如何開啟連接埠並直接存取 CentOS 7 上 tomcat 上執行的 web 應用程式? Tomcat 在 apache httpd 反向代理後面運行,但我想透過開啟連接埠直接公開每個應用程式以進行測試,從而直接存取在 tomcat 中運行的應用程式。
firewall-cmd --add-port=8080/tcp
當我使用和在防火牆中開啟連接埠 8080 和 8081 時,當我鍵入或、 或時firewall-cmd --add-port=8081/tcp
,我可以存取在這些連接埠上執行的應用程式。當我透過 httpd 存取這些應用程式時,它們也可以存取。 server.ip.addr:8080
server.ip.addr:8081
anydomainontheserver.com:8080
anydomainontheserver.com:8081
但是,當我嘗試直接存取在連接埠 8082、8083 和 8084 上執行的應用程式時,我收到 404 錯誤回覆。即使在連接埠 8082 和 8083 上運行的應用程式可以透過其網域透過 httpd 100% 訪問,情況也是如此。運行在連接埠 8084 上的應用程式大多可以透過其網域透過 httpd 存取。在每種情況下,我都輸入並嘗試通過和firewall-cmd --add-port=808x
訪問應用程序,但每種情況下都收到 404 錯誤。我什至嘗試在防火牆中打開其 ajp 端口,並在瀏覽器中鍵入和 ,但收到一條瀏覽器錯誤訊息,指出如果不指定錯誤號,則無法檢索頁面。server.ip.addr:808x
anydomainontheserver.com:808x
server.ip.addr:80xx
anydomainontheserver.com:80xx
那麼如何透過tomcat直接存取8082、8083、8084連接埠上執行的應用進行測試呢?
鍵入firewall-cmd --list-all
給出:
public (default, active)
interfaces: enp3s0
sources:
services: dhcpv6-client http imaps openvpn smtp ssh
ports: 8009/tcp 8083/tcp 8011/tcp 8084/tcp 8010/tcp 8080/tcp 8081/tcp 8013/tcp 8012/tcp 8082/tcp
masquerade: yes
forward-ports:
icmp-blocks:
rich rules:
鍵入nano /etc/httpd/conf.d/virtualhosts.conf
給出:
<VirtualHost *:443>
ServerName www.vpndomain.com
ServerAlias vpndomain.com
ErrorLog /var/log/httpd/vpndomain_com_error.log
CustomLog /var/log/httpd/vpndomain_com_requests.log combined
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
ProxyPass / ajp://server.ip.addr:8009/
ProxyPassReverse / ajp://server.ip.addr:8009/
</VirtualHost>
Listen 444
<VirtualHost *:444>
ServerName www.vpndomain.com
ServerAlias vpndomain.com
ErrorLog /var/log/httpd/vpndomain_com_error.log
CustomLog /var/log/httpd/vpndomain_com_requests.log combined
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
ProxyPass / ajp://server.ip.addr:8010/
ProxyPassReverse / ajp://server.ip.addr:8010/
</VirtualHost>
<VirtualHost www.domain1.com:80>
ServerName www.domain1.com
ServerAlias domain1.com
ErrorLog /var/log/httpd/domain1_com_error.log
CustomLog /var/log/httpd/domain1_com_requests.log combined
ProxyPass / ajp://server.ip.addr:8011/
ProxyPassReverse / ajp://server.ip.addr:8011/
</VirtualHost>
<VirtualHost www.domain2.com:80>
ServerName www.domain2.com
ServerAlias domain2.com
ErrorLog /var/log/httpd/domain2_com_error.log
CustomLog /var/log/httpd/domain2_com_requests.log combined
ProxyPass / ajp://server.ip.addr:8012/
ProxyPassReverse / ajp://server.ip.addr:8012/
</VirtualHost>
<VirtualHost www.domain3.com:80>
ServerName www.domain3.com
ServerAlias domain3.com
ErrorLog /var/log/httpd/domain3_com_error.log
CustomLog /var/log/httpd/domain3_com_requests.log combined
ProxyPass / ajp://server.ip.addr:8013
ProxyPassReverse / ajp://server.ip.addr:8013
</VirtualHost>
輸入 `nano /opt/tomcat/conf/server.xml 給予:
<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="ermapp_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
<Service name="Upload">
<Connector port="8081" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8444" />
<Connector port="8010" protocol="AJP/1.3" redirectPort="8444" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps_upload" unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="uploadapp_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
<Service name="Public">
<Connector port="8082" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8445" />
<Connector port="8011" protocol="AJP/1.3" redirectPort="8445" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host name="domain1.com" appBase="webapps_public" unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="domain1_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
<Service name="domain2">
<Connector port="8083" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8446" />
<Connector port="8012" protocol="AJP/1.3" redirectPort="8446" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host name="domain2.com" appBase="webapps_domain2" unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="domain2_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
<Service name="domain3">
<Connector port="8084" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8447" />
<Connector port="8013" protocol="AJP/1.3" redirectPort="8447" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host name="domain3.com" appBase="webapps_domain3" unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="domain3_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
答案1
您的 httpd 代理正在使用 AJP 端口,但當您嘗試直接訪問它們時,您正在使用 HTTP 端口。
如果您嘗試將 httpd 代理切換為使用 HTTP 端口,它仍然有效還是會收到 404?
如果當代理程式使用 HTTP 時透過 httpd 收到 404,則 Tomcat 中的 HTTP 連接器有問題。
如果當代理使用 HTTP 連接埠時它仍然可以透過 httpd 工作,那麼問題可能是應用程式本身的內部問題。
答案2
實現目標的更安全方法是透過 SSH 隧道。不會對 tomcat 或 proxy 進行任何設定變更。只需在客戶端和 tomcat 伺服器之間建立 SSH 隧道,然後在本地存取端口,就像這些應用程式在本地客戶端電腦上運行一樣。您有三個服務在 TCP 8082、8083 和 8084 連接埠上偵聽 tomcat。假設tomcat的IP位址是10.10.10.254,使用者是bob
從客戶端電腦建立三個 SSH 隧道,如下所示:
$ ssh -fnN -L 8082:localhost:8082 [email protected]
$ ssh -fnN -L 8083:localhost:8083 [email protected]
$ ssh -fnN -L 8084:localhost:8084 [email protected]
假設這三個應用程式是 Web 應用程序,請在客戶端電腦上開啟 Web 瀏覽器並導航至:
http://localhost:8082
http://localhost:8083
http://localhost:8084