Nginx_Tomcat综合案例

ZzzZZzzzZZZzzzz…2025-09-15 8:41

要求

需求:通过 nginx 来代理两个 tomcat 服务器++(反向代理)++,然后通过 https://www.nginx.com 来进行访问。

主机名 IP 软件
nginx 192.168.30.10 nginx
tomcat1 192.168.30.11 java,tomcat
tomcat2 192.168.30.12 java,tomcat

准备工作

1.先下载一下工具

++(这是一个简装版,最初始)++

现在应该也没有仓库,没有挂载。

1.检查仓库:

bash 复制代码 
[root@nginx ~]# ls  /etc/yum.repos.d/
base.repo  redhat.repo 
#base.repo 和 redhat.repo,基本是最小化安装时系统自动创建的默认配置文件

2.检查挂载情况:

bash 复制代码 
[root@nginx ~]# ls /mnt
hgfs#没有

3.创建dnf.repo仓库

bash 复制代码 
[root@nginx ~]# vim /etc/yum.repos.d/dnf.repo
[root@nginx ~]# cat /etc/yum.repos.d/dnf.repo
[baseOS]
name=baseos
baseurl=/mnt/BaseOS
gpgcheck=0
enabled=1

[appSteam]
name=appstream
baseurl=/mnt/AppStream
gpgcheck=0
enabled=1

4.挂载仓库&检查

bash 复制代码 
[root@nginx ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.

[root@nginx ~]# ls /mnt
AppStream  EULA              images      RPM-GPG-KEY-redhat-beta
BaseOS     extra_files.json  isolinux    RPM-GPG-KEY-redhat-release
EFI        GPL               media.repo

5.下载补全工具bash-completion(tab)

bash 复制代码 
[root@nginx ~]# dnf install bash-completion -y
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Repository baseOS is listed more than once in the configuration
BaseOS                                              2.7 MB/s | 2.7 kB     00:00    
AppStream                                           3.1 MB/s | 3.2 kB     00:00    
appstream                                            76 MB/s | 6.5 MB     00:00    

Dependencies resolved.
====================================================================================

 Package                   Architecture  Version                Repository     Size
====================================================================================

Installing:
 bash-completion           noarch        1:2.11-4.el9           baseOS        459 k
Installing dependencies:
 libpkgconf                x86_64        1.7.3-10.el9           baseOS         37 k
 pkgconf                   x86_64        1.7.3-10.el9           baseOS         45 k
 pkgconf-m4                noarch        1.7.3-10.el9           baseOS         16 k
 pkgconf-pkg-config        x86_64        1.7.3-10.el9           baseOS         12 k

Transaction Summary
====================================================================================

Install  5 Packages

Total size: 569 k
Installed size: 1.2 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                            1/1 
  Installing       : pkgconf-m4-1.7.3-10.el9.noarch                             1/5 
  Installing       : libpkgconf-1.7.3-10.el9.x86_64                             2/5 
  Installing       : pkgconf-1.7.3-10.el9.x86_64                                3/5 
  Installing       : pkgconf-pkg-config-1.7.3-10.el9.x86_64                     4/5 
  Installing       : bash-completion-1:2.11-4.el9.noarch                        5/5 
  Running scriptlet: bash-completion-1:2.11-4.el9.noarch                        5/5 
  Verifying        : bash-completion-1:2.11-4.el9.noarch                        1/5 
  Verifying        : libpkgconf-1.7.3-10.el9.x86_64                             2/5 
  Verifying        : pkgconf-1.7.3-10.el9.x86_64                                3/5 
  Verifying        : pkgconf-m4-1.7.3-10.el9.noarch                             4/5 
  Verifying        : pkgconf-pkg-config-1.7.3-10.el9.x86_64                     5/5 
Installed products updated.

Installed:
  bash-completion-1:2.11-4.el9.noarch          libpkgconf-1.7.3-10.el9.x86_64      
  pkgconf-1.7.3-10.el9.x86_64                  pkgconf-m4-1.7.3-10.el9.noarch      
  pkgconf-pkg-config-1.7.3-10.el9.x86_64      

Complete!

2.关闭防火墙和selinux

++(Nginx & Tomcat)++

bash 复制代码 
[root@bogon ~]# systemctl stop firewalld
[root@bogon ~]# systemctl stop selinux   #这里写错了,导致后面检验时curl不上,进行了一堆排错
[root@nginx ~]# setenforce 0     #正确关闭
Failed to stop selinux.service: Unit selinux.service not loaded.

配置Nginx主机

1.改主机名

复制代码 
[root@bogon ~]# hostnamectl hostname nginx
[root@bogon ~]# exit

2.改ip地址

bash 复制代码 
[root@nginx ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.30.10/24 ipv4.gateway 192.168.30.2 ipv4.dns 223.5.5.5 connection.autoconnect yes 
[root@nginx ~]# nmcli c up ens160

3.安装nginx

bash 复制代码 
[root@nginx ~]# dnf install nginx -y
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Repository baseOS is listed more than once in the configuration
Last metadata expiration check: 0:17:48 ago on Sun 14 Sep 2025 04:46:31 PM CST.

Dependencies resolved.
====================================================================================

 Package                 Arch        Version                   Repository      Size
====================================================================================

Installing:
 nginx                   x86_64      1:1.20.1-14.el9_2.1       appStream       40 k
Installing dependencies:
 nginx-core              x86_64      1:1.20.1-14.el9_2.1       appStream      574 k
 nginx-filesystem        noarch      1:1.20.1-14.el9_2.1       appStream       11 k
 redhat-logos-httpd      noarch      90.4-2.el9                appStream       18 k

Transaction Summary
====================================================================================

Install  4 Packages

Total size: 643 k
Installed size: 1.8 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                            1/1 
  Running scriptlet: nginx-filesystem-1:1.20.1-14.el9_2.1.noarch                1/4 
  Installing       : nginx-filesystem-1:1.20.1-14.el9_2.1.noarch                1/4 
  Installing       : nginx-core-1:1.20.1-14.el9_2.1.x86_64                      2/4 
  Installing       : redhat-logos-httpd-90.4-2.el9.noarch                       3/4 
  Installing       : nginx-1:1.20.1-14.el9_2.1.x86_64                           4/4 
  Running scriptlet: nginx-1:1.20.1-14.el9_2.1.x86_64                           4/4 
  Verifying        : nginx-1:1.20.1-14.el9_2.1.x86_64                           1/4 
  Verifying        : nginx-core-1:1.20.1-14.el9_2.1.x86_64                      2/4 
  Verifying        : nginx-filesystem-1:1.20.1-14.el9_2.1.noarch                3/4 
  Verifying        : redhat-logos-httpd-90.4-2.el9.noarch                       4/4 
Installed products updated.

Installed:
  nginx-1:1.20.1-14.el9_2.1.x86_64            nginx-core-1:1.20.1-14.el9_2.1.x86_64
  nginx-filesystem-1:1.20.1-14.el9_2.1.noarch redhat-logos-httpd-90.4-2.el9.noarch 

Complete!

4.主机映射

root@nginx \~\]# vim /etc/hosts \[root@nginx \~\]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.30.10 www.web.com ```bash [root@nginx ~]# vim /etc/hosts [root@nginx ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.30.10 www.web.com #配置的 ``` ### 5.生成证书和密钥(HTTPS密钥服务) ```bash [root@nginx ~]# cd /etc/pki/tls/cert/ -bash: cd: /etc/pki/tls/cert/: No such file or directory [root@nginx ~]# cd /etc/pki/tls/certs/ [root@nginx certs]# openssl genrsa > web.com.key [root@nginx certs]# ls ca-bundle.crt ca-bundle.trust.crt web.com.key [root@nginx certs]# openssl req -new -key web.com.key -x509 -days 365 -out web.com.crt You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:chongqing Locality Name (eg, city) [Default City]:banan Organization Name (eg, company) [Default Company Ltd]:ck Organizational Unit Name (eg, section) []:xxzx Common Name (eg, your name or your server's hostname) []:www.web.com Email Address []: [root@nginx certs]# mv web.com.key ../private/ ``` ### 6.配置nginx(.conf) ```bash [root@nginx certs]# vim /etc/nginx/conf.d/web.conf [root@nginx certs]# cat /etc/nginx/conf.d/web.conf upstream tomcat { server 192.168.30.11:8080; server 192.168.30.12:8080; } server { listen 443 ssl; server_name www.web.com; ssl_certificate "/etc/pki/certs/web.com.crt"; ssl_certificate_key "/etc/pki/certs/web.com.key"; location / { proxy_pass http://tomcat } } ``` ### 7.启动nginx [root@nginx certs]# systemctl start nginx #### 遇到问题:启动失败 ```bash [root@nginx certs]# systemctl start nginx Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details. #提示用systemctl status nginx.service && journalctl -xeu nginx.service检查 [root@nginx certs]# systemctl status nginx.service × nginx.service - The nginx HTTP and reverse proxy server Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; preset: disab> Active: failed (Result: exit-code) since Sun 2025-09-14 17:27:15 CST; 19s ago Process: 13053 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=> Process: 13055 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE) CPU: 13ms Sep 14 17:27:15 nginx systemd[1]: Starting The nginx HTTP and reverse proxy server.> Sep 14 17:27:15 nginx nginx[13055]: nginx: [emerg] unexpected "}" in /etc/nginx/con> #emerg] 是 Nginx 配置错误的紧急级别提示,通常表示配置文件存在无法忽略的语法问题,导致 Nginx 无法启动。 #unexpected "}" 直接说明:在配置文件中出现了未预期的 } 符号(可能是多写了 },或 } 位置错误,导致括号不匹配)。 Sep 14 17:27:15 nginx nginx[13055]: nginx: configuration file /etc/nginx/nginx.conf> Sep 14 17:27:15 nginx systemd[1]: nginx.service: Control process exited, code=exite> Sep 14 17:27:15 nginx systemd[1]: nginx.service: Failed with result 'exit-code'. Sep 14 17:27:15 nginx systemd[1]: Failed to start The nginx HTTP and reverse proxy > [root@nginx certs]# 针对这种语法问题我们可以防御,在配置写完后用nginx -t检查 这时我们用一下: [root@nginx certs]# nginx -t nginx: [emerg] unexpected "}" in /etc/nginx/conf.d/web.conf:13 nginx: configuration file /etc/nginx/nginx.conf test failed 改正后: [root@nginx certs]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful#表示没问题 [root@nginx certs]# cat /etc/nginx/conf.d/web.conf upstream tomcat { server 192.168.30.11:8080; server 192.168.30.12:8080; } server { listen 443 ssl; server_name www.web.com; ssl_certificate "/etc/pki/tls/certs/web.com.crt";#改后 ssl_certificate_key "/etc/pki/tls/private/web.com.key";#改后 location / { proxy_pass http://tomcat;#改后 } } ``` 重新启动nginx ```bash [root@nginx certs]# systemctl restart nginx [root@nginx certs]# #没提示,没问题 也可以自己看nginx状态 [root@nginx certs]# systemctl status nginx ● nginx.service - The nginx HTTP and reverse proxy server Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; preset: disab> Active: active (running) since Sun 2025-09-14 17:42:37 CST; 44s ago Process: 13078 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=> Process: 13081 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS) Process: 13082 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS) Main PID: 13083 (nginx) Tasks: 5 (limit: 12043) Memory: 5.2M CPU: 34ms CGroup: /system.slice/nginx.service ├─13083 "nginx: master process /usr/sbin/nginx" ├─13084 "nginx: worker process" ├─13085 "nginx: worker process" ├─13086 "nginx: worker process" └─13087 "nginx: worker process" Sep 14 17:42:37 nginx systemd[1]: Starting The nginx HTTP and reverse proxy server.> Sep 14 17:42:37 nginx nginx[13081]: nginx: the configuration file /etc/nginx/nginx.> Sep 14 17:42:37 nginx nginx[13081]: nginx: configuration file /etc/nginx/nginx.conf> Sep 14 17:42:37 nginx systemd[1]: Started The nginx HTTP and reverse proxy server. ``` ## 配置Tomcat1 先添加一下补全工具(tab方便) #略(上面有) ### 准备工作: 修改主机名,ip,关防火墙等(和配置nginx一样) 关防火墙等 [root@bogon ~]# systemctl stop firewalld 修改主机名 [root@bogon ~]# hostnamectl hostname tomcat1 [root@bogon ~]# exit #退出重进 修改ip [root@tomcat1 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.30.11/24 ipv4.gateway 192.168.30.2 ipv4.dns 223.5.5.5 connection.autoconnect yes [root@tomcat1 ~]# nmcli c up ens160 #自动退出,用新ip重进 ### 安装软件(JDK和Tomcat) #### 安装JDK ```bash 1.dnf安装wget。jdk不能dnf安装,要源码安装,用到wget [root@tomcat1 ~]# dnf install wget Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Repository baseOS is listed more than once in the configuration Last metadata expiration check: 0:13:44 ago on Sun 14 Sep 2025 05:49:35 PM CST. Package wget-1.21.1-7.el9.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! 2.下载JDK [root@tomcat1 ~]# wget https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.tar.gz --2025-09-14 18:04:42-- https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.tar.gz Resolving download.oracle.com (download.oracle.com)... 92.123.44.100 Connecting to download.oracle.com (download.oracle.com)|92.123.44.100|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 197018367 (188M) [application/x-gzip] Saving to: 'jdk-21_linux-x64_bin.tar.gz' jdk-21_linux-x64_bin 100%[======================>] 187.89M 5.32MB/s in 37s 2025-09-14 18:05:20 (5.09 MB/s) - 'jdk-21_linux-x64_bin.tar.gz' saved [197018367/197018367] [root@tomcat1 ~]# ls a2 aa jdk-21_linux-x64_bin.tar.gz test2 test4 a3 anaconda-ks.cfg test1 3.在/usr/local(专门放自主安装的软件)安装JDK #先解压到/usr/local [root@tomcat1 ~]# tar -xzf jdk-21_linux-x64_bin.tar.gz -C /usr/local/ #进入/usr/local && 安装 [root@tomcat1 ~]# cd /usr/local/ [root@tomcat1 local]# ls bin etc games include jdk-21.0.8 lib lib64 libexec sbin share src [root@tomcat1 local]# cd jdk-21.0.8/ [root@tomcat1 jdk-21.0.8]# 4.配置JDK(源码安装就是这样麻烦) [root@tomcat1 jdk-21.0.8]# vim /etc/profile ..... export JAVA_HOME=/usr/local/jdk-21.0.6 export PATH=$PATH:$JAVA_HOME/bin 5.JDK配置生效 && 检查 [root@tomcat1 jdk-21.0.8]# source /etc/profile [root@tomcat1 jdk-21.0.8]# java -version java version "21.0.8" 2025-07-15 LTS Java(TM) SE Runtime Environment (build 21.0.8+12-LTS-250) Java HotSpot(TM) 64-Bit Server VM (build 21.0.8+12-LTS-250, mixed mode, sharing) ``` #### 安装tomcat ```bash 6.安装tomcat [root@tomcat1 ~]# dnf install tomcat Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. baseos 2.7 MB/s | 2.7 kB 00:00 appstream 3.1 MB/s | 3.2 kB 00:00 Dependencies resolved. ==================================================================================== Package Arch Version Repository Size ==================================================================================== Installing: tomcat noarch 1:9.0.62-37.el9_3 appSteam 101 k Installing dependencies: alsa-lib x86_64 1.2.9-1.el9 appSteam 523 k avahi-libs x86_64 0.8-15.el9 baseOS 71 k copy-jdk-configs noarch 4.0-3.el9 appSteam 29 k cups-libs x86_64 1:2.3.3op2-21.el9 baseOS 265 k ecj noarch 1:4.20-11.el9 appSteam 1.9 M java-11-openjdk-headless x86_64 1:11.0.20.0.8-3.el9 appSteam 40 M javapackages-filesystem noarch 6.0.0-4.el9 appSteam 17 k javapackages-tools noarch 6.0.0-4.el9 appSteam 29 k lksctp-tools x86_64 1.0.19-2.el9 baseOS 98 k lua x86_64 5.4.4-4.el9 appSteam 192 k lua-posix x86_64 35.0-8.el9 appSteam 155 k tomcat-el-3.0-api noarch 1:9.0.62-37.el9_3 appSteam 108 k tomcat-jsp-2.3-api noarch 1:9.0.62-37.el9_3 appSteam 67 k tomcat-lib noarch 1:9.0.62-37.el9_3 appSteam 5.8 M tomcat-servlet-4.0-api noarch 1:9.0.62-37.el9_3 appSteam 286 k tzdata-java noarch 2023c-1.el9 appSteam 234 k Transaction Summary ==================================================================================== Install 17 Packages Total size: 50 M Installed size: 191 M Is this ok [y/N]: y Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Running scriptlet: copy-jdk-configs-4.0-3.el9.noarch 1/1 Running scriptlet: java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 1/1 Preparing : 1/1 Installing : javapackages-filesystem-6.0.0-4.el9.noarch 1/17 Installing : tzdata-java-2023c-1.el9.noarch 2/17 Installing : lua-posix-35.0-8.el9.x86_64 3/17 Installing : lua-5.4.4-4.el9.x86_64 4/17 Installing : copy-jdk-configs-4.0-3.el9.noarch 5/17 Installing : alsa-lib-1.2.9-1.el9.x86_64 6/17 Installing : lksctp-tools-1.0.19-2.el9.x86_64 7/17 Installing : avahi-libs-0.8-15.el9.x86_64 8/17 Installing : cups-libs-1:2.3.3op2-21.el9.x86_64 9/17 Installing : java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 10/17 Running scriptlet: java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 10/17 Installing : javapackages-tools-6.0.0-4.el9.noarch 11/17 Installing : tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch 12/17 Running scriptlet: tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch 12/17 Installing : tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch 13/17 Running scriptlet: tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch 13/17 Installing : tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch 14/17 Running scriptlet: tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch 14/17 Installing : ecj-1:4.20-11.el9.noarch 15/17 Installing : tomcat-lib-1:9.0.62-37.el9_3.noarch 16/17 Running scriptlet: tomcat-1:9.0.62-37.el9_3.noarch 17/17 Installing : tomcat-1:9.0.62-37.el9_3.noarch 17/17 Running scriptlet: tomcat-1:9.0.62-37.el9_3.noarch 17/17 Running scriptlet: copy-jdk-configs-4.0-3.el9.noarch 17/17 Running scriptlet: java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 17/17 Running scriptlet: tomcat-1:9.0.62-37.el9_3.noarch 17/17 Verifying : avahi-libs-0.8-15.el9.x86_64 1/17 Verifying : cups-libs-1:2.3.3op2-21.el9.x86_64 2/17 Verifying : lksctp-tools-1.0.19-2.el9.x86_64 3/17 Verifying : alsa-lib-1.2.9-1.el9.x86_64 4/17 Verifying : copy-jdk-configs-4.0-3.el9.noarch 5/17 Verifying : ecj-1:4.20-11.el9.noarch 6/17 Verifying : java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 7/17 Verifying : javapackages-filesystem-6.0.0-4.el9.noarch 8/17 Verifying : javapackages-tools-6.0.0-4.el9.noarch 9/17 Verifying : lua-5.4.4-4.el9.x86_64 10/17 Verifying : lua-posix-35.0-8.el9.x86_64 11/17 Verifying : tomcat-1:9.0.62-37.el9_3.noarch 12/17 Verifying : tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch 13/17 Verifying : tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch 14/17 Verifying : tomcat-lib-1:9.0.62-37.el9_3.noarch 15/17 Verifying : tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch 16/17 Verifying : tzdata-java-2023c-1.el9.noarch 17/17 Installed products updated. Installed: alsa-lib-1.2.9-1.el9.x86_64 avahi-libs-0.8-15.el9.x86_64 copy-jdk-configs-4.0-3.el9.noarch cups-libs-1:2.3.3op2-21.el9.x86_64 ecj-1:4.20-11.el9.noarch java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 javapackages-filesystem-6.0.0-4.el9.noarch javapackages-tools-6.0.0-4.el9.noarch lksctp-tools-1.0.19-2.el9.x86_64 lua-5.4.4-4.el9.x86_64 lua-posix-35.0-8.el9.x86_64 tomcat-1:9.0.62-37.el9_3.noarch tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch tomcat-lib-1:9.0.62-37.el9_3.noarch tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch tzdata-java-2023c-1.el9.noarch Complete! 7.改变首页 #找到tomcat [root@tomcat1 ~]# rpm -ql tomcat /etc/logrotate.d/tomcat.disabled /etc/sysconfig/tomcat /etc/tomcat /etc/tomcat/Catalina /etc/tomcat/Catalina/localhost /etc/tomcat/catalina.policy /etc/tomcat/catalina.properties /etc/tomcat/conf.d /etc/tomcat/conf.d/README /etc/tomcat/conf.d/java-9-start-up-parameters.conf /etc/tomcat/context.xml /etc/tomcat/jaspic-providers.xml /etc/tomcat/jaspic-providers.xsd /etc/tomcat/logging.properties /etc/tomcat/server.xml /etc/tomcat/tomcat-users.xml /etc/tomcat/tomcat-users.xsd /etc/tomcat/tomcat.conf /etc/tomcat/web.xml /usr/bin/tomcat-digest /usr/bin/tomcat-tool-wrapper /usr/lib/systemd/system/tomcat.service /usr/lib/systemd/system/tomcat@.service /usr/libexec/tomcat /usr/libexec/tomcat/functions /usr/libexec/tomcat/preamble /usr/libexec/tomcat/server /usr/sbin/tomcat /usr/share/doc/tomcat /usr/share/doc/tomcat/LICENSE /usr/share/doc/tomcat/NOTICE /usr/share/doc/tomcat/RELEASE-NOTES /usr/share/tomcat /usr/share/tomcat/bin/bootstrap.jar /usr/share/tomcat/bin/catalina-tasks.xml /usr/share/tomcat/conf /usr/share/tomcat/lib /usr/share/tomcat/logs /usr/share/tomcat/temp /usr/share/tomcat/webapps /usr/share/tomcat/work /var/cache/tomcat /var/cache/tomcat/temp /var/cache/tomcat/work /var/lib/tomcat /var/lib/tomcat/webapps /var/lib/tomcats /var/log/tomcat 找到并改变首页(webapps中ROOT/index.jsp) 一般在/var/lib/tomcat/webapps [root@tomcat1 webapps]# cd /var/lib/tomcat/webapps [root@tomcat1 webapps]# ls [root@tomcat1 webapps]# 空白 ``` ##### 遇到问题:/var/lib/tomcat/webapps为空 ```bash [root@tomcat1 webapps]# cd /var/lib/tomcat/webapps [root@tomcat1 webapps]# ls [root@tomcat1 webapps]# 空白 原因:未安装 tomcat-webapps 组件 检测是否安装 [root@tomcat1 webapps]# rpm -ql tomcat-webapps package tomcat-webapps is not installed 安装tomcat-webapps [root@tomcat1 webapps]# dnf install -y tomcat-webapps Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:14:29 ago on Sun 14 Sep 2025 06:32:32 PM CST. Dependencies resolved. ==================================================================================== Package Architecture Version Repository Size ==================================================================================== Installing: tomcat-webapps noarch 1:9.0.62-37.el9_3 appSteam 83 k Transaction Summary ==================================================================================== Install 1 Package Total size: 83 k Installed size: 146 k Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : tomcat-webapps-1:9.0.62-37.el9_3.noarch 1/1 Verifying : tomcat-webapps-1:9.0.62-37.el9_3.noarch 1/1 Installed products updated. Installed: tomcat-webapps-1:9.0.62-37.el9_3.noarch Complete! [root@tomcat1 webapps]# ls ROOT [root@tomcat1 webapps]# cd ROOT [root@tomcat1 ROOT]# ls asf-logo-wide.svg bg-nav.png index.jsp tomcat.svg bg-button.png bg-upper.png RELEASE-NOTES.txt WEB-INF bg-middle.png favicon.ico tomcat.css [root@tomcat1 ROOT]# echo $(hostname -I) > index.jsp ``` ## 检验: ++tomcat1弄好,尝试一下能不能curl++ 正常结果:回应192.168.130.11(tomcat1的ip) ### 问题:启动后curl不正确 ```bash 启动后curl不正确 [root@nginx ~]# curl https://www.web.com -k 502 Bad Gateway

502 Bad Gateway

nginx/1.20.1
排错: (1)去看nginx服务开启没有 --->开启了 (2)既然 Nginx 本身已正常运行,之前出现的 502 错误就可以完全排除 Nginx 自身启动失败的原因,问题必然出在 Nginx 与后端服务的通信环节(即反向代理配置的上游服务,如 Tomcat)。 # 1. 查看 Tomcat 服务状态(dnf 安装的 Tomcat) systemctl status tomcat [root@tomcat1 ~]# systemctl status tomcat ● tomcat.service - Apache Tomcat Web Application Container Loaded: loaded (/usr/lib/systemd/system/tomcat.service; disabled; preset: disa> Active: active (running) since Sun 2025-09-14 18:52:53 CST; 6min ago Main PID: 13189 (java) Tasks: 34 (limit: 12043) Memory: 111.6M CPU: 3.574s CGroup: /system.slice/tomcat.service └─13189 /usr/lib/jvm/jre/bin/java -Djavax.sql.DataSource.Factory=org.a> # 2. 若 Tomcat 是手动安装,查看进程是否存在 ps -ef | grep tomcat [root@tomcat1 ~]# ps -ef | grep tomcat tomcat 13189 1 0 18:52 ? 00:00:03 /usr/lib/jvm/jre/bin/java -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar: -Dcatalina.base=/usr/share/tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat/temp -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start root 13244 12680 0 19:00 pts/1 00:00:00 grep --color=auto tomcat # 3. 检查 8080 端口是否监听(确认服务可被访问) ss -tuln | grep 8080 [root@tomcat1 ~]# ss -tuln | grep 8080 tcp LISTEN 0 100 *:8080 *:* (3)直接定位 Nginx 反向代理配置文件 --->正确 (4)若仍失败:最后排查 Nginx 错误日志 # 查看最新 20 条错误日志,聚焦与 443 端口、proxy_pass 相关的内容 cat /var/log/nginx/error.log | tail -20 [root@nginx ~]# cat /var/log/nginx/error.log | tail -20 2025/09/14 17:27:15 [emerg] 13055#13055: unexpected "}" in /etc/nginx/conf.d/web.conf:13 2025/09/14 17:34:15 [emerg] 13062#13062: unexpected "}" in /etc/nginx/conf.d/web.conf:13 2025/09/14 17:36:40 [emerg] 13064#13064: unexpected end of file, expecting "}" in /etc/nginx/conf.d/web.conf:15 2025/09/14 17:37:08 [emerg] 13066#13066: cannot load certificate "/etc/pki/certs/web.com.crt": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/pki/certs/web.com.crt, r) error:10000080:BIO routines::no such file) 2025/09/14 18:52:07 [crit] 13085#13085: *1 connect() to 192.168.30.11:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.11:8080/", host: "www.web.com" 2025/09/14 18:52:07 [crit] 13085#13085: *1 connect() to 192.168.30.12:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.12:8080/", host: "www.web.com" 2025/09/14 18:52:59 [crit] 13085#13085: *4 connect() to 192.168.30.12:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.12:8080/", host: "www.web.com" 2025/09/14 18:52:59 [crit] 13085#13085: *4 connect() to 192.168.30.11:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.11:8080/", host: "www.web.com" 2025/09/14 18:55:04 [crit] 13085#13085: *7 connect() to 192.168.30.12:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.12:8080/", host: "www.web.com" 2025/09/14 18:55:04 [crit] 13085#13085: *7 connect() to 192.168.30.11:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.11:8080/", host: "www.web.com" 2025/09/14 19:12:51 [crit] 13178#13178: *1 connect() to 192.168.30.11:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.11:8080/", host: "www.web.com" 2025/09/14 19:12:51 [crit] 13178#13178: *1 connect() to 192.168.30.12:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.12:8080/", host: "www.web.com" #从 Nginx 错误日志可以看到核心错误:connect() to 192.168.30.11:8080 failed (13: Permission denied),这表明 Nginx 进程没有权限连接到后端 Tomcat 服务器的 8080 端口,导致 502 错误。 #这是典型的 SELinux 或防火墙权限限制 问题 [root@nginx ~]# getenforce Enforcing [root@nginx ~]# setenforce 0 #验证 [root@nginx ~]# curl https://www.web.com -k 192.168.30.11#成功 ``` ## 配置Tomcat2 克隆Tomcat1 改主机名,ip,主页 [root@tomcat1 ~]# hostnamectl hostname tomcat2 [root@tomcat1 ~]# exit [root@tomcat2 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.30.12/24 ipv4.gateway 192.168.30.2 ipv4.dns 223.5.5.5 connection.autoconnect yes [root@tomcat2 ~]# nmcli c up ens160 [root@tomcat2 ~]# cd /var/lib/tomcat/webapps/ROOT [root@tomcat2 ROOT]# ls asf-logo-wide.svg bg-nav.png index.jsp tomcat.svg bg-button.png bg-upper.png RELEASE-NOTES.txt WEB-INF bg-middle.png favicon.ico tomcat.css [root@tomcat2 ROOT]# echo $(hostname -I) > index.jsp ## 测试 ### 准备工作: 确保nginx和tomcat服务都打开,防火墙和selinux都关闭 ### 测试 ```bash [root@nginx ~]# curl https://www.web.com -k 192.168.30.11 [root@nginx ~]# curl https://www.web.com -k 192.168.30.11 [root@nginx ~]# curl https://www.web.com -k 192.168.30.12 [root@nginx ~]# curl https://www.web.com -k 192.168.30.11 [root@nginx ~]# curl https://www.web.com -k 192.168.30.12 [root@nginx ~]# curl https://www.web.com -k 192.168.30.11 ```

相关推荐
ulias2121 天前
Linux系统中的权限问题
linux·运维·服务器
青花瓷1 天前
Ubuntu下OpenClaw的安装(豆包火山API版)
运维·服务器·ubuntu
问简1 天前
docker 镜像相关
运维·docker·容器
Dream of maid1 天前
Linux(下)
linux·运维·服务器
齐鲁大虾1 天前
统信系统UOS常用命令集
linux·运维·服务器
Benszen1 天前
Docker容器化技术实战指南
运维·docker·容器
ZzzZZzzzZZZzzzz…1 天前
Nginx 平滑升级:从 1.26.3 到 1.28.0,用户无感知
linux·运维·nginx·平滑升级·nginx1.26.3·nginx1.28.0
一叶知秋yyds1 天前
Ubuntu 虚拟机安装 OpenClaw 完整流程
linux·运维·ubuntu·openclaw
斯普信云原生组1 天前
Prometheus 环境监控虚机 Redis 方案(生产实操版)
运维·docker·容器
safestar20121 天前
ES批量写入性能调优:BulkProcessor 参数详解与实战案例
java·大数据·运维·jenkins
热门推荐
01GitHub 镜像站点02一周AI热点速览(2026.03.31-04.06):GPT-6曝光、谷歌开源Gemma 4、资本狂飙与模型军备竞赛03基于 Docker 部署 Hermes Agent 并接入飞书机器人的完整指南04OpenClaw 请求超时 llm request timed out 怎么解决?3 种方案实测,附完整排查流程05VMware Workstation Pro 17 虚拟机完整安装教程(2026最新)06CodeBuddy与WorkBuddy深度对比:腾讯两款AI工具差异及实操指南07Oh My Codex 快速使用指南08开发者环境配置:用 Ollama 实现本地大模型部署(附下载慢的解决方案09实测!Gemma 4 成功跑在安卓手机上:离线 AI 助手终于来了10UV安装并设置国内源