Since I made a Servlet app the other day, I rented a VPS server to deploy the app on the Web, but I had a tremendous difficulty in building the environment because I had almost no knowledge of Linux and servers. Here, in addition to the actual procedure, I would like to touch on "what is required to deploy a Java application?" And "what is ajp cooperation?" And summarize it as a memorandum.
For reference, I will post my environment this time.
VPS
・ Sakura's VPS
-OS: CentOS Linux release 7.8.2003
JDK
-Version: 1.8.0_262
Apache
-Version: Apache 2.4.6
Tomcat
-Version: apache-tomcat 9.0.37
Unlike static content (HTML files, etc.), dynamic content (Java application, etc.) cannot be processed unless an "application server" is installed in addition to the ** Web server. ** (You also need to install the JDK to execute Java files) This time, we will use "Apache" as the web server and "Tomcat" as the application server.
Since you cannot arrange the server environment for a general rental server as you like, you need to use a server that you can build your own environment, such as VPS (Virtual Private Server). Then, as shown in the figure above, ** How can I link the Web server (Apache) and the application server (Tomcat)? ** At that time, "AJP (Apache JServ Protocol)" is used.
ajp is a protocol for linking Apache and Tomcat, but what is ajp in the first place? The explanation on this site was easy to understand, so I will quote it.
ajp is an abbreviation for Apache Jserv Protocol, which is a protocol used when linking Apache HTTP Server and Apache Tomcat. ajp is a protocol for connecting to Tomcat's ajp server port via TCP. The request received by Apache from the client is transferred to Tomcat's ajp server program by ajp, Tomcat responds the processing result of Servlet etc. to Apache, and Apache responds the response to the client.
[Apache / Tomcat ajp linkage-httpd mod_proxy_ajp, protocol, setting method. ] (https://www.zealseeds.com/SysDevTech/apache_tomcat/connect/ajp/index.html)
Tomcat accepts HTTP communication on port 8080 and AJP communication on port 8009. Therefore, you can access Tomcat directly with `` `http: // IP address: 8080``` without going through Apache, but you rarely use this port when actually operating the app. Always go through a web server. ** Tomcat accepts AJP 1.3 communication on port 8009, so from Apache, you can do AJP communication on this port 8009 **.
Based on the story so far, if you roughly list the actual procedure,
** 1 Install JDK, Web server (Apache), application server (Tomcat) on VPS. ** ** ** 2 Perform the following processing to link Apache and Tomcat. ** ** ** (1) (Tomcat side) Disable the setting of port 8080 and enable the setting of port 8009. ** ** ** (2) (Apache side) Set what path is accessed to link Tomcat. ** **
It will be.
Similar to building an environment on a local PC, Java applications will not work on VPS unless this is installed. If you don't plan to develop on a VPS, a runtime-only installation is sufficient. 〇 When installing the runtime
# yum install java-1.8.0-openjdk
〇 When installing the development environment
# yum install java-1.8.0-openjdk-devel
Check if the installation is successful. If you have installed it properly, enter the following command
$ java -version
The JDK version is displayed as shown below.
openjdk version "1.8.0_262"
OpenJDK Runtime Environment (build 1.8.0_262-b10)
OpenJDK 64-Bit Server VM (build 25.262-b10, mixed mode)
This completes the Java installation.
As mentioned above, Apache is a web server. This time, install version "2.4.6". (1) Install
# yum install httpd
(2) Start Apache
# systemctl start httpd.service
# systemctl enable httpd.service
# systemctl status http.service
(3) Set the firewall The default firewall settings allow access to the web server, so allow access to port 80.
# firewall-cmd --permanent --add-service=http
When "success" is displayed, reload with the following command.
# firewalld-cmd --reload
$ systemctl status firewalld
# firewall-cmd --list-all
This completes the Apache installation. At this point, if you access the ``` http: // VPS IP address /` ``, you will see the Apache test page (the page below).
(1) Install Tomcat in any folder. (This time, set it to / opt
) Install the latest version "9.0.37" at the moment. (See `` `http://tomcat.apache.org/download-90.cgi``` to check the latest version)
$ cd /opt
# wget http://ftp.riken.jp/net/apache/tomcat/tomcat-9/v9.0.37/bin/apache-tomcat-9.0.37.tar.gz
(2) The downloaded apache-tomcat9.0.37.tar.gz
is compressed in gzip format, so decompress it with the following command.
$ tar -xzvf ~/apache-tomcat-9.0.37.tar.gz
(3) Add a dedicated user to operate Tomcat.
# useradd -s /sbin/nologin tomcat
(4) Change the owner of tomcat9.0.37
to tomcat
.
$ chown -R tomcat:tomcat /opt/apache-tomcat-9.0.37
(5) Create a Tomcat unit file. This file uses Linux's `` `Systemd``` service management feature and is needed to automatically launch programs.
/etc/systemc/system/tomcat.Create a service file with the following contents.
#### **`tomcat.service`**
```service
[Unit]
Description=Apache Tomcat 9
After=network.target
[Service]
User=tomcat
Group=tomcat
Type=oneshot
PIDFile=/opt/apache-tomcat-9.0.37/tomcat.pid
RemainAfterExit=yes
ExecStart=/opt/apache-tomcat-9.0.37/bin/startup.sh
ExecStop=/opt/apache-tomcat-9.0.37/bin/shutdown.sh
ExecReStart=/opt/apache-tomcat-9.0.37/bin/shutdown.sh;/opt/apache-tomcat-9.0.37/bin/startup.sh
[Install]
WantedBy=multi-user.target
Then change the permissions on this file.
$ chmod 755 /etc/systemd/system/tomcat.service
At this point, type the following command to enable tomcat.
$ systemctl enable tomcat
(6) Firewall settings
Like Apache, configure the firewall for tomcat. To add a service to which the user applies firewall, the xml file must be placed in `/ etc / firewalld / services```. So, create a
`/etc/firewalld/services/tomcat.xml``` file with the following contents.
tomcat.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Apache Tomcat 9</short>
<description>Apache Tomcat 9</description>
<port protocol="tcp" port="8080"/>
</service>
Then enter the following command to allow tomcat communication.
# firewalld-cmd --add-service=tomcat --zone=public --permanent
# firewall-cmd --reload
# firewall-cmd --list-services --zone=public --permanent
It is OK if "tomcat" is displayed here.
This completes the introduction of Tomcat.
http://IP address of VPS:The 8080 will bring up the tomcat test page.
![tomcat.png](https://qiita-image-store.s3.ap-northeast-1.amazonaws.com/0/673146/a27ef129-fffe-407e-4278-7f1b802adf53.png)
# 5. Integrate Apache and Tomcat
## Settings on the Tomcat side
#### **`opt/apache-tomcat9.0.37/conf/server.Modify xml as follows.`**
** 〇 Comment out the setting of port 8080 and uncomment the setting of port 8009. ** ** ** 〇 Edit the settings of port 8009. ** **
The actual code is here.
Before modification
server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!--
<Connector protocol="AJP/1.3"
address="::1"
port="8009"
redirectPort="8443" />
-->
After modification
server.xml
<!--
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<Connector protocol="AJP/1.3"
address="0.0.0.0"
port="8009"
secretRequired="false"
redirectPort="8443" />
** * Remarks 1 ** Reason for changing the "address" field from ":: 1" to "0.0.0.0" ":: 1" is an IPv6 address, and if the server does not support IPv6, this part will cause an error. (By the way, "0.0.0.0" means to allow access from all hosts) ** * Remark 2 ** Reason for adding "secret Required =" false "" I wasn't sure about this at first, but the answer was in the tomcat changelog.
Rename the requiredSecret attribute of the AJP/1.3 Connector to secret and add a new attribute secretRequired that defaults to true. When secretRequired is true the AJP/1.3 Connector will not start unless the secret attribute is configured to a non-null, non-zero length String. (markt)
Apache Tomcat 9 (9.0.38) - Changelog The part in bold means "If secret is not set, AJP connector will not work if secretRequired is true". In other words, if secret (some password) is not set, an error will occur unless "secretRequired =" false "" is set.
On the Apache side, set ProxyPass to Tomcat.
/etc/httpd/conf/httpd.In the conf file, there is the following description.
IncludeOptional conf.d/*.conf
It says something like "If it is a conf file in the conf.d directory, it will be read." Therefore, create a ```etc / httpd / conf.d / proxy-ajp.conf``` file (file name is arbitrary if it is in `` `.conf``` format) with the following contents, and create Proxypass. Set.
#### **`proxy-ajp.conf`**
```conf
<Location /examples/>
ProxyPass ajp://127.0.0.1:8009/examples/
</Location>
You should now be able to see the Tomcat examples page at `` `http: // IP address / examples```.
Procedure to install Apache Tomcat 9 on CentOS 7 How to link Apache httpd and Tomcat Until you install Apache and Tomcat on Linux (CentOS) and deploy Java apps Stop port 8080 and check AJP / 1.3 protocol
Recommended Posts