要求
需求:通过 nginx 来代理两个 tomcat 服务器(反向代理),然后通过 https://www.nginx.com 来进行访问。
| 主机名 | IP | 软件 |
|---|---|---|
| nginx | 192.168.30.10 | nginx |
| tomcat1 | 192.168.30.11 | java,tomcat |
| tomcat2 | 192.168.30.12 | java,tomcat |
准备工作
1.先下载一下工具
(这是一个简装版,最初始)
现在应该也没有仓库,没有挂载。
1.检查仓库:
[root@nginx ~]# ls /etc/yum.repos.d/
base.repo redhat.repo
#base.repo 和 redhat.repo,基本是最小化安装时系统自动创建的默认配置文件
2.检查挂载情况:
[root@nginx ~]# ls /mnt
hgfs#没有
3.创建dnf.repo仓库
[root@nginx ~]# vim /etc/yum.repos.d/dnf.repo
[root@nginx ~]# cat /etc/yum.repos.d/dnf.repo
[baseOS]
name=baseos
baseurl=/mnt/BaseOS
gpgcheck=0
enabled=1
[appSteam]
name=appstream
baseurl=/mnt/AppStream
gpgcheck=0
enabled=1
4.挂载仓库&检查
[root@nginx ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@nginx ~]# ls /mnt
AppStream EULA images RPM-GPG-KEY-redhat-beta
BaseOS extra_files.json isolinux RPM-GPG-KEY-redhat-release
EFI GPL media.repo
5.下载补全工具bash-completion(tab)
[root@nginx ~]# dnf install bash-completion -y
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Repository baseOS is listed more than once in the configuration
BaseOS 2.7 MB/s | 2.7 kB 00:00
AppStream 3.1 MB/s | 3.2 kB 00:00
appstream 76 MB/s | 6.5 MB 00:00
Dependencies resolved.
====================================================================================
Package Architecture Version Repository Size
====================================================================================
Installing:
bash-completion noarch 1:2.11-4.el9 baseOS 459 k
Installing dependencies:
libpkgconf x86_64 1.7.3-10.el9 baseOS 37 k
pkgconf x86_64 1.7.3-10.el9 baseOS 45 k
pkgconf-m4 noarch 1.7.3-10.el9 baseOS 16 k
pkgconf-pkg-config x86_64 1.7.3-10.el9 baseOS 12 k
Transaction Summary
====================================================================================
Install 5 Packages
Total size: 569 k
Installed size: 1.2 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : pkgconf-m4-1.7.3-10.el9.noarch 1/5
Installing : libpkgconf-1.7.3-10.el9.x86_64 2/5
Installing : pkgconf-1.7.3-10.el9.x86_64 3/5
Installing : pkgconf-pkg-config-1.7.3-10.el9.x86_64 4/5
Installing : bash-completion-1:2.11-4.el9.noarch 5/5
Running scriptlet: bash-completion-1:2.11-4.el9.noarch 5/5
Verifying : bash-completion-1:2.11-4.el9.noarch 1/5
Verifying : libpkgconf-1.7.3-10.el9.x86_64 2/5
Verifying : pkgconf-1.7.3-10.el9.x86_64 3/5
Verifying : pkgconf-m4-1.7.3-10.el9.noarch 4/5
Verifying : pkgconf-pkg-config-1.7.3-10.el9.x86_64 5/5
Installed products updated.
Installed:
bash-completion-1:2.11-4.el9.noarch libpkgconf-1.7.3-10.el9.x86_64
pkgconf-1.7.3-10.el9.x86_64 pkgconf-m4-1.7.3-10.el9.noarch
pkgconf-pkg-config-1.7.3-10.el9.x86_64
Complete!
2.关闭防火墙和selinux
(Nginx & Tomcat)
[root@bogon ~]# systemctl stop firewalld
[root@bogon ~]# systemctl stop selinux #这里写错了,导致后面检验时curl不上,进行了一堆排错
[root@nginx ~]# setenforce 0 #正确关闭
Failed to stop selinux.service: Unit selinux.service not loaded.
配置Nginx主机
1.改主机名
[root@bogon ~]# hostnamectl hostname nginx
[root@bogon ~]# exit
2.改ip地址
[root@nginx ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.30.10/24 ipv4.gateway 192.168.30.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@nginx ~]# nmcli c up ens160
3.安装nginx
[root@nginx ~]# dnf install nginx -y
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Repository baseOS is listed more than once in the configuration
Last metadata expiration check: 0:17:48 ago on Sun 14 Sep 2025 04:46:31 PM CST.
Dependencies resolved.
====================================================================================
Package Arch Version Repository Size
====================================================================================
Installing:
nginx x86_64 1:1.20.1-14.el9_2.1 appStream 40 k
Installing dependencies:
nginx-core x86_64 1:1.20.1-14.el9_2.1 appStream 574 k
nginx-filesystem noarch 1:1.20.1-14.el9_2.1 appStream 11 k
redhat-logos-httpd noarch 90.4-2.el9 appStream 18 k
Transaction Summary
====================================================================================
Install 4 Packages
Total size: 643 k
Installed size: 1.8 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: nginx-filesystem-1:1.20.1-14.el9_2.1.noarch 1/4
Installing : nginx-filesystem-1:1.20.1-14.el9_2.1.noarch 1/4
Installing : nginx-core-1:1.20.1-14.el9_2.1.x86_64 2/4
Installing : redhat-logos-httpd-90.4-2.el9.noarch 3/4
Installing : nginx-1:1.20.1-14.el9_2.1.x86_64 4/4
Running scriptlet: nginx-1:1.20.1-14.el9_2.1.x86_64 4/4
Verifying : nginx-1:1.20.1-14.el9_2.1.x86_64 1/4
Verifying : nginx-core-1:1.20.1-14.el9_2.1.x86_64 2/4
Verifying : nginx-filesystem-1:1.20.1-14.el9_2.1.noarch 3/4
Verifying : redhat-logos-httpd-90.4-2.el9.noarch 4/4
Installed products updated.
Installed:
nginx-1:1.20.1-14.el9_2.1.x86_64 nginx-core-1:1.20.1-14.el9_2.1.x86_64
nginx-filesystem-1:1.20.1-14.el9_2.1.noarch redhat-logos-httpd-90.4-2.el9.noarch
Complete!
4.主机映射
[root@nginx ~]# vim /etc/hosts
[root@nginx ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.30.10 www.web.com
[root@nginx ~]# vim /etc/hosts
[root@nginx ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.30.10 www.web.com #配置的
5.生成证书和密钥(HTTPS密钥服务)
[root@nginx ~]# cd /etc/pki/tls/cert/
-bash: cd: /etc/pki/tls/cert/: No such file or directory
[root@nginx ~]# cd /etc/pki/tls/certs/
[root@nginx certs]# openssl genrsa > web.com.key
[root@nginx certs]# ls
ca-bundle.crt ca-bundle.trust.crt web.com.key
[root@nginx certs]# openssl req -new -key web.com.key -x509 -days 365 -out web.com.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:chongqing
Locality Name (eg, city) [Default City]:banan
Organization Name (eg, company) [Default Company Ltd]:ck
Organizational Unit Name (eg, section) []:xxzx
Common Name (eg, your name or your server's hostname) []:www.web.com
Email Address []:
[root@nginx certs]# mv web.com.key ../private/
6.配置nginx(.conf)
[root@nginx certs]# vim /etc/nginx/conf.d/web.conf
[root@nginx certs]# cat /etc/nginx/conf.d/web.conf
upstream tomcat {
server 192.168.30.11:8080;
server 192.168.30.12:8080;
}
server {
listen 443 ssl;
server_name www.web.com;
ssl_certificate "/etc/pki/certs/web.com.crt";
ssl_certificate_key "/etc/pki/certs/web.com.key";
location / {
proxy_pass http://tomcat
}
}
7.启动nginx
[root@nginx certs]# systemctl start nginx
遇到问题:启动失败
[root@nginx certs]# systemctl start nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details.
#提示用systemctl status nginx.service && journalctl -xeu nginx.service检查
[root@nginx certs]# systemctl status nginx.service
× nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; preset: disab>
Active: failed (Result: exit-code) since Sun 2025-09-14 17:27:15 CST; 19s ago
Process: 13053 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=>
Process: 13055 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
CPU: 13ms
Sep 14 17:27:15 nginx systemd[1]: Starting The nginx HTTP and reverse proxy server.>
Sep 14 17:27:15 nginx nginx[13055]: nginx: [emerg] unexpected "}" in /etc/nginx/con>
#emerg] 是 Nginx 配置错误的紧急级别提示,通常表示配置文件存在无法忽略的语法问题,导致 Nginx 无法启动。
#unexpected "}" 直接说明:在配置文件中出现了未预期的 } 符号(可能是多写了 },或 } 位置错误,导致括号不匹配)。
Sep 14 17:27:15 nginx nginx[13055]: nginx: configuration file /etc/nginx/nginx.conf>
Sep 14 17:27:15 nginx systemd[1]: nginx.service: Control process exited, code=exite>
Sep 14 17:27:15 nginx systemd[1]: nginx.service: Failed with result 'exit-code'.
Sep 14 17:27:15 nginx systemd[1]: Failed to start The nginx HTTP and reverse proxy >
[root@nginx certs]#
针对这种语法问题我们可以防御,在配置写完后用nginx -t检查
这时我们用一下:
[root@nginx certs]# nginx -t
nginx: [emerg] unexpected "}" in /etc/nginx/conf.d/web.conf:13
nginx: configuration file /etc/nginx/nginx.conf test failed
改正后:
[root@nginx certs]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful#表示没问题
[root@nginx certs]# cat /etc/nginx/conf.d/web.conf
upstream tomcat {
server 192.168.30.11:8080;
server 192.168.30.12:8080;
}
server {
listen 443 ssl;
server_name www.web.com;
ssl_certificate "/etc/pki/tls/certs/web.com.crt";#改后
ssl_certificate_key "/etc/pki/tls/private/web.com.key";#改后
location / {
proxy_pass http://tomcat;#改后
}
}
重新启动nginx
[root@nginx certs]# systemctl restart nginx
[root@nginx certs]#
#没提示,没问题
也可以自己看nginx状态
[root@nginx certs]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; preset: disab>
Active: active (running) since Sun 2025-09-14 17:42:37 CST; 44s ago
Process: 13078 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=>
Process: 13081 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 13082 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Main PID: 13083 (nginx)
Tasks: 5 (limit: 12043)
Memory: 5.2M
CPU: 34ms
CGroup: /system.slice/nginx.service
├─13083 "nginx: master process /usr/sbin/nginx"
├─13084 "nginx: worker process"
├─13085 "nginx: worker process"
├─13086 "nginx: worker process"
└─13087 "nginx: worker process"
Sep 14 17:42:37 nginx systemd[1]: Starting The nginx HTTP and reverse proxy server.>
Sep 14 17:42:37 nginx nginx[13081]: nginx: the configuration file /etc/nginx/nginx.>
Sep 14 17:42:37 nginx nginx[13081]: nginx: configuration file /etc/nginx/nginx.conf>
Sep 14 17:42:37 nginx systemd[1]: Started The nginx HTTP and reverse proxy server.
配置Tomcat1
先添加一下补全工具(tab方便)
#略(上面有)
准备工作:
修改主机名,ip,关防火墙等(和配置nginx一样)
关防火墙等
[root@bogon ~]# systemctl stop firewalld
修改主机名
[root@bogon ~]# hostnamectl hostname tomcat1
[root@bogon ~]# exit #退出重进
修改ip
[root@tomcat1 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.30.11/24 ipv4.gateway 192.168.30.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@tomcat1 ~]# nmcli c up ens160
#自动退出,用新ip重进
安装软件(JDK和Tomcat)
安装JDK
1.dnf安装wget。jdk不能dnf安装,要源码安装,用到wget
[root@tomcat1 ~]# dnf install wget
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Repository baseOS is listed more than once in the configuration
Last metadata expiration check: 0:13:44 ago on Sun 14 Sep 2025 05:49:35 PM CST.
Package wget-1.21.1-7.el9.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
2.下载JDK
[root@tomcat1 ~]# wget https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.tar.gz
--2025-09-14 18:04:42-- https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.tar.gz
Resolving download.oracle.com (download.oracle.com)... 92.123.44.100
Connecting to download.oracle.com (download.oracle.com)|92.123.44.100|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 197018367 (188M) [application/x-gzip]
Saving to: ‘jdk-21_linux-x64_bin.tar.gz’
jdk-21_linux-x64_bin 100%[======================>] 187.89M 5.32MB/s in 37s
2025-09-14 18:05:20 (5.09 MB/s) - ‘jdk-21_linux-x64_bin.tar.gz’ saved [197018367/197018367]
[root@tomcat1 ~]# ls
a2 aa jdk-21_linux-x64_bin.tar.gz test2 test4
a3 anaconda-ks.cfg test1
3.在/usr/local(专门放自主安装的软件)安装JDK
#先解压到/usr/local
[root@tomcat1 ~]# tar -xzf jdk-21_linux-x64_bin.tar.gz -C /usr/local/
#进入/usr/local && 安装
[root@tomcat1 ~]# cd /usr/local/
[root@tomcat1 local]# ls
bin etc games include jdk-21.0.8 lib lib64 libexec sbin share src
[root@tomcat1 local]# cd jdk-21.0.8/
[root@tomcat1 jdk-21.0.8]#
4.配置JDK(源码安装就是这样麻烦)
[root@tomcat1 jdk-21.0.8]# vim /etc/profile
.....
export JAVA_HOME=/usr/local/jdk-21.0.6
export PATH=$PATH:$JAVA_HOME/bin
5.JDK配置生效 && 检查
[root@tomcat1 jdk-21.0.8]# source /etc/profile
[root@tomcat1 jdk-21.0.8]# java -version
java version "21.0.8" 2025-07-15 LTS
Java(TM) SE Runtime Environment (build 21.0.8+12-LTS-250)
Java HotSpot(TM) 64-Bit Server VM (build 21.0.8+12-LTS-250, mixed mode, sharing)
安装tomcat
6.安装tomcat
[root@tomcat1 ~]# dnf install tomcat
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
baseos 2.7 MB/s | 2.7 kB 00:00
appstream 3.1 MB/s | 3.2 kB 00:00
Dependencies resolved.
====================================================================================
Package Arch Version Repository Size
====================================================================================
Installing:
tomcat noarch 1:9.0.62-37.el9_3 appSteam 101 k
Installing dependencies:
alsa-lib x86_64 1.2.9-1.el9 appSteam 523 k
avahi-libs x86_64 0.8-15.el9 baseOS 71 k
copy-jdk-configs noarch 4.0-3.el9 appSteam 29 k
cups-libs x86_64 1:2.3.3op2-21.el9 baseOS 265 k
ecj noarch 1:4.20-11.el9 appSteam 1.9 M
java-11-openjdk-headless x86_64 1:11.0.20.0.8-3.el9 appSteam 40 M
javapackages-filesystem noarch 6.0.0-4.el9 appSteam 17 k
javapackages-tools noarch 6.0.0-4.el9 appSteam 29 k
lksctp-tools x86_64 1.0.19-2.el9 baseOS 98 k
lua x86_64 5.4.4-4.el9 appSteam 192 k
lua-posix x86_64 35.0-8.el9 appSteam 155 k
tomcat-el-3.0-api noarch 1:9.0.62-37.el9_3 appSteam 108 k
tomcat-jsp-2.3-api noarch 1:9.0.62-37.el9_3 appSteam 67 k
tomcat-lib noarch 1:9.0.62-37.el9_3 appSteam 5.8 M
tomcat-servlet-4.0-api noarch 1:9.0.62-37.el9_3 appSteam 286 k
tzdata-java noarch 2023c-1.el9 appSteam 234 k
Transaction Summary
====================================================================================
Install 17 Packages
Total size: 50 M
Installed size: 191 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Running scriptlet: copy-jdk-configs-4.0-3.el9.noarch 1/1
Running scriptlet: java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 1/1
Preparing : 1/1
Installing : javapackages-filesystem-6.0.0-4.el9.noarch 1/17
Installing : tzdata-java-2023c-1.el9.noarch 2/17
Installing : lua-posix-35.0-8.el9.x86_64 3/17
Installing : lua-5.4.4-4.el9.x86_64 4/17
Installing : copy-jdk-configs-4.0-3.el9.noarch 5/17
Installing : alsa-lib-1.2.9-1.el9.x86_64 6/17
Installing : lksctp-tools-1.0.19-2.el9.x86_64 7/17
Installing : avahi-libs-0.8-15.el9.x86_64 8/17
Installing : cups-libs-1:2.3.3op2-21.el9.x86_64 9/17
Installing : java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 10/17
Running scriptlet: java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 10/17
Installing : javapackages-tools-6.0.0-4.el9.noarch 11/17
Installing : tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch 12/17
Running scriptlet: tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch 12/17
Installing : tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch 13/17
Running scriptlet: tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch 13/17
Installing : tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch 14/17
Running scriptlet: tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch 14/17
Installing : ecj-1:4.20-11.el9.noarch 15/17
Installing : tomcat-lib-1:9.0.62-37.el9_3.noarch 16/17
Running scriptlet: tomcat-1:9.0.62-37.el9_3.noarch 17/17
Installing : tomcat-1:9.0.62-37.el9_3.noarch 17/17
Running scriptlet: tomcat-1:9.0.62-37.el9_3.noarch 17/17
Running scriptlet: copy-jdk-configs-4.0-3.el9.noarch 17/17
Running scriptlet: java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 17/17
Running scriptlet: tomcat-1:9.0.62-37.el9_3.noarch 17/17
Verifying : avahi-libs-0.8-15.el9.x86_64 1/17
Verifying : cups-libs-1:2.3.3op2-21.el9.x86_64 2/17
Verifying : lksctp-tools-1.0.19-2.el9.x86_64 3/17
Verifying : alsa-lib-1.2.9-1.el9.x86_64 4/17
Verifying : copy-jdk-configs-4.0-3.el9.noarch 5/17
Verifying : ecj-1:4.20-11.el9.noarch 6/17
Verifying : java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64 7/17
Verifying : javapackages-filesystem-6.0.0-4.el9.noarch 8/17
Verifying : javapackages-tools-6.0.0-4.el9.noarch 9/17
Verifying : lua-5.4.4-4.el9.x86_64 10/17
Verifying : lua-posix-35.0-8.el9.x86_64 11/17
Verifying : tomcat-1:9.0.62-37.el9_3.noarch 12/17
Verifying : tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch 13/17
Verifying : tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch 14/17
Verifying : tomcat-lib-1:9.0.62-37.el9_3.noarch 15/17
Verifying : tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch 16/17
Verifying : tzdata-java-2023c-1.el9.noarch 17/17
Installed products updated.
Installed:
alsa-lib-1.2.9-1.el9.x86_64
avahi-libs-0.8-15.el9.x86_64
copy-jdk-configs-4.0-3.el9.noarch
cups-libs-1:2.3.3op2-21.el9.x86_64
ecj-1:4.20-11.el9.noarch
java-11-openjdk-headless-1:11.0.20.0.8-3.el9.x86_64
javapackages-filesystem-6.0.0-4.el9.noarch
javapackages-tools-6.0.0-4.el9.noarch
lksctp-tools-1.0.19-2.el9.x86_64
lua-5.4.4-4.el9.x86_64
lua-posix-35.0-8.el9.x86_64
tomcat-1:9.0.62-37.el9_3.noarch
tomcat-el-3.0-api-1:9.0.62-37.el9_3.noarch
tomcat-jsp-2.3-api-1:9.0.62-37.el9_3.noarch
tomcat-lib-1:9.0.62-37.el9_3.noarch
tomcat-servlet-4.0-api-1:9.0.62-37.el9_3.noarch
tzdata-java-2023c-1.el9.noarch
Complete!
7.改变首页
#找到tomcat
[root@tomcat1 ~]# rpm -ql tomcat
/etc/logrotate.d/tomcat.disabled
/etc/sysconfig/tomcat
/etc/tomcat
/etc/tomcat/Catalina
/etc/tomcat/Catalina/localhost
/etc/tomcat/catalina.policy
/etc/tomcat/catalina.properties
/etc/tomcat/conf.d
/etc/tomcat/conf.d/README
/etc/tomcat/conf.d/java-9-start-up-parameters.conf
/etc/tomcat/context.xml
/etc/tomcat/jaspic-providers.xml
/etc/tomcat/jaspic-providers.xsd
/etc/tomcat/logging.properties
/etc/tomcat/server.xml
/etc/tomcat/tomcat-users.xml
/etc/tomcat/tomcat-users.xsd
/etc/tomcat/tomcat.conf
/etc/tomcat/web.xml
/usr/bin/tomcat-digest
/usr/bin/tomcat-tool-wrapper
/usr/lib/systemd/system/tomcat.service
/usr/lib/systemd/system/tomcat@.service
/usr/libexec/tomcat
/usr/libexec/tomcat/functions
/usr/libexec/tomcat/preamble
/usr/libexec/tomcat/server
/usr/sbin/tomcat
/usr/share/doc/tomcat
/usr/share/doc/tomcat/LICENSE
/usr/share/doc/tomcat/NOTICE
/usr/share/doc/tomcat/RELEASE-NOTES
/usr/share/tomcat
/usr/share/tomcat/bin/bootstrap.jar
/usr/share/tomcat/bin/catalina-tasks.xml
/usr/share/tomcat/conf
/usr/share/tomcat/lib
/usr/share/tomcat/logs
/usr/share/tomcat/temp
/usr/share/tomcat/webapps
/usr/share/tomcat/work
/var/cache/tomcat
/var/cache/tomcat/temp
/var/cache/tomcat/work
/var/lib/tomcat
/var/lib/tomcat/webapps
/var/lib/tomcats
/var/log/tomcat
找到并改变首页(webapps中ROOT/index.jsp)
一般在/var/lib/tomcat/webapps
[root@tomcat1 webapps]# cd /var/lib/tomcat/webapps
[root@tomcat1 webapps]# ls
[root@tomcat1 webapps]# 空白
遇到问题:/var/lib/tomcat/webapps为空
[root@tomcat1 webapps]# cd /var/lib/tomcat/webapps
[root@tomcat1 webapps]# ls
[root@tomcat1 webapps]# 空白
原因:未安装 tomcat-webapps 组件
检测是否安装
[root@tomcat1 webapps]# rpm -ql tomcat-webapps
package tomcat-webapps is not installed
安装tomcat-webapps
[root@tomcat1 webapps]# dnf install -y tomcat-webapps
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:14:29 ago on Sun 14 Sep 2025 06:32:32 PM CST.
Dependencies resolved.
====================================================================================
Package Architecture Version Repository Size
====================================================================================
Installing:
tomcat-webapps noarch 1:9.0.62-37.el9_3 appSteam 83 k
Transaction Summary
====================================================================================
Install 1 Package
Total size: 83 k
Installed size: 146 k
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : tomcat-webapps-1:9.0.62-37.el9_3.noarch 1/1
Verifying : tomcat-webapps-1:9.0.62-37.el9_3.noarch 1/1
Installed products updated.
Installed:
tomcat-webapps-1:9.0.62-37.el9_3.noarch
Complete!
[root@tomcat1 webapps]# ls
ROOT
[root@tomcat1 webapps]# cd ROOT
[root@tomcat1 ROOT]# ls
asf-logo-wide.svg bg-nav.png index.jsp tomcat.svg
bg-button.png bg-upper.png RELEASE-NOTES.txt WEB-INF
bg-middle.png favicon.ico tomcat.css
[root@tomcat1 ROOT]# echo $(hostname -I) > index.jsp
检验:
tomcat1弄好,尝试一下能不能curl
正常结果:回应192.168.130.11(tomcat1的ip)
问题:启动后curl不正确
启动后curl不正确
[root@nginx ~]# curl https://www.web.com -k
<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.20.1</center>
</body>
</html>
排错:
(1)去看nginx服务开启没有
--->开启了
(2)既然 Nginx 本身已正常运行,之前出现的 502 错误就可以完全排除 Nginx 自身启动失败的原因,问题必然出在 Nginx 与后端服务的通信环节(即反向代理配置的上游服务,如 Tomcat)。
# 1. 查看 Tomcat 服务状态(dnf 安装的 Tomcat)
systemctl status tomcat
[root@tomcat1 ~]# systemctl status tomcat
● tomcat.service - Apache Tomcat Web Application Container
Loaded: loaded (/usr/lib/systemd/system/tomcat.service; disabled; preset: disa>
Active: active (running) since Sun 2025-09-14 18:52:53 CST; 6min ago
Main PID: 13189 (java)
Tasks: 34 (limit: 12043)
Memory: 111.6M
CPU: 3.574s
CGroup: /system.slice/tomcat.service
└─13189 /usr/lib/jvm/jre/bin/java -Djavax.sql.DataSource.Factory=org.a>
# 2. 若 Tomcat 是手动安装,查看进程是否存在
ps -ef | grep tomcat
[root@tomcat1 ~]# ps -ef | grep tomcat
tomcat 13189 1 0 18:52 ? 00:00:03 /usr/lib/jvm/jre/bin/java -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar: -Dcatalina.base=/usr/share/tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat/temp -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
root 13244 12680 0 19:00 pts/1 00:00:00 grep --color=auto tomcat
# 3. 检查 8080 端口是否监听(确认服务可被访问)
ss -tuln | grep 8080
[root@tomcat1 ~]# ss -tuln | grep 8080
tcp LISTEN 0 100 *:8080 *:*
(3)直接定位 Nginx 反向代理配置文件
--->正确
(4)若仍失败:最后排查 Nginx 错误日志
# 查看最新 20 条错误日志,聚焦与 443 端口、proxy_pass 相关的内容
cat /var/log/nginx/error.log | tail -20
[root@nginx ~]# cat /var/log/nginx/error.log | tail -20
2025/09/14 17:27:15 [emerg] 13055#13055: unexpected "}" in /etc/nginx/conf.d/web.conf:13
2025/09/14 17:34:15 [emerg] 13062#13062: unexpected "}" in /etc/nginx/conf.d/web.conf:13
2025/09/14 17:36:40 [emerg] 13064#13064: unexpected end of file, expecting "}" in /etc/nginx/conf.d/web.conf:15
2025/09/14 17:37:08 [emerg] 13066#13066: cannot load certificate "/etc/pki/certs/web.com.crt": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/pki/certs/web.com.crt, r) error:10000080:BIO routines::no such file)
2025/09/14 18:52:07 [crit] 13085#13085: *1 connect() to 192.168.30.11:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.11:8080/", host: "www.web.com"
2025/09/14 18:52:07 [crit] 13085#13085: *1 connect() to 192.168.30.12:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.12:8080/", host: "www.web.com"
2025/09/14 18:52:59 [crit] 13085#13085: *4 connect() to 192.168.30.12:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.12:8080/", host: "www.web.com"
2025/09/14 18:52:59 [crit] 13085#13085: *4 connect() to 192.168.30.11:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.11:8080/", host: "www.web.com"
2025/09/14 18:55:04 [crit] 13085#13085: *7 connect() to 192.168.30.12:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.12:8080/", host: "www.web.com"
2025/09/14 18:55:04 [crit] 13085#13085: *7 connect() to 192.168.30.11:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.11:8080/", host: "www.web.com"
2025/09/14 19:12:51 [crit] 13178#13178: *1 connect() to 192.168.30.11:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.11:8080/", host: "www.web.com"
2025/09/14 19:12:51 [crit] 13178#13178: *1 connect() to 192.168.30.12:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.30.10, server: www.web.com, request: "GET / HTTP/1.1", upstream: "http://192.168.30.12:8080/", host: "www.web.com"
#从 Nginx 错误日志可以看到核心错误:connect() to 192.168.30.11:8080 failed (13: Permission denied),这表明 Nginx 进程没有权限连接到后端 Tomcat 服务器的 8080 端口,导致 502 错误。
#这是典型的 SELinux 或防火墙权限限制 问题
[root@nginx ~]# getenforce
Enforcing
[root@nginx ~]# setenforce 0
#验证
[root@nginx ~]# curl https://www.web.com -k
192.168.30.11#成功
配置Tomcat2
克隆Tomcat1
改主机名,ip,主页
[root@tomcat1 ~]# hostnamectl hostname tomcat2
[root@tomcat1 ~]# exit
[root@tomcat2 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.30.12/24 ipv4.gateway 192.168.30.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@tomcat2 ~]# nmcli c up ens160
[root@tomcat2 ~]# cd /var/lib/tomcat/webapps/ROOT
[root@tomcat2 ROOT]# ls
asf-logo-wide.svg bg-nav.png index.jsp tomcat.svg
bg-button.png bg-upper.png RELEASE-NOTES.txt WEB-INF
bg-middle.png favicon.ico tomcat.css
[root@tomcat2 ROOT]# echo $(hostname -I) > index.jsp
测试
准备工作:
确保nginx和tomcat服务都打开,防火墙和selinux都关闭
测试
[root@nginx ~]# curl https://www.web.com -k
192.168.30.11
[root@nginx ~]# curl https://www.web.com -k
192.168.30.11
[root@nginx ~]# curl https://www.web.com -k
192.168.30.12
[root@nginx ~]# curl https://www.web.com -k
192.168.30.11
[root@nginx ~]# curl https://www.web.com -k
192.168.30.12
[root@nginx ~]# curl https://www.web.com -k
192.168.30.11