上,很常见,但不建议

要想启动多个tomcat实例,得使用不同的环境变量来定义,每一次都要修改tomcat的base????即 CATALINA_HOME,CATALINA_BASE

CATALINA_BASE是用于指定tomcat的运行基本目录????

如下图,nginx反向代理至tomcat,使用http协议向tomcat请求的,,,当外部请求nginx,若是静态内容,直接返回去,,此时nginx是服务器,,,当请求是动态内容,nginx向后代理时,此时nginx扮演的是客户端角色,tomcat返回给 nginx后,nginx进行封装,再返回真正的客户端,,,真正的客户端以为ningx就是服务器端,不知道nginx的后面还有tomcat服务器,,,,所以代理可以隐藏后端主机,提高其安全性

如下图,对于后端服务器响应的静态内容,nginx可以缓存下来的,比如图片,所以客户端请求图片时,从nginx本地返回,,,请求动态内容时,nginx从后端获取,并且将内容与图片等整合起来,返回真正的客户端,

如果nginx后面有多台tomcat,那么nginx既缓存,又提供反向代理,压力会很大,我们可以提供专用的缓存服务器,

如下图,下图几个图

下图nginx与varnish,事实上规模已经很大了,至少是中型应用了

如果发现上图的电脑不够用了,可以独立出来varnish,,把varnish放到一个独立的物理主机上

如下图,建一个新架构,然后把老架构的ip指向到新架构就可以了

php需要lamp或lnmp, 而tomcat (java) 自己就有web服务器,就能够通过连接器接受前端用户请求

如下图,第一种,standalone,独立的,自我运行的tomcat实例,

第二种,前端使用apache(或nginx),处理静态内容,后端tomcat处理用户的动态请求,

如下图 apache(或nginx) 与tomcat不在同一主机

马哥说建议apache+tomcat,第一apache与tomcat是一家人,第二apache有三类模块,可以反向代理至后端,这三类模块,称为apache的代理模块或apache的连接器,

mod_proxy

mod_jk #jk是 jserver work (java server work)的简写?jserver 的一个连接器或设备???是专门设计用来跟后端的tomcat完成通信的,,,,

mod_jk2

我们一般用mod_jk,不用mod_jk2(不再维护了)

apache对mod_proxy作了很大的改进,早先apache官方建议向后端代理时使用mod_jk(或mod_jk2,后来mod_jk2废弃了,),,,,mod_proxy后来得到很大发展,官方建议使用mod_proxy来实现将用户请求代理至后端的,,但是很多网站仍使用mod_jk,但并不是说mod_jk功能更强大,,,,在代理至后端tomcat时它们都能够实现后端服务的健康状况检测,后端服务器的状态页面输出,后端服务器请求的负载均衡,后端服务器请求时候调度算法的指定等,,,但是mod_proxy在设计上,在对新技术的运用上,超过了mod_jk,并且它能够提供更精细化的控制

如下图,假如下面的三个tomcat节点,提供的是电商应用,当第一个请求定位到t1(tomcat 1)上时,很显然,它加入购物车中的商品,在t1的session当中,第二次负载到t3上时,t3上没有此session,,,而mod_proxy模块,可以实现session绑定的,(基于会话的持久连接),,,(当然mod_jk也能实现),,,而且mod_proxy向后面持久的时候,还能够区别是jsp,php的会话,(如果是php的话,我们向php进行配置???mod_proxy可以向后代理到lamp,或者可以基于其它协议如fastcgi反向代理的请求至php-fpm服务器,)

如下图,apache可以两类模块(mod_proxy,mod_jk)向后代理,代理时支持两种协议,http和ajp

nginx上可以使用upstream上也可以实现向后代理,并且能够完成负载均衡的目的,只能使用http协议

ajp协议是二进制格式的,效率高,但是前端只有apache才能理解使用ajp协议

使用了ajp协议后,就可以禁用了tomcat连接器的http协议,这样客户端用户无法向tomcat直接发送http请求了,这样tomcat接受的请求就必须来自于apache的ajp了,这是apache官方的建议

mod_proxy的子模块

mod_proxy_http

mod_proxy_ajp

mod_proxy_banlancer 负载均衡模块

代理用户请求到多个后端tomcat主机的时候,可以将多个后端定义成一个组,将这个组定义好调度方法,而后将用户请求使用proxy_path代理至后端的组(叫做banlance的组?使用mod_proxy_banlance模块代理吗??? )上去,,,,,,如果nginx叫做upstream,在apache中叫做balancer,,,,,,

如何将用户的请求以负载均衡的形式代理至后端服务器,还能让多个后端会话共享,,利用tomcat自己的集群组件,完成心跳信息的监测,以及会话信息的传递

我们让红帽6作前端apache 192.168.0.60

添加一个网卡 192.168.10.10 ( 192.168.10.1应该已被 VMware网络适配器 VMnet1 所占用 ,,,也就是VMnet1(host-only)虚拟网络的DHCP服务器所占用吧)

#ifconfig eth1 192.168.10.10/24 up # 为了固化,还是用# setup吧,setup常常做,就不截图了吧

我们让两个红帽5当后端tomcat

tomcat1 192.168.0.46 改成 192.168.10.2

#ifconfig eth0 192.168.10.2 #route add default gw 192.168.10.10

上面的操作不能固化,所以用 # setup 可以吧网关指向前台apache的第二个ip 192.168.10.10

(在红帽6上不能# service network restart ,,红帽6上是NetworkManager管理网络服务,NetworkManager不好用,不支持桥接,所以好多人在红帽6上禁用NetworkManager,)(红帽6上默认NetworkManager是启用,network 是关闭,所以我们可以禁用NetworkManager,启用network ,,通过chkconfig on或off吧,,)(我们这里是红帽5,所以无所谓了)

改下虚拟机名字吧

同理 tomcat2 192.168.0.47 改成 192.168.10.3

在前端apache 192.168.0.60 另一网卡 192.168.10.10

[root@master ~]# iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j SNAT --to-source 192.168.0.60 #两个tomcat无法访问外网,在前端apache这边进行源地址转换

[root@master ~]#

[root@master ~]# cat /proc/sys/net/ipv4/ip_forward

[root@master ~]# echo 1 > /proc/sys/net/ipv4/ip_forward #打开网卡的转发功能

[root@master ~]# cat /proc/sys/net/ipv4/ip_forward

[root@master ~]#

在 tomcat1 192.168.0.2 上

[root@node1 ~]# ping www.baidu.com #可以ping通外网

PING www.a.shifen.com (180.101.49.12) 56(84) bytes of data.

64 bytes from 180.101.49.12: icmp_seq=1 ttl=53 time=9.47 ms

64 bytes from 180.101.49.12: icmp_seq=2 ttl=53 time=9.27 ms

下载 apache_tomcat-7.0.40.tar.gz

https://tomcat.apache.org/

https://tomcat.apache.org/download-70.cgi

https://archive.apache.org/dist/tomcat/tomcat-7/

https://archive.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/

https://archive.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40.tar.gz

[root@node1 ~]# wget https://archive.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40.tar.gz -no-check-certificate

--2021-06-29 14:44:12-- http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.40/gz

Resolving archive.apache.org... 138.201.131.134, 2a01:4f8:172:2ec5::2

Connecting to archive.apache.org|138.201.131.134|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 7843733 (7.5M) [application/x-gzip]

Saving to: `apache-tomcat-7.0.40.tar.gz'

34% [======================> ] 2,730100%[======================================>] 7,843,733 350K/s in 33s

2021-06-29 14:44:45 (234 KB/s) - `apache-tomcat-7.0.40.tar.gz' saved [7843733/7843733]

[root@node1 ~]#

下载 jdk-6u21-linux-i586-rpm.bin

https://www.oracle.com/java/

https://sourceforge.net/projects/crawlzilla/files/other/

https://sourceforge.net/projects/crawlzilla/files/other/jdk-6u21-linux-i586-rpm.bin/download

[root@master ~]# wget https://sourceforge.net/projects/crawlzilla/files/other/jdk-6u21-linux-i586-rpm.bin/download -O jdk-6u21-linux-i586-rpm.bin #出现如下的问题, 可以见 /node-admin/15869 解决问题

[root@node1 ~]# scp root@192.168.10.10:/root/jdk-6u21-linux-i586-rpm.bin ./ #我这里是从红帽6处(apache前端的那个电脑)下载的复制过来吧

The authenticity of host '192.168.10.10 (192.168.10.10)' can't be established.

RSA key fingerprint is 93:4a:82:12:13:3d:e3:4b:b6:5f:0f:e1:ac:b0:7d:f1.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.10.10' (RSA) to the list of known hosts.

root@192.168.10.10's password:

jdk-6u21-linux-i586-rpm.bin 100% 76MB 37.9MB/s 00:02

[root@node1 ~]#

[root@node1 ~]# ls

Desktop kmod-drbd83-8.3.15-3.el5.centos.i686.rpm

anaconda-ks.cfg libnfnetlink-0.0.39-1.el5.rf.i386.rpm

apache-tomcat-7.0.40.tar.gz mysql-5.5.28-linux2.6-i686.tar.gz

drbd83-8.3.15-2.el5.centos.i386.rpm test

install.log test1

install.log.syslog tmp

iscsi.sed tmp3

iscsid.conf tmp5

jdk-6u21-linux-i586-rpm.bin tmp6

[root@node1 ~]#

在 tomcat2 192.168.0.3 上

[root@rs3 ~]# scp root@192.168.10.2:/root/jdk-6u21-linux-i586-rpm.bin ./

[root@rs3 ~]# scp root@192.168.10.2:/root/apache-tomcat-7.0.40.tar.gz ./

在 tomcat1 192.168.0.2 上安装jdk和tomcat

[root@node1 ~]# chmod +x jdk-6u21-linux-i586-rpm.bin

[root@node1 ~]# ./jdk-6u21-linux-i586-rpm.bin

Unpacking...

Checksumming...

Extracting...

UnZipSFX 5.50 of 17 February 2002, by Info-ZIP (Zip-Bugs@lists.wku.edu).

inflating: jdk-6u21-linux-i586.rpm

inflating: sun-javadb-common-10.5.3-0.2.i386.rpm

inflating: sun-javadb-core-10.5.3-0.2.i386.rpm

inflating: sun-javadb-client-10.5.3-0.2.i386.rpm

inflating: sun-javadb-demo-10.5.3-0.2.i386.rpm

inflating: sun-javadb-docs-10.5.3-0.2.i386.rpm

inflating: sun-javadb-javadoc-10.5.3-0.2.i386.rpm

Preparing...

[root@rs3 ~]# vim /etc/profile.d/java.sh

export JAVA_HOME=/usr/java/latest

export PATH=$PATH:$JAVA_HOME/bin

[root@node1 ~]# . /etc/profile.d/java.sh

[root@node1 ~]#

[root@node1 ~]# java -version #版本不对,有旧java

java version "1.4.2"

gij (GNU libgcj) version 4.1.2 20080704 (Red Hat 4.1.2-54)

This is free software; see the source for copying conditions. There is NO

warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

[root@node1 ~]# which java

/usr/bin/java

[root@node1 ~]# mv /usr/bin/java /usr/bin/java-old

[root@node1 ~]# which java

/usr/java/latest/bin/java

[root@node1 ~]# java -version

-bash: /usr/bin/java: 没有那个文件或目录

[root@node1 ~]# . /etc/profile

[root@node1 ~]# java -version #上面处理了一下,现在对了

java version "1.6.0_21"

Java(TM) SE Runtime Environment (build 1.6.0_21-b06)

Java HotSpot(TM) Client VM (build 17.0-b16, mixed mode, sharing)

[root@node1 ~]#

[root@node1 ~]# tar xf apache-tomcat-7.0.40.tar.gz -C /usr/local

[root@node1 ~]#

马哥的 tomcat压缩文件是不完整的

马哥使用了 apache-tomcat-7.0.33.tar.gz

[root@node1 ~]# cd /usr/local/

[root@node1 local]# ls

apache-tomcat-7.0.40 games libexec sbin ssl

bin include mysql share

etc lib mysql-5.5.28-linux2.6-i686 src

[root@node1 local]#

[root@node1 local]# ln -sv apache-tomcat-7.0.40 tomcat

创建指向“apache-tomcat-7.0.40”的符号链接“tomcat”

[root@node1 local]#

[root@node1 local]# ls

apache-tomcat-7.0.40 games libexec sbin ssl

bin include mysql share tomcat

etc lib mysql-5.5.28-linux2.6-i686 src

[root@node1 local]# ll

总计 104

drwxr-xr-x 9 root root 4096 06-29 17:09 apache-tomcat-7.0.40

drwxr-xr-x 2 root root 4096 2009-10-01 bin

drwxr-xr-x 2 root root 4096 2009-10-01 etc

drwxr-xr-x 2 root root 4096 2009-10-01 games

drwxr-xr-x 2 root root 4096 2009-10-01 include

drwxr-xr-x 2 root root 4096 2009-10-01 lib

drwxr-xr-x 2 root root 4096 2009-10-01 libexec

lrwxrwxrwx 1 root root 26 03-12 14:38 mysql -> mysql-5.5.28-linux2.6-i686

drwxr-xr-x 13 root root 4096 03-12 14:37 mysql-5.5.28-linux2.6-i686

drwxr-xr-x 2 root root 4096 2009-10-01 sbin

drwxr-xr-x 4 root root 4096 2019-07-12 share

drwxr-xr-x 2 root root 4096 2009-10-01 src

drwxr-xr-x 6 root root 4096 06-29 15:23 ssl

lrwxrwxrwx 1 root root 20 06-30 08:32 tomcat -> apache-tomcat-7.0.40

[root@node1 local]#

[root@node1 local]# vim /etc/profile.d/tomcat.sh

export CATALINA_HOME=/usr/local/tomcat

export PATH=$PATH:$CATALINA_HOME/bin

[root@node1 local]# . /etc/profile.d/tomcat.sh

[root@node1 local]#

[root@node1 local]# catalina.sh version

Using CATALINA_BASE: /usr/local/tomcat

Using CATALINA_HOME: /usr/local/tomcat

Using CATALINA_TMPDIR: /usr/local/tomcat/temp

Using JRE_HOME: /usr/java/latest

Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar

Server version: Apache Tomcat/7.0.40

Server built: May 5 2013 08:54:06

Server number: 7.0.40.0

OS Name: Linux

OS Version: 2.6.18-371.el5

Architecture: i386

JVM Version: 1.6.0_21-b06

JVM Vendor: Sun Microsystems Inc.

[root@node1 local]#

如果用到开机自动启动的话,就加上服务脚本吧 /etc/rc.d/init.d/tomcat

[root@node1 local]# cd /usr/local/tomcat/conf/

[root@node1 conf]# ls

catalina.policy context.xml server.xml web.xml

catalina.properties logging.properties tomcat-users.xml

[root@node1 conf]#

[root@node1 conf]# vim server.xml

<?xml version='1.0' encoding='utf-8'?>

<!--

Licensed to the Apache Software Foundation (ASF) under one or more

contributor license agreements. See the NOTICE file distributed with

this work for additional information regarding copyright ownership.

The ASF licenses this file to You under the Apache License, Version 2.0

(the "License"); you may not use this file except in compliance with

the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.

-->

<!-- Note: A "Server" is not itself a "Container", so you may not

define subcomponents such as "Valves" at this level.

Documentation at /docs/config/server.html

-->

<!-- Security listener. Documentation at /docs/config/listeners.html

-->

<!-- Global JNDI resources

Documentation at /docs/jndi-resources-howto.html

-->

<!-- Editable user database that can also be used by

UserDatabaseRealm to authenticate users

-->

<Resource name="UserDatabase" auth="Container"

type="org.apache.catalina.UserDatabase"

description="User database that can be updated and saved"

factory="org.apache.catalina.users.MemoryUserDatabaseFactory"

pathname="conf/tomcat-users.xml" />

</GlobalNamingResources>

<!-- A "Service" is a collection of one or more "Connectors" that share

a single "Container" Note: A "Service" is not itself a "Container",

so you may not define subcomponents such as "Valves" at this level.

Documentation at /docs/config/service.html

-->

<!--

<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"

maxThreads="150" minSpareThreads="4"/>

-->

<!-- A "Connector" represents an endpoint by which requests are received

and responses are returned. Documentation at :

Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)

Java AJP Connector: /docs/config/ajp.html

APR (HTTP/AJP) Connector: /docs/apr.html

Define a non-SSL HTTP/1.1 Connector on port 8080

-->

<Connector port="8080" protocol="HTTP/1.1"

connectionTimeout="20000"

redirectPort="8443" />

<!--

<Connector executor="tomcatThreadPool"

port="8080" protocol="HTTP/1.1"

connectionTimeout="20000"

redirectPort="8443" />

-->

<!-- Define a SSL HTTP/1.1 Connector on port 8443

This connector uses the JSSE configuration, when using APR, the

connector should be using the OpenSSL style configuration

described in the APR documentation -->

<!--

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

maxThreads="150" scheme="https" secure="true"

clientAuth="false" sslProtocol="TLS" />

-->

<!-- An Engine represents the entry point (within Catalina) that processes

every request. The Engine implementation for Tomcat stand alone

analyzes the HTTP headers included with the request, and passes them

on to the appropriate Host (virtual host).

Documentation at /docs/config/engine.html -->

<!-- You should set jvmRoute to support load-balancing via AJP ie :

-->

<!--For clustering, please take a look at documentation at:

/docs/cluster-howto.html (simple how to)

/docs/config/cluster.html (reference documentation) -->

<!--

-->

<!-- Use the LockOutRealm to prevent attempts to guess user passwords

via a brute-force attack -->

<!-- This Realm uses the UserDatabase configured in the global JNDI

resources under the key "UserDatabase". Any edits

that are performed against this UserDatabase are immediately

available for use by the Realm. -->

<Realm className="org.apache.catalina.realm.UserDatabaseRealm"

resourceName="UserDatabase"/>

</Realm>

<Host name="localhost" appBase="webapps"

unpackWARs="true" autoDeploy="true">

<!-- SingleSignOn valve, share authentication between web applications

Documentation at: /docs/config/valve.html -->

<!--

-->

<!-- Access log processes all example.

Documentation at: /docs/config/valve.html

Note: The pattern used is equivalent to using pattern="common" -->

<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"

prefix="localhost_access_log." suffix=".txt"

pattern="%h %l %u %t "%r" %s %b" />

</Host>

<Host name="www.magedu.com" appBase="/web"

unpackWARs="true" autoDeploy="true">

</Host>

</Engine>

</Service>

</Server>

[root@node1 conf]# catalina.sh configtest #测试没问题 (#应该是在tomcat未启动的情况下进行测试吧,如果启动了,测试就有问题了)

Using CATALINA_BASE: /usr/local/tomcat

Using CATALINA_HOME: /usr/local/tomcat

Using CATALINA_TMPDIR: /usr/local/tomcat/temp

Using JRE_HOME: /usr/java/latest

Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar

2021-6-30 9:00:43 org.apache.catalina.core.AprLifecycleListener init

信息: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/jdk1.6.0_21/jre/lib/i386/client:/usr/java/jdk1.6.0_21/jre/lib/i386:/usr/java/jdk1.6.0_21/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib

2021-6-30 9:00:43 org.apache.coyote.AbstractProtocol init

信息: Initializing ProtocolHandler ["http-bio-8080"]

2021-6-30 9:00:43 org.apache.coyote.AbstractProtocol init

信息: Initializing ProtocolHandler ["ajp-bio-8009"]

2021-6-30 9:00:43 org.apache.catalina.startup.Catalina load

信息: Initialization processed in 253 ms

[root@node1 conf]#

[root@node1 conf]# mkdir -p /web/webapps

[root@node1 conf]#

[root@node1 conf]# cd /web/webapps

[root@node1 webapps]#

[root@node1 webapps]# vim index.jsp

<%@ page language="java" %>

<html>

<head><title>TomcatA</title></head>

<body>

<h1><font color="red">TomcatA </font></h1>

<tr>

<td>Session ID</td>

<% session.setAttribute("abc","abc"); %>

</tr>

<tr>

<td>Created on</td>

</tr>

</table>

</body>

</html>

[root@node1 webapps]# catalina.sh start

Using CATALINA_BASE: /usr/local/tomcat

Using CATALINA_HOME: /usr/local/tomcat

Using CATALINA_TMPDIR: /usr/local/tomcat/temp

Using JRE_HOME: /usr/java/latest

Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar

[root@node1 webapps]#

[root@node1 webapps]# netstat -tnlp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3899/./hpiod

tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -

tcp 0 0 0.0.0.0:46531 0.0.0.0:* LISTEN -

tcp 0 0 0.0.0.0:807 0.0.0.0:* LISTEN 4019/rpc.rquotad

tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 4533/mysqld

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3496/portmap

tcp 0 0 0.0.0.0:848 0.0.0.0:* LISTEN 4061/rpc.mountd

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3922/sshd

tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3936/cupsd

tcp 0 0 0.0.0.0:760 0.0.0.0:* LISTEN 3546/rpc.statd

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 4223/sendmail

tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3904/python

tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN 4959/java

tcp 0 0 :::8009 (启动了) :::* LISTEN 4959/java

tcp 0 0 :::8080 (启动了) :::* LISTEN 4959/java

tcp 0 0 :::80 :::* LISTEN 4552/httpd

tcp 0 0 :::22 :::* LISTEN 3922/sshd

tcp 0 0 :::443 :::* LISTEN 4552/httpd

[root@node1 webapps]#

http://192.168.10.2:8080/

同理 tomcat2 192.168.0.3 上安装jdk和tomcat

在前端apache 192.168.0.60 另一网卡 192.168.10.10

[root@master ~]# service nginx status #nginx停掉了

nginx 已停

[root@master ~]# chkconfig --list nginx

nginx 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭

[root@master ~]#

马哥不演示nginx对 tomcat的负载均衡了

演示apache作前端,tomcat作后端

http://httpd.apache.org/download.cgi

http://archive.apache.org/dist/httpd/

[root@localhost ~]#

准备编译安装httpd-2.4.4

[root@localhost ~]# wget http://archive.apache.org/dist/httpd/httpd-2.4.4.tar.bz2

--2019-04-02 16:32:18-- http://archive.apache.org/dist/httpd/httpd-2.4.4.tar.bz2

httpd-2.4.4好像是依赖于1.4.0 或以以上的版本的apr

[root@master ~]# rpm -q apr #这是1.3.9

apr-1.3.9-5.el6_9.1.i686

[root@master ~]#

装上apr的 devel包 (编译httpd依赖于apr,就得装上apr的devel包)

[root@master ~]# yum -y install apr-devel apr-util-devel

[root@master ~]# tar xf httpd-2.4.4.tar.bz2

[root@master ~]#

[root@master ~]# cd httpd-2.4.4

[root@master httpd-2.4.4]# ls

ABOUT_APACHE BuildBin.dsp httpd.dsp Makefile.in ROADMAP

acinclude.m4 buildconf httpd.spec Makefile.win server

Apache-apr2.dsw CHANGES include modules srclib

Apache.dsw config.layout INSTALL NOTICE support

apache_probes.d configure InstallBin.dsp NWGNUmakefile test

ap.d configure.in LAYOUT os VERSIONING

build docs libhttpd.dsp README

BuildAll.dsp emacs-style LICENSE README.platforms

[root@master httpd-2.4.4]#

6.4.2 安装apache

httpd目前最新的2.4系列版本中引入了event MPM，其在性能上较之其它MPM有了较大的提升，

[root@www.magedu.com ~]# tar xf httpd-2.4.2

[root@www.magedu.com ~]# cd httpd-2.4.2

[root@www.magedu.com ~]# ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-mpms-shared=all --with-mpm=event --enable-proxy --enable-proxy-http --enable-proxy-ajp --enable-proxy-balancer --enable-lbmethod-heartbeat --enable-heartbeat --enable-slotmem-shm --enable-slotmem-plain --enable-watchdog

#--enable-lbmethod-heartbeat 负载均衡方法中的心跳信息监测

# --enable-lbmethod-heartbeat --enable-heartbeat --enable-slotmem-shm --enable-slotmem-plain --enable-watchdog 这些是跟hearbeat相关的内容,heartbeat用不上的,就可以不要了????

[root@www.magedu.com ~]# make && make install

为apache提供init脚本，实现服务的控制。建立/etc/rc.d/init.d/httpd文件，并添加如下内容：

这是个脚本文件，因此需要执行权限；同时，为了让httpd服务能够开机自动启动，还需要将其添加至服务列表，并设置其在3或5级别下自动运行。

chmod +x /etc/rc.d/init.d/httpd

chkconfig --add httpd

chkconfig --level 35 httpd on

[root@master httpd-2.4.4]# ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-mpms-shared=all --with-mpm=event --enable-proxy --enable-proxy-http --enable-proxy-ajp --enable-proxy-balancer --enable-lbmethod-heartbeat --enable-heartbeat --enable-slotmem-shm --enable-slotmem-plain --enable-watchdog

checking for chosen layout... Apache

checking for working mkdir -p... yes

checking for grep that handles long lines and -e... /bin/grep

checking for egrep... /bin/grep -E

checking build system type... i686-pc-linux-gnu

checking host system type... i686-pc-linux-gnu

checking target system type... i686-pc-linux-gnu

configure:

configure: Configuring Apache Portable Runtime library...

configure:

checking for APR... configure: error: the --with-apr parameter is incorrect. It must specify an install prefix, a build directory, or an apr-config file. #apr路径不对

[root@master httpd-2.4.4]# ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --enable-mpms-shared=all --with-mpm=event --enable-proxy --enable-prox y-http --enable-proxy-ajp --enable-proxy-balancer --enable-lbmethod-heartbeat --enable-heartbeat --enable-slotmem-shm --enable-slotmem-plain --enable-watchdog #去掉apr的话,那么提示要apr1.4.0或 apr1.4.0以上的版本

checking for chosen layout... Apache

checking for working mkdir -p... yes

checking for grep that handles long lines and -e... /bin/grep

checking for egrep... /bin/grep -E

checking build system type... i686-pc-linux-gnu

checking host system type... i686-pc-linux-gnu

checking target system type... i686-pc-linux-gnu

configure:

configure: Configuring Apache Portable Runtime library...

configure:

checking for APR... configure: WARNING: APR version 1.4.0 or later is required, found 1.3.9

configure: WARNING: skipped APR at apr-1-config, version not acceptable

configure: error: APR not found. Please read the documentation.

[root@master httpd-2.4.4]#

https://apr.apache.org/

https://apr.apache.org/download.cgi

https://archive.apache.org/dist/apr/

[root@master httpd-2.4.4]# cd

[root@master ~]# wget https://archive.apache.org/dist/apr/apr-1.4.6.tar.bz2

--2021-06-30 09:12:32-- https://archive.apache.org/dist/apr/apr-1.4.6.tar.bz2

正在解析主机 archive.apache.org... 138.201.131.134, 2a01:4f8:172:2ec5::2

正在连接 archive.apache.org|138.201.131.134|:443... 已连接。

已发出 HTTP 请求，正在等待回应... 200 OK

长度：785724 (767K) [application/x-bzip2]

正在保存至: “apr-1.4.6.tar.bz2”

100%[======================================>] 785,724 287K/s in 2.7s

2021-06-30 09:12:36 (287 KB/s) - 已保存 “apr-1.4.6.tar.bz2” [785724/785724])

[root@master ~]# wget https://archive.apache.org/dist/apr/apr-util-1.4.1.tar.bz2

--2021-06-30 09:13:47-- https://archive.apache.org/dist/apr/apr-util-1.4.1.tar.bz2

正在解析主机 archive.apache.org... 138.201.131.134, 2a01:4f8:172:2ec5::2

正在连接 archive.apache.org|138.201.131.134|:443... 已连接。

已发出 HTTP 请求，正在等待回应... 200 OK

长度：635000 (620K) [application/x-bzip2]

正在保存至: “apr-util-1.4.1.tar.bz2”

100%[======================================>] 635,000 268K/s in 2.3s

2021-06-30 09:13:52 (268 KB/s) - 已保存 “apr-util-1.4.1.tar.bz2” [635000/635000])

[root@master ~]#

下面装apr

[root@master ~]# tar xf apr-1.4.6.tar.bz2

[root@master ~]# cd apr-1.4.6

[root@master apr-1.4.6]# ls

apr-config.in build.conf helpers memory shmem

apr.dep build-outputs.mk include misc strings

apr.dsp CHANGES libapr.dep mmap support

apr.dsw config.layout libapr.dsp network_io tables

apr.mak configure libapr.mak NOTICE test

apr.pc.in configure.in libapr.rc NWGNUmakefile threadproc

apr.spec docs LICENSE passwd time

atomic dso locks poll user

build emacs-mode Makefile.in random

buildconf file_io Makefile.win README

[root@master apr-1.4.6]#

6.4.1 安装apr和apr-util

可以从http://apr.apache.org/获取apr源码，目前最新的版本是1.4.6。

[root@www.magedu.com ~]# tar xf apr-1.4.6.tar.bz2

[root@www.magedu.com ~]# cd apr-1.4.6

[root@www.magedu.com ~]# ./configure --prefix=/usr/local/apr --disable-ipv6

[root@www.magedu.com ~]# make && make install

apr-util是apr的工具库，其可以让程序员更好的使用apr的功能。可以从http://apr.apache.org/获取apr源码，目前最新的版本是1.4.1。

[root@www.magedu.com ~]# tar xf apr-util-1.4.1.tar.bz2

[root@www.magedu.com ~]# cd apr-util-1.4.1

[root@www apr-util-1.4.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr

[root@www apr-util-1.4.1]# make && make install

[root@master apr-1.4.6]# ./configure --prefix=/usr/local/apr --disable-ipv6 #禁不禁ipv6其实都可以

[root@master apr-1.4.6]# make && make install

[root@master ~]# tar xf apr-util-1.4.1.tar.bz2

[root@master ~]# cd apr-util-1.4.1

[root@master apr-util-1.4.1]#

[root@master apr-util-1.4.1]# ls

aprutil.dsp CHANGES hooks NOTICE

aprutil.dsw config.layout include NWGNUmakefile

apr-util.pc.in configure ldap README

apr-util.spec configure.in libaprutil.dsp renames_pending

apu-config.in crypto libaprutil.rc strmatch

buckets dbd LICENSE test

build dbm Makefile.in uri

buildconf docs Makefile.win xlate

build.conf encoding memcache xml

build-outputs.mk export_vars.sh.in misc

[root@master apr-util-1.4.1]#

[root@master apr-util-1.4.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr

[root@master apr-util-1.4.1]# make && make install

[root@master apr-util-1.4.1]# cd

[root@master ~]# cd httpd-2.4.4

[root@master httpd-2.4.4]#

# 默认情况下,只要使用 enable module = most ,这些代理模块都会被启用的

[root@master httpd-2.4.4]# make && make install

6.5 配置apache通过mod_proxy模块与Tomcat连接

要使用mod_proxy与Tomcat实例连接，需要apache已经装载mod_proxy、mod_proxy_http、mod_proxy_ajp和proxy_balancer_module（实现Tomcat集群时用到）等模块：

# /usr/local/apache/bin/httpd -D DUMP_MODULES | grep proxy

proxy_module (shared)

proxy_connect_module (shared)

proxy_ftp_module (shared)

proxy_http_module (shared)

proxy_fcgi_module (shared)

proxy_scgi_module (shared)

proxy_ajp_module (shared)

proxy_balancer_module (shared)

proxy_express_module (shared)

2、在httpd.conf的全局配置段或虚拟主机中添加如下内容：

ProxyVia Off #为了让客户端知道通过谁代理过来的,可以在响应中显示某某某主机 ProxyVia On表示响应首部也可以带上Via首部了

ProxyRequests Off #必须禁用,禁用正向代理

ProxyPreserveHost Off #反向代理中,后端服务器有多个虚拟主机,而且每个虚拟主机需要彼此实现独立被访问的话,需要开启此项,

<Proxy *> #哪个路径下的访问实现授权

Require all granted #允许所有访问

</Proxy>

ProxyPass / ajp://172.16.100.1:8009/

ProxyPassReverse / ajp://172.16.100.1:8009/ #重定向时仍然使用代理服务器向后端发送请求

Require all granted

</Location>

或让apache跟Tomcat的http连接器进行整合：

ProxyVia Off

ProxyRequests Off

ProxyPass / http://172.16.100.1:8080/

ProxyPassReverse / http://172.16.100.1:8080/

Require all granted

</Proxy>

Require all granted

</Location>

关于如上apache指令的说明：

ProxyPreserveHost {On|Off}：如果启用此功能，代理会将用户请求报文中的Host:行发送给后端的服务器，而不再使用ProxyPass指定的服务器地址。如果想在反向代理中支持虚拟主机，则需要开启此项，否则就无需打开此功能。

ProxyVia {On|Off|Full|Block}：用于控制在http首部是否使用Via:，主要用于在多级代理中控制代理请求的流向。默认为Off，即不启用此功能；On表示每个请求和响应报文均添加Via:；Full表示每个Via:行都会添加当前apache服务器的版本号信息；Block表示每个代理请求报文中的Via：都会被移除。

ProxyRequests {On|Off}：是否开启apache正向代理的功能；启用此项时为了代理http协议必须启用mod_proxy_http模块。同时，如果为apache设置了ProxyPass为反向代理的话，则必须将ProxyRequests设置为Off。

ProxyPass [path] !|url [key=value key=value ...]]：将后端服务器某URL与当前服务器的某虚拟路径关联起来作为提供服务的路径，path为当前服务器上的某虚拟路径，url为后端服务器上某URL路径。使用此指令时必须将ProxyRequests的值设置为Off。需要注意的是，如果path以“/”结尾，则对应的url也必须以“/”结尾，反之亦然。

另外，mod_proxy模块在httpd 2.1的版本之后支持与后端服务器的连接池功能，连接在按需创建在可以保存至连接池中以备进一步使用。连接池大小或其它设定可以通过在ProxyPass中使用key=value的方式定义。常用的key如下所示：

◇ min：连接池的最小容量，此值与实际连接个数无关，仅表示连接池最小要初始化的空间大小。

◇ max：连接池的最大容量，每个MPM都有自己独立的容量；都值与MPM本身有关，如Prefork的总是为1，而其它的则取决于ThreadsPerChild指令的值。

◇ loadfactor：用于负载均衡集群配置中，定义对应后端服务器的权重，取值范围为1-100。

◇ retry：当apache将请求发送至后端服务器得到错误响应时等待多长时间以后再重试。单位是秒钟。

如果Proxy指定是以balancer://开头，即用于负载均衡集群时，其还可以接受一些特殊的参数，如下所示：

◇lbmethod：apache实现负载均衡的调度方法，默认是byrequests，即基于权重将统计请求个数进行调度，bytraffic则执行基于权重的流量计数调度，bybusyness通过考量每个后端服务器的当前负载进行调度。

◇ maxattempts：放弃请求之前实现故障转移的次数，默认为1，其最大值不应该大于总的节点数。

◇ nofailover：取值为On或Off，设置为On时表示后端服务器故障时，用户的session将损坏；因此，在后端服务器不支持session复制时可将其设置为On。

◇ stickysession：调度器的sticky session的名字，根据web程序语言的不同，其值为JSESSIONID或PHPSESSIONID。

上述指令除了能在banlancer://或ProxyPass中设定之外，也可使用ProxySet指令直接进行设置，如：

BalancerMember http://www1.magedu.com:8080 loadfactor=1

BalancerMember http://www2.magedu.com:8080 loadfactor=2

ProxySet lbmethod=bytraffic

</Proxy>

ProxyPassReverse：用于让apache调整HTTP重定向响应报文中的Location、Content-Location及URI标签所对应的URL，在反向代理环境中必须使用此指令避免重定向报文绕过proxy服务器。

[root@master httpd-2.4.4]# vim /etc/rc.d/init.d/httpd #原来就有httpd服务,原来就装了httpd

[root@master httpd-2.4.4]# ls /etc/httpd

conf extra logs mime.types original

conf.d httpd.conf magic modules run

[root@master httpd-2.4.4]#

[root@master httpd-2.4.4]# rpm -q httpd #以前用rpm格式装过httpd

httpd-2.2.15-69.el6.i686

[root@master httpd-2.4.4]#

[root@master httpd-2.4.4]# rpm -e httpd

[root@master httpd-2.4.4]# rpm -e httpd --nodeps #若rpm -e httpd有依赖卸载不掉,就加上 --nodeps

error: package httpd is not installed

[root@master httpd-2.4.4]#

[root@master httpd-2.4.4]# ls /etc/httpd #卸完成,还不干净

extra httpd.conf magic mime.types original

[root@master httpd-2.4.4]#

[root@master httpd-2.4.4]# rm -rf /etc/httpd #删了

[root@master httpd-2.4.4]#

[root@master httpd-2.4.4]# make install #重新install一下

[root@master httpd-2.4.4]# vim /etc/rc.d/init.d/httpd

#!/bin/bash

# httpd Startup script for the Apache HTTP Server

# chkconfig: - 85 15

# description: Apache is a World Wide Web server. It is used to serve \

# HTML files and CGI.

# processname: httpd

# config: /etc/httpd/conf/httpd.conf

# config: /etc/sysconfig/httpd

# pidfile: /var/run/httpd.pid

# Source function library.

. /etc/rc.d/init.d/functions

if [ -f /etc/sysconfig/httpd ]; then

. /etc/sysconfig/httpd

# Start httpd in the C locale by default.

HTTPD_LANG=${HTTPD_LANG-"C"}

# This will prevent initlog from swallowing up a pass-phrase prompt if

# mod_ssl needs a pass-phrase from the user.

INITLOG_ARGS=""

# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server

# with the thread-based "worker" MPM; BE WARNED that some modules may not

# work correctly with a thread-based MPM; notably PHP will refuse to start.

# Path to the apachectl script, server binary, and short-form for messages.

apachectl=/usr/local/apache/bin/apachectl

httpd=${HTTPD-/usr/local/apache/bin/httpd}

prog=httpd

pidfile=${PIDFILE-/var/run/httpd.pid}

lockfile=${LOCKFILE-/var/lock/subsys/httpd}

RETVAL=0

start() {

echo -n $"Starting $prog: "

LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS

RETVAL=$?

echo

[ $RETVAL = 0 ] && touch ${lockfile}

return $RETVAL

}

stop() {

echo -n $"Stopping $prog: "

killproc -p ${pidfile} -d 10 $httpd

RETVAL=$?

echo

[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}

}

reload() {

echo -n $"Reloading $prog: "

if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then

RETVAL=$?

echo $"not reloading due to configuration syntax error"

failure $"not reloading $httpd due to configuration syntax error"

else

killproc -p ${pidfile} $httpd -HUP

RETVAL=$?

echo

}

# See how we were called.

case "$1" in

start)

start

;;

stop)

stop

;;

status)

status -p ${pidfile} $httpd

RETVAL=$?

;;

restart)

stop

start

;;

condrestart)

if [ -f ${pidfile} ] ; then

stop

start

;;

reload)

reload

;;

graceful|help|configtest|fullstatus)

$apachectl $@

RETVAL=$?

;;

echo $"Usage: $prog {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}"

exit 1

esac

exit $RETVAL

[root@master httpd-2.4.4]# chmod +x /etc/rc.d/init.d/httpd #给执行权限

[root@master httpd-2.4.4]# chkconfig --add httpd #加到服务列表

[root@master httpd-2.4.4]#

[root@master httpd-2.4.4]# service httpd start

正在启动 httpd：AH00557: httpd: apr_sockaddr_info_get() failed for master.magedu.com

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message

[确定]

[root@master httpd-2.4.4]#

[root@master httpd-2.4.4]# /usr/local/apache/bin/httpd -D DUMP_MODULES | grep proxy

AH00557: httpd: apr_sockaddr_info_get() failed for master.magedu.com

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message

proxy_module (shared)

proxy_connect_module (shared)

proxy_ftp_module (shared)

proxy_http_module (shared)

proxy_fcgi_module (shared)

proxy_scgi_module (shared)

proxy_ajp_module (shared)

proxy_balancer_module (shared) #负载均衡模块

proxy_express_module (shared)

[root@master httpd-2.4.4]#

[root@master httpd-2.4.4]# /usr/local/apache/bin/httpd -D DUMP_MODULES

AH00557: httpd: apr_sockaddr_info_get() failed for master.magedu.com

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message

Loaded Modules:

core_module (static)

so_module (static)

http_module (static)

authn_file_module (shared)

authn_core_module (shared)

authz_host_module (shared)

authz_groupfile_module (shared)

authz_user_module (shared)

authz_core_module (shared)

access_compat_module (shared)

auth_basic_module (shared)

reqtimeout_module (shared)

filter_module (shared)

mime_module (shared)

log_config_module (shared)

env_module (shared)

headers_module (shared)

setenvif_module (shared)

version_module (shared)

proxy_module (shared)

proxy_connect_module (shared)

proxy_ftp_module (shared)

proxy_http_module (shared)

proxy_fcgi_module (shared)

proxy_scgi_module (shared)

proxy_ajp_module (shared)

proxy_balancer_module (shared)

proxy_express_module (shared)

lbmethod_byrequests_module (shared) # 根据用户请求做负载均衡

lbmethod_bytraffic_module (shared) # 根据流量做负载均衡

lbmethod_bybusyness_module (shared) # 根据空闲与否做负载均衡

lbmethod_heartbeat_module (shared) #心跳功能?????

mpm_event_module (shared)

unixd_module (shared)

status_module (shared)

autoindex_module (shared)

dir_module (shared)

alias_module (shared)

[root@master httpd-2.4.4]#

[root@master httpd-2.4.4]# cd /etc/httpd/

[root@master httpd]# ls

extra httpd.conf magic mime.types original

[root@master httpd]# cp httpd.conf httpd.conf.bak

[root@master httpd]#

[root@master httpd]# vim httpd.conf

................................................................................................................................................

#DocumentRoot "/usr/local/apache/htdocs"

................................................................................................................................................

#Include /etc/httpd/extra/httpd-default.conf

Include /etc/httpd/extra/httpd-proxy.conf #加上这一行

................................................................................................................................................

[root@master httpd]# cd extra/

[root@master extra]# pwd

/etc/httpd/extra

[root@master extra]# ls

httpd-autoindex.conf httpd-languages.conf httpd-ssl.conf

httpd-dav.conf httpd-manual.conf httpd-userdir.conf

httpd-default.conf httpd-mpm.conf httpd-vhosts.conf

httpd-info.conf httpd-multilang-errordoc.conf proxy-html.conf

[root@master extra]# vim httpd-proxy.conf

ProxyVia On

ProxyRequests Off

ProxyPass / http://192.168.10.2:8080/

ProxyPassReverse / http://192.168.10.2:8080/

Require all granted

</Proxy>

Require all granted

</Location>

</VirtualHost>

[root@master extra]# service httpd configtest

AH00557: httpd: apr_sockaddr_info_get() failed for master.magedu.com

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message

Syntax OK

[root@master extra]#

[root@master extra]# service httpd restart #为什么先失败????,再确定????

停止 httpd： [失败]

正在启动 httpd：AH00557: httpd: apr_sockaddr_info_get() failed for master.magedu.com

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message

[确定]

[root@master extra]#

[root@master extra]# netstat -tnlp #没有80端口

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1850/rpcbind

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2212/sshd

tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1929/cupsd

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2549/master

tcp 0 0 0.0.0.0:53671 0.0.0.0:* LISTEN 1872/rpc.statd

tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 2188/php-fpm

tcp 0 0 :::3306 :::* LISTEN 2480/mysqld

tcp 0 0 :::111 :::* LISTEN 1850/rpcbind

tcp 0 0 :::8080 :::* LISTEN 2649/java

tcp 0 0 :::22 :::* LISTEN 2212/sshd

tcp 0 0 ::1:631 :::* LISTEN 1929/cupsd

tcp 0 0 ::1:25 :::* LISTEN 2549/master

tcp 0 0 :::52512 :::* LISTEN 1872/rpc.statd

tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN 2649/java

[root@master extra]#

[root@master extra]# tail /usr/local/apache/logs/error_log #这里的错要好好研究下,是不是里面部分模块没有启动导致的,从而导致httpd无法启动反正

[Wed Jun 30 10:13:38.003747 2021] [proxy_balancer:emerg] [pid 5444:tid 3078510272] AH01177: Failed to lookup provider 'shm' for 'slotmem': is mod_slotmem_shm loaded??

[Wed Jun 30 10:13:38.003915 2021] [:emerg] [pid 5444:tid 3078510272] AH00020: Configuration Failed, exiting

[Wed Jun 30 10:13:49.828787 2021] [proxy_balancer:emerg] [pid 5463:tid 3078547136] AH01177: Failed to lookup provider 'shm' for 'slotmem': is mod_slotmem_shm loaded??

[Wed Jun 30 10:13:49.828901 2021] [:emerg] [pid 5463:tid 3078547136] AH00020: Configuration Failed, exiting

[Wed Jun 30 10:14:53.915068 2021] [proxy_balancer:emerg] [pid 5468:tid 3077842624] AH01177: Failed to lookup provider 'shm' for 'slotmem': is mod_slotmem_shm loaded??

[Wed Jun 30 10:14:53.915256 2021] [:emerg] [pid 5468:tid 3077842624] AH00020: Configuration Failed, exiting

[Wed Jun 30 11:05:46.888158 2021] [proxy_balancer:emerg] [pid 5640:tid 3077830336] AH01177: Failed to lookup provider 'shm' for 'slotmem': is mod_slotmem_shm loaded??

[Wed Jun 30 11:05:46.888288 2021] [:emerg] [pid 5640:tid 3077830336] AH00020: Configuration Failed, exiting

[Wed Jun 30 11:05:50.147167 2021] [proxy_balancer:emerg] [pid 5665:tid 3078231744] AH01177: Failed to lookup provider 'shm' for 'slotmem': is mod_slotmem_shm loaded??

[Wed Jun 30 11:05:50.147283 2021] [:emerg] [pid 5665:tid 3078231744] AH00020: Configuration Failed, exiting

[root@master extra]#

[root@master logs]# netstat -tnlp #没有80

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1850/rpcbind

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2212/sshd

tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1929/cupsd

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2549/master

tcp 0 0 0.0.0.0:53671 0.0.0.0:* LISTEN 1872/rpc.statd

tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 2188/php-fpm

tcp 0 0 :::3306 :::* LISTEN 2480/mysqld

tcp 0 0 :::111 :::* LISTEN 1850/rpcbind

tcp 0 0 :::8080 :::* LISTEN 2649/java

tcp 0 0 :::22 :::* LISTEN 2212/sshd

tcp 0 0 ::1:631 :::* LISTEN 1929/cupsd

tcp 0 0 ::1:25 :::* LISTEN 2549/master

tcp 0 0 :::52512 :::* LISTEN 1872/rpc.statd

tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN 2649/java

[root@master logs]#

[root@master logs]# locate httpd.pid #找不到pid文件

[root@master logs]# vim /etc/httpd/httpd.conf

................................................................................................................................................

ServerRoot "/usr/local/apache"

PidFile "/var/run/httpd.pid" #这里加上一个pid看看

................................................................................................................................................

[root@master logs]# killall httpd

httpd: 没有进程被杀死

搞了一整天,还没搞定,

最后在 http.conf 里面把所有注释的 #loadModule ,取消掉注释就可以了

LIST

[root@localhost httpd-2.4.4]# vim /etc/httpd/httpd.conf ####把里面的 #loadModule,全部取消掉就可以,不懂

/etc/httpd/httpd.conf 里面的shm模块,,,,,我们的负载均衡的模块是依赖于shm (share memory)共享内存模块的

LoadModule slotmem_shm_module modules/mod_slotmem_shm.so

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

http://192.168.0.60/ 实现了反向代理

Via: 1.1 www.magedu.com 是 httpd.conf 中

ServerName www.magedu.com:80 中的名字

这个session,cookie是以JSESSION开头的

php中好像以PHPSESSION开头的,在php.ini中是有设定的

6.6 配置apache通过mod_jk模块与Tomcat连接

mod_jk是ASF的一个项目，是一个工作于apache端基于AJP协议(一般是AJP协议,其实HTTP协议也行)与Tomcat通信的连接器，它是apache的一个模块，是AJP协议的客户端（服务端是Tomcat的AJP连接器）。

需要在apache前端装上 tomcat-connectors,然后装载mod_jk模块才能使用的

[root@www.magedu.com ~]# tar xf tomcat-connectors-1.2.37-src.tar.gz

[root@www.magedu.com ~]# cd tomcat-connectors-1.2.37-src/native/

[root@www.magedu.com ~]# ./configure --with-apxs=/usr/local/apache/bin/apxs ( --with-apxs这里配置时指定为apache的模块吧)

[root@www.magedu.com ~]# make && make install

apache要使用mod_jk连接器，需要在启动时加载此连接器模块。为了便于管理与mod_jk模块相关的配置，这里使用一个专门的配置文件/etc/httpd/extra/httpd-jk.conf来保存相关指令及其设置。其内容如下：

# Load the mod_jk

LoadModule jk_module modules/mod_jk.so

JkWorkersFile /etc/httpd/extra/workers.properties #jk使用许多work进程跟后端的tomcat进行通信,这些work进程倒底启用几个,以及如何向后端连接,要不要负载均衡,传递过去的信息是什么,需要单独的配置文件workers.properties来定义,这个配置文件的名称和路径可以自己定义的

JkLogFile logs/mod_jk.log #jk模块的log文件

JkLogLevel debug #debug是调试功能,生产环境下,不能debug了

JkMount /* TomcatA #把哪个url路径送到哪一个tomcat上去 TomcatA 是tomcat的JVMRoute名称????

JkMount /status/ stat1 #这个使用了stat1的名称, TomcatA,stat1在workers.properties文件中定义

除了需要使用LoadModule指令在apache中装载模块外，mod_jk还需要在apache的主配置文件中设置其它一些指令来配置其工作属性。如JkWorkersFile则用于指定保存了worker相关工作属性定义的配置文件，JkLogFile则用于指定mod_jk模块的日志文件，JkLogLevel则可用于指定日志的级别（info, error, debug），此外还可以使用JkRequestLogFormat自定义日志信息格式。而JkMount（格式： JkMount <URL to match> <Tomcat worker name>）指定则用于控制URL与Tomcat workers的对应关系。

为了让apache能使用/etc/httpd/extra/httpd-jk.conf配置文件中的配置信息，需要编辑/etc/httpd/httpd.conf，添加如下一行：

Include /etc/httpd/extra/httpd-jk.conf

对于apache代理来说，每一个后端的Tomcat实例中的engine都可以视作一个worker，而每一个worker的地址、连接器的端口等信息都需要在apache端指定以便apache可以识别并使用这些worker。约定俗成，配置这些信息的文件通常为workers.properties，其具体路径则是使用前面介绍过的JkWorkersFile指定的，在apache启动时，mod_jk会扫描此文件获取每一个worker的配置信息。比如，我们这里使用/etc/httpd/extra/workers.properties。

workers.properties文件一般由两类指令组成：一是mod_jk可以连接的各worker名称列表 (worker指的是tomcat实例的名称)，二是每一个worker的属性配置信息(连到tomcat上使用什么属性)。它们分别遵循如下使用语法。

worker.list = < a comma separated list of worker names >

worker. <worker name> .<property> = <property value>

其中worker.list指令可以重复指定多次，而worker name则是Tomcat中engine组件jvmRoute参数的值。如：

worker.TomcatA.host=172.16.100.1

根据其工作机制的不同，worker有多种不同的类型，这是需要为每个worker定义的一项属性woker.<work name>.type。常见的类型如下：

◇ ajp13：此类型表示当前worker为一个运行着的Tomcat实例。

◇ lb：lb即load balancing，专用于负载均衡场景中的woker；此worker并不真正负责处理用户请求，而是将用户请求调度给其它类型为ajp13的worker。

◇ status：用户显示分布式环境中各实际worker工作状态的特殊worker，它不处理任何请求，也不关联到任何实际工作的worker实例。具体示例如请参见后文中的配置。

worker其它常见的属性说明：

◇ host：Tomcat 7的worker实例所在的主机；

◇ port：Tomcat 7实例上AJP1.3连接器的端口；

◇ connection_pool_minsize：最少要保存在连接池中的连接的个数；默认为pool_size/2；连接池的最小值

◇ connection_pool_timeout：连接池中连接的超时时长；

◇ mount：由当前worker提供的context路径，如果有多个则使用空格格开；此属性可以由JkMount指令替代；

◇ retries：错误发生时的重试次数；

◇ socket_timeout：mod_jk等待worker响应的时长，默认为0，即无限等待；

◇ socket_keepalive：是否启用keep alive的功能，1表示启用，0表示禁用；

◇ lbfactor：worker的权重，可以在负载均衡的应用场景中为worker定义此属性；

另外，在负载均衡模式中，专用的属性还有：

◇balance_workers：用于负载均衡模式中的各worker的名称列表，需要注意的是，出现在此处的worker名称一定不能在任何worker.list属性列表中定义过，并且worker.list属性中定义的worker名字必须包含负载均衡worker。具体示例请参见后文中的定义。

◇ method：可以设定为R、T或B；默认为R，即根据请求(Request)的个数进行调度,也就是轮调round-robin；T表示根据已经发送给worker的实际流量(Traffic)大小进行调度；B表示根据实际负载情况(Balance)进行调度。T和B需要监控后端服务器的状况的,是动态方法,,,,R是静态方法

◇sticky_session：在将某请求调度至某worker后，源于此地址的所有后续请求都将直接调度至此worker，实现将用户session与某worker绑定。默认为值为1，即启用此功能。如果后端的各worker之间支持session复制，则可以将此属性值设为0。会话绑定功能

根据前文中的指定，这里使用/etc/httpd/extra/workers.properties来定义一个名为TomcatA的worker，并为其指定几个属性。文件内容如下：

worker.list=TomcatA,stat1 #stat1是apache的jk模块自带的一个实例(一个worker),不用考虑后端,输出jk状态信息的专用的由apache提供的内嵌的worker

worker.TomcatA.port=8009

worker.TomcatA.host=172.16.100.1

worker.TomcatA.type=ajp13 #ajp1.3的协议

worker.TomcatA.lbfactor=1 #lbfactor负载均衡因子,即权重

worker.stat1.type = status #说明输出状态信息的

至此，一个基于mod_jk模块与后端名为TomcatA的worker通信的配置已经完成，重启httpd服务即可生效。

配置基于mod_jk的负载均衡

1、为了避免用户直接访问后端Tomcat实例，影响负载均衡的效果，建议在Tomcat 7的各实例上禁用HTTP/1.1连接器。

2、为每一个Tomcat 7实例的引擎添加jvmRoute参数，并通过其为当前引擎设置全局惟一标识符。如下所示。需要注意的是，每一个实例的 jvmRoute 的值均不能相同。

而后去配置apache，修改/etc/httpd/extra/httpd-jk.conf为如下内容：

LoadModule jk_module modules/mod_jk.so

JkWorkersFile /etc/httpd/extra/workers.properties

JkLogFile logs/mod_jk.log

JkLogLevel debug

JkMount /* lbcluster1

JkMount /jkstatus/ stat1

编辑/etc/httpd/extra/workers.properties，添加如下内容：

worker.list = lbcluster1,stat1

worker.TomcatA.type = ajp13

worker.TomcatA.host = 172.16.100.1

worker.TomcatA.port = 8009

worker.TomcatA.lbfactor = 5

worker.TomcatB.type = ajp13

worker.TomcatB.host = 172.16.100.2

worker.TomcatB.port = 8009

worker.TomcatB.lbfactor = 5

worker.lbcluster1.type = lb

worker.lbcluster1.sticky_session = 1

worker.lbcluster1.balance_workers = TomcatA, TomcatB

worker.stat1.type = status

在 tomcat1 192.168.0.2 上

[root@node1 ~]# cd /usr/local/tomcat

[root@node1 tomcat]# ls

bin lib logs RELEASE-NOTES temp work

conf LICENSE NOTICE RUNNING.txt webapps

[root@node1 tomcat]# cd bin/

[root@node1 bin]# pwd

/usr/local/tomcat/bin

[root@node1 bin]# ls

bootstrap.jar cpappend.bat startup.bat

catalina.bat daemon.sh startup.sh

catalina.sh digest.bat tomcat-juli.jar

catalina-tasks.xml digest.sh tomcat-native.tar.gz(tomcat端用来实现跟前端进行异步高效通信的一种机制)

commons-daemon.jar setclasspath.bat tool-wrapper.bat

commons-daemon-native.tar.gz setclasspath.sh tool-wrapper.sh

configtest.bat shutdown.bat version.bat

configtest.sh shutdown.sh version.sh

[root@node1 bin]#

http://tomcat.apache.org/

https://tomcat.apache.org/download-connectors.cgi

https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.48-src.tar.gz

在前端apache 192.168.0.60 另一网卡 192.168.10.10

[root@localhost ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.48-src...

--2021-07-01 03:13:09-- https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.48-src...

Resolving mirrors.tuna.tsinghua.edu.cn... 101.6.8.193, 2402:f000:1:408:8100::1

Connecting to mirrors.tuna.tsinghua.edu.cn|101.6.8.193|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 3665280 (3.5M) [application/octet-stream]

Saving to: `tomcat-connectors-1.2.48-src.tar.gz'

100%[======================================>] 3,665,280 613K/s in 5.5s

2021-07-01 03:13:15 (646 KB/s) - `tomcat-connectors-1.2.48-src.tar.gz' saved [3665280/3665280]

[root@localhost ~]#

[root@localhost ~]# tar xf tomcat-connectors-1.2.48-src.tar.gz

[root@localhost ~]# cd tomcat-connectors-1.2.48-src

[root@localhost tomcat-connectors-1.2.48-src]# cd native/ #到这个目录

[root@localhost native]# pwd

/root/tomcat-connectors-1.2.48-src/native

[root@localhost native]#

[root@localhost native]# ./configure --with-apxs=/usr/local/apache/bin/apxs

[root@localhost native]# make && make install # 有了配置命令的- -with-apxs=/usr/local/apache/bin/apxs,,,,安装路径就会在apache的模块路径下

[root@localhost ~]# cd /usr/local/apache/modules/

[root@localhost modules]# ls | grep mod_jk #有mod_jk

mod_jk.so

[root@localhost modules]#

[root@localhost modules]# cd /etc/httpd/

[root@localhost httpd]# vim httpd.conf

.....................................................................................

#Include /etc/httpd/extra/httpd-proxy.conf

Include /etc/httpd/extra/httpd-jk.conf 替换上次的包含文件httpd-proxy.conf

.....................................................................................

[root@localhost httpd]# cd extra/

[root@localhost extra]# pwd

/etc/httpd/extra

[root@localhost extra]# vim httpd-jk.conf

LoadModule jk_module modules/mod_jk.so #定义哪个模块

JkWorkersFile /etc/httpd/extra/workers.properties #模块的work属性

JkLogFile logs/mod_jk.log #跟日志相关

JkLogLevel debug

JkMount /* TomcatA #这是一个worker或实例,,TomcatA 必须要在workers.properties 有定义

JkMount /status/ stat1

[root@localhost extra]# vim workers.properties

worker.list=TomcatA,stat1 #stat1是apache的jk模块自带的一个实例(一个worker),不用考虑后端,输出jk状态信息的专用的由apache提供的内嵌的worker

worker.TomcatA.port=8009

worker.TomcatA.host=192.168.10.2

worker.TomcatA.type=ajp13 #ajp1.3的协议

worker.TomcatA.lbfactor=1 #lbfactor负载均衡因子,即权重

worker.stat1.type = status

在后台 tomcat1 (192.168.10.2)上有看到8009的端口已经开启

在前端apache 192.168.0.60 另一网卡 192.168.10.10

[root@localhost extra]# service httpd configtest

Syntax OK

[root@localhost extra]#

[root@localhost extra]# service httpd restart

停止 httpd： [确定]

正在启动 httpd： [确定]

[root@localhost extra]#

[root@localhost extra]# netstat -tnlp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1854/rpcbind

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2780/httpd #80端口正常

tcp 0 0 0.0.0.0:37172 0.0.0.0:* LISTEN 1876/rpc.statd

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2199/sshd

tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1933/cupsd

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2281/master

tcp 0 0 :::48078 :::* LISTEN 1876/rpc.statd

tcp 0 0 :::111 :::* LISTEN 1854/rpcbind

tcp 0 0 :::22 :::* LISTEN 2199/sshd

tcp 0 0 ::1:631 :::* LISTEN 1933/cupsd

tcp 0 0 ::1:25 :::* LISTEN 2281/master

[root@localhost extra]#

http://192.168.0.60/index.jsp 正常了

普通分类:

linux

You are here

友情链接

搜索表单

用户登录

You are here

马哥 47_01 _Tomcat系列之apache使用mod_jk和mod_proxy反向代理tomcat 有大用

友情链接