【微信小程序】配置服務(wù)端https協(xié)議-nginx+tomcat服務(wù)器配置

基本結(jié)構(gòu)

首先要明白兩個基本知識點:

那么問題就來了,如果多個系統(tǒng)都要單獨使用一個二級域名的話,直接修改tomcat的配置會導(dǎo)致端口沖突。

下面我的解決辦法是在Internet和tomcat之間加一個nginx反向代理。

基本結(jié)構(gòu)

https請求發(fā)送到nginx,nginx將請求代理到tomcat

nginx解決了單ip多域名的問題,多站點就需要tomcat來解決了

網(wǎng)上找到的最好的解決方案是多實例tomcat配置實現(xiàn)單機多站點

什么意思呢?

就是把tomcat拷貝多份,然后修改各個tomcat的server.xml中的shutdown,http以及AJP1.3的端口,然后將tomcat實例啟動即可。

如果你們公司好比較重視技術(shù)基礎(chǔ)設(shè)施最好是不要在一臺server上部署太多的應(yīng)用,這個方案對內(nèi)存要求比較高,因為每個tomcat跑起來之后可能會占200M左右內(nèi)存,這還是對并發(fā)量比較小的,如果實例數(shù)一多起來,內(nèi)存會吃不消。

實操步驟

首先默認你有兩個以上指向你的服務(wù)器的域名,頂級域名或二級域名都可以。
默認你的服務(wù)器上已經(jīng)安裝好了jdk環(huán)境。后文中使用的tomcat是8.5版本的。

有兩個站點:a.domain.com 和 b.domain.com ,a.domain.com使用https訪問,b.domain.com使用http訪問

1.安裝nginx

yum install nginx

2.下載tomcat,解壓到你需要的路徑下

假定tomcat解壓在/home/admin/app/tomcat 下

3.配置各獨立站點

  • 為A、B站點各新建一個目錄,分別為是/home/admin/app/a.domain.com 和 /home/admin/app/b.domain.com
  • 將/home/admin/app/tomcat下的 conf、logs、temp、webapps、work分別拷貝一份到/home/admin/app/a.domain.com 和 /home/admin/app/b.domain.com下
  • 建一個目錄/home/admin/app/a.domain.com/https_certificate 存放ssl證書
  • 分別修改兩個站點目錄下的conf/server.xml文件,修改原則就是:凡是涉及到端口的地方全都修改成唯一的

/home/admin/app/a.domain.com/conf/server.xml

...
<Server port="8105" shutdown="SHUTDOWN">

...
<Connector port="8180" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443"
               proxyPort="443" />

...
<Connector port="8109" protocol="AJP/1.3" redirectPort="8543" />
...

/home/admin/app/b.domain.com/conf/server.xml

...
<Server port="8205" shutdown="SHUTDOWN">

...
<Connector port="8280" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8543" />

...
<Connector port="8209" protocol="AJP/1.3" redirectPort="8643" />
...
  • 為各獨立站點配置獨立的啟動腳本,實際上就是把tomcat原來的startup.sh做了一點修改

/home/admin/app/a.domain.com/startup.sh

export CATALINA_BASE=/home/admin/app/a.domain.com
export CATALINA_HOME=/home/admin/app/tomcat

#!/bin/sh

# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# -----------------------------------------------------------------------------
# Start Script for the CATALINA Server
# -----------------------------------------------------------------------------

# Better OS/400 detection: see Bugzilla 31132
os400=false
case "`uname`" in
OS400*) os400=true;;
esac

# resolve links - $0 may be a softlink
PRG="$0"

while [ -h "$PRG" ] ; do
  ls=`ls -ld "$PRG"`
  link=`expr "$ls" : '.*-> \(.*\)$'`
  if expr "$link" : '/.*' > /dev/null; then
    PRG="$link"
  else
    PRG=`dirname "$PRG"`/"$link"
  fi
done

PRGDIR=`dirname "$PRG"`
EXECUTABLE=/home/admin/app/tomcat/bin/catalina.sh

# Check that target executable exists
if $os400; then
  # -x will Only work on the os400 if the files are:
  # 1. owned by the user
  # 2. owned by the PRIMARY group of the user
  # this will not work if the user belongs in secondary groups
  eval
else
  if [ ! -x "$EXECUTABLE" ]; then
    echo "Cannot find $PRGDIR/$EXECUTABLE"
    echo "The file is absent or does not have execute permission"
    echo "This file is needed to run this program"
    exit 1
  fi
fi

exec "$EXECUTABLE" start "$@"

/home/admin/app/b.domain.com/startup.sh

export CATALINA_BASE=/home/admin/app/b.domain.com
export CATALINA_HOME=/home/admin/app/tomcat

#!/bin/sh

# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# -----------------------------------------------------------------------------
# Start Script for the CATALINA Server
# -----------------------------------------------------------------------------

# Better OS/400 detection: see Bugzilla 31132
os400=false
case "`uname`" in
OS400*) os400=true;;
esac

# resolve links - $0 may be a softlink
PRG="$0"

while [ -h "$PRG" ] ; do
  ls=`ls -ld "$PRG"`
  link=`expr "$ls" : '.*-> \(.*\)$'`
  if expr "$link" : '/.*' > /dev/null; then
    PRG="$link"
  else
    PRG=`dirname "$PRG"`/"$link"
  fi
done

PRGDIR=`dirname "$PRG"`
EXECUTABLE=/home/admin/app/tomcat/bin/catalina.sh

# Check that target executable exists
if $os400; then
  # -x will Only work on the os400 if the files are:
  # 1. owned by the user
  # 2. owned by the PRIMARY group of the user
  # this will not work if the user belongs in secondary groups
  eval
else
  if [ ! -x "$EXECUTABLE" ]; then
    echo "Cannot find $PRGDIR/$EXECUTABLE"
    echo "The file is absent or does not have execute permission"
    echo "This file is needed to run this program"
    exit 1
  fi
fi

exec "$EXECUTABLE" start "$@"

4. 修改nginx配置

  • 為兩個站點分別準備一份nginx配置文件
su - root
cd /etc/nginx/conf.d
cp default.conf a.domain.com.conf
cp default.conf b.domain.com.conf
  • 修改配置文件

a.domain.com.conf

server {
    listen  443;
    server_name a.domain.com;

    ssl on;
    ssl_certificate /home/admin/app/a.domain.com/https_certificate/Nginx/1_a.domain.com_bundle.crt;
    ssl_certificate_key /home/admin/app/a.domain.com/https_certificate/Nginx/2_a.domain.com.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照這個協(xié)議配置
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照這個套件配置
    ssl_prefer_server_ciphers on;

    location / {
        proxy_set_header       Host $host;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto  $scheme;

        # note, there is not SSL here! plain HTTP is used

        proxy_pass http://127.0.0.1:8180;
    }
}

b.domain.com.conf

server {
    client_max_body_size 2000M;  ##上傳文件時body的最大值(如:2G 、200K)
    listen  80;
    server_name b.domain.com;

    location / {
         proxy_pass http://127.0.0.1:8280;
    }
}
  • 測試配置文件測正確性
nginx -t -c b.domain.com.conf
nginx -t -c a.domain.com.conf
  • 重啟nginx
service nginx restart

這篇教程是根據(jù)昨天的配置寫的,我的機器是在阿里云上買的centos6.5版本,如果各位同學(xué)按照這個配置不能成功可以留言提問

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容