Apache-2.4+Tomcat-7+SSL +VirtualHost+自签发证书安装测试

首頁

後端開發

php教程

Apache-2.4+Tomcat-7+SSL +VirtualHost+自签发证书安装测试_PHP教程

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 12, 2016 am 09:05 AM

android

Apache-2.4+Tomcat-7+SSL +VirtualHost+自签发证书安装测试

一、安装依懒软件包

1、安装apr软件包
# wget -c http://ftp.cuhk.edu.hk/pub/packages/apache.org//apr/apr-1.5.2.tar.bz2
#tar -jxvf apr-1.5.2.tar.bz2
#cd apr-1.5.2
# ./configure --prefix=/usr/
#make
# make install

2、安装apr-util软件包
# wget http://ftp.cuhk.edu.hk/pub/packages/apache.org//apr/apr-util-1.5.4.tar.bz2
#tar -jxvf apr-util-1.5.4.tar.bz2
#cd apr-util-1.5.4
#cd /usr/local/src/apr-util-1.5.4
#./configure --prefix=/usr/ --with-apr=/usr/
#make
#make install

3、安装pcre软件包
#wget -c http://sourceforge.net/projects/pcre/files/pcre/8.37/pcre-8.37.tar.bz2/download
# tar -jxvf pcre-8.37.tar.bz2
#cd pcre-8.37
# ./configure --prefix=/usr/local/
#make
#make install

二、安装Apache软件包

#wget -c http://apache.fayea.com//httpd/httpd-2.4.16.tar.bz2
#cd httpd-2.4.16
#./configure --prefix=/usr/local/apache-2.4 --enable-modules=all --enable-mods-shared=all --enable-ssl
#make
#make install

三、开启ssl支持
1、修改vi httpd.conf 开启
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Include conf/extra/httpd-ssl.conf

四、生成自签发证书：
# cd /usr/local/apache-2.4/conf/
#openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout server.key -out server.crt
#根据实际情况填写国家、组织、地区、公司名生成自签发证书

五、启动Aapche软件测试。。
#/usr/local/apache-2.4/bin/apachectl start
https://访问，注意防火墙开启443端口

六、Apache+Tomcat-7 联配

1、安装JDK 略
# wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-7/v7.0.64/bin/apache-tomcat-7.0.64.tar.gz
# wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.41-src.tar.gz
2、安装Tomcat
# tar -zxvf apache-tomcat-7.0.64.tar.gz
# ln -s tomcat apache-tomcat-7.0.64

3、安装tomcat-connectors模块
# tar -zxvf tomcat-connectors-1.2.41-src.tar.gz
# cd tomcat-connectors-1.2.41-src
# ./ buildconf.sh
# ./configure --with-apxs=/usr/local/apache-2.4/bin/apxs --with-tomcat=/usr/local/tomcat --with-java-home=/usr/local/jdk --with-jni
#make
#make install

七、开启mod_jk模块

修改vi httpd.conf最后添加如下开启 mod_jk module 支持

# Load mod_jk module
LoadModule jk_module modules/mod_jk.so
# Where to find workers.properties
JkWorkersFile /usr/local/apache/conf/workers.proferties
# Where to put jk logs
JkLogFile /usr/local/apache/logs/mod_jk.log

# Set the jk log level [debug/error/info]
JkLogLevel info

# Select the timestamp log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"

# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories

# Send servlet for context /examples to worker named worker1
#JkMount /examples/*.jsp worker1
JkMount /servlet/* worker1

# Send JSPs for context /examples to worker named worker1
JkMount /*.jsp worker1

八、新建 workers.proferties 文件

[root@localhost conf]# more workers.proferties
workers.tomcat_home=/usr/local/tomcat
workers.java_home=/usr/local/jdk
ps=/
worker.list=worker1
worker.worker1.port=8009
worker.worker1.host=localhost
worker.worker1.type=ajp13
worker.worker1.connection_pool_timeout=600
worker.worker1.socket_keepalive=1
worker.worker1.lbfactor=1
worker.inprocess.stdout=$(workers.tomcat_home)$(ps)logs$(ps)inprocess.stdout
worker.inprocess.stderr=$(workers.tomcat_home)$(ps)logs$(ps)inprocess.stderr
[root@localhost conf]#

九、Apache+Tomcat+SSL+虚拟主机：

1、修改： httpd-ssl.conf 添加如下虚拟主机

# General setup for the virtual host
DocumentRoot "/www/clients/aaa.com/htdocs"
ServerName www.aaa.com:443
ServerAdmin you@example.com
ErrorLog "/www/clients/aaa.com/logs/error_log"
TransferLog "/www/clients/aaa.com/logs/access_log"

Options -Indexes +FollowSymlinks
AllowOverride All
Require all granted
DirectoryIndex login.jsp index.jsp

#JkMount /examples/*.jsp worker1
JkMount /servlet/* worker1

# Send JSPs for context /examples to worker named worker1
JkMount /*.jsp worker1

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.

SSLEngine on

SSLCertificateFile "/usr/local/apache-2.4/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache-2.4/conf/server.key"

SSLOptions +StdEnvVars

SSLOptions +StdEnvVars

BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog "/usr/local/apache-2.4/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

# General setup for the virtual host
DocumentRoot "/www/clients/bbb.com/htdocs"
ServerName www.bbb.com:443
ServerAdmin you@example.com
ErrorLog "/www/clients/bbb.com/logs/error_log"
TransferLog "/www/clients/bbb.com/logs/access_log"

Options -Indexes +FollowSymlinks
AllowOverride All
Require all granted
DirectoryIndex login.jsp index.jsp

#JkMount /examples/*.jsp worker1
JkMount /servlet/* worker1

# Send JSPs for context /examples to worker named worker1
JkMount /*.jsp worker1

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.

SSLEngine on

SSLCertificateFile "/usr/local/apache-2.4/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache-2.4/conf/server.key"

SSLOptions +StdEnvVars

SSLOptions +StdEnvVars

BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog "/usr/local/apache-2.4/logs/ssl_requbbest_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

十、添加Tomcat虚拟主机：

1、修改：Tomcat的配置文件 server.xml 添加如下：

www.aaa.com

prefix="aaa.com_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />

debug="0" reloadable="true"/>

www.bbb.com

prefix="bbb.com_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />

debug="0" reloadable="true"/>

十一、编写测试页面：

[root@localhost htdocs]# pwd
/www/clients/aaa.com/htdocs
[root@localhost htdocs]# more index.jsp

JSP测试页面

Hello wwww.aaa.com World! ");%>

[root@localhost htdocs]#

[root@localhost htdocs]# pwd
/www/clients/bbb.com/htdocs
[root@localhost htdocs]# more index.jsp

JSP测试页面

Hello wwww.bbb.com World! ");%>

[root@localhost htdocs]#

十二、启动: apache、tomcat进行测试
# /usr/local/apache/bin/apachectl start
# /usr/local/tomcat/bin/startup.sh

2、修改本机主机hosts 测试
https://www.aaa.com
https://www.bbb.com

附：优化Tomcat参数：修改：catalina.sh文件增加如下红色字
# Set juli LogManager config file if it is present and an override has not been issued
if [ -z "$LOGGING_CONFIG" ]; then
if [ -r "$CATALINA_BASE"/conf/logging.properties ]; then
LOGGING_CONFIG="-Djava.util.logging.config.file=$CATALINA_BASE/conf/logging.properties"
else
# Bugzilla 45585
LOGGING_CONFIG="-Dnop"
fi
fi
JAVA_OPTS="-server -Xms256m -Xmx2048m -XX:PermSize=64M -XX:MaxNewSize=256m -XX:MaxPermSize=512m "

陳述

本文內容由網友自願投稿，版權歸原作者所有。本站不承擔相應的法律責任。如發現涉嫌抄襲或侵權的內容，請聯絡admin@php.cn

您如何防止與會議有關的跨站點腳本（XSS）攻擊？Apr 23, 2025 am 12:16 AM

要保護應用免受與會話相關的XSS攻擊，需採取以下措施：1.設置HttpOnly和Secure標誌保護會話cookie。 2.對所有用戶輸入進行輸出編碼。 3.實施內容安全策略(CSP)限制腳本來源。通過這些策略，可以有效防護會話相關的XSS攻擊，確保用戶數據安全。

您如何優化PHP會話性能？Apr 23, 2025 am 12:13 AM

优化PHP会话性能的方法包括：1.延迟会话启动，2.使用数据库存储会话，3.压缩会话数据，4.管理会话生命周期，5.实现会话共享。这些策略能显著提升应用在高并发环境下的效率。

什麼是session.gc_maxlifetime配置設置？Apr 23, 2025 am 12:10 AM

theSession.gc_maxlifetimesettinginphpdeterminesthelifespanofsessiondata，setInSeconds.1）它'sconfiguredinphp.iniorviaini_set（）.2）abalanceisesneededeededeedeedeededto toavoidperformance andunununununexpectedLogOgouts.3）

您如何在PHP中配置會話名？Apr 23, 2025 am 12:08 AM

在PHP中，可以使用session_name()函數配置會話名稱。具體步驟如下：1.使用session_name()函數設置會話名稱，例如session_name("my_session")。 2.在設置會話名稱後，調用session_start()啟動會話。配置會話名稱可以避免多應用間的會話數據衝突，並增強安全性，但需注意會話名稱的唯一性、安全性、長度和設置時機。

您應該多久再生一次會話ID？Apr 23, 2025 am 12:03 AM

會話ID應在登錄時、敏感操作前和每30分鐘定期重新生成。 1.登錄時重新生成會話ID可防會話固定攻擊。 2.敏感操作前重新生成提高安全性。 3.定期重新生成降低長期利用風險，但需權衡用戶體驗。

如何在PHP中設置會話cookie參數？Apr 22, 2025 pm 05:33 PM

在PHP中設置會話cookie參數可以通過session_set_cookie_params()函數實現。 1)使用該函數設置參數，如過期時間、路徑、域名、安全標誌等；2)調用session_start()使參數生效；3)根據需求動態調整參數，如用戶登錄狀態；4)注意設置secure和httponly標誌以提升安全性。