DBILITY

apache 1 + tomcat 4 설정 proxypass 본문

was

apache 1 + tomcat 4 설정 proxypass

DBILITY 2021. 4. 9. 18:20
반응형
분리구성
1. portal
2. report
3  ipsi,ipsiweb
4. ncs, scm

ssl관련 확인 필요.

groupadd tomcat

useradd -g tomcat -s /usr/sbin/nologin -d /opt/instance01 instance01
useradd -g tomcat -s /usr/sbin/nologin -d /opt/instance02 instance02
useradd -g tomcat -s /usr/sbin/nologin -d /opt/instance03 instance03
useradd -g tomcat -s /usr/sbin/nologin -d /opt/instance04 instance04

cd /opt
mkdir instance01
mkdir instance02
mkdir instance03
mkdir instance04

mkdir instance01/logs
mkdir instance02/logs
mkdir instance03/logs
mkdir instance04/logs

mkdir instance01/work
mkdir instance02/work
mkdir instance03/work
mkdir instance04/work

cd apache-tomcat-8.0.35/
cp -a conf /opt/instance01
cp -a conf /opt/instance02
cp -a conf /opt/instance03
cp -a conf /opt/instance04

cp -a webapps /opt/instance01
cp -a webapps /opt/instance02
cp -a webapps /opt/instance03
cp -a webapps /opt/instance04


chown instance01:tomcat -R /opt/instance01
chown instance02:tomcat -R /opt/instance02
chown instance03:tomcat -R /opt/instance03
chown instance04:tomcat -R /opt/instance04

각 server.xml의 
<Server port="8105" shutdown="SHUTDOWN">
 <Connector port="8180" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="18443" />
 <Connector port="8109" protocol="AJP/1.3" redirectPort="18443" />

<Server port="8205" shutdown="SHUTDOWN">
 <Connector port="8280" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="28443" />
 <Connector port="8209" protocol="AJP/1.3" redirectPort="28443" />
 
 <Server port="8305" shutdown="SHUTDOWN">
 <Connector port="8380" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="38443" />
 <Connector port="8309" protocol="AJP/1.3" redirectPort="38443" />
 
 <Server port="8405" shutdown="SHUTDOWN">
 <Connector port="8480" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="48443" />
 <Connector port="8409" protocol="AJP/1.3" redirectPort="48443" />
 
Host name="domain" 으로 
<Context path="/" docBase="aritifact_name" reloadable="true" />
        <Alias>domain</Alias>
추가
설치가 안되어 있다면 yum install mod_ssl


setsebool -P httpd_can_network_connect 1

/*
VHost추가 또는 확인
<VirtualHost portal.dbility.com:80>
        ServerName portal.dbility.com
        ErrorLog logs/portal.dbility.com-error_log
        ProxyPass / ajp://portal.dbility.com:8109/
        ProxyPassReverse / ajp://portal.dbility.com:8109/
        RewriteEngine on
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteCond %{HTTP:Connection} upgrade [NC]
        RewriteRule ^/?(.*) "ws://portal.dbility.com:8180/$1" [P,L]
</VirtualHost>

<VirtualHost report.dbility.com:80>
        ServerName report.dbility.com
        ErrorLog logs/report.dbility.com-error_log
        ProxyPass / ajp://report.dbility.com:8209/
        ProxyPassReverse / ajp://report.dbility.com:8209/
        RewriteEngine on
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteCond %{HTTP:Connection} upgrade [NC]
        RewriteRule ^/?(.*) "ws://report.dbility.com:8280/$1" [P,L]
</VirtualHost>

<VirtualHost ipsi.dbility.com:80>
        ServerName ipsi.dbility.com
        ErrorLog logs/ipsi.dbility.com-error_log
        ProxyPass / ajp://ipsi.dbility.com:8309/
        ProxyPassReverse / ajp://ipsi.dbility.com:8309/
        RewriteEngine on
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteCond %{HTTP:Connection} upgrade [NC]
        RewriteRule ^/?(.*) "ws://ipsi.dbility.com:8380/$1" [P,L]
</VirtualHost>

<VirtualHost ncs.dbility.com:80>
        ServerName ncs.dbility.com
        ErrorLog logs/ncs.dbility.com-error_log
        ProxyPass / ajp://ncs.dbility.com:8409/
        ProxyPassReverse / ajp://ncs.dbility.com:8409/
        RewriteEngine on
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteCond %{HTTP:Connection} upgrade [NC]
        RewriteRule ^/?(.*) "ws://ncs.dbility.com:8480/$1" [P,L]
</VirtualHost>
*/
#letscrypt
#참고 https://hbesthee.tistory.com/1575
yum -y install yum-utils epel-release
yum-config-manager --enable rhui-REGION-rhel-server-extra rhui-REGION-rhel-server-optional
yum -y install certbot python2-certbot-apache


#위는 제외하고
#테스트용 인증서

1.개인키생성
openssl genrsa -out private.key 2048
2.공개키생성
openssl rsa -in private.key -pubout -out public.key
3.CSR(인증요청서) 생성
openssl req -new -key private.key -out private.csr
4.CRT(인증서)만들기
 1)CA 역할을 할 CA 대칭키 생성
   openssl genrsa -aes256 -out rootCA.key 2048
 2)rootCA.key를 이용해서 rootCA.pem 생성
   openssl req -x509 -new -nodes -key rootCA.key -days 3650 -out rootCA.pem
 3)웹서버에 HTTPS적용을 위해 필요한 CRT 인증서를 생성
   openssl x509 -req -in private.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out private.crt -days 3650


<VirtualHost portal.dbility.com:443>
        ServerName portal.dbility.com:443
        ErrorLog logs/portal.dbility.com-error_log

        SSLProxyEngine on
        SSLEngine on
        SSLProxyVerify none
        SSLProtocol all -SSLv3

        SSLCertificateKeyFile /opt/private.key
        SSLCertificateFile /opt/private.crt
        #SSLCACertificateFile /opt/private.csr

        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set X-Forwarded-Port "443"
        AllowEncodedSlashes NoDecode

        ProxyRequests off
        ProxyPreserveHost on
        ProxyPass / ajp://portal.dbility.com:8109/ connectiontimeout=5 timeout=2400
        ProxyPassReverse / ajp://portal.dbility.com:8109/ timeout=2400
        RewriteEngine on
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteCond %{HTTP:Connection} upgrade [NC]
        RewriteRule ^/?(.*) "ws://portal.dbility.com:8180/$1" [P,L]

</VirtualHost>

<VirtualHost report.dbility.com:443>
        ServerName report.dbility.com:443
        ErrorLog logs/report.dbility.com-error_log

        SSLProxyEngine on
        SSLEngine on
        SSLProxyVerify none
        SSLProtocol all -SSLv3

        SSLCertificateKeyFile /opt/private.key
        SSLCertificateFile /opt/private.crt
        #SSLCACertificateFile /opt/private.csr

        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set X-Forwarded-Port "443"
        AllowEncodedSlashes NoDecode

        ProxyRequests off
        ProxyPreserveHost on
        ProxyPass / ajp://report.dbility.com:8209/ connectiontimeout=5 timeout=2400
        ProxyPassReverse / ajp://report.dbility.com:8209/ timeout=2400
        RewriteEngine on
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteCond %{HTTP:Connection} upgrade [NC]
        RewriteRule ^/?(.*) "ws://report.dbility.com:8280/$1" [P,L]

</VirtualHost>


<VirtualHost ipsi.dbility.com:443>
        ServerName ipsi.dbility.com:443
        ErrorLog logs/ipsi.dbility.com-error_log

        SSLProxyEngine on
        SSLEngine on
        SSLProxyVerify none
        SSLProtocol all -SSLv3

        SSLCertificateKeyFile /opt/private.key
        SSLCertificateFile /opt/private.crt
        #SSLCACertificateFile /opt/private.csr

        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set X-Forwarded-Port "443"
        AllowEncodedSlashes NoDecode

        ProxyRequests off
        ProxyPreserveHost on
        ProxyPass / ajp://ipsi.dbility.com:8309/ connectiontimeout=5 timeout=2400
        ProxyPassReverse / ajp://ipsi.dbility.com:8309/ timeout=2400
        RewriteEngine on
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteCond %{HTTP:Connection} upgrade [NC]
        RewriteRule ^/?(.*) "ws://ipsi.dbility.com:8380/$1" [P,L]

</VirtualHost>

<VirtualHost ncs.dbility.com:443>
        ServerName ncs.dbility.com:443
        ErrorLog logs/ncs.dbility.com-error_log

        SSLProxyEngine on
        SSLEngine on
        SSLProxyVerify none
        SSLProtocol all -SSLv3

        SSLCertificateKeyFile /opt/private.key
        SSLCertificateFile /opt/private.crt
        #SSLCACertificateFile /opt/private.csr

        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set X-Forwarded-Port "443"
        AllowEncodedSlashes NoDecode

        ProxyRequests off
        ProxyPreserveHost on
        ProxyPass / ajp://ncs.dbility.com:8409/ connectiontimeout=5 timeout=2400
        ProxyPassReverse / ajp://ncs.dbility.com:8409/ timeout=2400
        RewriteEngine on
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteCond %{HTTP:Connection} upgrade [NC]
        RewriteRule ^/?(.*) "ws://ncs.dbility.com:8480/$1" [P,L]

</VirtualHost>
반응형
Comments