使用Apache作为反向代理来访问子域

时间:2016-10-27 17:47:49

标签: apache port subdomain reverse-proxy

我有一台运行在website.com:32400/web的Plex服务器。我希望能够使用Apache的反向代理功能在plex.website.com访问它。以下是我的/etc/apache2/sites-available/plex.website.com.conf文件的相关部分:

<VirtualHost *:80>
        ServerName plex.website.com

        ProxyRequests off
        ProxyPass / http://website.com:32400/web/
        ProxyPassReverse / http://website.com:32400/web/
        ProxyHTMLURLMap http://website.com:32400/web http://plex.website.com
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
</VirtualHost>

此设置部分;也就是说,如果我转到plex.website.com/index.html,那么我会在转到website.com:32400/web/index.html时获得完全相同的HTML。然而,除此之外,其他一切似乎都是404(即CSS和JavaScript)。例如,http://website.com:32400/web/img/desktop/ios/icon-iphone.png加载正常,但http://plex.website.com/web/img/desktop/ios/icon-iphone.png会产生404错误。

我似乎可以直接在web目录中访问任何内容,例如加载正常的plex.website.com/favicon.ico。很明显,这是一个特别是映射子域的问题。

启用所有必需的Apache模块。

我不确定我是如何开始尝试解决这个问题的。

编辑:我刚刚意识到它是404'的原因是它仍然包括URL的web部分,而不应该是。在我给出的示例中,http://plex.website.com/web/img/desktop/ios/icon-iphone.png是它尝试访问的位置 - 但这应该是http://plex.website.com/img/desktop/ios/icon-iphone.png。所以我怀疑这是ProxyHTMLURLMap的问题。

1 个答案:

答案 0 :(得分:1)

您非常亲密。我正在为那些正在搜寻并且迷失了这篇文章的人发布我的答案。您将需要使用Apache2> = 2.4.11(但您应使用2.4.39或更高版本)才能使用此功能和几个已启用的mod(代理,ssl,proxy_wstunnel,http,dir,env,标头,proxy_balancer,proxy_http,重写我认为都是这些):

使用SSL 

<IfModule mod_ssl.c>
    DEFINE plex_url 192.168.1.22
    DEFINE plex_port 32400
    DEFINE serv_name plex.domain.com
    ServerTokens Prod
    SSLStaplingCache "shmcb:${APACHE_LOG_DIR}/stapling-cache(150000)"
    SSLSessionCache "shmcb:${APACHE_LOG_DIR}/ssl_scache(512000)"
    SSLSessionCacheTimeout 300
    ModPagespeed Off
<VirtualHost *:80>
    ServerName ${serv_name}
    DocumentRoot /var/www/html
    ServerAdmin aw@hell.no
    RewriteEngine On
    RewriteCond %{SERVER_NAME} =${serv_name}
    RewriteCond %{HTTPS} Off
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    ErrorLog ${APACHE_LOG_DIR}/${serv_name}.error.log
    CustomLog ${APACHE_LOG_DIR}/${serv_name}.access.log combined
</VirtualHost>
<VirtualHost *:443>
    ServerName ${serv_name}
    DocumentRoot /var/www/html
    ServerAdmin aw@hell.no
    ErrorLog ${APACHE_LOG_DIR}/${serv_name}.error.log
    CustomLog ${APACHE_LOG_DIR}/${serv_name}.access.log combined
### Let's Encrypt Section ###
    SSLCertificateFile /etc/letsencrypt/live/${serv_name}/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/${serv_name}/privkey.pem
    #Include /etc/letsencrypt/options-ssl-apache.conf
    Options -Includes -ExecCGI
### Deny http1.0 requests ###
    RewriteEngine On
    RewriteCond %{SERVER_PROTOCOL} ^HTTP/1\.0$
    #RewriteCond %{REQUEST_URI} !^/404/$
    RewriteRule ^ - [F]
### Harden Security ###
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyTimeout 600
    ProxyReceiveBufferSize 4096
    SSLProxyEngine On
    RequestHeader set Front-End-Https "On"
    ServerSignature Off
    SSLCompression Off
    SSLUseStapling On
    SSLStaplingResponderTimeout 5
    SSLStaplingReturnResponderErrors Off
    SSLSessionTickets Off
    RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
    Header always set Strict-Transport-Security "max-age=15552000; preload"
    Header always set X-Content-Type-Options nosniff
    Header always set X-Robots-Tag none
    Header always set X-XSS-Protection "1; mode=block"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set Referrer-Policy "same-origin"
    Header always set Feature-Policy "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none';"
    Header always set Content-Security-Policy "default-src 'self' https:; font-src 'self' data: ${plex_url} ${serv_name}; media-src 'self' blob: ${plex_url} ${serv_name}; script-src 'self' 'unsafe-inline' ${plex_url} ${serv_name} plex.tv www.gstatic.com; style-src 'self' ${plex_url} ${serv_name}; img-src 'self' data: blob: ${plex_url} ${serv_name} plex.tv *.plex.tv; worker-src *; frame-src 'none'; connect-src 'self' wss: https: ${plex_url} ${serv_name} plex.tv *.plex.direct *.plex.tv;"
    SSLCipherSuite ECDHE+RSA+AES256+GCM+SHA512:DHE+RSA+AES256+GCM+SHA512:ECDHE+RSA+AES256+GCM+SHA384:DHE+RSA+AES256+GCM+SHA384:ECDHE+RSA+AES256+SHA384:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLHonorCipherOrder On
### Plex Specific Section ###
    ProxyPass / http://${plex_url}:${plex_port}/
    ProxyPassReverse / http://${plex_url}:${plex_port}/
    ProxyPass /:/ ws://${plex_url}:${plex_port}/:/
    ProxyPassReverse /:/ ws://${plex_url}:${plex_port}/:/
    ProxyPass /:/ wss://${plex_url}:${plex_port}/:/
    ProxyPassReverse /:/ wss://${plex_url}:${plex_port}/:/
    LimitRequestBody 512000
    FileETag None
    TraceEnable off
    #Header edit Set-Cookie ^(.*)$ ;HttpOnly;Secure
    Timeout 60
    <Location /:/websockets/notifications>
        ProxyPass wss://${plex_url}:${plex_port}/:/websockets/notifications
        ProxyPassReverse wss://${plex_url}:${plex_port}/:/websockets/notifications
    </Location>
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^/web
    RewriteCond %{HTTP:X-Plex-Device} ^$
    RewriteCond %{REQUEST_METHOD} !^(OPTIONS)$
    RewriteCond %{QUERY_STRING} (^|&)X-Plex-Device=(&|$) [OR]
    RewriteCond %{QUERY_STRING} !(^|&)X-Plex-Device=
    RewriteRule ^/$ /web/$1 [R,L]
</VirtualHost>
</IfModule>

没有SSL 

    DEFINE plex_url 192.168.1.22
    DEFINE plex_port 32400
    DEFINE serv_name plex.domain.com
    ServerTokens Prod
<VirtualHost *:80>
    ServerName ${serv_name}
    DocumentRoot /var/www/html
    ServerAdmin aw@hell.no
    ErrorLog ${APACHE_LOG_DIR}/${serv_name}.error.log
    CustomLog ${APACHE_LOG_DIR}/${serv_name}.access.log combined
    Options -Includes -ExecCGI
### Deny http1.0 requests ###
    RewriteEngine On
    RewriteCond %{SERVER_PROTOCOL} ^HTTP/1\.0$
    #RewriteCond %{REQUEST_URI} !^/404/$
    RewriteRule ^ - [F]
### Plex Specific Section ###
    ProxyPass / http://${plex_url}:${plex_port}/
    ProxyPassReverse / http://${plex_url}:${plex_port}/
    ProxyPass /:/ ws://${plex_url}:${plex_port}/:/
    ProxyPassReverse /:/ ws://${plex_url}:${plex_port}/:/
    ProxyPass /:/ wss://${plex_url}:${plex_port}/:/
    ProxyPassReverse /:/ wss://${plex_url}:${plex_port}/:/
    LimitRequestBody 512000
    FileETag None
    TraceEnable off
    #Header edit Set-Cookie ^(.*)$ ;HttpOnly;Secure
    Timeout 60
    <Location /:/websockets/notifications>
        ProxyPass ws://${plex_url}:${plex_port}/:/websockets/notifications
        ProxyPassReverse ws://${plex_url}:${plex_port}/:/websockets/notifications
    </Location>
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^/web
    RewriteCond %{HTTP:X-Plex-Device} ^$
    RewriteCond %{REQUEST_METHOD} !^(OPTIONS)$
    RewriteCond %{QUERY_STRING} (^|&)X-Plex-Device=(&|$) [OR]
    RewriteCond %{QUERY_STRING} !(^|&)X-Plex-Device=
    RewriteRule ^/$ /web/$1 [R,L]
</VirtualHost>
相关问题
最新问题