如何直接公開在 CentOS 7 Web 伺服器上執行的應用程式?

如何直接公開在 CentOS 7 Web 伺服器上執行的應用程式?

如何開啟連接埠並直接存取 CentOS 7 上 tomcat 上執行的 web 應用程式? Tomcat 在 apache httpd 反向代理後面運行,但我想透過開啟連接埠直接公開每個應用程式以進行測試,從而直接存取在 tomcat 中運行的應用程式。

firewall-cmd --add-port=8080/tcp當我使用和在防火牆中開啟連接埠 8080 和 8081 時,當我鍵入或、 或時firewall-cmd --add-port=8081/tcp,我可以存取在這些連接埠上執行的應用程式。當我透過 httpd 存取這些應用程式時,它們也可以存取。 server.ip.addr:8080server.ip.addr:8081anydomainontheserver.com:8080anydomainontheserver.com:8081

但是,當我嘗試直接存取在連接埠 8082、8083 和 8084 上執行的應用程式時,我收到 404 錯誤回覆。即使在連接埠 8082 和 8083 上運行的應用程式可以透過其網域透過 httpd 100% 訪問,情況也是如此。運行在連接埠 8084 上的應用程式大多可以透過其網域透過 httpd 存取。在每種情況下,我都輸入並嘗試通過和firewall-cmd --add-port=808x訪問應用程序,但每種情況下都收到 404 錯誤。我什至嘗試在防火牆中打開其 ajp 端口,並在瀏覽器中鍵入和 ,但收到一條瀏覽器錯誤訊息,指出如果不指定錯誤號,則無法檢索頁面。server.ip.addr:808xanydomainontheserver.com:808xserver.ip.addr:80xxanydomainontheserver.com:80xx

那麼如何透過tomcat直接存取8082、8083、8084連接埠上執行的應用進行測試呢?

鍵入firewall-cmd --list-all給出:

public (default, active)
  interfaces: enp3s0
  sources: 
  services: dhcpv6-client http imaps openvpn smtp ssh
  ports: 8009/tcp 8083/tcp 8011/tcp 8084/tcp 8010/tcp 8080/tcp 8081/tcp 8013/tcp 8012/tcp 8082/tcp
  masquerade: yes
  forward-ports: 
  icmp-blocks: 
  rich rules:

鍵入nano /etc/httpd/conf.d/virtualhosts.conf給出:

<VirtualHost *:443>
    ServerName www.vpndomain.com
    ServerAlias vpndomain.com
    ErrorLog /var/log/httpd/vpndomain_com_error.log
    CustomLog /var/log/httpd/vpndomain_com_requests.log combined
    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile /etc/pki/tls/certs/localhost.crt
    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
    ProxyPass / ajp://server.ip.addr:8009/
    ProxyPassReverse / ajp://server.ip.addr:8009/
</VirtualHost>

Listen 444

<VirtualHost *:444>
    ServerName www.vpndomain.com
    ServerAlias vpndomain.com
    ErrorLog /var/log/httpd/vpndomain_com_error.log
    CustomLog /var/log/httpd/vpndomain_com_requests.log combined
    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile /etc/pki/tls/certs/localhost.crt
    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
    ProxyPass / ajp://server.ip.addr:8010/
    ProxyPassReverse / ajp://server.ip.addr:8010/
</VirtualHost>

<VirtualHost www.domain1.com:80>
    ServerName www.domain1.com
    ServerAlias domain1.com
    ErrorLog /var/log/httpd/domain1_com_error.log
    CustomLog /var/log/httpd/domain1_com_requests.log combined
    ProxyPass / ajp://server.ip.addr:8011/
    ProxyPassReverse / ajp://server.ip.addr:8011/
</VirtualHost>

<VirtualHost www.domain2.com:80>
    ServerName www.domain2.com
    ServerAlias domain2.com
    ErrorLog /var/log/httpd/domain2_com_error.log
    CustomLog /var/log/httpd/domain2_com_requests.log combined
    ProxyPass / ajp://server.ip.addr:8012/
    ProxyPassReverse / ajp://server.ip.addr:8012/
</VirtualHost>

<VirtualHost www.domain3.com:80>
    ServerName www.domain3.com
    ServerAlias domain3.com
    ErrorLog /var/log/httpd/domain3_com_error.log
    CustomLog /var/log/httpd/domain3_com_requests.log combined
    ProxyPass / ajp://server.ip.addr:8013
    ProxyPassReverse / ajp://server.ip.addr:8013
</VirtualHost>

輸入 `nano /opt/tomcat/conf/server.xml 給予:

<?xml version='1.0' encoding='utf-8'?>

<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">
    <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
    <Engine name="Catalina" defaultHost="localhost">
          <Realm className="org.apache.catalina.realm.LockOutRealm">
              <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
          </Realm>
          <Host name="localhost"  appBase="webapps" unpackWARs="true" autoDeploy="true">
               <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
                   prefix="ermapp_access_log" suffix=".txt"
                   pattern="%h %l %u %t &quot;%r&quot; %s %b" />
          </Host>
    </Engine>
  </Service>

  <Service name="Upload">
    <Connector port="8081" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8444" />
    <Connector port="8010" protocol="AJP/1.3" redirectPort="8444" />
    <Engine name="Catalina" defaultHost="localhost">
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps_upload" unpackWARs="true" autoDeploy="true">
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="uploadapp_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
      </Host>
    </Engine>
  </Service>

  <Service name="Public">
      <Connector port="8082" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8445" />
      <Connector port="8011" protocol="AJP/1.3" redirectPort="8445" />
      <Engine name="Catalina" defaultHost="localhost">
          <Realm className="org.apache.catalina.realm.LockOutRealm">
              <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
          </Realm>
          <Host name="domain1.com"  appBase="webapps_public" unpackWARs="true" autoDeploy="true">
              <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
                  prefix="domain1_access_log" suffix=".txt"
                  pattern="%h %l %u %t &quot;%r&quot; %s %b" />
          </Host>
      </Engine>
  </Service>

  <Service name="domain2">
      <Connector port="8083" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8446" />
      <Connector port="8012" protocol="AJP/1.3" redirectPort="8446" />
      <Engine name="Catalina" defaultHost="localhost">
          <Realm className="org.apache.catalina.realm.LockOutRealm">
              <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
          </Realm>
          <Host name="domain2.com"  appBase="webapps_domain2" unpackWARs="true" autoDeploy="true">
              <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
                  prefix="domain2_access_log" suffix=".txt"
                  pattern="%h %l %u %t &quot;%r&quot; %s %b" />
          </Host>
      </Engine>
  </Service>

  <Service name="domain3">
      <Connector port="8084" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8447" />
      <Connector port="8013" protocol="AJP/1.3" redirectPort="8447" />
      <Engine name="Catalina" defaultHost="localhost">
          <Realm className="org.apache.catalina.realm.LockOutRealm">
              <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
          </Realm>
          <Host name="domain3.com"  appBase="webapps_domain3" unpackWARs="true" autoDeploy="true">
              <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
                  prefix="domain3_access_log" suffix=".txt"
                  pattern="%h %l %u %t &quot;%r&quot; %s %b" />
          </Host>
      </Engine>
  </Service>

</Server>

答案1

您的 httpd 代理正在使用 AJP 端口,但當您嘗試直接訪問它們時,您正在使用 HTTP 端口。

如果您嘗試將 httpd 代理切換為使用 HTTP 端口,它仍然有效還是會收到 404?

  • 如果當代理程式使用 HTTP 時透過 httpd 收到 404,則 Tomcat 中的 HTTP 連接器有問題。

  • 如果當代理使用 HTTP 連接埠時它仍然可以透過 httpd 工作,那麼問題可能是應用程式本身的內部問題。

答案2

實現目標的更安全方法是透過 SSH 隧道。不會對 tomcat 或 proxy 進行任何設定變更。只需在客戶端和 tomcat 伺服器之間建立 SSH 隧道,然後在本地存取端口,就像這些應用程式在本地客戶端電腦上運行一樣。您有三個服務在 TCP 8082、8083 和 8084 連接埠上偵聽 tomcat。假設tomcat的IP位址是10.10.10.254,使用者是bob

從客戶端電腦建立三個 SSH 隧道,如下所示:

$ ssh -fnN -L 8082:localhost:8082 [email protected]
$ ssh -fnN -L 8083:localhost:8083 [email protected]
$ ssh -fnN -L 8084:localhost:8084 [email protected]

假設這三個應用程式是 Web 應用程序,請在客戶端電腦上開啟 Web 瀏覽器並導航至:

http://localhost:8082
http://localhost:8083
http://localhost:8084

相關內容