??? 由于項目的需要，需要對項目環境進行一些配置，主要是apache和tomcat的整合，并加入集群的功能，在apache中加入ssl，增加其安全性， 我在網上找了很長的時間，找到一些資料，但是都不完整，一般只介紹其中的一部分而已，在這些教程的基礎上，加上官方網站的資料，經過努力終于搞定了。這些 都來自網絡，我只是把他們都整合到一起，希望對你有所幫助，如果你有什么更好的配置方法，請聯系我，謝謝。
目標：apache、tomcat，ssl,的整合，加入集群的功能
操作系統：FC4-i386,redhat as 4
所需軟件：httpd-2.2.0,jakarta-tomcat-5.0.30,jdk1.4或者jdk1.5,openssl-0.9.8,ssl.ca-0.1.tar.gz
安裝openssl
? $ tar zxf?? openssl-0.9.8.tar.gz
? $ cd openssl-0.98
? $ ./config --prefix=/usr/local/ssl
? $ make
? $ make test
? $ make install

安裝httpd,并支持ssl
# tar zxf httpd-2.2.0.tar.gz
# cd httpd-2.2.0

apr和apr-util的安裝

安裝apr
# cd srclib/apr
# ./configure --prefix=/usr/local/apr
# make
# make install

安裝apr-util
# cd ../apr-util/
# ./configure --prefix=/usr/local/apr-util \
??? --with-apr=/usr/local/apr
# make
# make install
# cd ../../

安裝apache
# ./configure --prefix=/usr/local/apache \
??? --enable-so \
--enable-proxy-balancer \
??? --enable-rewrite=share \
??? --enable-proxy=share \
??? --enable-proxy-ajp=share \
??? --enable-dav=share \
??? --with-apr=/usr/local/apr \
??? --with-apr-util=/usr/local/apr-util/? \
??? --enable-ssl=static \
??? --with-ssl=/usr/local/ssl
??? --enable-mods-shared=all
# make
# make install
安裝ssl臨時證書：
ssl.ca-0.1.tar.gz
# cd /usr/local/apache2/conf
# tar zxvf ssl.ca-0.1.tar.gz
# cd ssl.ca-0.1
# ./new-root-ca.sh????????????????? ?
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long modulus
...........................++++++
....++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:??????????? ?
Verifying - Enter pass phrase for ca.key: ?
......
Self-sign the root CA...???????????????? ?
Enter pass phrase for ca.key:????? ?
........
........????????????????????????????? ?
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:ZheJiang
Locality Name (eg, city) [Sitiawan]:HangZhou
Organization Name (eg, company) [My Directory Sdn Bhd]:sc
Organizational Unit Name (eg, section) [Certification Services Division]:sc
Common Name (eg, MD Root CA) []:2
Email Address []:admin@admin.com

這樣就生成了ca.key和ca.crt兩個文件，接下來生成一個證書：
# ./new-server-cert.sh server???? ?
......
......
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:ZheJiang
Locality Name (eg, city) [Sitiawan]:HangZhou
Organization Name (eg, company) [My Directory Sdn Bhd]:sc
Organizational Unit Name (eg, section) [Secure Web Server]:sc
Common Name (eg, www.domain.com) []:2
Email Address []:admin@admin.com

這樣就生成了server.csr和server.key這兩個文件。
還需要簽署一下才能使用的：
# ./sign-server-cert.sh server
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:??????? ?
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName?????????? :PRINTABLE:'CN'
stateOrProvinceName?? :PRINTABLE:'JiangSu'
localityName????????? :PRINTABLE:'NanJing'
organizationName????? :PRINTABLE:'Wiscom System Co.,Ltd'
organizationalUnitName:PRINTABLE:'ACSTAR'
commonName??????????? :PRINTABLE:'acmail.wiscom.com.cn'
emailAddress????????? :IA5STRING:'acmail@wiscom.com.cn'
Certificate is to be certified until Jul 16 12:55:34 2005 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK


下面要按照ssl.conf里面的設置，將證書放在適當的位置。

最后是配置conf/httpd.conf
此文件中找到
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
把#Include conf/extra/httpd-ssl.conf前面的'#'號去掉保存
啟動服務器,測試
$cd bin
$./apachectl start???? ?
瀏覽器中打入http://127.0.0.1/和https://127.0.0.1,如果看到同一個成功畫面,說明apache+ssl配置成功.
jdk的安裝
把jdk1.4或者jdk1.5復制到/usr/local
$chmod 755 jdk....bin
$./jdk....bin
配置全局變量,打開/etc/profile文件,加入
JAVA_HOME=這里為你jdk安裝目錄
JRE_HOME=$JAVA_HOME/jre
PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH:$HOME/bin
export JAVA_HOME JRE_HOME PATH
#ant
PATH=/usr/local/ant/bin:$PATH
export PATH
重起電腦.
配置完畢.
tomcat安裝
首先把tomcat復制到目錄/usr/local
$tar zxf jakarta-tomcat-5.0.30.tar.gz
$cd jakarta-tomcat-5.0.30/bin
$./startup.sh
瀏覽器中打入http://127.0.0.1:8080/,如果看到tomcat的歡迎畫面，表示安裝成功.
配置apache目錄下conf/httpd.conf文件,
此文件中找到
#Include conf/extra/httpd-vhosts.conf
把#Include conf/extra/httpd-ssl.conf前面的'#'號去掉保存,然后打開conf/extra/httpd-vhosts.conf文件的找到<VirtualHost _default_:443>,在其里面加入
??? ServerAdmin admin@easyea.com
??? ProxyPass / ajp://localhost:8009/
??? ProxyPassReverse / ajp://localhost:8009/
??? ServerName localhost
??? ServerAlias www.easyea.com
??? ErrorLog logs/easyea.com-error_log
??? CustomLog logs/easyea.com-access_log common
加入的設置有些是與它原先的默認設置是沖突的,請刪掉相應沖突的設置.
啟動服務器,測試,瀏覽器中打入https://127.0.0.1,如果看到tomcat的歡迎畫面,表示配置成功.
集群和sesion復制
集群
在conf/extra/httpd-vhosts.conf文件的找到<VirtualHost _default_:443>,在其里面加入
<Proxy balancer://128.8.153.203>
?????? BalancerMember ajp://localhost:8009
?????? BalancerMember ajp://128.8.153.81:8009
</Proxy>
<Location /sc/>
?????? ProxyPass balancer://128.8.153.203/sc/
</Location>
sesion復制
??? tomcat的conf/server.xml文件中,把Cluster 部分的注釋去掉,最后一步是把你所要的session復制的項目中的web.xml中加入<distributable />,測試的話你需要兩個配置一樣的tomcat
配置到這里配置完成,在裝的過程中因為環境的問題,配置可能有所不同.
????????????????????????????????????????????????????????? aspirin
??????????????????????????????????????????????????????????? 2006-3-14