分开与Tomcat和Apache的静态动态英文原文.docx
《分开与Tomcat和Apache的静态动态英文原文.docx》由会员分享,可在线阅读,更多相关《分开与Tomcat和Apache的静态动态英文原文.docx(11页珍藏版)》请在冰点文库上搜索。
分开与Tomcat和Apache的静态动态英文原文
SeparatetheStaticfromtheDynamicwithTomcatandApache
AlanBerg
Abstract
HostingservletsviaApache,mod_jk,Tomcat,mod_sslandafewrewriterules.
HostingmultipleJavaWeb-enabledapplicationswithApache/SSLincombinationwithTomcatispotentiallyhighlydetailed.SeparatingthedynamicfromthestaticcontentrequiresURLrewritingandaliases.Thisarticlediscussesoneviableconfiguration.
IdescribethebasicsofhowtohostmultipleJavaWebapplicationsusingapureApacheprojectapproach.Inotherwords,IexplainhowtoapplyApache,mod_ssl,somerewriterulesandtheTomcatServletcontainertogaincontrolofaconsistentandviableproductionenvironment.Inreallife,Iamamore-than-a-little-busydeveloper,andoneofmymore-recenttaskswastodefineandimplementastructuretohostacomplexdatabase-intensiveWeb-enabledsearchablepublicationmechanismthroughthelifecycle.Icondensetheexperiencegainedandexplainthemostrelevantdetailshere.
ThebasicsofplacinganApacheWebserverinfrontofmultipleTomcatserversisexplainedinanarticlebyDanielMcCarthyontheLinuxJournalWebsite(seeResources).ItakethisarticlesomewhatfurtherbyaddingtheabilitytoprovidesecurecommunicationviaSSLandshowhowtooptimizeperformancebyseparatingdynamiccontent,suchasJSPpages,fromstaticcontent,suchasHTMLandimages.Furthersecurityissuesalsoarenoddedatbriefly.
Preparations
Thefollowingpreparationsareforthosewhowanttogenerateaworkinginstanceoftheinfrastructurementioned.ThisinfrastructureinvolvesalocallyconfiguredApacheserverrunningwithtwoTomcatinstances,allbeingreferencedfromaWebbrowserviadifferentloopback(127.0.0.x)addresses.Thisarticleisstillworthreadingwithoutfollowingthroughwiththerecipe.
Iassumethatthefollowinghavebeeninstalled:
Apache1.3xWebserver,mod_ssl,mod_jkandtwoinstancesofaTomcat5.5.xserver,onerunningtheajp1.3connectoronthestandardportof8009andtheshutdownportof8005,andtheotheronport8019and8015.Ihavechosenaplain-oldstableandreliableApache1.3.xserveroveranApache2.xversionontheprinciplethatyoushouldn'tfixwhatisn'tbroken.AttheInstitutesforwhichIhavebeenresponsible,duringthepastfewyearstheyhaverunApache1.3.xwithoutissue,thesystemadministratorshavebuiltuptheirknowledge,andthesystemsaremaintainedandpatchedtothehighestlevelsandsnugglysitinthematuritysectionoftheWebserver'slifecycle.Thesameappliesforthechoiceofmod_jkovermod_jk2.Infact,mod_jk2developmenthasbeendiscontinuedduetothecomplexityofconfiguration.
IfyouhaveaDebian-basedLinuxdistribution,toinstalltheApacheserverwithoutcompiling,trythefollowing:
sudoapt-getinstallapache
sudoapt-getinstalllibapache-mod-jk
sudoapt-getinstalllibapache-mod-ssl
YoushouldnowhavearunningApacheinstancewiththeconfigurationfilessittingunder/etc/apache.
FortheTomcatservers,youhavetwochoices.Thefirstistouseoneinstanceofthebinaryandthentwoinstancesoftheconfiguration,andthenrunastartupscriptthatappliestheuniqueinstanceofthebinarywithdifferentconfigurations.ThesecondchoiceistousetwocopiesoftheTomcatserverandmodifytheserver.xmlfile.Theadvantageofthefirstapproachistheavoidanceofreplicationofexecutablecode.However,thisisnearlyalwaysafalseeconomy.ThesecondapproachhasadvantagesforcomplexenvironmentswhereyouwanttohostdifferentversionsofTomcatservers.ThesecondapproachismorerelevantforApplicationServiceProvidersthathavemultiplecustomers.AdivisionexistsbetweencodethatiswrittenforJava1.5thatrunsnativelyinTomcat5.5(withoutinstallingthe1.4compatibilitypackage)andJava1.4thatrunsinTomcat5.Furthermore,theServletimplementationismoreuptodatethenewertheTomcatversion.Duetothecurrentvelocityofchange,softwarethatishostedformorethanayearcanbeconsideredlegacy,sotherealwayswillbeademandfortheuseofolderbutstillreliableservers.
Next,wewanttotestonlyontheloopbackaddresseswithnopacketsreachingthenetwork.Thiscanbeachievedbymodifyingthe/etc/hostsfiletosomethingsimilarto:
127.0.0.10bronze_a
127.0.0.11silver
127.0.0.12gold
Therefore,everytimeyoutypehttps:
//bronze_a,noDNSlookupsarenecessary.ThepacketsfromthebrowserneverwillreachtheInternetandwillstaylocalto127.0.0.10.
InthemainApacheconfigurationfile,httpd.conf,youwillfindanincludelinethattellsApachetolookundertheconf.ddirectoryforfurtherconfiguration.Forexample:
Include/etc/apache/conf.d
EverytimeapackageisinstalledthatrequiresconfigurationchangesforApache,youwillfindanextraconfigurationfilewithintheconf.ddirectory.Infact,ifyouwant(foraniceaside),trytoinstallDrupalandreadtheDrupal.conffilethatisdumped.
Iwanttokeepourworkseparatefromtherestoftheworld's.Nodoubt,wewillgeneratemistakesduringplaytime.Addasecondlinetoincludeadirectoryforourvirtualhostingfiles:
Include/etc/apache/vhosts
Then,makethedirectories/etc/apache/ssland/etc/apache/vhosts.Later,wewillplaceourcertificatesandserverkeysintheSSLdirectory,onesetpervirtualhost.
Next,checkthehttpd.conffiletoseewhethertheSSLengineisturnedon.Iwanttoturntheengineoffuntilenabledpervirtualhost.So,thelineSSLEngineOnshouldchangetoSSLEngineOff.
NowwehaveanApache1.3.xserverthatisreadyforaction.
IfyouhavenotsetupyourTomcatserversyet,youneedtomodifythefollowinglinesunderthetomcat_root/conf/server.xmlfileforthesecondinstance.Changetheportnumbersto8015fortheshutdowncommandandport8019fortheAJP/1.3connector:
enableLookups="false"protocol="AJP/1.3"/>
Forthesakeofsecurity,changetheshutdownattributefromthevalueSHUTDOWNtosomerandomlylongstring.Otherwise,perhapsontheworstdayunderabadlydefendedsystem,acrackercanTelnetinandtypeSHUTDOWN,andthenyourserverisdown.Also,Iwouldcommentoutthe8080connector.ThereisnoneedtoexposeTomcatdirectlytotheInternet.
Onlyonetaskisleft—tocreatetwoWebapplications.UnderthewebappsdirectoryofthefirstTomcatinstance,createabronze_adirectory,andthenunderthatdirectory,createaWEB-INFdirectory.Placethefollowingweb.xmlfileinWEB_INF:
xmlversion="1.0"encoding="ISO-8859-1"?
>
xsi:
schemaLocation="
version="2.4">
BRONZE_A
BRONZE_ADynamic
index.jsp
Noticethementionofweb-app_2_4.xsd.Thisweb.xmlfilewillnotworkunderTomcat5,whichusesthe2.3standard.Underthewebapps/bronze_adirectory,placethefollowingindex.jspfile.Thisisourpooryetrelevantexampleofdynamiccontent:
<%Stringmess="HelloWorldfromBronze_a";%>
<%=mess%>
<%=request.getRequestURI()%>
Followthesameprocedureforthesecondinstance,butreplacethestringbronze_awithsilverunderthewebapps/silverdirectoryofthesecondTomcatinstance.
WorkingTogether
MakingtheApacheandTomcatserverstalkwitheachotherissurprisinglystraightforward.Ifthisdoesn'talreadyexistsomewherewithinthehttpd.conffile,addthefollowinglinestotheendofthefile:
JkWorkersFile/usr/local/apache/conf/workers.properties
JkLogFile/usr/local/apache/logs/mod_jk.log
JkLogLevelerror
Theexactlocationoftheworker.propertiesfileislefttoyourdiscretion.TheJkLoggFileandJkLogLevelvaluesarenotnecessary,aswewilloverridethemwithinthevirtualhostfiles.However,forpeaceofmind,Iliketoplacedefaultvaluesincaseofmisconfigurationlater.Theworkerpropertydefineshowtheconnectionsbehave.Thefirstlinedefinesthelistofworkers—inthiscase,bronzeandsilver.Thenextlinesareforthedetailsofconfigurationforeachworkerset.bronzeattachesitselftoport8008andsilvertoport8019,withbothsetstalkingtheAJ1.3protocol.Thesetwoworkersetsarementionedlaterinthevirtualhostfiles:
worker.list=bronze,silver
worker.bronze.port=8009
worker.bronze.host=localhost
worker.bronze.type=ajp13
worker.silver.port=8019
worker.silver.host=localhost
worker.silver.type=ajp13
VirtualHosting
VirtualhostingisthehostingofmultipleserversononemachinebylisteningforeitherincominghostnamesorIPaddresses.UsingmultiplevirtualhostswithSSLworksonlyforIP-basedvirtualhosting.Letmeexplainbyexample.First,sayIwanttoviewanormaltransactionbetweenaWebbrowserandaserver.Toachievethis,IusetheratherexcellentApacheSOAPtoolTcpTunnelGui.Todothis,firstdownloadthecurrentarchivefromtheApacheSOAPWebsite(seeResources).Onexpandingit,youwillseeadirectorycalledlib.Performthefollowingactions,andifallgoeswell,youwillhaveJavainstalledlocallyandhavebroughtuptheGUI:
cdlib
java-cp./soap.jar.TcpTunnelGui
↪9001localhost80
TheGUIdisplaysthetextfromanyTCPconnectiongoingthroughport9001andredirectstheinputbacktolocalhost80.FeelfreetochangelocalhosttopointtoyourowntestWebserver.Inyourbrowser,typehttp:
//localhost:
9001.Expecttoseethefollowingtypeoftransaction:
Accept:
*/*
Referer:
http:
//localhost:
9001
Accept-Lan
升级会员 