apache + tomcat 연동 및 ssl인증서 적용

| 2020년 1월 29일 | 0 Comments

안녕하세요 기술지원팀 김민혁입니다. CentOS 6,7에서 설치 진행하였습니다.

설치 환경

CentOS 6.10

Apache/2.4.7

Apache Tomcat/9.0.5

Tomcat-connectors-1.2.46

openjdk version “1.8.0_232”

CentOS7

Apache/2.4.7

Apache Tomcat/9.0.5

Tomcat-connectors-1.2.46

openjdk version “1.8.0_232”

1-1. apache 설치

# yum -y update

# yum -y install openssl openssl-devel libtool libtool-ltdl libtool-ltdl-devel zlib-devel zlib freetype-devel freetype libpng-devel libpng libjpeg-devel libjpeg libtiff-devel libtiff gd-devel gd pcre-devel pcre libxml2-devel libxml2 gdbm-devel gdbm ncurses-devel ncurses curl-devel curl expat-devel expat bzip2-devel bzip2-libs bzip2 libc libc-devel libc-client-devel gcc* wget pam-devel net-snmp* libicu libicu-devel

# cd /usr/local/src

# wget http://mirror.apache-kr.org/apr/apr-1.6.5.tar.gz

# tar zxvf apr-1.6.5.tar.gz

# cd apr-1.6.5

# ./configure –prefix=/usr/local/apr

# make

# make install

# wget http://mirror.apache-kr.org/apr/apr-util-1.6.1.tar.gz

# cd apr-util-1.6.1.tar.gz

# tar zxvf apr-util-1.6.1.tar.gz

# ./configure –with-apr=/usr/local/apr

# make

# make install

# wget http://archive.apache.org/httpd/httpd-2.4.38tar.gz

# cd httpd-2.4.38

# ./configure –prefix=/usr/local/apache –enable-so –enable-rewrite –enable-mods-shared=all –enable-modules=shared –enable-ssl –with-apr=/usr/local/apr –with-apr-util=/usr/local/apr –with-mpm=prefork

# vi server/mpm/prefork/prefork.c

#define DEFAULT_SERVER_LIMIT 256 <–– 값을1024 로 변경

# make

# make install

# /usr/local/apache/bin/apachectl start

1-2. tomcat 설치

# yum install -y java

# java -version

 

이런식으로 자바 버전에 대한 정보가 출력 됩니다.

# wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.5/bin/apache-tomcat-9.0.5.tar.gz

# tar zxvf apache-tomcat-9.0.5.tar.gz

# mv apache-tomcat-9.0.5 /usr/local/tomcat

# vi /etc/profile

JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-0.el7_7.x86_64/jre

CATALINA_HOME=/usr/local/tomcat

CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/lib/jsp-api.jar:$CATALINA_HOME/lib/servletapi.jar

PATH=$PATH:$JAVA_HOME/bin:$CATALINA_HOME/bin

export JAVA_HOME CATALINA_HOME CLASSPASS

# source /etc/profile ← profile 수정내용을 갱신합니다.

# /usr/local/tomcat/bin/start.sh

 

1-3. apache +tomcat 연동

# wget http://apache.tt.co.kr/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.46-src.tar.gz

# tar zxvf tomcat-connectors-1.2.46-src.tar.gz

# cd tomcat-connectors-1.2.46-src/native

# ./configure –-with-apxs=/usr/local/apache/bin/apxs

# make

# make install

# vi /usr/local/apache/conf/workers.properties

workers.tomcat_home=/usr/local/tomcat

workers.java_home=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-0.el7_7.x86_64

worker.list=ajp13 ← 임의의 이름

worker.ajp13.port=8009

worker.ajp13.host=도메인 ← 아이피 혹은 도메인 추가

worker.ajp13.type=ajp13 ← 통신 프로토콜

worker.ajp13.lbfactor=1

# vi /usr/local/apache/conf/httpd.conf

<Directory />

AllowOverride none

Require all granted ← deniedgranted로 수정

</Directory>

<IfModule dir_module>

DirectoryIndex index.html index.jsp ← index.jsp 추가

</IfModule>

Include conf/extra/httpd-vhosts.conf ← 이부분 주석 해제

LoadModule jk_module modules/mod_jk.so

<IfModule mod_jk.c>

JkWorkersFile conf/workers.properties

JkShmFile logs/mod_jk.shm

JkLogFile logs/mod_jk.log

JkLogLevel info

JkLogStampFormat “[%a %b %d %H :%M :%S %Y]”

JkMount /*.jsp ajp13

</IfModule>

# vi /usr/local/apache/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>

DocumentRoot “/home/test” ← 소스 디렉토리 입력

ServerName 도메인 ← 도메인 등록

JkMount /*.jsp ajp13

</VirtualHost>

# vi /usr/local/tomcat/conf/server.xml

<Host name=”도메인” ← 도메인 입력

appBase=”/home/test” ← DocumentRoot 경로 입력

unpackWARs=”true” autoDeploy=”true”>

# mkdir /usr/local/tomcat/conf/Catalina/kmh12.shop ← kmh12.shop 디렉토리 생성

# vi /usr/local/tomcat/conf/Catalina/kmh12.shop/ROOT.xml

<?xml version=”1.0″ encoding=”utf-8″?>

<Context path=” ”

docBase=”/home/test” ← DocumentRoot 경로입력

reloadable=”true”

privileged=”true”>

</Context>

연동 확인을 위하여 tomcat에 있던 jsp소스를 넣었습니다.

1-4. ssl 인증서 발급 및 적용

# yum install -y git

# git clone https://github.com/letsencrypt/letsencrypt

# cd letsencrypt/

# ./letsencrypt-auto certonly –m 이메일 -a webroot -w 소스 디렉토리 -d 도메인

# vi /usr/local/apache/conf/httpd.conf

Include conf/extra/httpd-ssl.conf ← 주석 해제

LoadModule ssl_module modules/mod_ssl.so ← 주석해제

# vi /usr/local/apache/conf/extra/httpd-ssl.conf

DocumentRoot “/home/test”

ServerName 도메인:443 ← 도메인을 추가시켜줍니다.

ErrorLog “/usr/local/apache/logs/error_log”

TransferLog “/usr/local/apache/logs/access_log”

JkMount /*.jsp ajp13 ← tomcat 연동을 위해 추가시켜줍니다.

SSLCertificateFile “/etc/letsencrypt/live/도메인/fullchain.pem”

SSLCertificateKeyFile “/etc/letsencrypt/live/도메인/privkey.pem”

 

인증서 기간 확인

#openssl x509 -in /etc/letsencrypt/live/도메인/fullchain.pem -noout -dates

#openssl x509 -in cert 파일 경로 -noout -dates

Category: 솔루션/IT기타

Avatar

About the Author ()