tomcat構成およびファイアウォールとポートの設定
5718 ワード
この文書は、プロジェクトの導入後に正常にアクセスできない場合に参照してください.
転載先:https://www.digitalocean.com/community/questions/how-to-access-a-java-web-application-by-a-domain-name-using-tomcat-8
How to access a Java web application by a domain name using TomCat 8?
It isn't a question. I already asked for this and nobody answered, so I figured it out by myself. I wish to leave my steps here in case somebody else might find it useful.
I used a droplet with CentOS 7 and TomCat 8 to deploy my webapp.
First of all I followed some tutorials here on DO. https://www.digitalocean.com/community/tutorials/how-to-connect-to-your-droplet-with-sshhttps://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-7https://www.digitalocean.com/community/tutorials/additional-recommended-steps-for-new-centos-7-servershttps://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-8-on-centos-7
If you don't know how to work with the firewallD you could just stop it, but I advice you to get aquatinted with it as you'll need it later to redirect traffic. You can read about it here.https://www.linode.com/docs/security/firewalls/introduction-to-firewalld-on-centos Personally I've configured the firewall in the very end after I was sure I did everything right with TomCat, domain etc. But it's up to you. For now just open port 80 and 8080 and enable some essential services like ssh and http. You can do that by
After that reload the firewall.
Also make sure your firewall runs on system startup by typing
Now you can deploy your WAR via the TomCat web interface. The URL of your site will be http://droplet-ip:8080/yourapp How you need to buy a domain name anywhere you like and map it to your droplet. If you are new to domains like me read this:https://www.digitalocean.com/community/tutorials/an-introduction-to-dns-terminology-components-and-concepts It will make you understand a lot of things you'll need later. After you bought your domain name follow the next tutorial.https://www.digitalocean.com/community/tutorials/how-to-set-up-a-host-name-with-digitalocean After a while (in my case 5 hours) you'll be able to access your webapp with http://www.example.com:8080/yourapp
Now you want to get rid of the/yourapp part and port Nr. 8080.
To do the first thing you need to find TomCat "server.xml"file. You can run
It will search for "server.xml"in your system. In my case it was located under/opt/tomcat/conf/directory. So let us go there.
And open the file under root privileges.
If you followed all the tutorials here, then you should already know how "vi"editor works. So just paste this inside server.xml file.
This entry should be inside the tag. I have put it in the end just before the closing tag. Make sure you pay attention to: name="example.com"- should be your domain name www.example.com - the same but with www in front docBase="yourapp"- should be the name you used in URL to access your webapp after the port Nr. Now TomCat will know what webapp to give if the request will contain the host name example.com or www.example.com So you'll be able to access your app with http://www.example.com:8080
Now to get rid of the port Nr. By default all http request go to port 80, but you can't bind TomCat to it without running it with root privileges, which is bad. So don't do it. You could run Apache as a proxy server in front of TomCat and redirect all traffic from port 80 to 8080, but it is complex. I really don't need a second server just to redirect requests. You should consider this option if you need better performance as you can deliver all static content with Apache and redirect to TomCat the rest. Or use multiple TomCat servers with Apache as a "router"for them. There are pros and cons for these methods, but you must find the information yourself, as here we will simply redirect port 80 to 8080 using CentOS firewallD. Here you will need the firewall I mentioned before. If you already configured your firewall earlier, to redirect ports you type
and reboot it. You are done. Now you can just type www.example.com and get straight where you intended. NOTE this, that I have only TomCat that want to use port 80. If you have additional software they will conflict. In this case you need to apply some rules to redirect to TomCat only what you need. You can read about rules in the link I posted above.
Have a nice day, and I hope it was useful for you. :)
P.S. You can close 8080 port, as you don't need it anymore since you redirect from port 80 now.
転載先:https://www.digitalocean.com/community/questions/how-to-access-a-java-web-application-by-a-domain-name-using-tomcat-8
How to access a Java web application by a domain name using TomCat 8?
It isn't a question. I already asked for this and nobody answered, so I figured it out by myself. I wish to leave my steps here in case somebody else might find it useful.
I used a droplet with CentOS 7 and TomCat 8 to deploy my webapp.
First of all I followed some tutorials here on DO. https://www.digitalocean.com/community/tutorials/how-to-connect-to-your-droplet-with-sshhttps://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-7https://www.digitalocean.com/community/tutorials/additional-recommended-steps-for-new-centos-7-servershttps://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-8-on-centos-7
If you don't know how to work with the firewallD you could just stop it, but I advice you to get aquatinted with it as you'll need it later to redirect traffic. You can read about it here.https://www.linode.com/docs/security/firewalls/introduction-to-firewalld-on-centos Personally I've configured the firewall in the very end after I was sure I did everything right with TomCat, domain etc. But it's up to you. For now just open port 80 and 8080 and enable some essential services like ssh and http. You can do that by
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=8080/tcp
After that reload the firewall.
sudo firewall-cmd --reload
Also make sure your firewall runs on system startup by typing
sudo systemctl enable firewalld
Now you can deploy your WAR via the TomCat web interface. The URL of your site will be http://droplet-ip:8080/yourapp How you need to buy a domain name anywhere you like and map it to your droplet. If you are new to domains like me read this:https://www.digitalocean.com/community/tutorials/an-introduction-to-dns-terminology-components-and-concepts It will make you understand a lot of things you'll need later. After you bought your domain name follow the next tutorial.https://www.digitalocean.com/community/tutorials/how-to-set-up-a-host-name-with-digitalocean After a while (in my case 5 hours) you'll be able to access your webapp with http://www.example.com:8080/yourapp
Now you want to get rid of the/yourapp part and port Nr. 8080.
To do the first thing you need to find TomCat "server.xml"file. You can run
find / -name server.xml
It will search for "server.xml"in your system. In my case it was located under/opt/tomcat/conf/directory. So let us go there.
cd /opt/tomcat/conf/
And open the file under root privileges.
sudo vi server.xml
If you followed all the tutorials here, then you should already know how "vi"editor works. So just paste this inside server.xml file.
www.example.com
This entry should be inside the tag. I have put it in the end just before the closing tag. Make sure you pay attention to: name="example.com"- should be your domain name www.example.com - the same but with www in front docBase="yourapp"- should be the name you used in URL to access your webapp after the port Nr. Now TomCat will know what webapp to give if the request will contain the host name example.com or www.example.com So you'll be able to access your app with http://www.example.com:8080
Now to get rid of the port Nr. By default all http request go to port 80, but you can't bind TomCat to it without running it with root privileges, which is bad. So don't do it. You could run Apache as a proxy server in front of TomCat and redirect all traffic from port 80 to 8080, but it is complex. I really don't need a second server just to redirect requests. You should consider this option if you need better performance as you can deliver all static content with Apache and redirect to TomCat the rest. Or use multiple TomCat servers with Apache as a "router"for them. There are pros and cons for these methods, but you must find the information yourself, as here we will simply redirect port 80 to 8080 using CentOS firewallD. Here you will need the firewall I mentioned before. If you already configured your firewall earlier, to redirect ports you type
sudo firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080 --permanent
and reboot it. You are done. Now you can just type www.example.com and get straight where you intended. NOTE this, that I have only TomCat that want to use port 80. If you have additional software they will conflict. In this case you need to apply some rules to redirect to TomCat only what you need. You can read about rules in the link I posted above.
Have a nice day, and I hope it was useful for you. :)
P.S. You can close 8080 port, as you don't need it anymore since you redirect from port 80 now.