Shulou(Shulou.com)06/02 Report--

When we deploy the application to tomcat, it is accessed through http://codebelief.com:8080/myapp/ by default.

Obviously, this only applies to debugging situations, and in actual use, we usually bind more accessible paths for the application as needed.

Generally speaking, instead of running tomcat directly on port 80, it is safer to run a http server on port 80 and forward it to port 8080 through a reverse proxy.

The following methods are based on reverse proxy implementation, which requires a corresponding reverse proxy service program, which is either apache or nginx, which is more or less the same.

First, make sure that the mod_proxy module is turned on:

$sudo a2enmod proxy$ sudo a2enmod proxy_http$ service apache2 restart

Access through port 80

That is to access web applications in the form of http://codebelief.com/myapp/.

We run apache on port 80, and apache handles the requests on port 80, and then forwards all requests to tomcat running on port 8080, so that there is no need to modify the running port of tomcat, on the other hand, it also ensures security.

Add the configuration file tomcat.conf under the / etc/apache2/sites-available/ directory:

ServerName codebelief.comProxyRequests OnProxyPass / http://localhost:8080/ProxyPassReverse / http://localhost:8080/

Then put the configuration file into the / etc/apache2/sites-enabled/ directory via a soft link to enable the configuration.

You can use the following command:

$ln-s tomcat.conf / etc/apache2/sites-enabled/tomcat.conf

You can also use the commands that come with apache:

$a2ensite tomcat

Finally, reload the apache configuration file:

$service apache2 reload

Done.

Access through subdomain name

That is, access the web application through http://app.codebelief.com/myapp/.

Similar to the above configuration process, the subdomain name request is still forwarded to port 8080 by reverse proxy.

Simply change the tomcat.conf file to:

ServerName codebelief.comServerAlias app.codebelief.comProxyRequests OnProxyPass / http://localhost:8080/ProxyPassReverse / http://localhost:8080/

Again, link the file to the sites-enabled directory, and then configure reload.

Domain name root path access application

That is, you can access myapp directly through http://codebelief.com without adding the name of the directory where the application is located.

The contents of the tomcat.conf file are as follows, and the other steps are the same.

ServerName codebelief.comServerAlias app.codebelief.comProxyRequests OnProxyPass / http://localhost:8080/myapp/ProxyPassReverse / http://localhost:8080/myapp/

In this way, you can access myapp directly through http://codebelief.com or http://app.codebelief.com.

There is another way to access the application directly using the root path.

This approach does not require reverse proxy services such as apache or nginx, but if you want to use this approach, it is best for tomcat to run a single web application to avoid conflicts between the internal paths of one web application and those of other web applications.

We do not consider the modification of the port number here, using the default port 8080.

The goal is to access myapp through http://codebelief.com:8080.

Modify the tomcat/conf/server.xml file

Add the following host configuration to the label:

App.codebelief.com

The name in the Host tag indicates that the configuration is used to process requests from the codebelief.com host. Note that name must be a first-level domain name or ip address.

To make the subdomain app.codebelief.com also use this configuration, that is, the root path directly accesses myapp, you need to bind the subdomain using the Alias tag.

The path= "" in the Context tag indicates direct access through the root path, and the docBase= "myapp" indicates that the root path accesses the myapp application by default.

External shielding port 8080

When we access myapp without a port number, we can also block port 8080, that is, it must be forwarded to tomcat by apache through port 80.

To make port 8080 cannot be accessed directly from the outside, you can add corresponding rules to iptables. You can refer to the relevant articles about the specific principle and usage of iptables.

Here, you only need to execute the following command:

$iptables-t mangle-A PREROUTING-p tcp-- dport 8080-j DROP

This command adds the specified rule to the PREROUTING chain in the mangle table, that is, discarding tcp connections from port 8080 directly.

This prevents external access to tomcat applications through port 8080.

The above is the whole content of this article, I hope it will be helpful to your study, and I also hope that you will support it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.