Nginx_Tomcat综合案例

ZzzZZzzzZZZzzzz…2025-09-15 8:41

要求

需求:通过 nginx 来代理两个 tomcat 服务器++(反向代理)++,然后通过 https://www.nginx.com 来进行访问。

主机名 IP 软件
nginx 192.168.30.10 nginx
tomcat1 192.168.30.11 java,tomcat
tomcat2 192.168.30.12 java,tomcat

准备工作

1.先下载一下工具

++(这是一个简装版,最初始)++

现在应该也没有仓库,没有挂载。

1.检查仓库:

bash 复制代码 
[root@nginx ~]# ls  /etc/yum.repos.d/
base.repo  redhat.repo 
#base.repo 和 redhat.repo,基本是最小化安装时系统自动创建的默认配置文件

2.检查挂载情况:

bash 复制代码 
[root@nginx ~]# ls /mnt
hgfs#没有

3.创建dnf.repo仓库

bash 复制代码 
[root@nginx ~]# vim /etc/yum.repos.d/dnf.repo
[root@nginx ~]# cat /etc/yum.repos.d/dnf.repo
[baseOS]
name=baseos
baseurl=/mnt/BaseOS
gpgcheck=0
enabled=1

[appSteam]
name=appstream
baseurl=/mnt/AppStream
gpgcheck=0
enabled=1

4.挂载仓库&检查

bash 复制代码 
[root@nginx ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.

[root@nginx ~]# ls /mnt
AppStream  EULA              images      RPM-GPG-KEY-redhat-beta
BaseOS     extra_files.json  isolinux    RPM-GPG-KEY-redhat-release
EFI        GPL               media.repo

5.下载补全工具bash-completion(tab)

bash 复制代码 
[root@nginx ~]# dnf install bash-completion -y
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Repository baseOS is listed more than once in the configuration
BaseOS                                              2.7 MB/s | 2.7 kB     00:00    
AppStream                                           3.1 MB/s | 3.2 kB     00:00    
appstream                                            76 MB/s | 6.5 MB     00:00    

Dependencies resolved.
====================================================================================

 Package                   Architecture  Version                Repository     Size
====================================================================================

Installing:
 bash-completion           noarch        1:2.11-4.el9           baseOS        459 k
Installing dependencies:
 libpkgconf                x86_64        1.7.3-10.el9           baseOS         37 k
 pkgconf                   x86_64        1.7.3-10.el9           baseOS         45 k
 pkgconf-m4                noarch        1.7.3-10.el9           baseOS         16 k
 pkgconf-pkg-config        x86_64        1.7.3-10.el9           baseOS         12 k

Transaction Summary
====================================================================================

Install  5 Packages

Total size: 569 k
Installed size: 1.2 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                            1/1 
  Installing       : pkgconf-m4-1.7.3-10.el9.noarch                             1/5 
  Installing       : libpkgconf-1.7.3-10.el9.x86_64                             2/5 
  Installing       : pkgconf-1.7.3-10.el9.x86_64                                3/5 
  Installing       : pkgconf-pkg-config-1.7.3-10.el9.x86_64                     4/5 
  Installing       : bash-completion-1:2.11-4.el9.noarch                        5/5 
  Running scriptlet: bash-completion-1:2.11-4.el9.noarch                        5/5 
  Verifying        : bash-completion-1:2.11-4.el9.noarch                        1/5 
  Verifying        : libpkgconf-1.7.3-10.el9.x86_64                             2/5 
  Verifying        : pkgconf-1.7.3-10.el9.x86_64                                3/5 
  Verifying        : pkgconf-m4-1.7.3-10.el9.noarch                             4/5 
  Verifying        : pkgconf-pkg-config-1.7.3-10.el9.x86_64                     5/5 
Installed products updated.

Installed:
  bash-completion-1:2.11-4.el9.noarch          libpkgconf-1.7.3-10.el9.x86_64      
  pkgconf-1.7.3-10.el9.x86_64                  pkgconf-m4-1.7.3-10.el9.noarch      
  pkgconf-pkg-config-1.7.3-10.el9.x86_64      

Complete!

2.关闭防火墙和selinux

++(Nginx & Tomcat)++

bash 复制代码 
[root@bogon ~]# systemctl stop firewalld
[root@bogon ~]# systemctl stop selinux   #这里写错了,导致后面检验时curl不上,进行了一堆排错
[root@nginx ~]# setenforce 0     #正确关闭
Failed to stop selinux.service: Unit selinux.service not loaded.

配置Nginx主机

1.改主机名

复制代码 
[root@bogon ~]# hostnamectl hostname nginx
[root@bogon ~]# exit

2.改ip地址

bash 复制代码 
[root@nginx ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.30.10/24 ipv4.gateway 192.168.30.2 ipv4.dns 223.5.5.5 connection.autoconnect yes 
[root@nginx ~]# nmcli c up ens160

3.安装nginx

bash 复制代码 
[root@nginx ~]# dnf install nginx -y
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Repository baseOS is listed more than once in the configuration
Last metadata expiration check: 0:17:48 ago on Sun 14 Sep 2025 04:46:31 PM CST.

Dependencies resolved.
====================================================================================

 Package                 Arch        Version                   Repository      Size
====================================================================================

Installing:
 nginx                   x86_64      1:1.20.1-14.el9_2.1       appStream       40 k
Installing dependencies:
 nginx-core              x86_64      1:1.20.1-14.el9_2.1       appStream      574 k
 nginx-filesystem        noarch      1:1.20.1-14.el9_2.1       appStream       11 k
 redhat-logos-httpd      noarch      90.4-2.el9                appStream       18 k

Transaction Summary
====================================================================================

Install  4 Packages

Total size: 643 k
Installed size: 1.8 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                            1/1 
  Running scriptlet: nginx-filesystem-1:1.20.1-14.el9_2.1.noarch                1/4 
  Installing       : nginx-filesystem-1:1.20.1-14.el9_2.1.noarch                1/4 
  Installing       : nginx-core-1:1.20.1-14.el9_2.1.x86_64                      2/4 
  Installing       : redhat-logos-httpd-90.4-2.el9.noarch                       3/4 
  Installing       : nginx-1:1.20.1-14.el9_2.1.x86_64                           4/4 
  Running scriptlet: nginx-1:1.20.1-14.el9_2.1.x86_64                           4/4 
  Verifying        : nginx-1:1.20.1-14.el9_2.1.x86_64                           1/4 
  Verifying        : nginx-core-1:1.20.1-14.el9_2.1.x86_64                      2/4 
  Verifying        : nginx-filesystem-1:1.20.1-14.el9_2.1.noarch                3/4 
  Verifying        : redhat-logos-httpd-90.4-2.el9.noarch                       4/4 
Installed products updated.

Installed:
  nginx-1:1.20.1-14.el9_2.1.x86_64            nginx-core-1:1.20.1-14.el9_2.1.x86_64
  nginx-filesystem-1:1.20.1-14.el9_2.1.noarch redhat-logos-httpd-90.4-2.el9.noarch 

Complete!

4.主机映射

root@nginx \~\]# vim /etc/hosts \[root@nginx \~\]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.30.10 www.web.com ```bash [root@nginx ~]# vim /etc/hosts [root@nginx ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.30.10 www.web.com #配置的 ``` ### 5.生成证书和密钥(HTTPS密钥服务) ```bash [root@nginx ~]# cd /etc/pki/tls/cert/ -bash: cd: /etc/pki/tls/cert/: No such file or directory [root@nginx ~]# cd /etc/pki/tls/certs/ [root@nginx certs]# openssl genrsa > web.com.key [root@nginx certs]# ls ca-bundle.crt ca-bundle.trust.crt web.com.key [root@nginx certs]# openssl req -new -key web.com.key -x509 -days 365 -out web.com.crt You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:chongqing Locality Name (eg, city) [Default City]:banan Organization Name (eg, company) [Default Company Ltd]:ck Organizational Unit Name (eg, section) []:xxzx Common Name (eg, your name or your server's hostname) []:www.web.com Email Address []: [root@nginx certs]# mv web.com.key ../private/ ``` ### 6.配置nginx(.conf) ```bash [root@nginx certs]# vim /etc/nginx/conf.d/web.conf [root@nginx certs]# cat /etc/nginx/conf.d/web.conf upstream tomcat { server 192.168.30.11:8080; server 192.168.30.12:8080; } server { listen 443 ssl; server_name www.web.com; ssl_certificate "/etc/pki/certs/web.com.crt"; ssl_certificate_key "/etc/pki/certs/web.com.key"; location / { proxy_pass http://tomcat } } ``` ### 7.启动nginx [root@nginx certs]# systemctl start nginx #### 遇到问题:启动失败 ```bash [root@nginx certs]# systemctl start nginx Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details. #提示用systemctl status nginx.service && journalctl -xeu nginx.service检查 [root@nginx certs]# systemctl status nginx.service × nginx.service - The nginx HTTP and reverse proxy server Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; preset: disab> Active: failed (Result: exit-code) since Sun 2025-09-14 17:27:15 CST; 19s ago Process: 13053 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=> Process: 13055 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE) CPU: 13ms Sep 14 17:27:15 nginx systemd[1]: Starting The nginx HTTP and reverse proxy server.> Sep 14 17:27:15 nginx nginx[13055]: nginx: [emerg] unexpected "}" in /etc/nginx/con> #emerg] 是 Nginx 配置错误的紧急级别提示,通常表示配置文件存在无法忽略的语法问题,导致 Nginx 无法启动。 #unexpected "}" 直接说明:在配置文件中出现了未预期的 } 符号(可能是多写了 },或 } 位置错误,导致括号不匹配)。 Sep 14 17:27:15 nginx nginx[13055]: nginx: configuration file /etc/nginx/nginx.conf> Sep 14 17:27:15 nginx systemd[1]: nginx.service: Control process exited, code=exite> Sep 14 17:27:15 nginx systemd[1]: nginx.service: Failed with result 'exit-code'. Sep 14 17:27:15 nginx systemd[1]: Failed to start The nginx HTTP and reverse proxy > [root@nginx certs]# 针对这种语法问题我们可以防御,在配置写完后用nginx -t检查 这时我们用一下: [root@nginx certs]# nginx -t nginx: [emerg] unexpected "}" in /etc/nginx/conf.d/web.conf:13 nginx: configuration file /etc/nginx/nginx.conf test failed 改正后: [root@nginx certs]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful#表示没问题 [root@nginx certs]# cat /etc/nginx/conf.d/web.conf upstream tomcat { server 192.168.30.11:8080; server 192.168.30.12:8080; } server { listen 443 ssl; server_name www.web.com; ssl_certificate "/etc/pki/tls/certs/web.com.crt";#改后 ssl_certificate_key "/etc/pki/tls/private/web.com.key";#改后 location / { proxy_pass http://tomcat;#改后 } } ``` 重新启动nginx ```bash [root@nginx certs]# systemctl restart nginx [root@nginx certs]# #没提示,没问题 也可以自己看nginx状态 [root@nginx certs]# systemctl status nginx ● nginx.service - The nginx HTTP and reverse proxy server Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; preset: disab> Active: active (running) since Sun 2025-09-14 17:42:37 CST; 44s ago Process: 13078 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=> Process: 13081 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS) Process: 13082 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS) Main PID: 13083 (nginx) Tasks: 5 (limit: 12043) Memory: 5.2M CPU: 34ms CGroup: /system.slice/nginx.service ├─13083 "nginx: master process /usr/sbin/nginx" ├─13084 "nginx: worker process" ├─13085 "nginx: worker process" ├─13086 "nginx: worker process" └─13087 "nginx: worker process" Sep 14 17:42:37 nginx systemd[1]: Starting The nginx HTTP and reverse proxy server.> Sep 14 17:42:37 nginx nginx[13081]: nginx: the configuration file /etc/nginx/nginx.> Sep 14 17:42:37 nginx nginx[13081]: nginx: configuration file /etc/nginx/nginx.conf> Sep 14 17:42:37 nginx systemd[1]: Started The nginx HTTP and reverse proxy server. ``` ## 配置Tomcat1 先添加一下补全工具(tab方便) #略(上面有) ### 准备工作: 修改主机名,ip,关防火墙等(和配置nginx一样) 关防火墙等 [root@bogon ~]# systemctl stop firewalld 修改主机名 [root@bogon ~]# hostnamectl hostname tomcat1 [root@bogon ~]# exit #退出重进 修改ip [root@tomcat1 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.30.11/24 ipv4.gateway 192.168.30.2 ipv4.dns 223.5.5.5 connection.autoconnect yes [root@tomcat1 ~]# nmcli c up ens160 #自动退出,用新ip重进 ### 安装软件(JDK和Tomcat) #### 安装JDK ```bash 1.dnf安装wget。jdk不能dnf安装,要源码安装,用到wget [root@tomcat1 ~]# dnf install wget Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Repository baseOS is listed more than once in the configuration Last metadata expiration check: 0:13:44 ago on Sun 14 Sep 2025 05:49:35 PM CST. Package wget-1.21.1-7.el9.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! 2.下载JDK [root@tomcat1 ~]# wget https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.tar.gz --2025-09-14 18:04:42-- https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.tar.gz Resolving download.oracle.com (download.oracle.com)... 92.123.44.100 Connecting to download.oracle.com (download.oracle.com)|92.123.44.100|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 197018367 (188M) [application/x-gzip] Saving to: 'jdk-21_linux-x64_bin.tar.gz' jdk-21_linux-x64_bin 100%[======================>] 187.89M 5.32MB/s in 37s 2025-09-14 18:05:20 (5.09 MB/s) - 'jdk-21_linux-x64_bin.tar.gz' saved [197018367/197018367] [root@tomcat1 ~]# ls a2 aa jdk-21_linux-x64_bin.tar.gz test2 test4 a3 anaconda-ks.cfg test1 3.在/usr/local(专门放自主安装的软件)安装JDK #先解压到/usr/local [root@tomcat1 ~]# tar -xzf jdk-21_linux-x64_bin.tar.gz -C /usr/local/ #进入/usr/local && 安装 [root@tomcat1 ~]# cd /usr/local/ [root@tomcat1 local]# ls bin etc games include jdk-21.0.8 lib lib64 libexec sbin share src [root@tomcat1 local]# cd jdk-21.0.8/ [root@tomcat1 jdk-21.0.8]# 4.配置JDK(源码安装就是这样麻烦) [root@tomcat1 jdk-21.0.8]# vim /etc/profile ..... export JAVA_HOME=/usr/local/jdk-21.0.6 export PATH=$PATH:$JAVA_HOME/bin 5.JDK配置生效 && 检查 [root@tomcat1 jdk-21.0.8]# source /etc/profile [root@tomcat1 jdk-21.0.8]# java -version java version "21.0.8" 2025-07-15 LTS Java(TM) SE Runtime Environment (build 21.0.8+12-LTS-250) Java HotSpot(TM) 64-Bit Server VM (build 21.0.8+12-LTS-250, mixed mode, sharing) ``` #### 安装tomcat ```bash 6.安装tomcat [root@tomcat1 ~]# dnf install tomcat Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. baseos 2.7 MB/s | 2.7 kB 00:00 appstream 3.1 MB/s | 3.2 kB 00:00 Dependencies resolved. ==================================================================================== Package Arch Version Repository Size ==================================================================================== Installing: tomcat noarch 1:9.0.62-37.el9_3 appSteam 101 k Installing dependencies: alsa-lib x86_64 1.2.9-1.el9 appSteam 523 k avahi-libs x86_64 0.8-15.el9 baseOS 71 k copy-jdk-configs noarch 4.0-3.el9 appSteam 29 k cups-libs x86_64 1:2.3.3op2-21.el9 baseOS 265 k ecj noarch 1:4.20-11.el9 appSteam 1.9 M java-11-openjdk-headless x86_64 1:11.0.20.0.8-3.el9 appSteam 40 M javapackages-filesystem noarch 6.0.0-4.el9 appSteam 17 k javapackages-tools noarch 6.0.0-4.el9 appSteam 29 k lksctp-tools x86_64 1.0.19-2.el9 baseOS 98 k lua x86_64 5.4.4-4.el9 appSteam 192 k lua-posix x86_64 35.0-8.el9 appSteam 155 k tomcat-el-3.0-api noarch 1:9.0.62-37.el9_3 appSteam 108 k tomcat-jsp-2.3-api noarch 1:9.0.62-37.el9_3 appSteam 67 k tomcat-lib noarch 1:9.0.62-37.el9_3 appSteam 5.8 M tomcat-servlet-4.0-api noarch 1:9.0.62-37.el9_3 appSteam 286 k tzdata-java noarch 2023c-1.el9 appSteam 234 k Transaction Summary ==================================================================================== Install 17 Packages Total size: 50 M Installed size: 191 M Is this ok [y/N]: y Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Running scriptlet: copy-jdk-configs-4.0-3.el9.noarch 1/1 Running scriptlet: java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 1/1 Preparing : 1/1 Installing : javapackages-filesystem-6.0.0-4.el9.noarch 1/17 Installing : tzdata-java-2023c-1.el9.noarch 2/17 Installing : lua-posix-35.0-8.el9.x86_64 3/17 Installing : lua-5.4.4-4.el9.x86_64 4/17 Installing : copy-jdk-configs-4.0-3.el9.noarch 5/17 Installing : alsa-lib-1.2.9-1.el9.x86_64 6/17 Installing : lksctp-tools-1.0.19-2.el9.x86_64 7/17 Installing : avahi-libs-0.8-15.el9.x86_64 8/17 Installing : cups-libs-1:2.3.3op2-21.el9.x86_64 9/17 Installing : java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 10/17 Running scriptlet: java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 10/17 Installing : javapackages-tools-6.0.0-4.el9.noarch 11/17 Installing : tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch 12/17 Running scriptlet: tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch 12/17 Installing : tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch 13/17 Running scriptlet: tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch 13/17 Installing : tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch 14/17 Running scriptlet: tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch 14/17 Installing : ecj-1:4.20-11.el9.noarch 15/17 Installing : tomcat-lib-1:9.0.62-37.el9_3.noarch 16/17 Running scriptlet: tomcat-1:9.0.62-37.el9_3.noarch 17/17 Installing : tomcat-1:9.0.62-37.el9_3.noarch 17/17 Running scriptlet: tomcat-1:9.0.62-37.el9_3.noarch 17/17 Running scriptlet: copy-jdk-configs-4.0-3.el9.noarch 17/17 Running scriptlet: java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 17/17 Running scriptlet: tomcat-1:9.0.62-37.el9_3.noarch 17/17 Verifying : avahi-libs-0.8-15.el9.x86_64 1/17 Verifying : cups-libs-1:2.3.3op2-21.el9.x86_64 2/17 Verifying : lksctp-tools-1.0.19-2.el9.x86_64 3/17 Verifying : alsa-lib-1.2.9-1.el9.x86_64 4/17 Verifying : copy-jdk-configs-4.0-3.el9.noarch 5/17 Verifying : ecj-1:4.20-11.el9.noarch 6/17 Verifying : java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 7/17 Verifying : javapackages-filesystem-6.0.0-4.el9.noarch 8/17 Verifying : javapackages-tools-6.0.0-4.el9.noarch 9/17 Verifying : lua-5.4.4-4.el9.x86_64 10/17 Verifying : lua-posix-35.0-8.el9.x86_64 11/17 Verifying : tomcat-1:9.0.62-37.el9_3.noarch 12/17 Verifying : tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch 13/17 Verifying : tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch 14/17 Verifying : tomcat-lib-1:9.0.62-37.el9_3.noarch 15/17 Verifying : tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch 16/17 Verifying : tzdata-java-2023c-1.el9.noarch 17/17 Installed products updated. Installed: alsa-lib-1.2.9-1.el9.x86_64 avahi-libs-0.8-15.el9.x86_64 copy-jdk-configs-4.0-3.el9.noarch cups-libs-1:2.3.3op2-21.el9.x86_64 ecj-1:4.20-11.el9.noarch java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 javapackages-filesystem-6.0.0-4.el9.noarch javapackages-tools-6.0.0-4.el9.noarch lksctp-tools-1.0.19-2.el9.x86_64 lua-5.4.4-4.el9.x86_64 lua-posix-35.0-8.el9.x86_64 tomcat-1:9.0.62-37.el9_3.noarch tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch tomcat-lib-1:9.0.62-37.el9_3.noarch tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch tzdata-java-2023c-1.el9.noarch Complete! 7.改变首页 #找到tomcat [root@tomcat1 ~]# rpm -ql tomcat /etc/logrotate.d/tomcat.disabled /etc/sysconfig/tomcat /etc/tomcat /etc/tomcat/Catalina /etc/tomcat/Catalina/localhost /etc/tomcat/catalina.policy /etc/tomcat/catalina.properties /etc/tomcat/conf.d /etc/tomcat/conf.d/README /etc/tomcat/conf.d/java-9-start-up-parameters.conf /etc/tomcat/context.xml /etc/tomcat/jaspic-providers.xml /etc/tomcat/jaspic-providers.xsd /etc/tomcat/logging.properties /etc/tomcat/server.xml /etc/tomcat/tomcat-users.xml /etc/tomcat/tomcat-users.xsd /etc/tomcat/tomcat.conf /etc/tomcat/web.xml /usr/bin/tomcat-digest /usr/bin/tomcat-tool-wrapper /usr/lib/systemd/system/tomcat.service /usr/lib/systemd/system/tomcat@.service /usr/libexec/tomcat /usr/libexec/tomcat/functions /usr/libexec/tomcat/preamble /usr/libexec/tomcat/server /usr/sbin/tomcat /usr/share/doc/tomcat /usr/share/doc/tomcat/LICENSE /usr/share/doc/tomcat/NOTICE /usr/share/doc/tomcat/RELEASE-NOTES /usr/share/tomcat /usr/share/tomcat/bin/bootstrap.jar /usr/share/tomcat/bin/catalina-tasks.xml /usr/share/tomcat/conf /usr/share/tomcat/lib /usr/share/tomcat/logs /usr/share/tomcat/temp /usr/share/tomcat/webapps /usr/share/tomcat/work /var/cache/tomcat /var/cache/tomcat/temp /var/cache/tomcat/work /var/lib/tomcat /var/lib/tomcat/webapps /var/lib/tomcats /var/log/tomcat 找到并改变首页(webapps中ROOT/index.jsp) 一般在/var/lib/tomcat/webapps [root@tomcat1 webapps]# cd /var/lib/tomcat/webapps [root@tomcat1 webapps]# ls [root@tomcat1 webapps]# 空白 ``` ##### 遇到问题:/var/lib/tomcat/webapps为空 ```bash [root@tomcat1 webapps]# cd /var/lib/tomcat/webapps [root@tomcat1 webapps]# ls [root@tomcat1 webapps]# 空白 原因:未安装 tomcat-webapps 组件 检测是否安装 [root@tomcat1 webapps]# rpm -ql tomcat-webapps package tomcat-webapps is not installed 安装tomcat-webapps [root@tomcat1 webapps]# dnf install -y tomcat-webapps Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:14:29 ago on Sun 14 Sep 2025 06:32:32 PM CST. Dependencies resolved. ==================================================================================== Package Architecture Version Repository Size ==================================================================================== Installing: tomcat-webapps noarch 1:9.0.62-37.el9_3 appSteam 83 k Transaction Summary ==================================================================================== Install 1 Package Total size: 83 k Installed size: 146 k Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : tomcat-webapps-1:9.0.62-37.el9_3.noarch 1/1 Verifying : tomcat-webapps-1:9.0.62-37.el9_3.noarch 1/1 Installed products updated. Installed: tomcat-webapps-1:9.0.62-37.el9_3.noarch Complete! [root@tomcat1 webapps]# ls ROOT [root@tomcat1 webapps]# cd ROOT [root@tomcat1 ROOT]# ls asf-logo-wide.svg bg-nav.png index.jsp tomcat.svg bg-button.png bg-upper.png RELEASE-NOTES.txt WEB-INF bg-middle.png favicon.ico tomcat.css [root@tomcat1 ROOT]# echo $(hostname -I) > index.jsp ``` ## 检验: ++tomcat1弄好,尝试一下能不能curl++ 正常结果:回应192.168.130.11(tomcat1的ip) ### 问题:启动后curl不正确 ```bash 启动后curl不正确 [root@nginx ~]# curl https://www.web.com -k 502 Bad Gateway

502 Bad Gateway

nginx/1.20.1
排错: (1)去看nginx服务开启没有 --->开启了 (2)既然 Nginx 本身已正常运行,之前出现的 502 错误就可以完全排除 Nginx 自身启动失败的原因,问题必然出在 Nginx 与后端服务的通信环节(即反向代理配置的上游服务,如 Tomcat)。 # 1. 查看 Tomcat 服务状态(dnf 安装的 Tomcat) systemctl status tomcat [root@tomcat1 ~]# systemctl status tomcat ● tomcat.service - Apache Tomcat Web Application Container Loaded: loaded (/usr/lib/systemd/system/tomcat.service; disabled; preset: disa> Active: active (running) since Sun 2025-09-14 18:52:53 CST; 6min ago Main PID: 13189 (java) Tasks: 34 (limit: 12043) Memory: 111.6M CPU: 3.574s CGroup: /system.slice/tomcat.service └─13189 /usr/lib/jvm/jre/bin/java -Djavax.sql.DataSource.Factory=org.a> # 2. 若 Tomcat 是手动安装,查看进程是否存在 ps -ef | grep tomcat [root@tomcat1 ~]# ps -ef | grep tomcat tomcat 13189 1 0 18:52 ? 00:00:03 /usr/lib/jvm/jre/bin/java -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar: -Dcatalina.base=/usr/share/tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat/temp -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start root 13244 12680 0 19:00 pts/1 00:00:00 grep --color=auto tomcat # 3. 检查 8080 端口是否监听(确认服务可被访问) ss -tuln | grep 8080 [root@tomcat1 ~]# ss -tuln | grep 8080 tcp LISTEN 0 100 *:8080 *:* (3)直接定位 Nginx 反向代理配置文件 --->正确 (4)若仍失败:最后排查 Nginx 错误日志 # 查看最新 20 条错误日志,聚焦与 443 端口、proxy_pass 相关的内容 cat /var/log/nginx/error.log | tail -20 [root@nginx ~]# cat /var/log/nginx/error.log | tail -20 2025/09/14 17:27:15 [emerg] 13055#13055: unexpected "}" in /etc/nginx/conf.d/web.conf:13 2025/09/14 17:34:15 [emerg] 13062#13062: unexpected "}" in /etc/nginx/conf.d/web.conf:13 2025/09/14 17:36:40 [emerg] 13064#13064: unexpected end of file, expecting "}" in /etc/nginx/conf.d/web.conf:15 2025/09/14 17:37:08 [emerg] 13066#13066: cannot load certificate "/etc/pki/certs/web.com.crt": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/pki/certs/web.com.crt, r) error:10000080:BIO routines::no such file) 2025/09/14 18:52:07 [crit] 13085#13085: *1 connect() to 192.168.30.11:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.11:8080/", host: "www.web.com" 2025/09/14 18:52:07 [crit] 13085#13085: *1 connect() to 192.168.30.12:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.12:8080/", host: "www.web.com" 2025/09/14 18:52:59 [crit] 13085#13085: *4 connect() to 192.168.30.12:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.12:8080/", host: "www.web.com" 2025/09/14 18:52:59 [crit] 13085#13085: *4 connect() to 192.168.30.11:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.11:8080/", host: "www.web.com" 2025/09/14 18:55:04 [crit] 13085#13085: *7 connect() to 192.168.30.12:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.12:8080/", host: "www.web.com" 2025/09/14 18:55:04 [crit] 13085#13085: *7 connect() to 192.168.30.11:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.11:8080/", host: "www.web.com" 2025/09/14 19:12:51 [crit] 13178#13178: *1 connect() to 192.168.30.11:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.11:8080/", host: "www.web.com" 2025/09/14 19:12:51 [crit] 13178#13178: *1 connect() to 192.168.30.12:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.12:8080/", host: "www.web.com" #从 Nginx 错误日志可以看到核心错误:connect() to 192.168.30.11:8080 failed (13: Permission denied),这表明 Nginx 进程没有权限连接到后端 Tomcat 服务器的 8080 端口,导致 502 错误。 #这是典型的 SELinux 或防火墙权限限制 问题 [root@nginx ~]# getenforce Enforcing [root@nginx ~]# setenforce 0 #验证 [root@nginx ~]# curl https://www.web.com -k 192.168.30.11#成功 ``` ## 配置Tomcat2 克隆Tomcat1 改主机名,ip,主页 [root@tomcat1 ~]# hostnamectl hostname tomcat2 [root@tomcat1 ~]# exit [root@tomcat2 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.30.12/24 ipv4.gateway 192.168.30.2 ipv4.dns 223.5.5.5 connection.autoconnect yes [root@tomcat2 ~]# nmcli c up ens160 [root@tomcat2 ~]# cd /var/lib/tomcat/webapps/ROOT [root@tomcat2 ROOT]# ls asf-logo-wide.svg bg-nav.png index.jsp tomcat.svg bg-button.png bg-upper.png RELEASE-NOTES.txt WEB-INF bg-middle.png favicon.ico tomcat.css [root@tomcat2 ROOT]# echo $(hostname -I) > index.jsp ## 测试 ### 准备工作: 确保nginx和tomcat服务都打开,防火墙和selinux都关闭 ### 测试 ```bash [root@nginx ~]# curl https://www.web.com -k 192.168.30.11 [root@nginx ~]# curl https://www.web.com -k 192.168.30.11 [root@nginx ~]# curl https://www.web.com -k 192.168.30.12 [root@nginx ~]# curl https://www.web.com -k 192.168.30.11 [root@nginx ~]# curl https://www.web.com -k 192.168.30.12 [root@nginx ~]# curl https://www.web.com -k 192.168.30.11 ```

相关推荐
努力努力再努力wz2 小时前
【c++进阶系列】:map和set的模拟实现(附模拟实现的源码)
java·linux·运维·开发语言·c++
哦你看看3 小时前
linux故障排查
linux·运维·服务器
半桔3 小时前
【Linux手册】共享内存:零拷贝实现共享的优势与实操指南
linux·运维·服务器
山顶望月6 小时前
ISO20000与IT运维和运营的关系
运维·it运营·iso20000
杰锅就是爱情9 小时前
OpenObserve Ubuntu部署
linux·运维·ubuntu
lllsure9 小时前
【Docker】容器
运维·docker·容器
潇I洒10 小时前
若依4.8.1打包war后在Tomcat无法运行,404报错的一个解决方法
java·tomcat·ruoyi·若依·404
Jtti11 小时前
新加坡服务器连接速度变慢应该做哪些检查
运维·服务器
huangjiazhi_11 小时前
在Linux上无法访问usb视频设备
linux·运维·服务器
热门推荐
01GitHub 镜像站点02KGG转MP3工具|非KGM文件|解密音频03conda中设置镜像地址(附所有可换的地址)04A股预测还能更准?开源大模型Kronos带你跑通预测+回测全流程05UV安装并设置国内源0646个Nano-banana 精选提示词,持续更新中07UV 工具安装与国内镜像源配置指南08智能库存管理的需求预测模型:从业务痛点到落地代码的完整实践09突破百度网盘的下载限速,两种方法教会你【超详细】10Spec-Kit 使用指南