1. 系统部署
本小节介绍系统安装的步骤和需要的条件
1.1. 硬件配置
本软件建议配置三台服务器(待完善具体数据)
| 用户数 | WEB服务器 | 数据库服务器 | 运算服务器 | ||||||
| cup | 内存 | 带宽 | cup | 内存 | 带宽 | cup | 内存 | 带宽 | |
| 12 | 12 | 12 | 12 | 12 | 12 | 12 | 1212 | 1212 | 1212 |
| 12 | 12 | 12 | 12 | 12 | 12 | 12 | 1212 | 1212 | 1212 |
| 12 | 12 | 12 | 12 | 12 | 12 | 12 | 1212 | 1212 | 1212 |
| 12 | 12 | 12 | 12 | 12 | 12 | 12 | 1212 | 1212 | 1212 |
1.2. 软件环境
- tomcat 8+
- java jdk1.8+
- SQL Server 2016 +
nginx (latest,可选,主要方便配置https)
open office
open office 需要执行如下批处理
/*mac osx :*/
cd /Applications/OpenOffice.app/Contents/program
./soffice -headless -accept="socket,host=127.0.0.1,port=8100;urp;" -nofirststartwizard
/*windows*/
C:\"Program Files (x86)"\"OpenOffice 4"\program\soffice -headless -accept="socket,host=127.0.0.1,port=8100;urp;" -nofirststartwizard1.3. 部署注意
1.3.1. Tomcat WEB服务器器控制
预防电信严格要求只能使用某域名(即防止恶意域名绑定),否则封ip。其中webapps未Tomcat WEB程序目录,notexists 文件夹不存在。
<Engine name="Catalina" defaultHost="forbidden">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
<Host name="你的域名不要http等协议" appBase="webapps"
unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
<!-- 允许ip -->
<Host name="你的ip地址" appBase="webapps"
unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"></Host>
<!-- forbiden host, the notexists is a not exists directory.If the requested domain is not in the above list of hosts where are allowed, then use this host.
-->
<Host name="forbidden" appBase="notexists"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false"></Host>
</Engine>1.3.2. NGINX
配置文件server部分模板
# 本地服务端口84,通过NGINX映射80级443接口
#http
server {
listen 80;
server_name www.abc.cn;
client_max_body_size 1024m;# 附件单个文件最大体积
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://localhost:84;
}
}
#https
server {
listen 443 ssl; # managed byrtbot
server_name www.abc.cn;
client_max_body_size 1024m;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://localhost:84;
}
# 以下证书内容是由 Certbot 自动修改的,所以配置的时候不用手工键入,只需要按照下面注意事项操作即可自动填充。
ssl_certificate /etc/letsencrypt/live/www.abc.cn/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.abc.cn/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# 所有请求自动定向到https
# server {
# if ($host = abc.cn) {
# return 301 https://$host$request_uri;
# } # managed by Certbot
# if ($host = www.abc.cn ) {
# return 301 https://$host$request_uri;
# } # managed by Certbot
# server_name www.yunxin123.cn yunxin123.cn;
# listen 80;
# return 404; # managed by Certbot
#}[!NOTE] 注意:其中“https”及“所有请求自动定向到https”依次依赖可选,证书的获取和自动更新的方式参考: