使用tomcat 7 https服务器配置mod_proxy apache https服务器

时间:2016-03-23 18:51:31

标签: tomcat mod-proxy mod-jk hybris

我是Web服务器配置的新手,这里是场景,我们有一个hybris tomcat服务器,它运行在9002上,用于https,9001用于http。我需要使用mod_proxy服务器配置apache web服务器,它将打开https和http到80端口。我尝试为tomcat https和http站点配置mod_proxy,但该站点仅在http中工作。客户只允许80端口,任何人都可以帮我解决方案。




LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module  modules/mod_ssl.so

<VirtualHost *:80>
DocumentRoot /var/www/html
ProxyPreserveHost On
ProxyPass / http://tomcatserver.ip:9001/
ProxyPassReverse /  http://tomcatserver.ip:9001/
</VirtualHost>

<VirtualHost *:443>
DocumentRoot /var/www/html
ProxyPreserveHost On
ServerName webserver.ip
SSLEngine on
SSLProxyEngine On
ProxyPass / https://tomcatserver.ip:9002/
ProxyPassReverse /  https://tomcatserver.ip:9002

SSLCertificateFile /etc/ssl/certs/webserverdomain.crt
SSLCertificateKeyFile  /etc/ssl/certs/webserverdomain.key

</VirtualHost>







server.xml configuration


  <Connector port="${tomcat.http.port}"
                maxHttpHeaderSize="8192"
           maxThreads="${tomcat.maxthreads}"
           protocol="org.apache.coyote.http11.Http11Protocol"
           executor="hybrisExecutor"
           enableLookups="false"
           acceptCount="100"
           connectionTimeout="20000"
           URIEncoding="UTF-8"
           disableUploadTimeout="true"
           proxyName="webserverdomainname" proxyPort="80" /> />

<Connector port="${tomcat.ssl.port}"
                maxHttpHeaderSize="8192"
           maxThreads="150"
           protocol="org.apache.coyote.http11.Http11Protocol"
           executor="hybrisExecutor"
           enableLookups="false"
           acceptCount="${tomcat.acceptcount}"
           connectionTimeout="20000"
           disableUploadTimeout="true"
           URIEncoding="UTF-8"
           SSLEnabled="true"
           proxyName="webserverdomainname" 
           proxyPort="443"                  
                scheme="https"
                secure="true"
                clientAuth="false"
            sslProtocol = "TLS"
            keystoreFile="${catalina.home}/lib/keystore"
            keystorePass="123456"

这是tomcat server.xml文件 谢谢@christopher @Benoit

1 个答案:

答案 0 :(得分:1)

这里发生的事情是SSLProxyEngine正在检测一个无效的ssl证书,所以你需要明确地告诉他不要检查任何东西!

此配置适用于开发但不适用于生产,在生产中您应卸载ssl证书并使用“RequestHeader set X-Forwarded-Proto”https“'等标志将所有流量发送到http并添加阀门进入Tomcat配置

为此更改Apache配置:

<VirtualHost *:443>
DocumentRoot /var/www/html
ProxyPreserveHost On
ServerName webserver.ip
SSLEngine on
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass / https://tomcatserver.ip:9002/
ProxyPassReverse /  https://tomcatserver.ip:9002

SSLCertificateFile /etc/ssl/certs/webserverdomain.crt
SSLCertificateKeyFile  /etc/ssl/certs/webserverdomain.key    
</VirtualHost>
相关问题
最新问题