搭建 CentOS 6 服务器(8) - Apache/Nginx/Jetty、Tomcat、WildFly
(一)Apache
(1)下载安装APR-ApachePortableRuntime
# cd /usr/local/src # wget http://www.apache.org/dist/apr/apr-1.5.1.tar.gz # tar zxvf apr-1.5.1.tar.gz # cd /usr/local/src/apr-1.5.1 # ./configure --prefix=/usr/local/apr/1.5.1 # make clean # make && make install
(2)下载安装APR-Util-ApachePortableRuntimeUtilityLibrary
# cd /usr/local/src # wget http://www.apache.org/dist/apr/apr-util-1.5.3.tar.gz # tar zxvf apr-util-1.5.3.tar.gz # cd /usr/local/src/apr-util-1.5.3 # ./configure --prefix=/usr/local/apr-util/1.5.3 --with-apr=/usr/local/apr/1.5.1 # make clean # make && make install
(3)下载安装httpd
# cd /usr/local/src # wget http://archive.apache.org/dist/httpd/httpd-2.4.9.tar.gz # tar zxvf httpd-2.4.9.tar.gz # cd /usr/local/src/httpd-2.4.9 # ./configure \ --prefix=/usr/local/apache/2.4.9 \ --enable-expires \ --enable-proxy \ --enable-proxy-ajp \ --enable-proxy-http \ --enable-proxy-connect \ --enable-headers \ --enable-so \ --enable-rewrite \ --enable-ssl=shared \ --with-apr=/usr/local/apr/1.5.1 \ --with-apr-util=/usr/local/apr-util/1.5.3 \ --with-pcre=/usr/local/pcre/8.35 \ --with-ssl=/usr/local/ssl # make && make install
(4)设置
日志
# cp -f /usr/local/apache/2.4.9/conf/httpd.conf /usr/local/apache/2.4.9/conf/httpd.conf.org # vi /usr/local/apache/2.4.9/conf/httpd.conf # when proxy server #LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined #CustomLog "logs/access_log" common CustomLog "|/usr/sbin/rotatelogs /usr/local/apache/2.4.9/logs/access_log.%Y-%m-%d 86400" common
ServerName
# cat /usr/local/apache/2.4.9/conf/httpd.conf | grep ServerName # ServerName gives the name and port that the server uses to identify itself. ServerName xxxxx # vi /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 xxxxx
启动
# echo "# chkconfig: 2345 99 10" >> /usr/local/apache/2.4.9/bin/apachectl # echo "# description: Starts/Stops httpd Server" >> /usr/local/apache/2.4.9/bin/apachectl # mv /etc/init.d/httpd /etc/init.d/httpd.org # ln -s /usr/local/apache/2.4.9/bin/apachectl /etc/init.d/httpd
确认
# /etc/init.d/httpd start # wget http://localhost It works! # /etc/init.d/httpd sttop
(5)设置SSL
私钥
# mkdir -p /usr/local/apache/2.4.9/conf/cert_`date +%Y%m%d` # cd /usr/local/apache/2.4.9/conf/cert_`date +%Y%m%d` # openssl genrsa -des3 -out server_needpass.key 2048 Generating RSA private key, 2048 bit long modulus ................................................+++ ...................+++ e is 65537 (0x10001) Enter pass phrase for server_needpass.key: my-phrase Verifying - Enter pass phrase for server_needpass.key: my-phrase # openssl rsa -in server_needpass.key -out server.key Enter pass phrase for server_needpass.key: my-phrase writing RSA key
公钥
# openssl req -new -days 365 -key server.key -out server.csr <-第三方认证 Country Name (2 letter code) [GB]: ...... # openssl req -new -x509 -days 3650 -key server.key -out server.crt <-测试用
配置Apache的SSL认证文件
# cp /usr/local/apache/2.4.9/conf/cert_<YYYYMMDD>/server_needpass.key /usr/local/apache/2.4.9/conf/server_needpass.key # cp /usr/local/apache/2.4.9/conf/cert_<YYYYMMDD>/server.key /usr/local/apache/2.4.9/conf/server.key # cp /usr/local/apache/2.4.9/conf/cert_<YYYYMMDD>/server.csr /usr/local/apache/2.4.9/conf/server.csr # cp /usr/local/apache/2.4.9/conf/cert_<YYYYMMDD>/server.crt /usr/local/apache/2.4.9/conf/server.crt
安装设置mod_ssl
# yum install mod_ssl # vi /usr/local/apache/2.4.9/conf/httpd.conf LoadModule ssl_module modules/mod_ssl.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
再确认
# /etc/init.d/httpd restart # wget http://localhost Congratulations! # wget https://localhost Congratulations!
安装mod_jk
# cd /usr/local/src/ # wget http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.41-src.tar.gz # tar zxvf tomcat-connectors-1.2.41-src.tar.gz # cd tomcat-connectors-1.2.41-src/native/ # ./configure --with-apxs=/usr/sbin/apxs # make # make install
默认安装到了/etc/httpd/modules/mod_jk.so
(二)Nginx
下载安装
# cd /usr/local/src/ # wget http://nginx.org/download/nginx-1.7.7.tar.gz # tar xzvf nginx-1.7.7.tar.gz # cd nginx-1.7.7 # ./configure \ --prefix=/usr/local/nginx-1.7.7 \ --with-pcre=/usr/local/src/pcre-8.35 \ --with-zlib=/usr/local/src/zlib-1.2.8 \ --user=nginx \ --group=nginx \ --with-http_ssl_module \ --without-http_ssi_module \ --without-http_uwsgi_module \ --with-http_realip_module # make # make install # ln -s /usr/local/nginx-1.7.7 /usr/local/nginx
启动
# vi /etc/init.d/nginx 从http://wiki.nginx.org/RedHatNginxInitScript下载脚本文件后按以下修改: 9 # config: /usr/local/nginx/conf/nginx.conf 11 # pidfile: /var/run/nginx/nginx.pid 22 nginx="/usr/local/nginx/sbin/nginx" 25 NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf" # chown nginx:nginx /etc/init.d/nginx # chmod 755 /etc/init.d/nginx
设置
# cd /usr/local/nginx/conf/ # cp nginx.conf nginx.conf.default # vi nginx.conf location /myproj { client_max_body_size 20M; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr; proxy_pass http://localhost:8080/myproj; # <= Tomcat }
设置SSL
# mkdir /etc/nginx/ssl # cd /etc/nginx/ssl # openssl req -new -x509 -sha256 -newkey rsa:2048 -days 365 -nodes -out /etc/nginx/ssl/nginx.pem -keyout /etc/nginx/ssl/nginx.key # chmod 600 /etc/nginx/ssl/nginx.pem # vi /usr/local/nginx/conf/nginx.conf server { # [...] listen 443 ssl; ssl on; ssl_certificate /etc/nginx/ssl/nginx.pem; ssl_certificate_key /etc/nginx/ssl/nginx.key; # SSLv3 is broken by POODLE as of October 2014 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; # make the server choose the best cipher instead of the browser # Perfect Forward Secrecy(PFS) is frequently compromised without this ssl_prefer_server_ciphers on; # support only believed secure ciphersuites using the following priority: # 1.) prefer PFS enabled ciphers # 2.) prefer AES128 over AES256 for speed (AES128 has completely adequate security for now) # 3.) Support DES3 for IE8 support # # disable the following ciphersuites completely # 1.) null ciphers # 2.) ciphers with low security # 3.) fixed ECDH cipher (does not allow for PFS) # 4.) known vulnerable cypers (MD5, RC4, etc) # 5.) little-used ciphers (Camellia, Seed) ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !EXP !PSK !SRP !CAMELLIA !SEED'; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # [...]
确认
# /etc/init.d/nginx start # wget http://localhost # wget https://localhost # /etc/init.d/nginx stop
设置维护页面
# vi /usr/local/nginx/html/maintenance.html <html> <head> <title>System Maintenance</title> </head> <body> <h1>System Maintenance</h1> Our apologies for the temporary inconvenience. The requested URL generated 503 "Service Unavailable" error due to overloading or maintenance of the server. </body> </html> # vi nginx.conf #---------------------------------------------- # Maintenance Settings set $maintenance false; if (-e /var/tmp/do_maintenance ) { set $maintenance true; } if ($maintenance = true) { rewrite ^ /maintenance.html redirect; } location /maintenance.html { root /usr/local/nginx/html; expires 0; } #---------------------------------------------- # nginx -s reload
维护开始时:
# touch /var/tmp/do_maintenance
维护结束时:
# rm -f /var/tmp/do_maintenance
(三)Jetty
下载安装
# cd /usr/local/src # wget http://download.eclipse.org/jetty/stable-9/dist/jetty-distribution-9.2.9.v20150224.tar.gz # tar zxvf jetty-distribution-9.2.9.v20150224.tar.gz -C /opt/ # mv /opt/jetty-distribution-9.2.9.v20150224/ /opt/jetty # useradd -m jetty # chown -R jetty:jetty /opt/jetty/ # ln -s /opt/jetty/bin/jetty.sh /etc/init.d/jetty
设置
# vi /etc/default/jetty JETTY_HOME=/opt/jetty NO_START=0 JETTY_USER=jetty JETTY_ARGS=jetty.port=8085 JETTY_HOST=0.0.0.0 JETTY_LOGS=/opt/jetty/logs/
确认
# service jetty start # wget http://localhost:8085 # service jetty stop
(四)Tomcat
下载安装
# cd /usr/local/src # wget http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.57/bin/apache-tomcat-7.0.57.tar.gz # tar xzvf apache-tomcat-7.0.57.tar.gz # mv apache-tomcat-7.0.57 /usr/local/tomcat # /usr/local/tomcat/bin/version.sh Using CATALINA_BASE: /usr/local/tomcat Using CATALINA_HOME: /usr/local/tomcat Using CATALINA_TMPDIR: /usr/local/tomcat/temp Using JRE_HOME: /usr/java/default ......
安装TomcatDaemon服务
# cp -pf /usr/local/tomcat/bin/commons-daemon-native.tar.gz /usr/local/src/ # tar xzvf commons-daemon-native.tar.gz # cd commons-daemon-1.0.15-native-src/unix/ # ./configure --with-java=/usr/java/default # make clean && make # cp -f jsvc /usr/local/tomcat/bin/
安装TomcatAPR(TomcatNativeLibrary)
# cd /usr/local/tomcat/bin/ # tar xzvf tomcat-native.tar.gz # cd tomcat-native-1.1.32-src/jni/native # ./configure \ --with-apr=/usr/local/apr/1.5.1/bin/apr-1-config \ --with-java-home=/usr/java/default/ \ --prefix=/usr/local/tomcat/ # make && make install
设置
# cd /usr/local/tomcat/bin/ # vi setenv.sh # Where your java installation lives JAVA_HOME=/usr/java/default # You can pass some parameters to java JAVA_OPTS='-server -Djava.net.preferIPv4Stack=true' # Where your tomcat installation lives CATALINA_HOME=/usr/local/tomcat # What user should run tomcat TOMCAT_USER=tomcat # Set the TOMCAT_PID location CATALINA_PID="/var/run/tomcat.pid" LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$CATALINA_HOME/lib export LD_LIBRARY_PATH # jsvc options JSVC_OPTS='-jvm server' CATALINA_OPTS="-server -Xms1024m -Xmx1024m -XX:PermSize=512m -XX:MaxPermSize=1024m -Xloggc:/usr/local/tomcat/logs/gc.log -XX:+PrintClassHistogram -XX:+PrintGCDetails" # cp /usr/local/tomcat/bin/daemon.sh /etc/init.d/tomcat # echo "# chkconfig: 2345 98 11" >> /etc/init.d/tomcat # echo "# description: Starts/Stops Tomcat Server" >> /etc/init.d/tomcat # useradd -M tomcat # chown -R tomcat.tomcat /usr/local/tomcat/ # vi /usr/local/tomcat/conf/tomcat-users.xml <?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="admin"/> <role rolename="manager"/> <role rolename="manager-gui"/> <user username="admin" password="123456" roles="admin,manager,manager-gui"/> </tomcat-users>
确认
# /etc/init.d/tomcat start # wget http://localhost:8080 Congratulations! # /etc/init.d/tomcat stop
Apache&Tomcat
Apache与Tomcat有3种连接方式:JK、http_proxy、ajp_proxy,这里使用AJP链接。
设置Apache的AJP
# cat /dev/null > /usr/local/apache/2.4.9/conf/extra/httpd-proxy.conf # vi /usr/local/apache/2.4.9/conf/extra/httpd-proxy.conf <Location /myproj> ProxyPass ajp://127.0.0.1:8009/myproj/ </Location> # vi /usr/local/apache/2.4.9/conf/httpd.conf Include conf/extra/httpd-proxy.conf LoadModule slotmem_shm_module modules/mod_slotmem_shm.so LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
设置Tomcat
# vi /usr/local/tomcat/conf/server.xml 禁用8080端口 <!-- <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> --> 设置URIEncoding为UTF-8 <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="UTF-8" useBodyEncodingForURI="true" /> 不输出访问日志 <!-- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> -->
确认
# /etc/init.d/tomcat stop # /etc/init.d/tomcat start # /etc/init.d/httpd restart # wget http://localhost:8080 Error # wget http://localhost Congratulations!
(五)WildFly
(1)下载安装
# cd /usr/local/src/ # wget http://download.jboss.org/wildfly/10.1.0.Final/wildfly-10.1.0.Final.tar.gz # tar zxvf wildfly-10.1.0.Final.tar.gz # mv wildfly-10.1.0.Final /usr/local/wildfly-10.1.0.Final
(2)创建用户组及用户
# groupadd -g 1001 wildfly # tail -n 1 /etc/group # useradd -u 1001 -g 1001 wildfly # tail -n 1 /etc/passwd # passwd wildfly
(3)变更wildfly文件夹所属
# chown -R wildfly:wildfly /usr/local/wildfly-10.1.0.Final
(4)配置IP
# su - wildfly $ cd /usr/local/wildfly-10.1.0.Final/standalone/configuration/ $ vi standalone.xml
↓
<wsdl-host>${jboss.bind.address:0.0.0.0}</wsdl-host>
<inet-addressvalue="${jboss.bind.address.management:127.0.0.1}"/>
↓
<inet-addressvalue="${jboss.bind.address.management:0.0.0.0}"/>
<inet-addressvalue="${jboss.bind.address:127.0.0.1}"/>
↓
<inet-addressvalue="${jboss.bind.address:0.0.0.0}"/>
(5)启动
$ cd /usr/local/wildfly-10.1.0.Final/bin/ $ ./standalone.sh &
确认http://<IP>:8080
(6)停止
$ ./jboss-cli.sh --connect command=:shutdown
(7)发布war
# su - wildfly $ cd /usr/local/wildfly-10.1.0.Final/bin/ $ ./jboss-cli.sh --connect "deploy /tmp/TestApp.war --force" $ ./jboss-cli.sh --connect "undeploy TestApp.war"
(8)添加管理界面用户
# su - wildfly $ cd /usr/local/wildfly-10.1.0.Final/bin/ $ ./add-user.sh
确认http://<IP>:9990
修改端口
<socket-bindingname="http"port="${jboss.http.port:8080}"/>
<socket-bindingname="https"port="${jboss.https.port:8443}"/>
->
<socket-bindingname="ajp"port="${jboss.ajp.port:8109}"/>
<socket-bindingname="http"port="${jboss.http.port:8180}"/>
<socket-bindingname="https"port="${jboss.https.port:8433}"/>
<socket-bindingname="management-http"interface="management"port="${jboss.management.http.port:9990}"/>
<socket-bindingname="management-https"interface="management"port="${jboss.management.https.port:9993}"/>
->
<socket-bindingname="management-http"interface="management"port="${jboss.management.http.port:9980}"/>
<socket-bindingname="management-https"interface="management"port="${jboss.management.https.port:9983}"/>
端口修改后相应的命令中需要指定端口号:
ScripttoinstallJBossWildfly10.xasserviceinLinux:
https://gist.github.com/sukharevd/6087988