apache/Tomcat 연동

아파치 / 톰캣 연동하는 간단 매뉴얼 입니다.

기존
https://192.168.0.208:8080 을
아파치 프록시를 통해
http://192.168.0.206 로 접속 가능

1. 아파치 설치

1) 버전 : Apache 2.4.46 64bit

2) 패키지명: httpd-2.4.46.tar.gz

3) 설치 순서

(*) yum -y install apr-devel apr-util-devel
Installed:
apr-devel.x86_64 0:1.4.8-7.el7 apr-util-devel.x86_64 0:1.5.2-6.el7
Dependency Installed:
cyrus-sasl.x86_64 0:2.1.26-24.el7_9 cyrus-sasl-devel.x86_64 0:2.1.26-24.el7_9 expat-devel.x86_64 0:2.1.0-14.el7_9
libdb-devel.x86_64 0:5.3.21-25.el7 openldap-devel.x86_64 0:2.4.44-25.el7_9
Dependency Updated:
cyrus-sasl-lib.x86_64 0:2.1.26-24.el7_9 expat.x86_64 0:2.1.0-14.el7_9 openldap.x86_64 0:2.4.44-25.el7_9

(1) tar zxvf httpd-2.4.46.tar.gz

(2) cd httpd-2.4.46

(3) ./configure --prefix=/usr/local/apache --enable-so --enable-mods-shared=most --libexecdir=/usr/local/apache/libexec --enable-ssl --enable-rewrite --with-mpm=worker
**configure: error: pcre(2)-config for libpcre not found. PCRE is required and available from http://pcre.org/
pcre-devel-8.32-17.el7.x86_64 설치

**checking whether to enable mod_ssl... configure: error: mod_ssl has been requested but can not be built due to prerequisite failures
openssl-devel 설치

(4) make

(5) make install

4) 설치 위치 : /usr/local/apache



2. 아파치 / 톰캣 연동 모듈 컴파일

1) 최신 패키지 설치 : tomcat-connectors-1.2.48-src.tar.gz

2) 설치 순서

(1) tar zxvf tomcat-connectors-1.2.48-src.tar.gz

(2) cd tomcat-connectors-1.2.48-src

(3) cd native

(4) ./configure --with-apxs=/usr/local/apache/bin/apxs

(5) make

(6) cp apache-2.0/mod_jk.so /usr/local/apache/libexec/.



3. 아파치 httpd.conf 및 관련 파일 설정

1) /usr/local/apache/conf/httpd.conf 수정 : 제일 마지막 줄에 아래 내용 추가

LoadModule jk_module libexec/mod_jk.so

<IfModule jk_module>
JkWorkersFile conf/workers.properties
JkLogFile logs/mod_jk.log
JkLogLevel info
JkShmFile run/mod_jk.shm
JkMountFile conf/uriworkermap.properties
</IfModule>

(*run디렉토리를 만들어줘야 에러가 안뜬다)

2) /usr/local/apache/conf/workers.properties 새 파일 편집 : 톰캣 2개를 연동할 경우

worker.list = worker1, worker2


worker.worker1.type = ajp13
worker.worker1.host = ip입력1
worker.worker1.port = 8009

worker.worker2.type = ajp13
worker.worker2.host = ip입력2
worker.worker2.port = 8019

3) /usr/local/apache/conf/uriworkermap.properties 새 파일 편집

/* = worker1

/* = worker2



4. 톰캣 /data/apache-tomcat-8.5.57_client/conf/server.xml 편집 : ex) 192.168.0.208

<Connector protocol="AJP/1.3"
address="0.0.0.0"
port="8009"
secretRequired="false"
redirectPort="8080" />

5. 톰캣 재기동

6.https 로 세팅 방법

아파치 홈으로 이동
cd /usr/local/apache/conf

openssl genrsa -des3 -out 192.168.0.206.key 1024
openssl req -new -key 192.168.0.206.key -out 192.168.0.206.csr
openssl x509 -req -days 365 -in 192.168.0.206.csr -signkey 192.168.0.206.key -out 192.168.0.206.crt
{ 비밀 번호 제거 }
cp 192.168.0.206.key 192.168.0.206.key.org
openssl rsa -in 192.168.0.206.key.org -out 192.168.0.206.key

*이미 jks파일이 있을 경우, keytool로 crt,key파일 생성
keytool -importkeystore -srckeystore <my-certificate-name>.jks -destkeystore <my-certificate-name>.p12 -deststoretype PKCS12
openssl pkcs12 -in <my-certificate-name>.p12 -nokeys -out <my-certificate-name>.crt
openssl pkcs12 -in <my-certificate-name>.p12 -nocerts -nodes -out <my-certificate-name>.key

[ httpd.conf 주석 제거 ]
/usr/local/apache/conf/httpd.conf에서
#Include conf/extra/httpd-ssl.conf

{ httpd-ssl.conf 수정 }
- DocumentRoot 수정
- server.crt => crt파일이름.crt
- server.key => 키파일이름.key
- <VirtualHost _default_:443> , </VirtualHost> 사이에 아래 내용 추가

jkMount /* worker1

**AH00526: Syntax error on line 52 of /usr/local/apache/conf/extra/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
->/usr/local/apache/conf/httpd.conf 주석제거

#LoadModule ssl_module libexec/apache2/mod_ssl.so
#LoadModule socache_shmcb_module libexec/mod_socache_shmcb.so


에러 뜨는 경우
1.
checking whether to enable mod_ssl... configure: error: mod_ssl has been requested but can not be built due to prerequisite failures
>>yum install openssl-devel

2. /usr/local/apache/logs/error_log
Initializing shm:/usr/local/apache/run/mod_jk.shm.74240 errno=2. Unable to start due to shared memory failure.

3.AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::dd5c:e21d:d14f:a40d. Set the 'ServerName' directive globally to suppress this message
httpd.conf에서 ServerName 수정

4.AH00526: Syntax error on line 52 of /usr/local/apache/conf/extra/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
->/usr/local/apache/conf/httpd.conf 주석제거
#LoadModule ssl_module libexec/apache2/mod_ssl.so
#LoadModule socache_shmcb_module libexec/mod_socache_shmcb.so