Apache2 SSL终止反向代理-返回302

时间:2018-11-19 00:11:31

标签: ssl apache2 reverse-proxy apache2.4

我想在Apache2中创建一个反向代理服务器,该服务器也将终止SSL

所以,这就是我想要的

客户端--- HTTPS ---> Apache2 --- HTTP ---> Example.com

Example.com --- HTTP-> Apache2 --HTTPS->客户端

我的.conf文件

Listen *:80
<VirtualHost *:80>
    Redirect / https://localhost:443/
</VirtualHost>
Listen *:443

<VirtualHost *:443>
    ErrorLog ${APACHE_LOG_DIR}/shr_t2_error.log
    CustomLog ${APACHE_LOG_DIR}/shr_t2_access.log combined


    ProxyPass /example/ http://http://example.com/
    ProxyPassReverse /example/ http://http://example.com/
    ProxyPreserveHost On
    ProxyRequests Off   
    SSLEngine on
    SSLProxyEngine on
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off
    SSLCertificateFile    /etc/ssl/certs/mysitename.crt
    SSLCertificateKeyFile /etc/ssl/private/mysitename.key
    SSLInsecureRenegotiation on
    SSLVerifyClient none
    RequestHeader set X-Forwarded-Proto "https" env=HTTPS
</VirtualHost>

卷曲命令

curl -v -k -x http://localhost:80  https://test.com/example

输出

> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 302 Found
< Date: Mon, 19 Nov 2018 00:09:52 GMT
< Server: Apache/2.4.18 (Ubuntu)
< Location: https://localhost:443/
< Content-Length: 305
< Content-Type: text/html; charset=iso-8859-1
< 
* Received HTTP code 302 from proxy after CONNECT
* Closing connection 0
curl: (56) Received HTTP code 302 from proxy after CONNECT

错误日志

[Mon Nov 19 10:56:31.787534 2018] [ssl:warn] [pid 34403:tid 
139940947908480] AH01906: 127.0.0.1:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Nov 19 10:56:31.787556 2018] [ssl:debug] [pid 34403:tid 139940947908480] ssl_util_ssl.c(443): AH02412: [127.0.0.1:443] Cert does not match for name '127.0.0.1' [subject: O=Internet Widgits Pty Ltd,ST=Some-State,C=JP / issuer: O=Internet Widgits Pty Ltd,ST=Some-State,C=JP / serial: <Random> / notbefore: Nov 15 12:08:51 2018 GMT / notafter: Nov 15 12:08:51 2019 GMT]
[Mon Nov 19 10:56:31.787559 2018] [ssl:warn] [pid 34403:tid 139940947908480] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Mon Nov 19 10:56:31.787561 2018] [ssl:info] [pid 34403:tid 139940947908480] AH02568: Certificate and private key 127.0.0.1:443:0 configured from /etc/ssl/certs/mysitename.crt and /etc/ssl/private/mysitename.key
[Mon Nov 19 10:56:31.788216 2018] [proxy:debug] [pid 34406:tid 139940947908480] proxy_util.c(1790): AH00925: initializing worker http://example.com/ shared
[Mon Nov 19 10:56:31.788221 2018] [proxy:debug] [pid 34406:tid 139940947908480] proxy_util.c(1832): AH00927: initializing worker http://example.com/ local
[Mon Nov 19 10:56:31.788229 2018] [proxy:debug] [pid 34406:tid 139940947908480] proxy_util.c(1867): AH00930: initialized pool in child 34406 for (example.com) min=0 max=25 smax=25
[Mon Nov 19 10:56:31.788435 2018] [proxy:debug] [pid 34407:tid 139940947908480] proxy_util.c(1790): AH00925: initializing worker http://example.com/ shared
[Mon Nov 19 10:56:31.788441 2018] [proxy:debug] [pid 34407:tid 139940947908480] proxy_util.c(1832): AH00927: initializing worker http://example.com/ local
[Mon Nov 19 10:56:31.788449 2018] [proxy:debug] [pid 34407:tid 139940947908480] proxy_util.c(1867): AH00930: initialized pool in child 34407 for (example.com) min=0 max=25 smax=25

0 个答案:

没有答案
相关问题
最新问题