CAS对接Open edX

Open edX的第三方登录是作为一个django app存在的，配置过程如下。

LMS配置过程

##安装CAS的Client、Mapper
进入edXapp环境，下载CAS的Client、Mapper


sudo su edxapp -s /bin/bash
cd ~
source edxapp_env
pip install git+https://github.com/kstateome/django-cas
pip install git+https://github.com/eduStack/neusoft_cas_mapper

sudo su edxapp -s /bin/bash

cd ~

source edxapp_env

pip install git+https://github.com/kstateome/django-cas

pip install git+https://github.com/eduStack/neusoft_cas_mapper

CAS Client安装目录在下面的地址


/edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/cas

0 1	/edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/cas

Mapper的安装目录在下面的地址


/edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/mitx_cas_mapper

0 1	/edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/mitx_cas_mapper

开启edX特性支持CAS登陆

修改/edx/app/edxapp/lms.env.json文件如下


"CAS_ATTRIBUTE_CALLBACK": {
    "module": "mitx_cas_mapper",
    "function": "populate_user"
},
"CAS_EXTRA_LOGIN_PARAMS": "",
    "CAS_SERVER_URL": "https://wp.edustack.org/wp-cas/",
    "CAS_USER_DETAILS_RESOLVER": "mitx_cas_mapper.populate_user",

"CAS_ATTRIBUTE_CALLBACK": {

"module": "mitx_cas_mapper",

"function": "populate_user"

"CAS_EXTRA_LOGIN_PARAMS": "",

"CAS_SERVER_URL": "https://wp.edustack.org/wp-cas/",

"CAS_USER_DETAILS_RESOLVER": "mitx_cas_mapper.populate_user",

修改/edx/app/edxapp/edx-platform/lms/envs/common.py如下


# Even though external_auth is in common, shib assumes the LMS views / urls, so it should only be enabled
# in LMS
'AUTH_USE_CAS': True,
'BYPASS_ACTIVATION_EMAIL_FOR_EXTAUTH': True,

# Even though external_auth is in common, shib assumes the LMS views / urls, so it should only be enabled

# in LMS

'AUTH_USE_CAS': True,

'BYPASS_ACTIVATION_EMAIL_FOR_EXTAUTH': True,

同时


######################## CAS authentication ###########################
if FEATURES.get('AUTH_USE_CAS'):
    CAS_SERVER_URL = 'https://provide_your_cas_url_here'
    AUTHENTICATION_BACKENDS = (
        'django.contrib.auth.backends.ModelBackend',
        'cas.backends.CASBackend',
    )
    #INSTALLED_APPS += ('cas',)
    MIDDLEWARE_CLASSES += ('cas.middleware.CASMiddleware',)

######################## CAS authentication ###########################

if FEATURES.get('AUTH_USE_CAS'):

CAS_SERVER_URL = 'https://provide_your_cas_url_here'

AUTHENTICATION_BACKENDS = (

'django.contrib.auth.backends.ModelBackend',

'cas.backends.CASBackend',

)

#INSTALLED_APPS += ('cas',)

MIDDLEWARE_CLASSES += ('cas.middleware.CASMiddleware',)

修改/edx/app/edxapp/edx-platform/lms/envs/aws.py如下


# Django CAS external authentication settings
CAS_EXTRA_LOGIN_PARAMS = ENV_TOKENS.get("CAS_EXTRA_LOGIN_PARAMS", None)
if FEATURES.get('AUTH_USE_CAS'):
    CAS_SERVER_URL = ENV_TOKENS.get("CAS_SERVER_URL", None)
    AUTHENTICATION_BACKENDS = (
        'django.contrib.auth.backends.ModelBackend',
        'cas.backends.CASBackend',
    )
    #INSTALLED_APPS += ('cas',)
    MIDDLEWARE_CLASSES += ('cas.middleware.CASMiddleware',)
    CAS_ATTRIBUTE_CALLBACK = ENV_TOKENS.get('CAS_ATTRIBUTE_CALLBACK', None)
    if CAS_ATTRIBUTE_CALLBACK:
        import importlib
        CAS_USER_DETAILS_RESOLVER = getattr(
            importlib.import_module(CAS_ATTRIBUTE_CALLBACK['module']),
            CAS_ATTRIBUTE_CALLBACK['function']
        )

# Django CAS external authentication settings

CAS_EXTRA_LOGIN_PARAMS = ENV_TOKENS.get("CAS_EXTRA_LOGIN_PARAMS", None)

if FEATURES.get('AUTH_USE_CAS'):

CAS_SERVER_URL = ENV_TOKENS.get("CAS_SERVER_URL", None)

AUTHENTICATION_BACKENDS = (

'django.contrib.auth.backends.ModelBackend',

'cas.backends.CASBackend',

)

#INSTALLED_APPS += ('cas',)

MIDDLEWARE_CLASSES += ('cas.middleware.CASMiddleware',)

CAS_ATTRIBUTE_CALLBACK = ENV_TOKENS.get('CAS_ATTRIBUTE_CALLBACK', None)

if CAS_ATTRIBUTE_CALLBACK:

import importlib

CAS_USER_DETAILS_RESOLVER = getattr(

importlib.import_module(CAS_ATTRIBUTE_CALLBACK['module']),

CAS_ATTRIBUTE_CALLBACK['function']

)

修改/edx/app/edxapp/edx-platform/lms/urls.py如下


if settings.FEATURES.get('AUTH_USE_CAS'):
    urlpatterns += (
        url(r'^cas-auth/login/$', 'external_auth.views.cas_login', name="cas-login"),
        url(r'^cas-auth/logout/$', 'cas.views.logout', {'next_page': '/'}, name="cas-logout"),
    )

if settings.FEATURES.get('AUTH_USE_CAS'):

urlpatterns += (

url(r'^cas-auth/login/$', 'external_auth.views.cas_login', name="cas-login"),

url(r'^cas-auth/logout/$', 'cas.views.logout', {'next_page': '/'}, name="cas-logout"),

)

增加一个nextpage属性，当用户通过CAS登陆后自动跳转到dashboard。

修改/edx/app/edxapp/edx-platform/common/djangoapps/external_auth/views.py把django_cas.views改为cas.view


if settings.FEATURES.get('AUTH_USE_CAS'):
    from cas.views import login as django_cas_login

if settings.FEATURES.get('AUTH_USE_CAS'):

from cas.views import login as django_cas_login

修改CAS Client配置文件

在cas目录中找到backends.py。

默认的Client并没有返回附加的属性，寻找下面的函数


def _internal_verify_cas(ticket, service, suffix):
    """Verifies CAS 2.0 and 3.0 XML-based authentication ticket.

    Returns username on success and None on failure.
    """

def _internal_verify_cas(ticket, service, suffix):

"""Verifies CAS 2.0 and 3.0 XML-based authentication ticket.

Returns username on success and None on failure.

"""

在其返回值增加用户附加属性。也就是代码中的tree。修改如下
原版函数结尾：


except Exception as e:
    logger.error('Failed to verify CAS authentication: {message}'.format(
        message=e
    ))

finally:
    page.close()

return username

except Exception as e:

logger.error('Failed to verify CAS authentication: {message}'.format(

message=e

))

finally:

page.close()

return username

改为下面这样：


except Exception as e:
    logger.error('Failed to verify CAS authentication: {message}'.format(
        message=e
    ))

finally:
    page.close()

return username,tree

except Exception as e:

logger.error('Failed to verify CAS authentication: {message}'.format(

message=e

))

finally:

page.close()

return username,tree

寻找下面的片段


class CASBackend(object):
"""
CAS authentication backend
"""

class CASBackend(object):

"""

CAS authentication backend

"""

改为


from student.models import UserProfile
from student.models import Registration
_CAS_USER_DETAILS_RESOLVER = getattr(settings, 'CAS_USER_DETAILS_RESOLVER', None)
class CASBackend(object):
    """
    CAS authentication backend
    """

    supports_object_permissions = False
    supports_inactive_user = False

    def authenticate(self, ticket, service):
        """
        Verifies CAS ticket and gets or creates User object
        NB: Use of PT to identify proxy
        """

        User = get_user_model()

        username, authentication_response = _verify(ticket, service)

        if not username:
            return None

        try:
            user = User.objects.get(username__iexact=username)
            if  _CAS_USER_DETAILS_RESOLVER:
                 _CAS_USER_DETAILS_RESOLVER(user, authentication_response)
            user.save()
        except User.DoesNotExist:
            # user will have an "unusable" password
            if settings.CAS_AUTO_CREATE_USER:
                user = User.objects.create_user(username, '')
                if  _CAS_USER_DETAILS_RESOLVER:
                     _CAS_USER_DETAILS_RESOLVER(user, authentication_response)
                user.save()
                registration = Registration()
                registration.register(user)
                profile = UserProfile(user=user)
                profile.name = username
                profile.save()
            else:
                user = None
        _CAS_USER_DETAILS_RESOLVER(user, authentication_response)
        return user

from student.models import UserProfile

from student.models import Registration

_CAS_USER_DETAILS_RESOLVER = getattr(settings, 'CAS_USER_DETAILS_RESOLVER', None)

class CASBackend(object):

"""

CAS authentication backend

"""

supports_object_permissions = False

supports_inactive_user = False

def authenticate(self, ticket, service):

"""

Verifies CAS ticket and gets or creates User object

NB: Use of PT to identify proxy

"""

User = get_user_model()

username, authentication_response = _verify(ticket, service)

if not username:

return None

try:

user = User.objects.get(username__iexact=username)

if _CAS_USER_DETAILS_RESOLVER:

_CAS_USER_DETAILS_RESOLVER(user, authentication_response)

user.save()

except User.DoesNotExist:

# user will have an "unusable" password

if settings.CAS_AUTO_CREATE_USER:

user = User.objects.create_user(username, '')

if _CAS_USER_DETAILS_RESOLVER:

_CAS_USER_DETAILS_RESOLVER(user, authentication_response)

user.save()

registration = Registration()

registration.register(user)

profile = UserProfile(user=user)

profile.name = username

profile.save()

else:

user = None

_CAS_USER_DETAILS_RESOLVER(user, authentication_response)

return user

分析：
username, authentication_response = _verify(ticket, service)这一行是用户认证后返回的用户名和附加属性的XML树。
对接逻辑如下（try之后的部分）：
尝试根据用户名获取用户的model。当用户不存在时候，如果设置了自动创建用户。那么就自动根据用户名创建一个用户的model，如果定义了属性解析器、那么根据CAS认证返回的XML树解析用户的属性，对应更改user的model。之后保存model并注册用户。

问题：
1. 是否应该让用户每次通过CAS登陆后都去解析用户的属性来保持edX中用户的资料和CAS系统提供的一致？
2. user和profile的关系是什么？
3. 用户属性的更改是通过更改user还是更改profile？

更改Mapper使其能正确解析CAS Server返回的XML树

修改/edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/mitx_cas_mapper/__init__.py

打印源码中的attr结果如下


attrchild=[&lt;Element '{http://www.yale.edu/tp/cas}first_name' at 0x7fd9ae637a90&gt;, 
&lt;Element '{http://www.yale.edu/tp/cas}last_name' at 0x7fd9ae637f10&gt;,
&lt;Element '{http://www.yale.edu/tp/cas}display_name' at 0x7fd9ae637f50&gt;,
&lt;Element '{http://www.yale.edu/tp/cas}user_email' at 0x7fd9ae637f90&gt;]

attrchild=[<Element '{http://www.yale.edu/tp/cas}first_name' at 0x7fd9ae637a90>,

<Element '{http://www.yale.edu/tp/cas}last_name' at 0x7fd9ae637f10>,

<Element '{http://www.yale.edu/tp/cas}display_name' at 0x7fd9ae637f50>,

<Element '{http://www.yale.edu/tp/cas}user_email' at 0x7fd9ae637f90>]

所以分析、CAS Server返回结果结构大致如下。


&lt;{http://www.yale.edu/tp/cas}authenticationSuccess&gt;
    &lt;{http://www.yale.edu/tp/cas}attributes&gt;
        &lt;{http://www.yale.edu/tp/cas}first_name&gt;
            firstName
        &lt;/{http://www.yale.edu/tp/cas}first_name&gt;
        &lt;{http://www.yale.edu/tp/cas}last_name&gt;
            lastName
        &lt;/{http://www.yale.edu/tp/cas}last_name&gt;
        &lt;{http://www.yale.edu/tp/cas}display_name&gt;
            testUser
        &lt;/{http://www.yale.edu/tp/cas}display_name&gt;
        &lt;{http://www.yale.edu/tp/cas}user_email&gt;
            123.com
        &lt;/{http://www.yale.edu/tp/cas}user_email&gt;
    &lt;/{http://www.yale.edu/tp/cas}attributes&gt;
&lt;/{http://www.yale.edu/tp/cas}authenticationSuccess&gt;

<{http://www.yale.edu/tp/cas}authenticationSuccess>

<{http://www.yale.edu/tp/cas}attributes>

<{http://www.yale.edu/tp/cas}first_name>

firstName

</{http://www.yale.edu/tp/cas}first_name>

<{http://www.yale.edu/tp/cas}last_name>

lastName

</{http://www.yale.edu/tp/cas}last_name>

<{http://www.yale.edu/tp/cas}display_name>

testUser

</{http://www.yale.edu/tp/cas}display_name>

<{http://www.yale.edu/tp/cas}user_email>

123.com

</{http://www.yale.edu/tp/cas}user_email>

</{http://www.yale.edu/tp/cas}attributes>

</{http://www.yale.edu/tp/cas}authenticationSuccess>

修改源代码中原有的XPath、对应实际返回的XML Tag即可正常解析XML

CMS配置过程

开启edX特性支持CAS登陆

修改/edx/app/edxapp/cms.env.json文件如下


"CAS_ATTRIBUTE_CALLBACK": {
    "module": "mitx_cas_mapper",
    "function": "populate_user"
},
"CAS_EXTRA_LOGIN_PARAMS": "",
    "CAS_SERVER_URL": "https://wp.edustack.org/wp-cas/",
    "CAS_USER_DETAILS_RESOLVER": "mitx_cas_mapper.populate_user",

"CAS_ATTRIBUTE_CALLBACK": {

"module": "mitx_cas_mapper",

"function": "populate_user"

"CAS_EXTRA_LOGIN_PARAMS": "",

"CAS_SERVER_URL": "https://wp.edustack.org/wp-cas/",

"CAS_USER_DETAILS_RESOLVER": "mitx_cas_mapper.populate_user",

修改/edx/app/edxapp/edx-platform/cms/envs/common.py如下,增加一行


# Even though external_auth is in common, shib assumes the LMS views / urls, so it should only be enabled
# in LMS
'AUTH_USE_CAS': True,

# Even though external_auth is in common, shib assumes the LMS views / urls, so it should only be enabled

# in LMS

'AUTH_USE_CAS': True,

修改/edx/app/edxapp/edx-platform/cms/envs/aws.py如下


# Django CAS external authentication settings
CAS_EXTRA_LOGIN_PARAMS = ENV_TOKENS.get("CAS_EXTRA_LOGIN_PARAMS", None)
if FEATURES.get('AUTH_USE_CAS'):
    CAS_SERVER_URL = ENV_TOKENS.get("CAS_SERVER_URL", None)
    AUTHENTICATION_BACKENDS = (
        'django.contrib.auth.backends.ModelBackend',
        'cas.backends.CASBackend',
    )
    #INSTALLED_APPS += ('cas',)
    MIDDLEWARE_CLASSES += ('cas.middleware.CASMiddleware',)
    CAS_ATTRIBUTE_CALLBACK = ENV_TOKENS.get('CAS_ATTRIBUTE_CALLBACK', None)
    if CAS_ATTRIBUTE_CALLBACK:
        import importlib
        CAS_USER_DETAILS_RESOLVER = getattr(
            importlib.import_module(CAS_ATTRIBUTE_CALLBACK['module']),
            CAS_ATTRIBUTE_CALLBACK['function']
        )

# Django CAS external authentication settings

CAS_EXTRA_LOGIN_PARAMS = ENV_TOKENS.get("CAS_EXTRA_LOGIN_PARAMS", None)

if FEATURES.get('AUTH_USE_CAS'):

CAS_SERVER_URL = ENV_TOKENS.get("CAS_SERVER_URL", None)

AUTHENTICATION_BACKENDS = (

'django.contrib.auth.backends.ModelBackend',

'cas.backends.CASBackend',

)

#INSTALLED_APPS += ('cas',)

MIDDLEWARE_CLASSES += ('cas.middleware.CASMiddleware',)

CAS_ATTRIBUTE_CALLBACK = ENV_TOKENS.get('CAS_ATTRIBUTE_CALLBACK', None)

if CAS_ATTRIBUTE_CALLBACK:

import importlib

CAS_USER_DETAILS_RESOLVER = getattr(

importlib.import_module(CAS_ATTRIBUTE_CALLBACK['module']),

CAS_ATTRIBUTE_CALLBACK['function']

)

修改/edx/app/edxapp/edx-platform/cms/urls.py如下


if settings.FEATURES.get('AUTH_USE_CAS'):
    urlpatterns += (
        url(r'^cas-auth/login/$', 'external_auth.views.cas_login', name="cas-login"),
        url(r'^cas-auth/logout/$', 'cas.views.logout', {'next_page': '/'}, name="cas-logout"),
    )

if settings.FEATURES.get('AUTH_USE_CAS'):

urlpatterns += (

url(r'^cas-auth/login/$', 'external_auth.views.cas_login', name="cas-login"),

url(r'^cas-auth/logout/$', 'cas.views.logout', {'next_page': '/'}, name="cas-logout"),

)

增加一个nextpage属性，当用户通过CAS登陆后自动跳转到dashboard。

修改/edx/app/edxapp/edx-platform/common/djangoapps/external_auth/views.py把django_cas.views改为cas.view


if settings.FEATURES.get('AUTH_USE_CAS'):
    from cas.views import login as django_cas_login

if settings.FEATURES.get('AUTH_USE_CAS'):

from cas.views import login as django_cas_login

其他的说明

如果要对CAS返回的结果进行解析，需要更改mapper的代码。在mapper的安装目录下可以看到python脚本。在这里给出一个示例，本校CAS将会返回学号等登录信息，需要自动填写姓名、邮箱。解析脚本参考如下。


if attr.find(CAS + 'zjh', NSMAP) is not None:
                        zjh = attr.find(CAS + 'zjh', NSMAP).text
                        if attr.find(CAS + 'yhlb', NSMAP) is not None:
                                yhlb = attr.find(CAS + 'yhlb', NSMAP).text
                                logger.info('zjh={zjh},yhlb={yhlb}'.format(zjh=zjh,yhlb=yhlb))
                                if yhlb == '本科生代码' or yhlb == '研究生代码':
                                        user.email = '%s@mail.bistu.edu.cn' % zjh
                                else:
                                        user.email = '%s@bistu.edu.cn' % zjh
                                logger.info('user.email={email}'.format(email=user.email))

if attr.find(CAS + 'zjh', NSMAP) is not None:

zjh = attr.find(CAS + 'zjh', NSMAP).text

if attr.find(CAS + 'yhlb', NSMAP) is not None:

yhlb = attr.find(CAS + 'yhlb', NSMAP).text

logger.info('zjh={zjh},yhlb={yhlb}'.format(zjh=zjh,yhlb=yhlb))

if yhlb == '本科生代码' or yhlb == '研究生代码':

user.email = '%s@mail.bistu.edu.cn' % zjh

else:

user.email = '%s@bistu.edu.cn' % zjh

logger.info('user.email={email}'.format(email=user.email))

Linux常用命令备忘录(更新ing)

常用命令

下面加粗的是一系列的命令，没加粗的是相关命令。

ls 显示当前目录文件

ll 、la 、l

cd 进入其他目录

cd 回家
cd ~ 回家
cd – 进入上一次进入过的目录，相当于后退
cd .. 进入上一层目录

grep 在输入的内容中搜索关键词

egrep

ln 创建链接

ln -s 软链接

vim的使用

vimtutor

find 查找文件

find . -name “abc.html” 递归查找当前目录下名为abc.html的文件

find . -name “abc.html” | xargs grep “2333” 递归查找当前目录下名为abc.html且文件内容含有2333的文件

netstat 查看当前网络状态

netstat -ano|grep 80 查看80端口的状态

ps 查看当前进程状态

ps -aux|grep java 查看当前运行的java进程

kill 结束进程

top 资源监视

tail 显示文件尾内容

tail -f /var/log/tomcat/catalina.out 监视tomcat的运行日志输出(远程调试用

cat 打印文件所有内容

su 切换用户

sudo 以其他身份执行

sudo -u abc def 以abc用户身份执行def命令

sudo xxx 以root身份执行xxx

service 控制服务状态

sudo service nginx reload 重新加载nginx配置

ssh相关

ssh user@hostname 以user登录hostname

scp user@hostname:/remote/file/path /local/file/path 从远程向本地复制文件(夹)

scp /local/file/path user@hostname:/remote/file/path 从本地向远程复制文件(夹)

scp用-p来保持权限

ssh-keygen 生成新的ssh公钥和私钥

rsync相关

同步文件，scp不能同步软链接，而rsync可以，参考

http://blog.csdn.net/niushuai666/article/details/16880061

Ubuntu软件安装

sudo apt-get install apache2 安装apache软件

sudo apt-get purge apache2 删除apache2

sudo apt-get update 更新列表

sudo apt-get upgrade 升级所有软件

Apache多站点及反向代理配置

状态：只有一个服务器，需要多个站点，比如博客、文件、Android接口等。

最开始我的做法是用子文件夹来区分站点，所以本站的地址都是这样的http://hylstudio.cn/xxx

后来曾老师提醒可以使用下一级域名来区分不同的站点，于是研究了下。

首先，更改DNS，把需要的域名解析到这台服务器，然后更改apache配置如下

进入apache配置目录/etc/apache2其中目录结构如下
├── apache2.conf 主配置文件
├── conf-available 可用配置文件
├── conf-enabled 启用的配置文件
├── mods-available 可用的模块
├── mods-enabled 启用的模块
├── sites-available 可用的站点
└── sites-enabled 启用的站点

各个文件夹的功能如上，规则是在available中创建真实的配置、然后在enabled文件夹下创建软连接(ln -s命令)。

默认状态下sites-enabled下只有一个000-default，被我改成了999-default.conf，把内容改成下面这样


<VirtualHost *:80>
        ServerAdmin master@hylstudio.cn
        DocumentRoot /xxx/xxxx/xxxxx/wordpress
        ServerName hylstudio.cn
        ServerAlias *.hylstudio.cn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

ServerAdmin master@hylstudio.cn

DocumentRoot /xxx/xxxx/xxxxx/wordpress

ServerName hylstudio.cn

ServerAlias *.hylstudio.cn

ErrorLog ${APACHE_LOG_DIR}/error.log

CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

然后复制一份这个文件为001-wordpress.conf。内容如下


<VirtualHost *:80>
        ServerAdmin master@hylstudio.cn
        #这里写wordpress的真实地址，主目录
        DocumentRoot /xxx/xxxx/xxxxx/wordpress
        ServerName blog.hylstudio.cn
        ServerAlias blog.hylstudio.cn

        ErrorLog ${APACHE_LOG_DIR}/wordpress/error.log
        CustomLog ${APACHE_LOG_DIR}/wordpress/access.log combined
</VirtualHost>

ServerAdmin master@hylstudio.cn

#这里写wordpress的真实地址，主目录

DocumentRoot /xxx/xxxx/xxxxx/wordpress

ServerName blog.hylstudio.cn

ServerAlias blog.hylstudio.cn

ErrorLog ${APACHE_LOG_DIR}/wordpress/error.log

CustomLog ${APACHE_LOG_DIR}/wordpress/access.log combined

</VirtualHost>

其他的同理，只需要更改ServerName、Alias、DocumentRoot即可。

需要说一下的是tomcat，因为tomcat在其他端口，需要做反向代理。内容如下


<VirtualHost *:80>
        ServerAdmin master@hylstudio.cn
        DocumentRoot /xxx/xxxx/tomcatX/webapps    #这里写tomcat真实路径
        ServerName tomcat.hylstudio.cn
        ServerAlias tomcat.hylstudio.cn

        ErrorLog ${APACHE_LOG_DIR}/tomcat/error.log
        CustomLog ${APACHE_LOG_DIR}/tomcat/access.log combined
        ProxyPass / http://127.0.0.1:XXXX/        #这里写tomcat实际监听的端口
        ProxyPassReverse / http://127.0.0.1:XXXX/
</VirtualHost>

ServerAdmin master@hylstudio.cn

DocumentRoot /xxx/xxxx/tomcatX/webapps #这里写tomcat真实路径

ServerName tomcat.hylstudio.cn

ServerAlias tomcat.hylstudio.cn

ErrorLog ${APACHE_LOG_DIR}/tomcat/error.log

CustomLog ${APACHE_LOG_DIR}/tomcat/access.log combined

ProxyPass / http://127.0.0.1:XXXX/ #这里写tomcat实际监听的端口

ProxyPassReverse / http://127.0.0.1:XXXX/

</VirtualHost>

同时需要启用proxy模块
cd /etc/apache2/mods-enabled
sudo ln -s ../mods-available/proxy.load

这样做的好处是对外不暴露tomcat真实端口。

这样，就实现了通过不同域名访问不同站点。

配置default虚拟主机，rewrite含义为我没定义过的虚拟主机都会302重定向到blog.hylstudio.cn


<VirtualHost *:80>
        ServerAdmin master@hylstudio.cn
        DocumentRoot /var/www/html/wordpress
        ServerName hylstudio.cn
        ServerAlias *.hylstudio.cn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        RewriteEngine on
        RewriteCond %{HTTP_HOST} ^(.*)hylstudio.cn [NC]
        RewriteRule ^(.*) http://blog.hylstudio.cn/ [L]
</VirtualHost>