如何打开端口并直接访问 CentOS 7 上 tomcat 上运行的 web 应用程序? Tomcat 在 apache httpd 反向代理后面运行,但我想通过打开端口直接公开每个应用程序以进行测试,从而直接访问在 tomcat 中运行的应用程序。
firewall-cmd --add-port=8080/tcp当我使用和在防火墙中打开端口 8080 和 8081 时,当我键入或、 或时firewall-cmd --add-port=8081/tcp,我可以访问在这些端口上运行的应用程序。当我通过 httpd 访问这些应用程序时,它们也可以访问。 server.ip.addr:8080server.ip.addr:8081anydomainontheserver.com:8080anydomainontheserver.com:8081
但是,当我尝试直接访问在端口 8082、8083 和 8084 上运行的应用程序时,我收到 404 错误回复。即使在端口 8082 和 8083 上运行的应用程序可以通过其域名通过 httpd 100% 访问,情况也是如此。运行在端口 8084 上的应用程序大多可以通过其域名通过 httpd 访问。在每种情况下,我都输入并尝试通过和firewall-cmd --add-port=808x访问应用程序,但每种情况下都收到 404 错误。我什至尝试在防火墙中打开其 ajp 端口,并在浏览器中键入和 ,但收到一条浏览器错误消息,指出如果不指定错误号,则无法检索页面。server.ip.addr:808xanydomainontheserver.com:808xserver.ip.addr:80xxanydomainontheserver.com:80xx
那么如何通过tomcat直接访问8082、8083、8084端口上运行的应用进行测试呢?
键入firewall-cmd --list-all给出:
public (default, active)
interfaces: enp3s0
sources:
services: dhcpv6-client http imaps openvpn smtp ssh
ports: 8009/tcp 8083/tcp 8011/tcp 8084/tcp 8010/tcp 8080/tcp 8081/tcp 8013/tcp 8012/tcp 8082/tcp
masquerade: yes
forward-ports:
icmp-blocks:
rich rules:
键入nano /etc/httpd/conf.d/virtualhosts.conf给出:
<VirtualHost *:443>
ServerName www.vpndomain.com
ServerAlias vpndomain.com
ErrorLog /var/log/httpd/vpndomain_com_error.log
CustomLog /var/log/httpd/vpndomain_com_requests.log combined
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
ProxyPass / ajp://server.ip.addr:8009/
ProxyPassReverse / ajp://server.ip.addr:8009/
</VirtualHost>
Listen 444
<VirtualHost *:444>
ServerName www.vpndomain.com
ServerAlias vpndomain.com
ErrorLog /var/log/httpd/vpndomain_com_error.log
CustomLog /var/log/httpd/vpndomain_com_requests.log combined
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
ProxyPass / ajp://server.ip.addr:8010/
ProxyPassReverse / ajp://server.ip.addr:8010/
</VirtualHost>
<VirtualHost www.domain1.com:80>
ServerName www.domain1.com
ServerAlias domain1.com
ErrorLog /var/log/httpd/domain1_com_error.log
CustomLog /var/log/httpd/domain1_com_requests.log combined
ProxyPass / ajp://server.ip.addr:8011/
ProxyPassReverse / ajp://server.ip.addr:8011/
</VirtualHost>
<VirtualHost www.domain2.com:80>
ServerName www.domain2.com
ServerAlias domain2.com
ErrorLog /var/log/httpd/domain2_com_error.log
CustomLog /var/log/httpd/domain2_com_requests.log combined
ProxyPass / ajp://server.ip.addr:8012/
ProxyPassReverse / ajp://server.ip.addr:8012/
</VirtualHost>
<VirtualHost www.domain3.com:80>
ServerName www.domain3.com
ServerAlias domain3.com
ErrorLog /var/log/httpd/domain3_com_error.log
CustomLog /var/log/httpd/domain3_com_requests.log combined
ProxyPass / ajp://server.ip.addr:8013
ProxyPassReverse / ajp://server.ip.addr:8013
</VirtualHost>
输入 `nano /opt/tomcat/conf/server.xml 给出:
<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="ermapp_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
<Service name="Upload">
<Connector port="8081" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8444" />
<Connector port="8010" protocol="AJP/1.3" redirectPort="8444" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps_upload" unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="uploadapp_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
<Service name="Public">
<Connector port="8082" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8445" />
<Connector port="8011" protocol="AJP/1.3" redirectPort="8445" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host name="domain1.com" appBase="webapps_public" unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="domain1_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
<Service name="domain2">
<Connector port="8083" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8446" />
<Connector port="8012" protocol="AJP/1.3" redirectPort="8446" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host name="domain2.com" appBase="webapps_domain2" unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="domain2_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
<Service name="domain3">
<Connector port="8084" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8447" />
<Connector port="8013" protocol="AJP/1.3" redirectPort="8447" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host name="domain3.com" appBase="webapps_domain3" unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="domain3_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
答案1
您的 httpd 代理正在使用 AJP 端口,但当您尝试直接访问它们时,您正在使用 HTTP 端口。
如果您尝试将 httpd 代理切换为使用 HTTP 端口,它仍然有效还是会收到 404?
如果当代理使用 HTTP 时通过 httpd 收到 404,则 Tomcat 中的 HTTP 连接器存在问题。
如果当代理使用 HTTP 端口时它仍然可以通过 httpd 工作,那么问题可能是应用程序本身的内部问题。
答案2
实现目标的更安全方法是通过 SSH 隧道。不会对 tomcat 或 proxy 进行任何配置更改。只需在客户端和 tomcat 服务器之间创建 SSH 隧道,然后在本地访问端口,就像这些应用程序在本地客户端计算机上运行一样。您有三个服务在 TCP 8082、8083 和 8084 端口上侦听 tomcat。因此创建三个 SSH 隧道。假设tomcat的IP地址是10.10.10.254,用户是bob
从客户端计算机创建三个 SSH 隧道,如下所示:
$ ssh -fnN -L 8082:localhost:8082 [email protected]
$ ssh -fnN -L 8083:localhost:8083 [email protected]
$ ssh -fnN -L 8084:localhost:8084 [email protected]
假设这三个应用程序是 Web 应用程序,请在客户端计算机上打开 Web 浏览器并导航到:
http://localhost:8082
http://localhost:8083
http://localhost:8084