我有一个网关(反向代理)服务器,该服务器设置有2个基于名称的虚拟主机,这些代理通过ProxyPass传递到2个不同端口(8008和8080)上的原始服务器。
站点1:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName DOMAIN1.com
ProxyPreserveHost on
ProxyPass / http://123.45.6.7:8008/
ProxyPassReverse / http://123.45.6.7:8008/
ErrorLog ${APACHE_LOG_DIR}/DOMAIN1.com-ssl-error.log
CustomLog ${APACHE_LOG_DIR}/DOMAIN1.com-ssl-access.log combined
SSLCertificateFile /etc/letsencrypt/live/DOMAIN1.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/DOMAIN1.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
站点2:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName DOMAIN2.com
ProxyPreserveHost on
ProxyPass / http://123.45.6.7:8080/
ProxyPassReverse / http://123.45.6.7:8080/
ErrorLog ${APACHE_LOG_DIR}/DOMAIN2.com-ssl-error.log
CustomLog ${APACHE_LOG_DIR}/DOMAIN2.com-ssl-access.log combined
SSLCertificateFile /etc/letsencrypt/live/DOMAIN2.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/DOMAIN2.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
在Origin服务器上,我是这样捕获它们的:
Listen 123.45.6.7:8008
Listen 123.45.6.7:8080
<VirtualHost 123.45.6.7:8008>
DocumentRoot /home/USER1/DOMAIN1-be.com
<Directory /home/USER1/DOMAIN1-be.com>
AllowOverride all
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/DOMAIN1-be.com-error.log
CustomLog ${APACHE_LOG_DIR}/DOMAIN1-be.com-access.log combined
</VirtualHost>
<VirtualHost 123.45.6.7:8080>
DocumentRoot /home/USER2/DOMAIN2-be.com
<Directory /home/USER2/DOMAIN2-be.com>
AllowOverride all
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/DOMAIN2-be.com-error.log
CustomLog ${APACHE_LOG_DIR}/DOMAIN2-be.com-access.log combined
</VirtualHost>
客户端->网关连接为SSL。网关->源服务器连接不是。
有没有办法,或者在从网关到原始服务器的连接上使用SSL而不在原始服务器上切换到基于名称的虚拟主机,甚至更有益?