Apache¤Î¥¤¥ó¥¹¥È¡¼¥ë †
# yum -y install http
# /sbin/chkconfig httpd --level 35 on
# /sbin/chkconfig --list httpd
httpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
SELinux¤ÎÀßÄê (httpd¤¬SocketÄÌ¿®¤ò¤Ï¤¸¤á¤ë¤³¤È¤òµö²Ä¤¹¤ë) †
- GUI¤ÇÀßÄê
# yum -y install policycoreutils*
# /usr/bin/system-config-selinux
httpd_can_network_connect ¤ò on ¤Ë¤¹¤ë
- CUI¤Î¾ì¹ç
# /usr/sbin/setsebool httpd_can_network_connect true
¤Ç¤â OK
- ¤³¤ÎÀßÄê¤ò¤·¤Ê¤¤¤È /var/www/html/error_log ¤Ë¤³¤ó¤Ê¥¨¥é¡¼¤¬½Ð¤Þ¤¹
[Sat Jan 21 23:01:48 2012] [error] (13)Permission denied: proxy: HTTP:
attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
mod_proxy_http ¤ÎÀßÄê †
- /etc/httpd/conf/httpd.conf ¤òÊÔ½¸¤¹¤ë
#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /glassfish/ http://127.0.0.1:8080/
ProxyPassReverse /glassfish/ http://127.0.0.1:8080/
ProxyPassReverseCookieDomain 127.0.0.1:8080 app.example.com
ProxyPassReverseCookiePath / /glassfish/
</IfModule>
- ÀßÄêÆâÍÆ
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡ app.example.com¡¡¡¡¡¡¡¡ 127.0.0.1:8080
¨£¨¡¨¡¨¡¨¡¨¡¨¤¡½¡½¡¡½¢ª¨£¨¡¨¡¨¡¨¡¨¡¨¤¡½¡½¢¡½¢ª¨£¨¡¨¡¨¡¨¡¨¡¨¤
¨¢¥Ö¥é¥¦¥¶¡¡¨¢¡¡¡¡¡¡¡¡¡¡¨¢Apache¡¡¡¡¨¢¡¡¡¡¡¡¡¡¡¡¨¢Glassfish ¨¢
¨¦¨¡¨¡¨¡¨¡¨¡¨¥¢«¡½¤¡½¡½¨¦¨¡¨¡¨¡¨¡¨¡¨¥¢«¡½£¡½¡½¨¦¨¡¨¡¨¡¨¡¨¡¨¥
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡ (mod_proxy)
ÀßÄê¹àÌÜ | ³µÍ× |
ProxyRequests? | On:¥Õ¥©¥ï¡¼¥É¥×¥í¥¥·(¡¢ªÇ¤°Õ¤ÎWeb¥µ¥¤¥È)¡¢Off:¥ê¥Ð¡¼¥¹¥×¥í¥¥·(¡¢ª¢)¡£É¬¤º Off ¤Ë¤¹¤ë |
<Proxy *> | ï¤Ç¤â Proxy µ¡Ç½¤¬»È¤¨¤ë¤è¤¦¤Ë Allow from all ¤ËÊѹ¹¤¹¤ë |
ProxyPass? | ¡¢ª¢¤Î request header ¤Î½ñ¤´¹¤¨ÄêµÁ¡£/glassfish/ ¤ËÂФ¹¤ë¥¢¥¯¥»¥¹¤ò http://127.0.0.1:8080/ ¤ËžÁ÷¤¹¤ë |
ProxyPassReverse? | £¢ª¤¤Î¥ê¥À¥¤¥ì¥¯¥ÈÍ×µá(Location, Content-Location)¤Î http://127.0.0.1:8080/ ¤ò /glassfish/ ¤Ë½ñ¤´¹¤¨¤ë |
ProxyPassReverseCookieDomain? | £¢ª¤¤Î Set-Cookie ¥Ø¥Ã¥À¤Î domain Í×ÁǤò¡¡127.0.0.1:8080 ¤«¤é app.example.com ¤Ë½ñ¤´¹¤¨¤ë¡£½ñ¤´¹¤¨¸µ¤ÈÀè¤Î»ØÄê½çÈÖ¤¬ ProxyPassReverse? ¤ÈµÕ¡£É¬Íפʤ¤¤«¤â¢ª¥¢¥×¥ê¤Î¼ÂºÝ¤Î¿¶¤ëÉñ¤¤¤ò¤ß¤ÆÄ´À°¤¹¤ë |
ProxyPassReverseCookiePath? | £¢ª¤¤Î Set-Cookie ¥Ø¥Ã¥À¤Î path Í×ÁǤò / ¤«¤é /glassfish/ ¤Ë½ñ¤´¹¤¨¤ë¡£½ñ¤´¹¤¨¸µ¤ÈÀè¤Î»ØÄê½çÈÖ¤¬ ProxyPassReverse? ¤ÈµÕ¡£É¬Íפʤ¤¤«¤â¢ª¥¢¥×¥ê¤Î¼ÂºÝ¤Î¿¶¤ëÉñ¤¤¤ò¤ß¤ÆÄ´À°¤¹¤ëɬÍפ¢¤ê |
- »²¹Íʸ¸¥
¼Â¹Ô·ë²Ì †
Apache ¤ò SSL-Reverse Proxy ¤Ë¤¹¤ë †
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡ app.example.com¡¡¡¡¡¡¡¡ 127.0.0.1:8080
¨£¨¡¨¡¨¡¨¡¨¡¨¤¡½HTTPS(443)¢ª¨£¨¡¨¡¨¡¨¡¨¡¨¤¡½HTTP(8080)¢ª¨£¨¡¨¡¨¡¨¡¨¡¨¤
¨¢¥Ö¥é¥¦¥¶¡¡¨¢¡¡¡¡¡¡ ¡¡¡¡¡¡ ¨¢Apache¡¡¡¡¨¢¡¡¡¡¡¡¡¡¡¡ ¡¡¨¢Glassfish ¨¢
¨¦¨¡¨¡¨¡¨¡¨¡¨¥¢«HTTPS(443)¡½¨¦¨¡¨¡¨¡¨¡¨¡¨¥¢«HTTP(8080)¡½¨¦¨¡¨¡¨¡¨¡¨¡¨¥
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡ (mod_proxy)
- mod_ssl ¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë
# yum -y install mod_ssl
- ¤È¤ê¤¢¤¨¤º°Å¹æ²½¤¹¤ë¤À¤±¤Ê¤é¤³¤ì¤Ç OK¡£
- ¼«Á°¤Î¤ª¤ì¤ª¤ì¾ÚÌÀ½ñ¤ä¡¢Ç§¾Úµ¡´Ø¤Î½ð̾¤Î¤¢¤ë¾ÚÌÀ½ñ¤ò»È¤¦¾ì¹ç¤Ï¡¢
¢ªFedora13 apache
mod_proxy_http vs mod_proxy_ajp †
- Apache ¤È JavaEE ¥µ¡¼¥Ð¤ÎÀܳ¤Ë¤Ä¤¤¤Æ
- ÉáÄÌ¤Ï mod_proxy_ajp ¤Ç¤Ï¤Ê¤¯¤Æ mod_proxy_http ¤Ç¤¤¤¤¤ó¤Ç¤Ï¤Ê¤¤¤Ç¤·¤ç¤¦¤«
- Tomcat 7 ¤Î Keep-Alive ¤Î¥Ç¥Õ¥©¥ë¥ÈÃÍ¤Ï 20000 Éà (5.5»þ´Ö)¡£Apache ¤È¤ÎÏ¢·È¤òÁÛÄꤷ¤¿ÃÍ
- ¤Ê¤Ë¤è¤ê³Ú
- ajp ¤¬µ¡Ç½¤·¤Æ¤¤¤ë¤«¤ÏÄ´¤Ù¤Ë¤¯¤¤¤¬¡¢http ¤¬µ¡Ç½¤·¤Æ¤¤¤ë¤«¤Ï¥Ö¥é¥¦¥¶¤«¤é¥¢¥¯¥»¥¹¤·¤Æ¤ä¤ì¤Ðʬ¤«¤ë¡¡
- ajp ¤Î¾ì¹ç¡¢Tomcat ¤È Apache ¤Îµ¯Æ°½ç¤Ëµ¤¤òÇÛ¤ëɬÍפ¬¤¢¤ë¤¬¡¢http ¤Ê¤éµ¤¤Ë¤·¤Ê¤¯¤Æ¤¤¤¤
- ¤¿¤À¤·¡¢Ê£»¨¤Ë Cookie ¤ä¾ÚÌÀ½ñ¤ò¤ä¤ê¤È¤ê¤¹¤ë¤è¤¦¤ÊÆüì¤Ê¾ì¹ç (SAML¤ò»È¤¦¾ì¹ç¤Ê¤É) ¤Ë¤Ï¡¢ajp ¤ò»È¤ï¤Ê¤¤¤È¹ª¤¯¤¤¤«¤Ê¤¤
- mod_proxy_http ¤Ç¤Ï¡¢JavaEE ¥µ¡¼¥Ð¤Ï¡¢¼«Ê¬¤Ï 127.0.0.1 ¤À¤È»×¤Ã¤ÆÆ°¤¤¤Æ¤¤¤ë¡£¥ê¥À¥¤¥ì¥¯¥È¤ä Cookie ¤Ï apache ¦¤ÇÃÖ´¹¤µ¤ì¤ë
- mod_proxy_ajp ¤Ç¤Ï¡¢JavaEE ¥µ¡¼¥Ð¤Ï¡¢¼«Ê¬¤Ï app.example.com ¤À¤È»×¤Ã¤ÆÆ°¤¤¤Æ¤¤¤ë
Location ¤´¤È¤Ë mod_proxy_ajp ¤È mod_proxy_http ¤òÀÚ¤êÂؤ¨¤ë †
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡ app.example.com¡¡¡¡¡¡¡¡
¨£¨¡¨¡¨¡¨¡¨¡¨¤¡½/glassfish¢ª¨£¨¡¨¡¨¡¨¡¨¡¨¤¡½HTTP(8080)¢ª[Glassfish 127.0.0.1:8080/Glassfish]
¨¢¥Ö¥é¥¦¥¶¡¡¨¢¡¡¡¡¡¡ ¡¡¡¡¡¡ ¨¢Apache¡¡¡¡¨¢¡¡¡¡¡¡¡¡ ¡¡¡¡
¨¦¨¡¨¡¨¡¨¡¨¡¨¥¡½/openam ¡½¢ª¨¦¨¡¨¡¨¡¨¡¨¡¨¥¡½AJP (9009)¢ª[Tomcat 127.0.0.1:9009/openam]
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡ (mod_proxy)
- ¢¨ openam ¤Ï¡¢mod_proxy_http ¤À¤È Cookie ¥É¥á¥¤¥ó̾¤Î´Ø·¸¤Ç¤¦¤Þ¤¯Æ°¤«¤Ê¤«¤Ã¤¿
- ¢¨ openam ¤Î ajp ¥Ý¡¼¥È¤Ï¥Ç¥Õ¥©¥ë¥È¤Î 8009 ¤«¤é 9009 ¤ËÊѹ¹¤·¤Æ¤¢¤ë
- ¢¨ openam ¤Î http (9080*1) ¤Ï»ß¤á¤Ê¤¤Êý¤¬µÈ¡£firewall (iptables) ¤Ç³°¤«¤é¿¨¤é¤»¤Ê¤¤¤è¤¦¤Ë¤·¤Æ¤ª¤¡¢ssh ·Ðͳ(X ¤ä port-forward)¤Ç¥¢¥¯¥»¥¹¤Ç¤¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤¤¤¿Êý¤¬Àº¿À±ÒÀ¸¾å¤è¤¤
- /etc/httpd/conf/httpd.conf
#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location "/glassfish/">
ProxyPass http://127.0.0.1:8080/
ProxyPassReverse http://127.0.0.1:8080/
</Location>
<Location "/openam">
ProxyPass ajp://127.0.0.1:9009/openam
</Location>
</IfModule>
# End of proxy directives.
- http://app.example.com/openam ¤Ç¡¢tomcat ¤ËÀܳ¤µ¤ì¤ë
- https://app.example.com/openam ¤Ç¤â¡¢tomcat ¤ËÀܳ¤µ¤ì¤ë (Apache ¤¬ SSL ¤Î°Å¹æ²½½èÍý¤ò¹Ô¤¦¡£Tomcat ¤Ïʿʸ¤Î HTTP ¤òÏ䷤Ƥ¤¤ë¤À¤±)
- ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó̾ (¥Ç¥£¥ì¥¯¥È¥ê̾) ¤Ï¡¢Apache ¤Î Location ÀßÄê¤È Tomcat ¤Î¥¢¥×¥ê̾¤òƱ¤¸¤Ë¤·¤Æ¤ª¤¯¤Î¤¬µÈ
- Apache ¤Î mod_proxy ¤¬¤ä¤Ã¤Æ¤¯¤ì¤ë¤Î¤Ï¡¢HTTP ¥Ø¥Ã¥À¤Î½ñ¤´¹¤¨¤Î¤ß¤Ç¡¢¥³¥ó¥Æ¥ó¥Ä(HTML) ¤Î½ñ¤´¹¤¨¤Ï¤ä¤Ã¤Æ¤¯¤ì¤Ê¤¤
- Apache ¤Î Location ¤ò /sso ¤È¤·¤Æ¡¢Tomcat ¦¤Î¥¢¥×¥ê̾¤ò /openam ¤Ë¤¹¤ë¤È HTML ¤«¤é¤Î css ¤ä javascript ¤Î¸Æ¤Ó½Ð¤·¤Ë¼ºÇÔ¤¹¤ë
- ¶¯À©Åª¤Ë https ¤ò»È¤ï¤»¤¿¤¤¾ì¹ç¤Ë¤Ï mod_rewrite ¤ò»È¤Ã¤Æ¡¢http ¤Ç¥¢¥¯¥»¥¹¤·¤Æ¤¤¿¾ì¹ç¤Ë https ¤Ë¥ê¥À¥¤¥ì¥¯¥È¤µ¤»¤ë
Java#Glassfish