要求
需求:通過 nginx 來代理兩個 tomcat 服務器(反向代理),然后通過 https://www.nginx.com 來進行訪問。
| 主機名 | IP | 軟件 |
|---|---|---|
| nginx | 192.168.30.10 | nginx |
| tomcat1 | 192.168.30.11 | java,tomcat |
| tomcat2 | 192.168.30.12 | java,tomcat |
準備工作
1.先下載一下工具
(這是一個簡裝版,最初始)
現在應該也沒有倉庫,沒有掛載。
1.檢查倉庫:
[root@nginx ~]# ls /etc/yum.repos.d/
base.repo redhat.repo
#base.repo 和 redhat.repo,基本是最小化安裝時系統自動創建的默認配置文件
2.檢查掛載情況:
[root@nginx ~]# ls /mnt
hgfs#沒有
3.創建dnf.repo倉庫
[root@nginx ~]# vim /etc/yum.repos.d/dnf.repo
[root@nginx ~]# cat /etc/yum.repos.d/dnf.repo
[baseOS]
name=baseos
baseurl=/mnt/BaseOS
gpgcheck=0
enabled=1[appSteam]
name=appstream
baseurl=/mnt/AppStream
gpgcheck=0
enabled=1
4.掛載倉庫&檢查
[root@nginx ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.[root@nginx ~]# ls /mnt
AppStream EULA images RPM-GPG-KEY-redhat-beta
BaseOS extra_files.json isolinux RPM-GPG-KEY-redhat-release
EFI GPL media.repo
5.下載補全工具bash-completion(tab)
[root@nginx ~]# dnf install bash-completion -y
Updating Subscription Management repositories.
Unable to read consumer identityThis system is not registered with an entitlement server. You can use subscription-manager to register.Repository baseOS is listed more than once in the configuration
BaseOS 2.7 MB/s | 2.7 kB 00:00
AppStream 3.1 MB/s | 3.2 kB 00:00
appstream 76 MB/s | 6.5 MB 00:00 Dependencies resolved.
====================================================================================Package Architecture Version Repository Size
====================================================================================Installing:bash-completion noarch 1:2.11-4.el9 baseOS 459 k
Installing dependencies:libpkgconf x86_64 1.7.3-10.el9 baseOS 37 kpkgconf x86_64 1.7.3-10.el9 baseOS 45 kpkgconf-m4 noarch 1.7.3-10.el9 baseOS 16 kpkgconf-pkg-config x86_64 1.7.3-10.el9 baseOS 12 kTransaction Summary
====================================================================================Install 5 PackagesTotal size: 569 k
Installed size: 1.2 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transactionPreparing : 1/1 Installing : pkgconf-m4-1.7.3-10.el9.noarch 1/5 Installing : libpkgconf-1.7.3-10.el9.x86_64 2/5 Installing : pkgconf-1.7.3-10.el9.x86_64 3/5 Installing : pkgconf-pkg-config-1.7.3-10.el9.x86_64 4/5 Installing : bash-completion-1:2.11-4.el9.noarch 5/5 Running scriptlet: bash-completion-1:2.11-4.el9.noarch 5/5 Verifying : bash-completion-1:2.11-4.el9.noarch 1/5 Verifying : libpkgconf-1.7.3-10.el9.x86_64 2/5 Verifying : pkgconf-1.7.3-10.el9.x86_64 3/5 Verifying : pkgconf-m4-1.7.3-10.el9.noarch 4/5 Verifying : pkgconf-pkg-config-1.7.3-10.el9.x86_64 5/5
Installed products updated.Installed:bash-completion-1:2.11-4.el9.noarch libpkgconf-1.7.3-10.el9.x86_64 pkgconf-1.7.3-10.el9.x86_64 pkgconf-m4-1.7.3-10.el9.noarch pkgconf-pkg-config-1.7.3-10.el9.x86_64 Complete!
2.關閉防火墻和selinux
(Nginx & Tomcat)
[root@bogon ~]# systemctl stop firewalld
[root@bogon ~]# systemctl stop selinux #這里寫錯了,導致后面檢驗時curl不上,進行了一堆排錯
[root@nginx ~]# setenforce 0 #正確關閉
Failed to stop selinux.service: Unit selinux.service not loaded.
配置Nginx主機
1.改主機名
[root@bogon ~]# hostnamectl hostname nginx
[root@bogon ~]# exit
2.改ip地址
[root@nginx ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.30.10/24 ipv4.gateway 192.168.30.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@nginx ~]# nmcli c up ens160
3.安裝nginx
[root@nginx ~]# dnf install nginx -y
Updating Subscription Management repositories.
Unable to read consumer identityThis system is not registered with an entitlement server. You can use subscription-manager to register.Repository baseOS is listed more than once in the configuration
Last metadata expiration check: 0:17:48 ago on Sun 14 Sep 2025 04:46:31 PM CST.Dependencies resolved.
====================================================================================Package Arch Version Repository Size
====================================================================================Installing:nginx x86_64 1:1.20.1-14.el9_2.1 appStream 40 k
Installing dependencies:nginx-core x86_64 1:1.20.1-14.el9_2.1 appStream 574 knginx-filesystem noarch 1:1.20.1-14.el9_2.1 appStream 11 kredhat-logos-httpd noarch 90.4-2.el9 appStream 18 kTransaction Summary
====================================================================================Install 4 PackagesTotal size: 643 k
Installed size: 1.8 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transactionPreparing : 1/1 Running scriptlet: nginx-filesystem-1:1.20.1-14.el9_2.1.noarch 1/4 Installing : nginx-filesystem-1:1.20.1-14.el9_2.1.noarch 1/4 Installing : nginx-core-1:1.20.1-14.el9_2.1.x86_64 2/4 Installing : redhat-logos-httpd-90.4-2.el9.noarch 3/4 Installing : nginx-1:1.20.1-14.el9_2.1.x86_64 4/4 Running scriptlet: nginx-1:1.20.1-14.el9_2.1.x86_64 4/4 Verifying : nginx-1:1.20.1-14.el9_2.1.x86_64 1/4 Verifying : nginx-core-1:1.20.1-14.el9_2.1.x86_64 2/4 Verifying : nginx-filesystem-1:1.20.1-14.el9_2.1.noarch 3/4 Verifying : redhat-logos-httpd-90.4-2.el9.noarch 4/4
Installed products updated.Installed:nginx-1:1.20.1-14.el9_2.1.x86_64 nginx-core-1:1.20.1-14.el9_2.1.x86_64nginx-filesystem-1:1.20.1-14.el9_2.1.noarch redhat-logos-httpd-90.4-2.el9.noarch Complete!
4.主機映射
[root@nginx ~]# vim /etc/hosts
[root@nginx ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.30.10 www.web.com
[root@nginx ~]# vim /etc/hosts
[root@nginx ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.30.10 www.web.com #配置的5.生成證書和密鑰(HTTPS密鑰服務)
[root@nginx ~]# cd /etc/pki/tls/cert/
-bash: cd: /etc/pki/tls/cert/: No such file or directory
[root@nginx ~]# cd /etc/pki/tls/certs/
[root@nginx certs]# openssl genrsa > web.com.key
[root@nginx certs]# ls
ca-bundle.crt ca-bundle.trust.crt web.com.key
[root@nginx certs]# openssl req -new -key web.com.key -x509 -days 365 -out web.com.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:chongqing
Locality Name (eg, city) [Default City]:banan
Organization Name (eg, company) [Default Company Ltd]:ck
Organizational Unit Name (eg, section) []:xxzx
Common Name (eg, your name or your server's hostname) []:www.web.com
Email Address []:
[root@nginx certs]# mv web.com.key ../private/6.配置nginx(.conf)
[root@nginx certs]# vim /etc/nginx/conf.d/web.conf
[root@nginx certs]# cat /etc/nginx/conf.d/web.conf
upstream tomcat {server 192.168.30.11:8080;server 192.168.30.12:8080;
}server {listen 443 ssl;server_name www.web.com;ssl_certificate "/etc/pki/certs/web.com.crt";ssl_certificate_key "/etc/pki/certs/web.com.key";location / {proxy_pass http://tomcat}
}7.啟動nginx
[root@nginx certs]# systemctl start nginx遇到問題:啟動失敗
[root@nginx certs]# systemctl start nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details.
#提示用systemctl status nginx.service && journalctl -xeu nginx.service檢查[root@nginx certs]# systemctl status nginx.service
× nginx.service - The nginx HTTP and reverse proxy serverLoaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; preset: disab>Active: failed (Result: exit-code) since Sun 2025-09-14 17:27:15 CST; 19s agoProcess: 13053 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=>Process: 13055 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)CPU: 13msSep 14 17:27:15 nginx systemd[1]: Starting The nginx HTTP and reverse proxy server.>
Sep 14 17:27:15 nginx nginx[13055]: nginx: [emerg] unexpected "}" in /etc/nginx/con>
#emerg] 是 Nginx 配置錯誤的緊急級別提示,通常表示配置文件存在無法忽略的語法問題,導致 Nginx 無法啟動。
#unexpected "}" 直接說明:在配置文件中出現了未預期的 } 符號(可能是多寫了 },或 } 位置錯誤,導致括號不匹配)。
Sep 14 17:27:15 nginx nginx[13055]: nginx: configuration file /etc/nginx/nginx.conf>
Sep 14 17:27:15 nginx systemd[1]: nginx.service: Control process exited, code=exite>
Sep 14 17:27:15 nginx systemd[1]: nginx.service: Failed with result 'exit-code'.
Sep 14 17:27:15 nginx systemd[1]: Failed to start The nginx HTTP and reverse proxy >
[root@nginx certs]# 針對這種語法問題我們可以防御,在配置寫完后用nginx -t檢查
這時我們用一下:
[root@nginx certs]# nginx -t
nginx: [emerg] unexpected "}" in /etc/nginx/conf.d/web.conf:13
nginx: configuration file /etc/nginx/nginx.conf test failed改正后:
[root@nginx certs]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful#表示沒問題[root@nginx certs]# cat /etc/nginx/conf.d/web.conf
upstream tomcat {server 192.168.30.11:8080;server 192.168.30.12:8080;
}server {listen 443 ssl;server_name www.web.com;ssl_certificate "/etc/pki/tls/certs/web.com.crt";#改后ssl_certificate_key "/etc/pki/tls/private/web.com.key";#改后location / {proxy_pass http://tomcat;#改后}
}重新啟動nginx
[root@nginx certs]# systemctl restart nginx
[root@nginx certs]#
#沒提示,沒問題也可以自己看nginx狀態
[root@nginx certs]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy serverLoaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; preset: disab>Active: active (running) since Sun 2025-09-14 17:42:37 CST; 44s agoProcess: 13078 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=>Process: 13081 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)Process: 13082 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)Main PID: 13083 (nginx)Tasks: 5 (limit: 12043)Memory: 5.2MCPU: 34msCGroup: /system.slice/nginx.service├─13083 "nginx: master process /usr/sbin/nginx"├─13084 "nginx: worker process"├─13085 "nginx: worker process"├─13086 "nginx: worker process"└─13087 "nginx: worker process"Sep 14 17:42:37 nginx systemd[1]: Starting The nginx HTTP and reverse proxy server.>
Sep 14 17:42:37 nginx nginx[13081]: nginx: the configuration file /etc/nginx/nginx.>
Sep 14 17:42:37 nginx nginx[13081]: nginx: configuration file /etc/nginx/nginx.conf>
Sep 14 17:42:37 nginx systemd[1]: Started The nginx HTTP and reverse proxy server.配置Tomcat1
先添加一下補全工具(tab方便)
#略(上面有)
準備工作:
修改主機名,ip,關防火墻等(和配置nginx一樣)
關防火墻等
[root@bogon ~]# systemctl stop firewalld修改主機名
[root@bogon ~]# hostnamectl hostname tomcat1
[root@bogon ~]# exit #退出重進修改ip
[root@tomcat1 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.30.11/24 ipv4.gateway 192.168.30.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@tomcat1 ~]# nmcli c up ens160
#自動退出,用新ip重進
安裝軟件(JDK和Tomcat)
安裝JDK
1.dnf安裝wget。jdk不能dnf安裝,要源碼安裝,用到wget
[root@tomcat1 ~]# dnf install wget
Updating Subscription Management repositories.
Unable to read consumer identityThis system is not registered with an entitlement server. You can use subscription-manager to register.Repository baseOS is listed more than once in the configuration
Last metadata expiration check: 0:13:44 ago on Sun 14 Sep 2025 05:49:35 PM CST.
Package wget-1.21.1-7.el9.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!2.下載JDK
[root@tomcat1 ~]# wget https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.tar.gz
--2025-09-14 18:04:42-- https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.tar.gz
Resolving download.oracle.com (download.oracle.com)... 92.123.44.100
Connecting to download.oracle.com (download.oracle.com)|92.123.44.100|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 197018367 (188M) [application/x-gzip]
Saving to: ‘jdk-21_linux-x64_bin.tar.gz’jdk-21_linux-x64_bin 100%[======================>] 187.89M 5.32MB/s in 37s 2025-09-14 18:05:20 (5.09 MB/s) - ‘jdk-21_linux-x64_bin.tar.gz’ saved [197018367/197018367][root@tomcat1 ~]# ls
a2 aa jdk-21_linux-x64_bin.tar.gz test2 test4
a3 anaconda-ks.cfg test1 3.在/usr/local(專門放自主安裝的軟件)安裝JDK
#先解壓到/usr/local
[root@tomcat1 ~]# tar -xzf jdk-21_linux-x64_bin.tar.gz -C /usr/local/#進入/usr/local && 安裝
[root@tomcat1 ~]# cd /usr/local/
[root@tomcat1 local]# ls
bin etc games include jdk-21.0.8 lib lib64 libexec sbin share src
[root@tomcat1 local]# cd jdk-21.0.8/
[root@tomcat1 jdk-21.0.8]# 4.配置JDK(源碼安裝就是這樣麻煩)
[root@tomcat1 jdk-21.0.8]# vim /etc/profile
.....
export JAVA_HOME=/usr/local/jdk-21.0.6
export PATH=$PATH:$JAVA_HOME/bin5.JDK配置生效 && 檢查
[root@tomcat1 jdk-21.0.8]# source /etc/profile[root@tomcat1 jdk-21.0.8]# java -version
java version "21.0.8" 2025-07-15 LTS
Java(TM) SE Runtime Environment (build 21.0.8+12-LTS-250)
Java HotSpot(TM) 64-Bit Server VM (build 21.0.8+12-LTS-250, mixed mode, sharing)
安裝tomcat
6.安裝tomcat
[root@tomcat1 ~]# dnf install tomcat
Updating Subscription Management repositories.
Unable to read consumer identityThis system is not registered with an entitlement server. You can use subscription-manager to register.baseos 2.7 MB/s | 2.7 kB 00:00
appstream 3.1 MB/s | 3.2 kB 00:00 Dependencies resolved.
====================================================================================Package Arch Version Repository Size
====================================================================================Installing:tomcat noarch 1:9.0.62-37.el9_3 appSteam 101 k
Installing dependencies:alsa-lib x86_64 1.2.9-1.el9 appSteam 523 kavahi-libs x86_64 0.8-15.el9 baseOS 71 kcopy-jdk-configs noarch 4.0-3.el9 appSteam 29 kcups-libs x86_64 1:2.3.3op2-21.el9 baseOS 265 kecj noarch 1:4.20-11.el9 appSteam 1.9 Mjava-11-openjdk-headless x86_64 1:11.0.20.0.8-3.el9 appSteam 40 Mjavapackages-filesystem noarch 6.0.0-4.el9 appSteam 17 kjavapackages-tools noarch 6.0.0-4.el9 appSteam 29 klksctp-tools x86_64 1.0.19-2.el9 baseOS 98 klua x86_64 5.4.4-4.el9 appSteam 192 klua-posix x86_64 35.0-8.el9 appSteam 155 ktomcat-el-3.0-api noarch 1:9.0.62-37.el9_3 appSteam 108 ktomcat-jsp-2.3-api noarch 1:9.0.62-37.el9_3 appSteam 67 ktomcat-lib noarch 1:9.0.62-37.el9_3 appSteam 5.8 Mtomcat-servlet-4.0-api noarch 1:9.0.62-37.el9_3 appSteam 286 ktzdata-java noarch 2023c-1.el9 appSteam 234 kTransaction Summary
====================================================================================Install 17 PackagesTotal size: 50 M
Installed size: 191 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transactionRunning scriptlet: copy-jdk-configs-4.0-3.el9.noarch 1/1 Running scriptlet: java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 1/1 Preparing : 1/1 Installing : javapackages-filesystem-6.0.0-4.el9.noarch 1/17 Installing : tzdata-java-2023c-1.el9.noarch 2/17 Installing : lua-posix-35.0-8.el9.x86_64 3/17 Installing : lua-5.4.4-4.el9.x86_64 4/17 Installing : copy-jdk-configs-4.0-3.el9.noarch 5/17 Installing : alsa-lib-1.2.9-1.el9.x86_64 6/17 Installing : lksctp-tools-1.0.19-2.el9.x86_64 7/17 Installing : avahi-libs-0.8-15.el9.x86_64 8/17 Installing : cups-libs-1:2.3.3op2-21.el9.x86_64 9/17 Installing : java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 10/17 Running scriptlet: java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 10/17 Installing : javapackages-tools-6.0.0-4.el9.noarch 11/17 Installing : tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch 12/17 Running scriptlet: tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch 12/17 Installing : tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch 13/17 Running scriptlet: tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch 13/17 Installing : tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch 14/17 Running scriptlet: tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch 14/17 Installing : ecj-1:4.20-11.el9.noarch 15/17 Installing : tomcat-lib-1:9.0.62-37.el9_3.noarch 16/17 Running scriptlet: tomcat-1:9.0.62-37.el9_3.noarch 17/17 Installing : tomcat-1:9.0.62-37.el9_3.noarch 17/17 Running scriptlet: tomcat-1:9.0.62-37.el9_3.noarch 17/17 Running scriptlet: copy-jdk-configs-4.0-3.el9.noarch 17/17 Running scriptlet: java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 17/17 Running scriptlet: tomcat-1:9.0.62-37.el9_3.noarch 17/17 Verifying : avahi-libs-0.8-15.el9.x86_64 1/17 Verifying : cups-libs-1:2.3.3op2-21.el9.x86_64 2/17 Verifying : lksctp-tools-1.0.19-2.el9.x86_64 3/17 Verifying : alsa-lib-1.2.9-1.el9.x86_64 4/17 Verifying : copy-jdk-configs-4.0-3.el9.noarch 5/17 Verifying : ecj-1:4.20-11.el9.noarch 6/17 Verifying : java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 7/17 Verifying : javapackages-filesystem-6.0.0-4.el9.noarch 8/17 Verifying : javapackages-tools-6.0.0-4.el9.noarch 9/17 Verifying : lua-5.4.4-4.el9.x86_64 10/17 Verifying : lua-posix-35.0-8.el9.x86_64 11/17 Verifying : tomcat-1:9.0.62-37.el9_3.noarch 12/17 Verifying : tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch 13/17 Verifying : tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch 14/17 Verifying : tomcat-lib-1:9.0.62-37.el9_3.noarch 15/17 Verifying : tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch 16/17 Verifying : tzdata-java-2023c-1.el9.noarch 17/17
Installed products updated.Installed:alsa-lib-1.2.9-1.el9.x86_64 avahi-libs-0.8-15.el9.x86_64 copy-jdk-configs-4.0-3.el9.noarch cups-libs-1:2.3.3op2-21.el9.x86_64 ecj-1:4.20-11.el9.noarch java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 javapackages-filesystem-6.0.0-4.el9.noarch javapackages-tools-6.0.0-4.el9.noarch lksctp-tools-1.0.19-2.el9.x86_64 lua-5.4.4-4.el9.x86_64 lua-posix-35.0-8.el9.x86_64 tomcat-1:9.0.62-37.el9_3.noarch tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch tomcat-lib-1:9.0.62-37.el9_3.noarch tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch tzdata-java-2023c-1.el9.noarch Complete!7.改變首頁
#找到tomcat
[root@tomcat1 ~]# rpm -ql tomcat
/etc/logrotate.d/tomcat.disabled
/etc/sysconfig/tomcat
/etc/tomcat
/etc/tomcat/Catalina
/etc/tomcat/Catalina/localhost
/etc/tomcat/catalina.policy
/etc/tomcat/catalina.properties
/etc/tomcat/conf.d
/etc/tomcat/conf.d/README
/etc/tomcat/conf.d/java-9-start-up-parameters.conf
/etc/tomcat/context.xml
/etc/tomcat/jaspic-providers.xml
/etc/tomcat/jaspic-providers.xsd
/etc/tomcat/logging.properties
/etc/tomcat/server.xml
/etc/tomcat/tomcat-users.xml
/etc/tomcat/tomcat-users.xsd
/etc/tomcat/tomcat.conf
/etc/tomcat/web.xml
/usr/bin/tomcat-digest
/usr/bin/tomcat-tool-wrapper
/usr/lib/systemd/system/tomcat.service
/usr/lib/systemd/system/tomcat@.service
/usr/libexec/tomcat
/usr/libexec/tomcat/functions
/usr/libexec/tomcat/preamble
/usr/libexec/tomcat/server
/usr/sbin/tomcat
/usr/share/doc/tomcat
/usr/share/doc/tomcat/LICENSE
/usr/share/doc/tomcat/NOTICE
/usr/share/doc/tomcat/RELEASE-NOTES
/usr/share/tomcat
/usr/share/tomcat/bin/bootstrap.jar
/usr/share/tomcat/bin/catalina-tasks.xml
/usr/share/tomcat/conf
/usr/share/tomcat/lib
/usr/share/tomcat/logs
/usr/share/tomcat/temp
/usr/share/tomcat/webapps
/usr/share/tomcat/work
/var/cache/tomcat
/var/cache/tomcat/temp
/var/cache/tomcat/work
/var/lib/tomcat
/var/lib/tomcat/webapps
/var/lib/tomcats
/var/log/tomcat找到并改變首頁(webapps中ROOT/index.jsp)
一般在/var/lib/tomcat/webapps
[root@tomcat1 webapps]# cd /var/lib/tomcat/webapps
[root@tomcat1 webapps]# ls
[root@tomcat1 webapps]# 空白
遇到問題:/var/lib/tomcat/webapps為空
[root@tomcat1 webapps]# cd /var/lib/tomcat/webapps
[root@tomcat1 webapps]# ls
[root@tomcat1 webapps]# 空白原因:未安裝 tomcat-webapps 組件
檢測是否安裝
[root@tomcat1 webapps]# rpm -ql tomcat-webapps
package tomcat-webapps is not installed安裝tomcat-webapps
[root@tomcat1 webapps]# dnf install -y tomcat-webapps
Updating Subscription Management repositories.
Unable to read consumer identityThis system is not registered with an entitlement server. You can use subscription-manager to register.Last metadata expiration check: 0:14:29 ago on Sun 14 Sep 2025 06:32:32 PM CST.Dependencies resolved.
====================================================================================Package Architecture Version Repository Size
====================================================================================Installing:tomcat-webapps noarch 1:9.0.62-37.el9_3 appSteam 83 kTransaction Summary
====================================================================================Install 1 PackageTotal size: 83 k
Installed size: 146 k
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transactionPreparing : 1/1 Installing : tomcat-webapps-1:9.0.62-37.el9_3.noarch 1/1 Verifying : tomcat-webapps-1:9.0.62-37.el9_3.noarch 1/1
Installed products updated.Installed:tomcat-webapps-1:9.0.62-37.el9_3.noarch Complete![root@tomcat1 webapps]# ls
ROOT
[root@tomcat1 webapps]# cd ROOT
[root@tomcat1 ROOT]# ls
asf-logo-wide.svg bg-nav.png index.jsp tomcat.svg
bg-button.png bg-upper.png RELEASE-NOTES.txt WEB-INF
bg-middle.png favicon.ico tomcat.css
[root@tomcat1 ROOT]# echo $(hostname -I) > index.jsp
檢驗:
tomcat1弄好,嘗試一下能不能curl
正常結果:回應192.168.130.11(tomcat1的ip)
問題:啟動后curl不正確
啟動后curl不正確
[root@nginx ~]# curl https://www.web.com -k
<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.20.1</center>
</body>
</html>
排錯:
(1)去看nginx服務開啟沒有
--->開啟了(2)既然 Nginx 本身已正常運行,之前出現的 502 錯誤就可以完全排除 Nginx 自身啟動失敗的原因,問題必然出在 Nginx 與后端服務的通信環節(即反向代理配置的上游服務,如 Tomcat)。
# 1. 查看 Tomcat 服務狀態(dnf 安裝的 Tomcat)
systemctl status tomcat[root@tomcat1 ~]# systemctl status tomcat
● tomcat.service - Apache Tomcat Web Application ContainerLoaded: loaded (/usr/lib/systemd/system/tomcat.service; disabled; preset: disa>Active: active (running) since Sun 2025-09-14 18:52:53 CST; 6min agoMain PID: 13189 (java)Tasks: 34 (limit: 12043)Memory: 111.6MCPU: 3.574sCGroup: /system.slice/tomcat.service└─13189 /usr/lib/jvm/jre/bin/java -Djavax.sql.DataSource.Factory=org.a># 2. 若 Tomcat 是手動安裝,查看進程是否存在
ps -ef | grep tomcat
[root@tomcat1 ~]# ps -ef | grep tomcat
tomcat 13189 1 0 18:52 ? 00:00:03 /usr/lib/jvm/jre/bin/java -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar: -Dcatalina.base=/usr/share/tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat/temp -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
root 13244 12680 0 19:00 pts/1 00:00:00 grep --color=auto tomcat# 3. 檢查 8080 端口是否監聽(確認服務可被訪問)
ss -tuln | grep 8080
[root@tomcat1 ~]# ss -tuln | grep 8080
tcp LISTEN 0 100 *:8080 *:* (3)直接定位 Nginx 反向代理配置文件
--->正確(4)若仍失敗:最后排查 Nginx 錯誤日志
# 查看最新 20 條錯誤日志,聚焦與 443 端口、proxy_pass 相關的內容
cat /var/log/nginx/error.log | tail -20
[root@nginx ~]# cat /var/log/nginx/error.log | tail -20
2025/09/14 17:27:15 [emerg] 13055#13055: unexpected "}" in /etc/nginx/conf.d/web.conf:13
2025/09/14 17:34:15 [emerg] 13062#13062: unexpected "}" in /etc/nginx/conf.d/web.conf:13
2025/09/14 17:36:40 [emerg] 13064#13064: unexpected end of file, expecting "}" in /etc/nginx/conf.d/web.conf:15
2025/09/14 17:37:08 [emerg] 13066#13066: cannot load certificate "/etc/pki/certs/web.com.crt": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/pki/certs/web.com.crt, r) error:10000080:BIO routines::no such file)
2025/09/14 18:52:07 [crit] 13085#13085: *1 connect() to 192.168.30.11:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.11:8080/", host: "www.web.com"
2025/09/14 18:52:07 [crit] 13085#13085: *1 connect() to 192.168.30.12:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.12:8080/", host: "www.web.com"
2025/09/14 18:52:59 [crit] 13085#13085: *4 connect() to 192.168.30.12:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.12:8080/", host: "www.web.com"
2025/09/14 18:52:59 [crit] 13085#13085: *4 connect() to 192.168.30.11:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.11:8080/", host: "www.web.com"
2025/09/14 18:55:04 [crit] 13085#13085: *7 connect() to 192.168.30.12:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.12:8080/", host: "www.web.com"
2025/09/14 18:55:04 [crit] 13085#13085: *7 connect() to 192.168.30.11:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.11:8080/", host: "www.web.com"
2025/09/14 19:12:51 [crit] 13178#13178: *1 connect() to 192.168.30.11:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.11:8080/", host: "www.web.com"
2025/09/14 19:12:51 [crit] 13178#13178: *1 connect() to 192.168.30.12:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.12:8080/", host: "www.web.com"#從 Nginx 錯誤日志可以看到核心錯誤:connect() to 192.168.30.11:8080 failed (13: Permission denied),這表明 Nginx 進程沒有權限連接到后端 Tomcat 服務器的 8080 端口,導致 502 錯誤。#這是典型的 SELinux 或防火墻權限限制 問題
[root@nginx ~]# getenforce
Enforcing
[root@nginx ~]# setenforce 0#驗證
[root@nginx ~]# curl https://www.web.com -k
192.168.30.11#成功配置Tomcat2
克隆Tomcat1
改主機名,ip,主頁
[root@tomcat1 ~]# hostnamectl hostname tomcat2
[root@tomcat1 ~]# exit[root@tomcat2 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.30.12/24 ipv4.gateway 192.168.30.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@tomcat2 ~]# nmcli c up ens160[root@tomcat2 ~]# cd /var/lib/tomcat/webapps/ROOT
[root@tomcat2 ROOT]# ls
asf-logo-wide.svg bg-nav.png index.jsp tomcat.svg
bg-button.png bg-upper.png RELEASE-NOTES.txt WEB-INF
bg-middle.png favicon.ico tomcat.css
[root@tomcat2 ROOT]# echo $(hostname -I) > index.jsp 測試
準備工作:
確保nginx和tomcat服務都打開,防火墻和selinux都關閉
測試
[root@nginx ~]# curl https://www.web.com -k
192.168.30.11
[root@nginx ~]# curl https://www.web.com -k
192.168.30.11
[root@nginx ~]# curl https://www.web.com -k
192.168.30.12
[root@nginx ~]# curl https://www.web.com -k
192.168.30.11
[root@nginx ~]# curl https://www.web.com -k
192.168.30.12
[root@nginx ~]# curl https://www.web.com -k
192.168.30.11
)
 Pod入門與實戰)
——自定義坐標系(北京 54、西安 80、2000 坐標系))
