Home > Others

Apache-2.4 + Tomcat-7 + SSL + VirtualHost + self-issued certificate installation test

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Apache-2.4 + Tomcat-7 + SSL + VirtualHost + self-issued certificate installation test

1. Install the dependency Software Package

1. Install the apr Software Package
# Wget-c http://ftp.cuhk.edu.hk/pub/packages/apache.org//apr/apr-1.5.2.tar.bz2
# Tar-jxvf apr-1.5.2.tar.bz2
# Cd apr-1.5.2
#./Configure -- prefix =/usr/
# Make
# Make install

2. Install the apr-util package
# Wget http://ftp.cuhk.edu.hk/pub/packages/apache.org//apr/apr-util-1.5.4.tar.bz2
# Tar-jxvf apr-util-1.5.4.tar.bz2
# Cd apr-util-1.5.4
# Cd/usr/local/src/apr-util-1.5.4
#./Configure -- prefix =/usr/-- with-apr =/usr/
# Make
# Make install

3. Install the pcre Software Package
# Wget-c http://sourceforge.net/projects/pcre/files/pcre/8.37/pcre-8.37.tar.bz2/download
# Tar-jxvf pcre-8.37.tar.bz2
# Cd pcre-8.37
#./Configure -- prefix =/usr/local/
# Make
# Make install

Ii. Install the Apache Software Package

# Wget-c http://apache.fayea.com//httpd/httpd-2.4.16.tar.bz2
# Cd httpd-2.4.16
#./Configure -- prefix =/usr/local/apache-2.4 -- enable-modules = all -- enable-mod-shared = all -- enable-ssl
# Make
# Make install

3. Enable ssl support
1. Change vi httpd. conf to enable
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Include conf/extra/httpd-ssl.conf


4. Generate a self-issued certificate:
# Cd, usr, local, apache-2.4, conf/
# Openssl req-x509-nodes-days 3650-newkey rsa: 2048-keyout server. key-out server. crt
# Enter the country, organization, region, and company name to generate a self-issued certificate based on the actual situation

5. Start the Aapche software test ..
#/Usr/local/apache-2.4/bin/apachectl start
Https: // access. Note that port 443 is enabled on the firewall.


6. Apache + Tomcat-7 Configuration


1. Install JDK
# Wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-7/v7.0.64/bin/apache-tomcat-7.0.64.tar.gz
# Wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.41-src.tar.gz
2. install Tomcat
# Tar-zxvf apache-tomcat-7.0.64.tar.gz
# Ln-s tomcat apache-tomcat-7.0.64

3. Install the tomcat-connectors Module
# Tar-zxvf tomcat-connectors-1.2.41-src.tar.gz
# Cd tomcat-connectors-1.2.41-src
#./Buildconf. sh
#. /Configure -- with-apxs =/usr/local/apache-2.4/bin/apxs -- with-tomcat =/usr/local/tomcat -- with-java-home =/usr/ local/jdk -- with-jni
# Make
# Make install

7. Enable the mod_jk Module

Modify vi httpd. conf and add the following to enable mod_jk module support.

# Load mod_jk module
LoadModule jk_module modules/mod_jk.so
# Where to find workers. properties
JkWorkersFile/usr/local/apache/conf/workers. proferties
# Where to put jk logs
JkLogFile/usr/local/apache/logs/mod_jk.log

# Set the jk log level [debug/error/info]
JkLogLevel info

# Select the timestamp log format
JkLogStampFormat "[% a % B % d % H: % M: % S % Y]"

# JkRequestLogFormat set the request format
JkRequestLogFormat "% w % V % T"

# JkOptions indicate to send ssl key size,
JkOptions + ForwardKeySize + ForwardURICompat-ForwardDirectories

# Send servlet for context/examples to worker named worker1
# JkMount/examples/*. jsp worker1
JkMount/servlet/* worker1

# Send JSPs for context/examples to worker named worker1
JkMount/*. jsp worker1

8. Create a workers. proferties File

[Root @ localhost conf] # more workers. proferties
Workers. tomcat_home =/usr/local/tomcat
Workers. java_home =/usr/local/jdk
Ps =/
Worker. list = worker1
Worker. worker1.port = 8009
Worker. worker1.host = localhost
Worker. worker1.type = ajp13
Worker. worker1.connection _ pool_time out = 600
Worker. worker1.socket _ keepalive = 1
Worker. worker1.lbfactor = 1
Worker. inprocess. stdout = $ (workers. tomcat_home) $ (ps) logs $ (ps) inprocess. stdout
Worker. inprocess. stderr = $ (workers. tomcat_home) $ (ps) logs $ (ps) inprocess. stderr
[Root @ localhost conf] #

IX. Apache + Tomcat + SSL + Virtual Host:

1. Modify: Add the following virtual host to the httpd-ssl.conf

<VirtualHost _ default _: 443>


# General setup for the virtual host
DocumentRoot "/www/clients/aaa.com/htdocs"
ServerName www.aaa.com: 443
ServerAdmin you@example.com
ErrorLog "/www/clients/aaa.com/logs/error_log"
TransferLog "/www/clients/aaa.com/logs/access_log"


<Directory "/www/clients/aaa.com/htdocs">
Options-Indexes + FollowSymlinks
AllowOverride All
Require all granted
DirectoryIndex login. jsp index. jsp
</Directory>


# JkMount/examples/*. jsp worker1
JkMount/servlet/* worker1


# Send JSPs for context/examples to worker named worker1
JkMount/*. jsp worker1




# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.


SSLEngine on


SSLCertificateFile "/usr/local/apache-2.4/conf/server. crt"
SSLCertificateKeyFile "/usr/local/apache-2.4/conf/server. key"


<FilesMatch "\. (cgi | shtml | phtml | php) $">
SSLOptions + StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache-2.4/cgi-bin">
SSLOptions + StdEnvVars
</Directory>


BrowserMatch "MSIE [2-5]" \
Nokeepalive ssl-unclean-shutdown \
Downgrade-1.0 force-response-1.0


CustomLog "/usr/local/apache-2.4/logs/ssl_request_log "\
"% T % h % {SSL_PROTOCOL} x % {SSL_CIPHER} x \" % r \ "% B"


</VirtualHost>




<VirtualHost _ default _: 443>


# General setup for the virtual host
DocumentRoot "/www/clients/bbb.com/htdocs"
ServerName www.bbb.com: 443
ServerAdmin you@example.com
ErrorLog "/www/clients/bbb.com/logs/error_log"
TransferLog "/www/clients/bbb.com/logs/access_log"


<Directory "/www/clients/bbb.com/htdocs">
Options-Indexes + FollowSymlinks
AllowOverride All
Require all granted
DirectoryIndex login. jsp index. jsp
</Directory>


# JkMount/examples/*. jsp worker1
JkMount/servlet/* worker1


# Send JSPs for context/examples to worker named worker1
JkMount/*. jsp worker1




# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.


SSLEngine on


SSLCertificateFile "/usr/local/apache-2.4/conf/server. crt"
SSLCertificateKeyFile "/usr/local/apache-2.4/conf/server. key"


<FilesMatch "\. (cgi | shtml | phtml | php) $">
SSLOptions + StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache-2.4/cgi-bin">
SSLOptions + StdEnvVars
</Directory>


BrowserMatch "MSIE [2-5]" \
Nokeepalive ssl-unclean-shutdown \
Downgrade-1.0 force-response-1.0


CustomLog "/usr/local/apache-2.4/logs/ssl_requbbest_log "\
"% T % h % {SSL_PROTOCOL} x % {SSL_CIPHER} x \" % r \ "% B"


</VirtualHost>


10. Add a Tomcat VM:


1. Modify: Add the following configuration file server. xml of Tomcat:


<Host name = "aaa.com" appBase = "webapps" unpackWARs = "true" autoDeploy = "true">


<Alias> www.aaa.com </Alias>


<Valve className = "org. apache. catalina. authenticator. SingleSignOn"/>
<Valve className = "org. apache. catalina. valves. AccessLogValve" directory = "logs"
Prefix = "aaa.com _ access_log." suffix = ". txt"
Pattern = "% h % l % u % t & quot; % r & quot; % s % B"/>

<Context path = "" docBase = "/www/clients/aaa.com/htdocs"
Debug = "0" reloadable = "true"/>
</Host>




<Host name = "bbb.com" appBase = "webapps" unpackWARs = "true" autoDeploy = "true">


<Alias> www.bbb.com </Alias>


<Valve className = "org. apache. catalina. authenticator. SingleSignOn"/>
<Valve className = "org. apache. catalina. valves. AccessLogValve" directory = "logs"
Prefix = "bbb.com _ access_log." suffix = ". txt"
Pattern = "% h % l % u % t & quot; % r & quot; % s % B"/>


<Context path = "" docBase = "/www/clients/bbb.com/htdocs"
Debug = "0" reloadable = "true"/>
</Host>




11. Compile the test page:

[Root @ localhost htdocs] # pwd
/Www/clients/aaa.com/htdocs
[Root @ localhost htdocs] # more index. jsp
<HTML>
<HEAD>
<TITLE> JSP test page </TITLE>
</HEAD>
<BODY>
<% Out. println ("</BODY>
</HTML>
[Root @ localhost htdocs] #


[Root @ localhost htdocs] # pwd
/Www/clients/bbb.com/htdocs
[Root @ localhost htdocs] # more index. jsp
<HTML>
<HEAD>
<TITLE> JSP test page </TITLE>
</HEAD>
<BODY>
<% Out. println ("</BODY>
</HTML>
[Root @ localhost htdocs] #


12. Start: apache and tomcat for testing
#/Usr/local/apache/bin/apachectl start
#/Usr/local/tomcat/bin/startup. sh

2. Modify the host hosts for testing
Https://www.aaa.com
Https://www.bbb.com

Appendix: optimize Tomcat parameters: Modify: Add the following red characters to the catalina. sh file:
# Set juli LogManager config file if it is present and an override has not been issued
If [-z "$ LOGGING_CONFIG"]; then
If [-r "$ CATALINA_BASE"/conf/logging. properties]; then
LOGGING_CONFIG = "-Djava. util. logging. config. file = $ CATALINA_BASE/conf/logging. properties"
Else
# Bugzilla 45585
LOGGING_CONFIG = "-Dnop"
Fi
Fi
JAVA_OPTS = "-server-Xms256m-Xmx2048m-XX: PermSize = 64 M-XX: MaxNewSize = 256 m-XX: MaxPermSize = 512 m"

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
apache ssl certificate self signed ssl certificate installation steps ssl certificate installation checker starfield ssl certificate installation test ssl certificate openssl test ssl certificate localhost tomcat renew ssl certificate

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More