+1-1+1-1+1-1+1-1...
Apache - Tomcat 연동 본문
728x90
테스트 환경 : RedHat Linux 3.7
Apache 서버 : 192.168.60.13
톰캣 서버 : 192.168.60.14, tomcat 10.0.0
1. 연동모듈 컴파일을 위한 관련 패키지 설치
# 사전 필요 패키지 설치
# 설치 후 /usr/bin/apxs 파일이 생성됨
# apxs는 아파치 하이퍼텍스트 전송 프로토콜 (HTTP) 서버의 확장모듈을 컴파일하고 설치하는 도구임
[root@localhost native]# yum install gcc gcc-c++ httpd-devel
....
Dependency Updated:
cyrus-sasl-lib.x86_64 0:2.1.26-23.el7 expat.x86_64 0:2.1.0-12.el7 glibc.x86_64 0:2.17-317.el7 glibc-common.x86_64 0:2.17-317.el7 libdb.x86_64 0:5.3.21-25.el7
libdb-utils.x86_64 0:5.3.21-25.el7 libgcc.x86_64 0:4.8.5-44.el7 libgomp.x86_64 0:4.8.5-44.el7 libstdc++.x86_64 0:4.8.5-44.el7 openldap.x86_64 0:2.4.44-22.el7
Complete!2. 아파치-톰캣 연결 커넥터 다운로드 및 so 모듈 컴파일
# 연동 모듈 다운로드
[root@localhost ~]# wget -c https://downloads.apache.org/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.48-src.tar.gz
--2021-01-21 09:01:59-- https://downloads.apache.org/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.48-src.tar.gz
Resolving downloads.apache.org (downloads.apache.org)... 88.99.95.219, 2a01:4f8:10a:201a::2
Connecting to downloads.apache.org (downloads.apache.org)|88.99.95.219|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3665280 (3.5M) [application/x-gzip]
Saving to: ‘tomcat-connectors-1.2.48-src.tar.gz’
100%[================================================================================================================================>] 3,665,280 273KB/s in 14s
2021-01-21 09:02:17 (263 KB/s) - ‘tomcat-connectors-1.2.48-src.tar.gz’ saved [3665280/3665280]
[root@localhost ~]# mv tomcat-connectors-1.2.48-src.tar.gz /tmp/
[root@localhost ~]# cd /tmp/
# 압축 풀기
[root@localhost tmp]# tar zxvf tomcat-connectors-1.2.48-src.tar.gz
....
tomcat-connectors-1.2.48-src/docs/common_howto/quick.html
tomcat-connectors-1.2.48-src/docs/common_howto/proxy.html
tomcat-connectors-1.2.48-src/docs/ajp/
tomcat-connectors-1.2.48-src/docs/ajp/ajpv13a.html
tomcat-connectors-1.2.48-src/docs/ajp/printer/
tomcat-connectors-1.2.48-src/docs/ajp/printer/ajpv13a.html
tomcat-connectors-1.2.48-src/docs/ajp/printer/ajpv13ext.html
tomcat-connectors-1.2.48-src/docs/ajp/ajpv13ext.html
[root@localhost tmp]# cd tomcat-connectors-1.2.48-src
[root@localhost tomcat-connectors-1.2.48-src]# ll
# 연동 모듈 빌드 및 Config 구성
[root@localhost tomcat-connectors-1.2.48-src]# cd native/
[root@localhost native]# ./configure --with-apxs=/usr/bin/apxs
.....
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating apache-2.0/Makefile
config.status: creating apache-2.0/Makefile.apxs
config.status: creating common/Makefile
config.status: creating common/list.mk
config.status: creating common/jk_types.h
config.status: creating common/config.h
config.status: executing depfiles commands
config.status: executing libtool commands
# 연동 모듈 빌드
[root@localhost native]# make
......
done;
Making all in common
make[1]: Entering directory `/tmp/tomcat-connectors-1.2.48-src/native/common'
make[1]: `all'를 위해 할 일이 없습니다
make[1]: Leaving directory `/tmp/tomcat-connectors-1.2.48-src/native/common'
Making all in apache-2.0
make[1]: Entering directory `/tmp/tomcat-connectors-1.2.48-src/native/apache-2.0'
../scripts/build/instdso.sh SH_LIBTOOL='/usr/lib64/apr-1/build/libtool --silent' mod_jk.la `pwd`
/usr/lib64/apr-1/build/libtool --silent --mode=install cp mod_jk.la /tmp/tomcat-connectors-1.2.48-src/native/apache-2.0/
libtool: install: warning: remember to run `libtool --finish /usr/lib64/httpd/modules'
make[1]: Leaving directory `/tmp/tomcat-connectors-1.2.48-src/native/apache-2.0'
# 연동 모듈 설치
[root@localhost native]# make install
......
----------------------------------------------------------------------
chmod 755 /usr/lib64/httpd/modules/mod_jk.so
Please be sure to arrange /etc/httpd/conf/httpd.conf...
make[1]: Leaving directory `/tmp/tomcat-connectors-1.2.48-src/native/apache-2.0'
make[1]: Entering directory `/tmp/tomcat-connectors-1.2.48-src/native'
make[2]: Entering directory `/tmp/tomcat-connectors-1.2.48-src/native'
make[2]: `install-exec-am'를 위해 할 일이 없습니다
make[2]: `install-data-am'를 위해 할 일이 없습니다
make[2]: Leaving directory `/tmp/tomcat-connectors-1.2.48-src/native'
# 연동 모듈 생성 확인
[root@localhost native]# ls -Z /etc/httpd/modules/mod_jk.so
-rwxr-xr-x. root root system_u:object_r:httpd_modules_t:s0 /etc/httpd/modules/mod_jk.so
3. 아파치 설정 파일 httpd.conf 수정
[root@localhost native]# vi /etc/httpd/conf/httpd.conf
....
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# ----------------Start to Modify by taks-----------------------------
LoadModule jk_module modules/mod_jk.so
<VirtualHost *:80>
ServerName apache.testlab.net
# 확장자 jsp, json, xml, do를 가진 경로는 woker tomcat으로 연결하는 구문입니다.
JkMount /*.* tomcat
JkMount /*.jsp tomcat
JkMount /*.json tomcat
JkMount /*.xml tomcat
JkMount /*.do tomcat
</VirtualHost>
# ----------------end to Modify by taks---------------------------------
# 아파치 기동시 포함되는 아래 경로에 모듈 설정 파일 읽어드림 -> 이곳에 mod_jk 설정을 생성
Include conf.modules.d/*.conf
4. conf.modules.d/ 폴더에 톰켓 연동 설정 파일 mod_jk.conf 생성
vi /etc/httpd/conf.modules.d/mod_jk.conf
<IfModule mod_jk.c>
# 워커 설정파일 위치 -> 해당 경로에 workers.properties를 만들어 줘야함
JkWorkersFile conf/workers.properties
# 공유 메모리파일 위치 반드시 Selinux 보안때문에 run에 위치 필수
JkShmFile run/mod_jk.shm
# log 위치
JkLogFile logs/mod_jk.log
# 로그레벨 설정
JkLogLevel info
# 로그 포맷에 사용할 시간 형식을 지정한다.
JkLogStampFormat "[%y %m %d %H:%M:%S] "
</IfModule>
#생성 확인
[root@localhost native]# ls /etc/httpd/conf.modules.d/mod_jk.conf
/etc/httpd/conf.modules.d/mod_jk.conf
5. 위에서 지정한 워커설정파일 (conf/workers.properties) 생성
[root@localhost bin]# vi /etc/httpd/conf/workers.propertie
worker.list=tomcat #list에 worker 지정
worker.tomcat.port=8009 #연동 포트 지정
worker.tomcat.host=192.168.60.14 #톰캣 서버 지정
worker.tomcat.type=ajp13 #연동을 ajp 프로토콜 사용
worker.tomcat.lbfactor=1
6 톰캣 서버 연동 포트 확인 및 수정
※ tomcat 7.0.XX 버전에서는 아래와 같이 프로토콜과 포트만 지정해줘도 정상 연동되었음
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
그러나 tomcat 10.X.X 버전 부터 아래와 같이 주소범위 (address)를 ANY로 설정하고
보안연결 옵션(secretRequired)를 명시적으로 해제해줘야함
<Connector port="8009" address="0.0.0.0" protocol="AJP/1.3" redirectPort="8443" secretRequired="false" />
[root@localhost native]# ssh root@192.168.60.14
The authenticity of host '192.168.60.14 (192.168.60.14)' can't be established.
ECDSA key fingerprint is de:ca:97:1b:ea:2e:48:f7:2a:8e:86:07:ae:8f:99:f2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.60.14' (ECDSA) to the list of known hosts.
root@192.168.60.14's password:
Last login: Fri Jan 15 16:21:39 2021 from 192.168.60.1
# 경로는 rpm 설치 혹은 소스설치 방식에 따라 다를 수 있음
[root@localhost ~]# vi /usr/local/tomcat/conf/server.xml
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!--
<Connector protocol="AJP/1.3"
address="::1"
port="8009"
redirectPort="8443" />
!-->
# 아래 내용 추가
<Connector port="8009"
address="0.0.0.0" # 클라이언트 접속 허용 범위 - ANY
protocol="AJP/1.3"
redirectPort="8443"
secretRequired="false" /> # 보안연결 해제 명시적 지정7. 아파치 -> 톰캣 서버 8009 통신 설정
[root@localhost native]# telnet 192.168.60.14 8009
Trying 192.168.60.14...
telnet: connect to address 192.168.60.14: No route to host
# 톰캣 서버 SSH 접속, 8009 방화벽 포트 오픈
[root@localhost native]# ssh root@192.168.60.14
root@192.168.60.14's password:
Last login: Thu Jan 21 10:36:37 2021 from 192.168.60.13
[root@localhost ~]# firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client http https ssh
ports: 8080/tcp
protocols:
masquerade: yes
forward-ports:
sourceports:
icmp-blocks:
rich rules:
[root@localhost httpd]# firewall-cmd --permanent --zone=public --add-masquerade
[root@localhost ~]# firewall-cmd --permanent --add-port=8009/tcp
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# exit
8. 접속 테스트
[root@localhost native]# curl http://192.168.60.13
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>Apache Tomcat/10.0.0</title>
<link href="favicon.ico" rel="icon" type="image/x-icon" />
<link href="tomcat.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
... 이하 생략반응형