httpd也提供了反向代理功能,也可以实现tomcat的反向代理功能
范例:查看代理相关模块
[root@centos8 ~]#httpd -M|grep proxy AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using centos8.localdomain. Set the 'ServerName' directive globally to suppress this message proxy_module (shared) proxy_ajp_module (shared) proxy_balancer_module (shared) proxy_connect_module (shared) proxy_express_module (shared) proxy_fcgi_module (shared) proxy_fdpass_module (shared) proxy_ftp_module (shared) proxy_http_module (shared) proxy_hcheck_module (shared) proxy_scgi_module (shared) proxy_uwsgi_module (shared) proxy_wstunnel_module (shared) proxy_http2_module (shared)
proxy_http_module模块代理配置
vim /etc/httpd/conf.d/http-tomcat.confServerName node1.magedu.com ProxyRequests Off ProxyVia On ProxyPreserveHost On ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/
ProxyRequests:Off 关闭正向代理功能
ProxyPass:反向代理指令
ProxyPassReverse:保留代理的response头不重写(个别除外)
ProxyPreserveHost:On时让反向代理保留原请求的Host首部转发给后端服务器,off 时则删除host首部转发
ProxyVia:On开启。代理的请求响应时提供一个response的via首部,默认值off
http://httpd服务IP/ http://node1.magedu.com/ http://node1.magedu.com/index.jsp 以上3个URL看到了不同的页面,说明ProxyPreserveHost On起了作用 设置ProxyPreserveHost Off再看效果,说明什么?
范例:
#对不同的虚拟主机生成页面文件 [root@centos8 ~]#echo /usr/local/tomcat/webapps/ROOT/test.html > /usr/local/tomcat/webapps/ROOT/test.html [root@centos8 ~]#echo /data/node1/ROOT/test.html > /data/node1/ROOT/test.html [root@centos8 ~]#echo /data/node2/ROOT/test.html > /data/node2/ROOT/test.html #修改httpd配置 [root@centos8 ~]#vim /etc/httpd/conf.d/tomcat.conf [root@centos8 ~]#cat /etc/httpd/conf.d/tomcat.conf实现AJP协议ServerName node1.magedu.org ProxyRequests Off ProxyVia On ProxyPreserveHost On ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ [root@centos8 ~]#systemctl restart httpd #用下面不同URL访问,可以看不同结果 [root@centos8 ~]#curl http://node1.magedu.org/test.html /data/node1/ROOT/test.html [root@centos8 ~]#curl http://node2.magedu.org/test.html /data/node2/ROOT/test.html [root@centos8 ~]#curl http://127.0.0.1/test.html /usr/local/tomcat/webapps/ROOT/test.html [root@centos8 ~]#curl http://10.0.0.8/test.html /usr/local/tomcat/webapps/ROOT/test.html #修改配置 [root@centos8 ~]#vim /etc/httpd/conf.d/tomcat.conf #只修改下面一行 ProxyPreserveHost Off [root@centos8 ~]#systemctl restart httpd #再次用用下面不同URL访问,可以看相同结果 [root@centos8 ~]#curl http://node1.magedu.org/test.html /usr/local/tomcat/webapps/ROOT/test.html [root@centos8 ~]#curl http://node2.magedu.org/test.html /usr/local/tomcat/webapps/ROOT/test.html [root@centos8 ~]#curl http://10.0.0.8/test.html /usr/local/tomcat/webapps/ROOT/test.html [root@centos8 ~]#curl http://127.0.0.1/test.html /usr/local/tomcat/webapps/ROOT/test.html
AJP(Apache JServ Protocol)是定向包协议,是一个二进制的TCP传输协议,相比HTTP这种纯文本的协议来说,效率和性能更高,也做了很多优化。但是浏览器并不能直接支持AJP13协议,只支持HTTP协议。所以实际情况是,通过Apache的proxy_ajp模块进行反向代理,暴露成http协议给客户端访问
proxy_ajp_module模块代理配置
ServerName node1.magedu.com ProxyRequests Off ProxyVia On ProxyPreserveHost On ProxyPass / ajp://127.0.0.1:8009/
查看Server Status可以看到确实使用的是ajp连接了。
相对来讲,AJP协议基于二进制比使用HTTP协议的连接器效率高些。
范例:启用httpd的AJP反向代理功能
[root@centos8 ~]#vim /etc/httpd/conf.d/tomcat.conf [root@centos8 ~]#cat /etc/httpd/conf.d/tomcat.confServerName node1.magedu.com ProxyRequests Off ProxyVia On ProxyPreserveHost On ProxyPass / ajp://127.0.0.1:8009/ [root@centos8 ~]#systemctl restart httpd #再次用用下面不同URL访问,可以看以下结果 [root@centos8 ~]#curl http://node1.magedu.org/test.html /data/node1/ROOT/test.html [root@centos8 ~]#curl http://node2.magedu.org/test.html /data/node2/ROOT/test.html [root@centos8 ~]#curl http://10.0.0.8/test.html /usr/local/tomcat/webapps/ROOT/test.html [root@centos8 ~]#curl http://127.0.0.1/test.html /usr/local/tomcat/webapps/ROOT/test.html [root@centos8 ~]#vim /etc/httpd/conf.d/tomcat.conf #只修改下面一行,关闭向后端转发请求的host首部 ProxyPreserveHost Off #再次用用下面不同URL访问,可以看到和上面一样的结果,说明AJP协议和Http不同,自动转发所有首部信息 [root@centos8 ~]#curl http://node1.magedu.org/test.html /data/node1/ROOT/test.html [root@centos8 ~]#curl http://node2.magedu.org/test.html /data/node2/ROOT/test.html [root@centos8 ~]#curl http://10.0.0.8/test.html /usr/local/tomcat/webapps/ROOT/test.html [root@centos8 ~]#curl http://127.0.0.1/test.html /usr/local/tomcat/webapps/ROOT/test.html
可以通过status页面看到下面AJP的信息
#用iptables禁用AJP的访问 [root@centos8 ~]#iptables -A INPUT -p tcp --dport 8009 -j REJECT [root@centos8 ~]#curl http://node1.magedu.org/test.html503 Service Unavailable Service UnavailableThe server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
除httpd外,其它支持AJP代理的服务器非常少,比如Nginx就不支持AJP,所以目前一般都禁用AJP协议端口
范例:禁用AJP协议
#默认支持AJP协议 [root@centos8 ~]#ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 100 *:8080 *:* LISTEN 0 128 *:80 *:* LISTEN 0 128 [::]:22 [::]:* LISTEN 0 1 [::ffff:127.0.0.1]:8005 *:* LISTEN 0 100 *:8009 *:* #配置tomcat配置文件,删除下面一行 [root@centos8 ~]#vim /usr/local/tomcat/conf/server.xml[root@centos8 ~]#systemctl restart tomcat [root@centos8 ~]#ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 100 *:8080 *:* LISTEN 0 128 *:80 *:* LISTEN 0 128 [::]:22 [::]:* LISTEN 0 1 [::ffff:127.0.0.1]:8005 *:*
欢迎分享,转载请注明来源:内存溢出
评论列表(0条)