본문 바로가기
개발/서버

WAS - WEB 연결하기 (with. mod_proxy)

by 설이주인 2024. 5. 12.

WAS - WEB 연결을 위한 작업 - apache 사용

https://tomcat.apache.org/download-connectors.cgi

 

Apache Tomcat® - Tomcat Connectors (mod_jk) Downloads

You must verify the integrity of the downloaded files. We provide OpenPGP signatures for every release file. This signature should be matched against the KEYS file which contains the OpenPGP keys of Tomcat's Release Managers. We also provide SHA512 checksu

tomcat.apache.org

 

아래 링크를 wget을 통해서 다운 받겠다.

 

$# /home/secuser 디렉토리에서 tmp 폴더 생성 후 작업

wget https://dlcdn.apache.org/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.48-src.tar.gz
tar zxvf tomcat-connectors-1.2.48-src.tar.gz
cd tomcat-connectors-1.2.48-src.tar.gz/native

#./configure --with-apxs=/usr/sbin/apxs
# /usr/sbin/apxs <못찾음
# 패키지 설치
yum -y install httpd-devel
find / -name apxs

# ERROR 발생시
gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory
# 아래 설치를 통해 해결해주자
yum install redhat-rpm-config

 

#mod_proxy 세팅 패키지 설치
yum -y install mod_ssl

 

conf/httpd.conf 설정

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
Listen 443

IncludeOptional conf.d/*.conf
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

<VirtualHost *:80>
    ServerName main_domain
    ErrorLog logs/was2-http-error_log
    CustomLog logs/was2-http-access_log common

    ProxyRequests On
    ProxyPreserveHost On

        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        DocumentRoot /var/www/html/testbank


        ProxyPass /static !
        ProxyPass / http://ipaddress1:port/
        ProxyPassReverse /static !
        ProxyPassReverse / http://ipaddress1:port/
        <Location />
                Order allow,deny
                Allow from all
        </Location>

        RewriteEngine On
        RewriteCond %{HTTPS} !on
        RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]

</VirtualHost>

<VirtualHost *:443>
  ServerName main_domain
  ServerAlias sub.main_domain
  #erverAdmin <email주소>

  ProxyRequests Off
  SSLProxyEngine on
  ProxyPreserveHost On
  AllowEncodedSlashes NoDecode

  <Proxy *>
    Order deny,allow
    Allow from all
  </proxy>

  SSLEngine on
  SSLProtocol all -SSLv2
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

  SSLCertificateFile /etc/httpd/conf/ssl/File_Wildcard.main_domain.crt
  SSLCertificateKeyFile /etc/httpd/conf/ssl/KeyFile_Wildcard.main_domain.key
  SSLCertificateChainFile /etc/httpd/conf/ssl/ChainFile_ChainBundle.crt


  ProxyPass /static !
  ProxyPass / http://ipaddress1:port/
  ProxyPassReverse /static !
  ProxyPassReverse / http://ipaddress1:port/

  RequestHeader set X-Forwarded-Proto "https"
  RequestHeader set X-Forwarded-Port "443"

  ErrorLog logs/ssl-error.log
  CustomLog logs/ssl-access.log combined

</VirtualHost>


<VirtualHost *:80>
    ServerName main_domain
    ErrorLog logs/was2-http-error_log
    CustomLog logs/was2-http-access_log common

    ProxyRequests On
    ProxyPreserveHost On

        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        DocumentRoot /var/www/html/testbank


        ProxyPass /static !
        ProxyPass / http://ipaddress2:port/
        ProxyPassReverse /static !
        ProxyPassReverse / http://ipaddress2:port/
        <Location />
                Order allow,deny
                Allow from all
        </Location>

        RewriteEngine On
        RewriteCond %{HTTPS} !on
        RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]

</VirtualHost>

<VirtualHost *:443>
  ServerName main_domain
  ServerAlias sub.main_domain
  #erverAdmin <email주소>

  ProxyRequests Off
  SSLProxyEngine on
  ProxyPreserveHost On
  AllowEncodedSlashes NoDecode

  <Proxy *>
    Order deny,allow
    Allow from all
  </proxy>

  SSLEngine on
  SSLProtocol all -SSLv2
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

  SSLCertificateFile /etc/httpd/conf/ssl/File_Wildcard.main_domain.crt
  SSLCertificateKeyFile /etc/httpd/conf/ssl/KeyFile_Wildcard.main_domain.key
  SSLCertificateChainFile /etc/httpd/conf/ssl/ChainFile_ChainBundle.crt


  ProxyPass /static !
  ProxyPass / http://ipaddress2:port/
  ProxyPassReverse /static !
  ProxyPassReverse / http://ipaddress2:port/

  RequestHeader set X-Forwarded-Proto "https"
  RequestHeader set X-Forwarded-Port "443"

  ErrorLog logs/ssl-error.log
  CustomLog logs/ssl-access.log combined

</VirtualHost>

 

 

conf.d/ssl.conf 설정

NameVirtualHost *:443

 

 

작업을 진행하면서 apache 설정 유효성 검사가 가능하다는 점을 발견해서 명령어를 남겨둔다.

apachectl configtest

 

conf 설정들을 변경하면 daemon 또한 reload를 진행해줘야 하기에 참고하자

systemctl daemon-reload
저작자표시

'개발 > 서버' 카테고리의 다른 글

Linux Apache Tomcat 연동 (동일 서버 설정)  (0) 2024.05.11
[Linux] tomcat shutdown.sh중 오류  (0) 2023.08.06
[Linux] 서버 로그 관리해보자!  (0) 2022.07.16

관련글

티스토리툴바