Buscar este blog

sábado, 23 de febrero de 2019

Connect Apache Web Server and Apache Tomcat

We have Apache Web Server (httpd) as front-end and Apache Tomcat as back-end.
This solution is based on mod_proxy and AJP connector.

Apache web server config

You have to configure mod_proxy in apache httpd.
I added the following conf file in conf.d directory:

<VirtualHost 172.22.215.219:80>
    Servername sisifo.domain1
 
    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]
 
 
    LogLevel info
    ErrorLog  /var/log/httpd/sisifo.domain1_error_log
    CustomLog /var/log/httpd/sisifo.domain1_access_log combined
</VirtualHost>
 
 
 
<VirtualHost 172.22.215.219:443>
    Servername sisifo.domain1
 
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
 
    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
    SSLCertificateFile /etc/pki/tls/certs/localhost.crt
    #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
    #SSLCACertificatePath /etc/httpd/certs/ca
 
    <Location "/">
    Order Deny,Allow
                    Deny from all
                    Allow from all
                    #Allow from 10.224.0.0/12
    </Location>
 
    ##########
 
    ProxyRequests Off
    ProxyPassMatch ^/(.*)$ balancer://tomcat_cluster/$1$2 stickysession=JSESSIONID|jsessionid
 
    <Proxy balancer://tomcat_cluster>
      BalancerMember ajp://[TOMCAT1]:8009 loadfactor=1 route=jvmTomcat1 ping=1
   BalancerMember ajp://[TOMCAT2]:8009 loadfactor=1 route=jvmTomcat2 ping=1
       
      ProxySet lbmethod=byrequests
      ProxySet nofailover=off
      ProxySet timeout=300
    </Proxy>
     
    ##########
 
    LogLevel info  
    ErrorLog /var/log/httpd/sisifo.domain1_ssl_error_log
    CustomLog /var/log/httpd/sisifo.domain1_ssl_access_log combined
</VirtualHost>

Tomcat config

You have to edit $TOMCAT_HOM/config/server.xml of each tomcat instance and set an unique value for  jvmRoute attribute. This attribute is in Engine tag.

<Engine defaultHost="localhost" name="Catalina" jvmRoute="jvmTomcat1">

No hay comentarios:

Publicar un comentario