First, starting from the general framework of Java EE Project
This is a universal web that is the B/S project architecture, which consists of:
Üweb Server
Üapp Server
Üdb Server
Consisting of three major parts, of which:
2 Web Server
Outside of the corporate firewall, this firewall, you can think of as a Cisco router, and then opened on the Cisco router two ports are: 80 and 443.
Port 80: For normal HTTP access
Port 443: For HTTPS access, that is, if you enter an address such as https://xxx.xxx.xx in IE, the default
This is the port of 443.
Webserver specializes in:
For parsing HTML, JS (JavaScript), CSS, jpg/gif and other picture format files, TXT,
VBSCRIPT, PHP and Everything "static" page content.
2 App Server
Within the enterprise firewall, the connection between it and the Web server must be and must be an internal IP connection.
External IP: That is, the Internet IP address, our Web server will generally have an internal IP an external IP, so here, our app server does not have any external IP, only the internal IP, so I'm here to say app server and web Server can only be connected in the form of internal IP.
For example, we use Tomcat, its port is 8080, then this IP address on the 8080 port can only be accessed by any internal IP, the external Internet is not accessible, this is done for security.
App server resolves any of our "dynamic" Web pages that require a Java compiler to parse, but app server itself can parse any static web pages.
So let's think about this:
We let the Web server, which is responsible for parsing static Web pages, parse HTML and so on, and let app server specifically parse anything that requires a Java compiler to parse, and let them "two" do their respective roles. The benefits of this:
1 for app Server "decompression", but also improve the performance
2 do not have to expose 8080 of this port on the Internet, but also very safe, must be our app server but have our code, even if the compiled code is easy to "decompile", which is very unsafe.
3) Lay the groundwork for further "cluster expansion" in the future
2 DB Server
Let's say we use Oracle, it needs to connect to app server through 1521, right? So this 1521 is called a database connection port, and if you expose it to the Internet, is it a bit dangerous? Even if our passwords are complex, it is only a matter of time before a smart hacker can break your password.
So we're putting our DB server in the same firewall as app server. Any DB connection and management can only be accessed through intranet, within the corporate enterprise, that is the truth.