When we deploy the application to tomcat, the default is accessed through :8080/myapp/.
Obviously, this is only suitable for debugging situations. When used in actual use, we usually bind more accessible paths for the application as needed.
Generally speaking, we do not directly run tomcat on port 80. It is safer to run an http server on port 80 and forward it to port 8080 through a reverse proxy.
The following methods are all implemented based on reverse proxy, requiring corresponding reverse proxy service programs. The use of apache here, which can also be implemented using nginx, which is similar.
First, you need to make sure that the mod_proxy module is enabled:
$ sudo a2enmod proxy $ sudo a2enmod proxy_http $ service apache2 restart
Accessed via port 80
That is, access the web application through /myapp/.
We run apache on port 80, and apache handles the requests on port 80, and then forwards all requests to tomcat running on port 8080, so that there is no need to modify the running port of tomcat, which ensures security on the other hand.
Add configuration files in the /etc/apache2/sites-available/ directory:
<VirtualHost *:80> ServerName ProxyRequests On ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/ </VirtualHost>
Then put the configuration file through the soft link into the /etc/apache2/sites-enabled/ directory to enable the configuration.
The following commands can be used:
$ ln -s /etc/apache2/sites-enabled/
You can also use the commands that come with apache:
$ a2ensite tomcat
Finally reload the apache configuration file:
$ service apache2 reload
Finish.
Access through subdomain
That is, access the web application through /myapp/.
Similar to the above configuration process, the subdomain name request is still forwarded to port 8080 by reverse proxy.
Just change the file to:
<VirtualHost *:80> ServerName ServerAlias ProxyRequests On ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/ </VirtualHost>
Similarly, link the file to the sites-enabled directory and reload configuration.
Domain root path access application
That is, access myapp directly through the form of , without adding the directory name where the application is located.
The file content is as follows, and the other steps are the same.
<VirtualHost *:80> ServerName ServerAlias ProxyRequests On ProxyPass / http://localhost:8080/myapp/ ProxyPassReverse / http://localhost:8080/myapp/ </VirtualHost>
In this way, you can access myapp directly through or through.
There is another way to directly access the application using the root path.
This method does not require reverse proxy services such as apache or nginx, but if you want to use this method, it is best tomcat to only run a single web application to avoid the internal path of one web application conflicting with the paths of other web applications.
We do not consider the port number modification here, and use the default port 8080.
The goal is to access myapp via :8080.
Modify the tomcat/conf/ file
Add the following host configuration in the <Engine> tag:
<Host name="" appBase="webapps" unpackWARs="true" autoDeploy="true"> <Alias></Alias> <Context path="" docBase="myapp" debug="0" privileged="true" /> <Valve className="" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" resolveHosts="false" /> </Host>
The name in the Host tag indicates that the configuration is used to handle requests from the host. Note that name must be a first-level domain name or an IP address.
To enable the subdomain name to use this configuration, that is, the root path directly accesses myapp, you need to use the Alias tag to bind the subdomain name.
The path="" in the Context tag indicates that it is accessed directly through the root path, and docBase="myapp" indicates that the root path is accessed by the myapp application by default.
External shielding port 8080
When we access myapp using a form that does not include a port number, we can also block port 8080 externally, that is, we must forward it from apache to tomcat through port 80.
To prevent the external port from directly accessing 8080, you can add corresponding rules to iptables. For the specific principles and usage of iptables, you can refer to relevant articles by yourself.
Here, just execute the following command:
$ iptables -t mangle -A PREROUTING -p tcp --dport 8080 -j DROP
This command will add a specified rule to the PREROUTING chain in the mangle table, that is, to directly discard the tcp connection from port 8080.
This will prohibit external access to the tomcat application through port 8080.
The above is all the content of this article. I hope it will be helpful to everyone's study and I hope everyone will support me more.