我无法从我的dockerized Apache2.4连接到mailcow-dockerized web前端。特定的Apache错误是:
拒绝连接:AH00957:HTTPS:尝试连接 127.0.0.1:8443(127.0.0.1)失败
我们有:2个docker-compose文件。 1. Mailcow(mailcow-dockerized),2。apache-letsencrypt(enoniccloud / apache2-letsencrypt image)
我们希望: 利用Apache2.4作为反向代理,将mailcow-dockerized Web前端+ Apache2.4用作网站的Web服务器。
其他信息: 当Apache2.4未启动且其配置中的绑定设置为默认值时,可以访问Mailcow前端。
Docker-Compose apache-letsencrypt容器:
version: '2.1'
services:
apache2:
build: apache2
hostname: root.yyy.com
restart: always
volumes_from:
- letsencryptstore
volumes:
- /var/www/html:/var/www/html
ports:
- "80:80"
- "443:443"
expose:
- "8080"
- "8443"
environment:
LETS_ENCRYPT_EMAIL: "xyz@yahoo.de"
LETS_ENCRYPT_DOMAINS: "root.yyy.com,mail2.yyy.com"
labels:
io.enonic.backup.data: "/etc/letsencrypt,/var/lib/letsencrypt"
networks:
- mailcowdockerized_mailcow-network
letsencryptstore:
image: busybox
volumes:
- "/etc/letsencrypt"
- "/var/lib/letsencrypt"
networks:
mailcowdockerized_mailcow-network:
external: true
Apache配置:
<VirtualHost *:80>
ServerName root.yyy.com
DocumentRoot /var/www/html/
RewriteEngine on
RewriteRule ^/(.*) https://root.yyy.com/$1 [L,R=301]
</VirtualHost>
<VirtualHost *:80>
ServerName mail2.yyy.com
RewriteEngine on
RewriteRule ^/(.*) https://mail2.yyy.com/$1 [L,R=301]
</VirtualHost>
<VirtualHost *:443>
ServerName mail2.yyy.com
ServerAlias autodiscover.mail2.yyy.com
ServerAlias autoconfig.mail2.yyy.com
# You should proxy to a plain HTTP session to offload SSL processing
ProxyPass / https://127.0.0.1:8443/
ProxyPassReverse / https://127.0.0.1:8443/
ProxyPreserveHost On
ProxyAddHeaders On
# This header does not need to be set when using http
RequestHeader set X-Forwarded-Proto "https"
SSLEngine on
SSLCertificateFile /etc/letsencrypt/certs/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/certs/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/certs/chain.pem
RequestHeader set X-Forwarded-Proto "https"
Header always set Strict-Transport-Security "max-age=15768000"
</VirtualHost>
<VirtualHost *:443>
ServerName root.yyy.com
DocumentRoot /var/www/html/
SSLEngine on
SSLCertificateFile /etc/letsencrypt/certs/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/certs/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/certs/chain.pem
RequestHeader set X-Forwarded-Proto "https"
Header always set Strict-Transport-Security "max-age=15768000"
</VirtualHost>
SSLProtocol all -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
Mailcow-配置:
# ------------------------------
# mailcow web ui configuration
# ------------------------------
# example.org is _not_ a valid hostname, use a fqdn here.
# Default admin user is "admin"
# Default password is "moohoo"
MAILCOW_HOSTNAME=mail2.yyy.com
# ------------------------------
# SQL database configuration
# ------------------------------
DBNAME=mailcow
DBUSER=mailcow
# Please use long, random alphanumeric strings (A-Za-z0-9)
DBPASS=RdnvlN1CXSAHA98CVz4sYUgfrMuF
DBROOT=Ve91gtedyLa8xGJf6sXNmMcNzFUp
# ------------------------------
# HTTP/S Bindings
# ------------------------------
# You should use HTTPS, but in case of SSL offloaded reverse proxies:
HTTP_PORT=8080
HTTP_BIND=127.0.0.1
HTTPS_PORT=8443
HTTPS_BIND=127.0.0.1
其余配置是默认配置。
启用了Apache mods proxy,proxy_balancer,proxy_http。
非常感谢帮助:)