Dk Linux from scratch to build a test environment of + apache + jboss + mod_jk + openssl
Software
1.JDK (Java DevelopmentKit). Java Development Kit. We all know that Java programs can run on most machines do not need to install any additional software, why do we want to install JDK? This is because the Java program in the development process, it is necessary to convert the source code into intermediate code form, that is, class files. Usually run Java programs do not need to install additional software refers to the compiled Java program intermediate code, the general operating system and browser are installed JRE (Java Runtime Environment), and our development environment, generally need to install JDK on source code is compiled. To put it plainly, on behalf of the JDK installed JDK can be used in the installation of a series of program development using Java might use commands in the directory bin directory: including javac, jar, keytool, native2ascii.exe, javaw and so on.
2.apache. apache is a Software Foundation, there are a lot of well-known open source software is this action by the Foundation. And we usually say that the apache software, refer to its Web server, a program that is used to parse static pages. With apache, you can put a static html page on our computers, others can enter the ip address of the computer the way we access our web page in a browser. Note that now the name apache installation program called httpd.
3.jboss. Is a Web server, application server, or called. It differs in that apache: apache fast, but can only parse static pages, but you can resolve jboss dynamic pages such as jsp, its background can also be resolved interact with Java programs. Of course, jboss there are many powerful features, but the main difference is understood here as long as it's like apache, apache fast, but can only parse static pages; jboss more powerful, dynamic pages can be resolved, but resolved static pages when speed is not as fast as the former.
4.mod_jk. Usually take a server that they will use apache + jboss way, so you can take advantage of the speed of apache deal with static pages, but also to use jboss processing dynamic pages. Request a user's browser over to go through apache, if static pages, and it will be parsed by the results returned to jboss, if it is dynamic pages, apache will put forward the request to the jboss processing, jboss process is over, then apache to return to the client. Hence the need for a module can these two things are connected, communicate, and the need to decide what is handled by apache yourself, what things to jboss process forward. This thing is mod_jk.
5.openssl. Secure protocol SSL socket layer protocol that is employed, an encryption method, after treatment in this way users are accessing the site during all communication data is encrypted, even if someone steals the contents of the communication, the encryption is content, and difficult to decipher. To visit us, it is the performance of the URL to https: // at the beginning, we note that this URL Alipay. Openssl achieve a series of the encryption algorithm required when SSL encryption, and the like may be used to generate the key. After generating a certain key on the server folder, and certain configuration, users will be able to use https: // URL that begins with a visit to security.
Download
After installing the Linux operating system, you can install the software. Need to download before installing above 5 software, download the following address:
the JDK: HTTP: //www.oracle.com/technetwork/java/javase/downloads/index.html
the Apache: HTTP: //httpd.apache.org/
Jboss : http: //www.jboss.org/jbossas/downloads.html
mod_jk: HTTP: //apache.freelamp.com//tomcat/tomcat-connectors/jk/binaries/
OpenSSL: HTTP: //www.openssl.org/
software installation
1.JDK installed
after downloaded JDK installation file, is a xxxx.bin file (other students familiar with Linux installation program can also be used to install any other way).
The first step: modify the installation file permissions. Chmod + x permission to modify the bin file with the linux command.
The second step: the implementation of the bin file. Execute the bin file, it will generate a folder, which is extracting the installed JDK. This time you can use all the commands in the bin directory of the folder.
The third step: copy to the target installation directory. In general, our program will linux system installed on somewhere like c: \ program files folders. In linux is usually / usr / local directory. Therefore, the resulting JDK installation folder to copy the installation target directory such as: usr / local / under, installed the JDK.
Step four: set environment variables. Although we can use javac JDK installation in the bin directory, javaw commands, but every time into this folder to perform, in order to knock javac command will be executed in any path, we need to set the bin directory environment variable system. There are three places in the Linux environment variable can be configured, three configurations described method are as follows:
/ etc / environment defined inside Environment variables are global, that is, all users of the operating system can access to these environment variables .
Environment Variables / etc / profile which is defined global, shared by all users. The only difference is that the environment of different input formats. environment in the form of "X = y" defined, profile in use script statements to define, such as "export $ X = y"
and ~ / .bashrc and ~. / profile which defines an environment variable, only the current the user is valid.
Here provided etc / profile, the following were added in the file:
the JAVA_HOME = / usr / local / jdk1.6.0_21
the CLASSPATH =:. $ The JAVA_HOME / lib.tools.jar
the PATH the JAVA_HOME = $ / bin: $ the PATH
Export the JAVA_HOME the CLASSPATH PATH
is added as finished after four rows.
Step five: the environment variables to take effect. Implementation of source / etc / profile so that the environment variables to take effect. At this point all installation and configuration of the JDK will have been completed.
2.Apache installed
here to talk about the normal installation, if you want to support Apache ssl, you need to install ssl. Therefore, after you install behind ssl, ssl will write about support installation. Normal installation:
The first step: decompression. The downloaded the .tar.gz Unzip the package.
Step two: pre-installation configuration. Directory after decompress, run ./configure. This step is prior to the installation of some of the system environment is configured to be seen as a preparation for when the windows install the software. This preparatory work only for the source code package installation needs, if it is binary code, such as speaking in front of jdk installed, you do not need this step.
Step Three: compiler. In the unpacked directory run the make command. This step is all the source code compiler package, generates binary code.
Step four: Install. Still run make install under the above directory. This step is complete the software installation. So far, Apache has been installed in the machine.
Step Five: Start Apache. Apache directory after installation is usually / usr / local / apache2, proceed to the next bin directory, execute ./apachectl start command, i.e., the start Apache. Now enter http://127.0.0.1 in your browser to see the home after the Apache server starts.
3.Jboss install
Jboss is directly extracted with.
The first step: decompression. Jboss downloaded to the archive decompression.
Step two: Copy the installation to the target directory. It refers to the copy of the directory to unpack / lower usr / local jboss to complete the installation.
Step 3: Set the environment variable. After setting the environment variables, you can run the command to start the jboss run.sh anywhere. As with the installation JDK, set the environment variable is to add the bin directory to the PATH to the Jboss.
= JBOSS_HOME / usr / local / jboss-4.0.5.GA
the PATH = $ JBOSS_HOME / bin: $ the PATH
Export JBOSS_HOME the PATH
Step five: the environment variables to take effect. Implementation of source / etc / profile so that the environment variables to take effect. At this point all installation and configuration of Jboss would have done.
4.mod_jk installation
The first step: rename and copy. Mod_jk After downloading the file (Please download according to your apache version to choose) renamed mod_jk.so, copy to the apache installation directory modules folder.
Step Two: httpd.conf configuration file in the apache2 / conf directory is added at the end of mod_jk configuration file is loaded:
the Include conf / MOD-jk.conf. mod-jk.conf new file in the third step.
The third step: the new file conf / mod-jk.conf, and add the following:
mod_jk.so file path # loaded, this path is the actual path mod_jo.so file
LoadModule jk_module modules / mod_jk.so
# work profile, the fourth step in the new, arranged inside jboss server node forwarding address and port number and the like.
The conf JkWorkersFile / the workers.properties
# log file
JkLogFile logs / mod_jk.log
# log level
JkLogLevel info
# log format
JkLogStampFormat "[% A% B% D% H:% M:% S% the Y]"
# JkOptions allows you to set Some forwarding settings, such as SSK KEY SIZE, whether to forward the request is parsed uri, Table of Contents, is set to forward
+ + ForwardURICompatUnparsed -ForwardDirectories ForwardKeySize JkOptions
# request log format
JkRequestLogFormat "% V% W% T"
# forwards the contents to the loadbalancer to handle all applications, a loadbalancer may be provided a plurality of nodes, the loadbalancer conf / workers.properties in configuration.
JkMount / __ __ the Application / LoadBalancer *
# forwarding path detailed configuration file, the file will be created in the fifth step and configure.
# / Examples / * = LoadBalancer
JkMountFile conf / uriworkermap.properties
# the Add Shared Memory. Set shared memory, load balancing knowledge need to learn
# This Directive IS Present with 1.2.10 and
# later versions of mod_jk, and IS needed for
# for to Work Properly Balancing the Load
# Note: Replaced JkShmFile logs / jk.shm Due to the Refer to SELinux AND DELINQUENCY.
# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225452
RUN JkShmFile / jk.shm
# jkstatus for the Add Runtime Data Managing operation data set
<the Location / jkstatus>
JkMount Status
the Order the deny, the allow
Deny from All
the Allow from 127.0.0.1
</ the Location>
Step IV: New conf / workers.properties and enter the following to define a forwarding node:
# Requests for Mapping
# Configuration of the directives are Valid
# for the mod_jk Version 1.2.18 and later the
# forwarding list
worker.list = LoadBalancer, Status
# Node1 the define
# Modify the Host as your host IP or DNS name. port, the port has a configuration in server.xml file jboss in
worker.node1.port = 8009
worker.node1.host = 127.0.0.1
worker.node1.type = ajp13
worker.node1.lbfactor = 1
10 worker.node1.connection_pool_size = # (. 1)
# the Load-Balancing Behavior
worker.loadbalancer.type = LB
worker.loadbalancer.balance_workers = node1
# worker for Managing the Status Load Balancer
worker.status.type = Status
Step Five: New conf /uriworkermap.properties, added thereto forwarding path configuration
# the Mount to the Servlet context ajp13 the worker
/ JMX-Console = LoadBalancer
/ JMX-Console / LoadBalancer * =
/ = LoadBalancer Web-Console
/ Web-Console / * = LoadBalancer
of six steps: start apache and jboss. Enter 127.0.0.1 in a browser can see the apache page. When the path back to join / web-console, jboss services page appears. Successful installation!
Make sure the server.xml file in the following directory /usr/local/jboss-4.0.5.GA/server/default/deploy/jbossweb-tomcat55.sar not commented out:
<-! ON A AJP 1.3 Connector Port 8009 ->
<Connector Port = "8009" address = "$ {} jboss.bind.address"
emptySessionPath = "to true" enableLookups = "to false" the redirectPort = "8443"
Protocol = "AJP / 1.3" />
5.openssl installation, and capable of apache https requests handled
employed with https: // URL of the server will be communicating with a client initiates a connection at the first time, several messages to the client :
1) server certificate signed by a third-party CA is generally recognized institution, usually the domain name or company name, so if they are identical, the site is considered reliable. Otherwise, a warning message will pop up a certificate of insecurity, such as our own SSL certificate test used is not certified, it will pop up this window.
2). The public encryption key used in the communication, the user's browser sends a message to the server in order to public key encryption.
3) The private decryption key used in this communication, the user's browser receives the server information, press this key can be decrypted.
openssl is to achieve a series of SSL encryption algorithm can be used to generate a certificate. Earlier versions of apache server as previous 1.3.x version to use ssl need to use mod_ssl.so module, now comes, it does not require otherwise disposed of.
The first step: decompression #tar zxvf openssl-0.9.7g.tar.
gz second step: compile and install openssl. This software is mainly used to generate certificate:
openssl-0.9.7g #cd
#. / config
#make
#make the Test
#make install
the openssl directory into the kernel, so that it can be run from any directory.
#cd / usr / local / bin
#ln -s / usr / local / ssl / bin / OpenSSL OpenSSL
The third step: compile and install apache. While our installation tutorial apache installation on the front, but the support ssl apache installation should no longer be installed after the installation is complete openssl. Therefore, do not have to delete the original installation of apache, then execute the following command to install one way, the original configuration files are not overwritten. The configure must remember, when I first installed installed apache, useless these options, the results of running up and did not respond.
...... /httpd-2.0.54 #cd
#. / the configure --prefix = "/ opt / apache2" --enable-SO --enable-ssl --with-ssl = "/ usr / local / ssl / bin"
#make
#make install
step Four: generating file key.
../apache2/ #cd
#cd the conf /
#mkdir ssl.key
## then generate the certificate in the directory:
#cd ssl.key /
## generated server private key:
#openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.......................++++++
.................................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
##生成服务器证书请求,并按要求填些相关证书信息:
#openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:tyl
Organization Name (eg, company) [Internet Widgits Pty Ltd]:tz
Organizational Unit Name (eg, section) []:tz
Common Name (eg, YOUR name) []:tyl
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# openssl x509 -req -days 700 -in server.csr -signkey server.key -out server.cert
The ok Signature
subject=/C=AU/ST=Some-State/L=tyl/O=tz/OU=tz/CN=tyl/[email protected]
the Getting Private Key
the Enter Pass phrase for server.key:
To security, then we put these files permissions are set to 400
chmod 400 server.key
chmod 400 server.cert
step Five: configure apache, so that combined with the generated key file.
The local apache2 / conf / ssl.conf document several modifications as follows:
#SSLCertificateFile /opt/apache2/conf/ssl.crt/server.crt # 108 rows
SSLCertificateFile /opt/apache2/conf/ssl.key/server.cert
/opt/apache2/conf/ssl.crt/server-dsa.crt #SSLCertificateFile
SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server.key # 116 line
#SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server -dsa.key
step Six: so we do a good job and now we have to make apache ssl ssl start
...... / apache2 / bin / apachectl startssl
then asked to enter a certificate password, enter the correct start apache ssl it together with the
input in the browser: https: //127.0.0.1
6. the Apache https requests forwarded by jboss treatment
earlier https://127.0.0.1 apache access to a directory, but when added jboss address (as configured front / jmx-console), does not work oh. At this point, we need to set about to encounter when apache https, what needs to be forwarded to the jboss to resolve, it is necessary to add the following this step.
Apache setting in which forwards the request to the url https jboss process. Adding VirtualHost node ssl.conf of: JkMount / jmx-console / * loadbalancer like url forwarding configuration.
Now enter in the browser https: // when, later adding https://127.0.0.1/jmx-console can also be visited, prove that the request has been forwarded by the success to the apache jboss process.
So far, jboss + apache + mod_jk + openssl build better environment.
Software
1.JDK (Java DevelopmentKit). Java Development Kit. We all know that Java programs can run on most machines do not need to install any additional software, why do we want to install JDK? This is because the Java program in the development process, it is necessary to convert the source code into intermediate code form, that is, class files. Usually run Java programs do not need to install additional software refers to the compiled Java program intermediate code, the general operating system and browser are installed JRE (Java Runtime Environment), and our development environment, generally need to install JDK on source code is compiled. To put it plainly, on behalf of the JDK installed JDK can be used in the installation of a series of program development using Java might use commands in the directory bin directory: including javac, jar, keytool, native2ascii.exe, javaw and so on.
2.apache. apache is a Software Foundation, there are a lot of well-known open source software is this action by the Foundation. And we usually say that the apache software, refer to its Web server, a program that is used to parse static pages. With apache, you can put a static html page on our computers, others can enter the ip address of the computer the way we access our web page in a browser. Note that now the name apache installation program called httpd.
3.jboss. Is a Web server, application server, or called. It differs in that apache: apache fast, but can only parse static pages, but you can resolve jboss dynamic pages such as jsp, its background can also be resolved interact with Java programs. Of course, jboss there are many powerful features, but the main difference is understood here as long as it's like apache, apache fast, but can only parse static pages; jboss more powerful, dynamic pages can be resolved, but resolved static pages when speed is not as fast as the former.
4.mod_jk. Usually take a server that they will use apache + jboss way, so you can take advantage of the speed of apache deal with static pages, but also to use jboss processing dynamic pages. Request a user's browser over to go through apache, if static pages, and it will be parsed by the results returned to jboss, if it is dynamic pages, apache will put forward the request to the jboss processing, jboss process is over, then apache to return to the client. Hence the need for a module can these two things are connected, communicate, and the need to decide what is handled by apache yourself, what things to jboss process forward. This thing is mod_jk.
5.openssl. Secure protocol SSL socket layer protocol that is employed, an encryption method, after treatment in this way users are accessing the site during all communication data is encrypted, even if someone steals the contents of the communication, the encryption is content, and difficult to decipher. To visit us, it is the performance of the URL to https: // at the beginning, we note that this URL Alipay. Openssl achieve a series of the encryption algorithm required when SSL encryption, and the like may be used to generate the key. After generating a certain key on the server folder, and certain configuration, users will be able to use https: // URL that begins with a visit to security.
Download
After installing the Linux operating system, you can install the software. Need to download before installing above 5 software, download the following address:
the JDK: HTTP: //www.oracle.com/technetwork/java/javase/downloads/index.html
the Apache: HTTP: //httpd.apache.org/
Jboss : http: //www.jboss.org/jbossas/downloads.html
mod_jk: HTTP: //apache.freelamp.com//tomcat/tomcat-connectors/jk/binaries/
OpenSSL: HTTP: //www.openssl.org/
software installation
1.JDK installed
after downloaded JDK installation file, is a xxxx.bin file (other students familiar with Linux installation program can also be used to install any other way).
The first step: modify the installation file permissions. Chmod + x permission to modify the bin file with the linux command.
The second step: the implementation of the bin file. Execute the bin file, it will generate a folder, which is extracting the installed JDK. This time you can use all the commands in the bin directory of the folder.
The third step: copy to the target installation directory. In general, our program will linux system installed on somewhere like c: \ program files folders. In linux is usually / usr / local directory. Therefore, the resulting JDK installation folder to copy the installation target directory such as: usr / local / under, installed the JDK.
Step four: set environment variables. Although we can use javac JDK installation in the bin directory, javaw commands, but every time into this folder to perform, in order to knock javac command will be executed in any path, we need to set the bin directory environment variable system. There are three places in the Linux environment variable can be configured, three configurations described method are as follows:
/ etc / environment defined inside Environment variables are global, that is, all users of the operating system can access to these environment variables .
Environment Variables / etc / profile which is defined global, shared by all users. The only difference is that the environment of different input formats. environment in the form of "X = y" defined, profile in use script statements to define, such as "export $ X = y"
and ~ / .bashrc and ~. / profile which defines an environment variable, only the current the user is valid.
Here provided etc / profile, the following were added in the file:
the JAVA_HOME = / usr / local / jdk1.6.0_21
the CLASSPATH =:. $ The JAVA_HOME / lib.tools.jar
the PATH the JAVA_HOME = $ / bin: $ the PATH
Export the JAVA_HOME the CLASSPATH PATH
is added as finished after four rows.
Step five: the environment variables to take effect. Implementation of source / etc / profile so that the environment variables to take effect. At this point all installation and configuration of the JDK will have been completed.
2.Apache installed
here to talk about the normal installation, if you want to support Apache ssl, you need to install ssl. Therefore, after you install behind ssl, ssl will write about support installation. Normal installation:
The first step: decompression. The downloaded the .tar.gz Unzip the package.
Step two: pre-installation configuration. Directory after decompress, run ./configure. This step is prior to the installation of some of the system environment is configured to be seen as a preparation for when the windows install the software. This preparatory work only for the source code package installation needs, if it is binary code, such as speaking in front of jdk installed, you do not need this step.
Step Three: compiler. In the unpacked directory run the make command. This step is all the source code compiler package, generates binary code.
Step four: Install. Still run make install under the above directory. This step is complete the software installation. So far, Apache has been installed in the machine.
Step Five: Start Apache. Apache directory after installation is usually / usr / local / apache2, proceed to the next bin directory, execute ./apachectl start command, i.e., the start Apache. Now enter http://127.0.0.1 in your browser to see the home after the Apache server starts.
3.Jboss install
Jboss is directly extracted with.
The first step: decompression. Jboss downloaded to the archive decompression.
Step two: Copy the installation to the target directory. It refers to the copy of the directory to unpack / lower usr / local jboss to complete the installation.
Step 3: Set the environment variable. After setting the environment variables, you can run the command to start the jboss run.sh anywhere. As with the installation JDK, set the environment variable is to add the bin directory to the PATH to the Jboss.
= JBOSS_HOME / usr / local / jboss-4.0.5.GA
the PATH = $ JBOSS_HOME / bin: $ the PATH
Export JBOSS_HOME the PATH
Step five: the environment variables to take effect. Implementation of source / etc / profile so that the environment variables to take effect. At this point all installation and configuration of Jboss would have done.
4.mod_jk installation
The first step: rename and copy. Mod_jk After downloading the file (Please download according to your apache version to choose) renamed mod_jk.so, copy to the apache installation directory modules folder.
Step Two: httpd.conf configuration file in the apache2 / conf directory is added at the end of mod_jk configuration file is loaded:
the Include conf / MOD-jk.conf. mod-jk.conf new file in the third step.
The third step: the new file conf / mod-jk.conf, and add the following:
mod_jk.so file path # loaded, this path is the actual path mod_jo.so file
LoadModule jk_module modules / mod_jk.so
# work profile, the fourth step in the new, arranged inside jboss server node forwarding address and port number and the like.
The conf JkWorkersFile / the workers.properties
# log file
JkLogFile logs / mod_jk.log
# log level
JkLogLevel info
# log format
JkLogStampFormat "[% A% B% D% H:% M:% S% the Y]"
# JkOptions allows you to set Some forwarding settings, such as SSK KEY SIZE, whether to forward the request is parsed uri, Table of Contents, is set to forward
+ + ForwardURICompatUnparsed -ForwardDirectories ForwardKeySize JkOptions
# request log format
JkRequestLogFormat "% V% W% T"
# forwards the contents to the loadbalancer to handle all applications, a loadbalancer may be provided a plurality of nodes, the loadbalancer conf / workers.properties in configuration.
JkMount / __ __ the Application / LoadBalancer *
# forwarding path detailed configuration file, the file will be created in the fifth step and configure.
# / Examples / * = LoadBalancer
JkMountFile conf / uriworkermap.properties
# the Add Shared Memory. Set shared memory, load balancing knowledge need to learn
# This Directive IS Present with 1.2.10 and
# later versions of mod_jk, and IS needed for
# for to Work Properly Balancing the Load
# Note: Replaced JkShmFile logs / jk.shm Due to the Refer to SELinux AND DELINQUENCY.
# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225452
RUN JkShmFile / jk.shm
# jkstatus for the Add Runtime Data Managing operation data set
<the Location / jkstatus>
JkMount Status
the Order the deny, the allow
Deny from All
the Allow from 127.0.0.1
</ the Location>
Step IV: New conf / workers.properties and enter the following to define a forwarding node:
# Requests for Mapping
# Configuration of the directives are Valid
# for the mod_jk Version 1.2.18 and later the
# forwarding list
worker.list = LoadBalancer, Status
# Node1 the define
# Modify the Host as your host IP or DNS name. port, the port has a configuration in server.xml file jboss in
worker.node1.port = 8009
worker.node1.host = 127.0.0.1
worker.node1.type = ajp13
worker.node1.lbfactor = 1
10 worker.node1.connection_pool_size = # (. 1)
# the Load-Balancing Behavior
worker.loadbalancer.type = LB
worker.loadbalancer.balance_workers = node1
# worker for Managing the Status Load Balancer
worker.status.type = Status
Step Five: New conf /uriworkermap.properties, added thereto forwarding path configuration
# the Mount to the Servlet context ajp13 the worker
/ JMX-Console = LoadBalancer
/ JMX-Console / LoadBalancer * =
/ = LoadBalancer Web-Console
/ Web-Console / * = LoadBalancer
of six steps: start apache and jboss. Enter 127.0.0.1 in a browser can see the apache page. When the path back to join / web-console, jboss services page appears. Successful installation!
Make sure the server.xml file in the following directory /usr/local/jboss-4.0.5.GA/server/default/deploy/jbossweb-tomcat55.sar not commented out:
<-! ON A AJP 1.3 Connector Port 8009 ->
<Connector Port = "8009" address = "$ {} jboss.bind.address"
emptySessionPath = "to true" enableLookups = "to false" the redirectPort = "8443"
Protocol = "AJP / 1.3" />
5.openssl installation, and capable of apache https requests handled
employed with https: // URL of the server will be communicating with a client initiates a connection at the first time, several messages to the client :
1) server certificate signed by a third-party CA is generally recognized institution, usually the domain name or company name, so if they are identical, the site is considered reliable. Otherwise, a warning message will pop up a certificate of insecurity, such as our own SSL certificate test used is not certified, it will pop up this window.
2). The public encryption key used in the communication, the user's browser sends a message to the server in order to public key encryption.
3) The private decryption key used in this communication, the user's browser receives the server information, press this key can be decrypted.
openssl is to achieve a series of SSL encryption algorithm can be used to generate a certificate. Earlier versions of apache server as previous 1.3.x version to use ssl need to use mod_ssl.so module, now comes, it does not require otherwise disposed of.
The first step: decompression #tar zxvf openssl-0.9.7g.tar.
gz second step: compile and install openssl. This software is mainly used to generate certificate:
openssl-0.9.7g #cd
#. / config
#make
#make the Test
#make install
the openssl directory into the kernel, so that it can be run from any directory.
#cd / usr / local / bin
#ln -s / usr / local / ssl / bin / OpenSSL OpenSSL
The third step: compile and install apache. While our installation tutorial apache installation on the front, but the support ssl apache installation should no longer be installed after the installation is complete openssl. Therefore, do not have to delete the original installation of apache, then execute the following command to install one way, the original configuration files are not overwritten. The configure must remember, when I first installed installed apache, useless these options, the results of running up and did not respond.
...... /httpd-2.0.54 #cd
#. / the configure --prefix = "/ opt / apache2" --enable-SO --enable-ssl --with-ssl = "/ usr / local / ssl / bin"
#make
#make install
step Four: generating file key.
../apache2/ #cd
#cd the conf /
#mkdir ssl.key
## then generate the certificate in the directory:
#cd ssl.key /
## generated server private key:
#openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.......................++++++
.................................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
##生成服务器证书请求,并按要求填些相关证书信息:
#openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:tyl
Organization Name (eg, company) [Internet Widgits Pty Ltd]:tz
Organizational Unit Name (eg, section) []:tz
Common Name (eg, YOUR name) []:tyl
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# openssl x509 -req -days 700 -in server.csr -signkey server.key -out server.cert
The ok Signature
subject=/C=AU/ST=Some-State/L=tyl/O=tz/OU=tz/CN=tyl/[email protected]
the Getting Private Key
the Enter Pass phrase for server.key:
To security, then we put these files permissions are set to 400
chmod 400 server.key
chmod 400 server.cert
step Five: configure apache, so that combined with the generated key file.
The local apache2 / conf / ssl.conf document several modifications as follows:
#SSLCertificateFile /opt/apache2/conf/ssl.crt/server.crt # 108 rows
SSLCertificateFile /opt/apache2/conf/ssl.key/server.cert
/opt/apache2/conf/ssl.crt/server-dsa.crt #SSLCertificateFile
SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server.key # 116 line
#SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server -dsa.key
step Six: so we do a good job and now we have to make apache ssl ssl start
...... / apache2 / bin / apachectl startssl
then asked to enter a certificate password, enter the correct start apache ssl it together with the
input in the browser: https: //127.0.0.1
6. the Apache https requests forwarded by jboss treatment
earlier https://127.0.0.1 apache access to a directory, but when added jboss address (as configured front / jmx-console), does not work oh. At this point, we need to set about to encounter when apache https, what needs to be forwarded to the jboss to resolve, it is necessary to add the following this step.
Apache setting in which forwards the request to the url https jboss process. Adding VirtualHost node ssl.conf of: JkMount / jmx-console / * loadbalancer like url forwarding configuration.
Now enter in the browser https: // when, later adding https://127.0.0.1/jmx-console can also be visited, prove that the request has been forwarded by the success to the apache jboss process.
So far, jboss + apache + mod_jk + openssl build better environment.
From the link: http: //blog.csdn.net/huwei2003/article/details/46804413 reproduced