这种情况是,我在Debian Stretch上使用了两台服务器,一台用于托管Blazor服务器端应用程序的kestrel服务器,另一台用于将请求转发到kestrel服务器的Apache 2.4。
我要托管的站点是.app域,该域强制使用HTTPS。我使用certbot从Let's Encrypt安装了一个证书。
kestrel服务器在端口5001上侦听127.0.0.1。Apache服务器具有使用反向代理的虚拟配置集,该配置将所有传入请求转发到127.0.0.1:5001。
但是,请求没有传递到Kestrel服务器。在Apache的日志中查找以下内容:
[Mon Dec 16 20:18:16.576931 2019] [proxy:debug] [pid 28760:tid 139662812688448] proxy_util.c(1776): AH00925: initializing worker https://127.0.0.1:5001 shared
[Mon Dec 16 20:18:16.576956 2019] [proxy:debug] [pid 28760:tid 139662812688448] proxy_util.c(1818): AH00927: initializing worker https://127.0.0.1:5001 local
[Mon Dec 16 20:18:16.576971 2019] [proxy:debug] [pid 28760:tid 139662812688448] proxy_util.c(1853): AH00930: initialized pool in child 28760 for (127.0.0.1) min=0 max=25 smax=25
[Mon Dec 16 20:18:16.577334 2019] [proxy:debug] [pid 28759:tid 139662812688448] proxy_util.c(1776): AH00925: initializing worker https://127.0.0.1:5001 shared
[Mon Dec 16 20:18:16.577357 2019] [proxy:debug] [pid 28759:tid 139662812688448] proxy_util.c(1818): AH00927: initializing worker https://127.0.0.1:5001 local
[Mon Dec 16 20:18:16.577370 2019] [proxy:debug] [pid 28759:tid 139662812688448] proxy_util.c(1853): AH00930: initialized pool in child 28759 for (127.0.0.1) min=0 max=25 smax=25
这让我相信反向代理应该有效。但是,当访问该站点时,我收到一个This site can’t provide a secure connection。
虚拟主机配置如下:
<VirtualHost *:*>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RewriteEngine on
RewriteCond %{SERVER_NAME} =privateinfo.app [OR]
RewriteCond %{SERVER_NAME} =https://privateinfo.app
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:*>
ServerAdmin admin@privateinfo.app
ServerName https://privateinfo.app
ServerAlias https://privateinfo.app
SSLProxyEngine On
ProxyPreserveHost On
ProxyPass /privateinfo.app https://127.0.0.1:5001
ProxyPassReverse /privateinfo.app https://127.0.0.1:5001
LogLevel info ssl:warn warn debug
ErrorLog ${APACHE_LOG_DIR}/privateinfo.app/error.log
CustomLog ${APACHE_LOG_DIR}/privateinfo.app/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias privateinfo.app
SSLCertificateFile /etc/letsencrypt/live/privateinfo.app/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/privateinfo.app/privkey.pem
</VirtualHost>
红est服务的日志提供以下信息:
Dec 16 19:41:18 website-app dotnet[27435]: info: Microsoft.Hosting.Lifetime[0]
Dec 16 19:41:18 website-app dotnet[27435]: Now listening on: https://127.0.0.1:5001
Dec 16 19:41:18 website-app dotnet[27435]: info: Microsoft.Hosting.Lifetime[0]
Dec 16 19:41:18 website-app dotnet[27435]: Application started. Press Ctrl+C to shut down.
Dec 16 19:41:18 website-app dotnet[27435]: info: Microsoft.Hosting.Lifetime[0]
Dec 16 19:41:18 website-app dotnet[27435]: Hosting environment: Production
Dec 16 19:41:18 website-app dotnet[27435]: info: Microsoft.Hosting.Lifetime[0]
我忽略了什么,为什么Apache服务器不会将请求转发到kestrel服务器?
答案 0 :(得分:0)
发现配置存在问题。 该应用程序是通过apache www目录中的一个文件夹提供的。
为其提供以下文件夹结构/www/privateinfo.app。
我发现的第二个问题是从错误的文件夹运行了app.dll。 这需要在/www/privatinfo.app/publish目录中完成。
使用带有反向代理的Apache2对我有效的配置:
<VirtualHost *:*>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RewriteEngine on
RewriteCond %{SERVER_NAME} =privateinfo.app [OR]
RewriteCond %{SERVER_NAME} =https://privateinfo.app
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:*>
ServerAdmin admin@privateinfo.app
ServerName https://privateinfo.app
ServerAlias https://privateinfo.app
SSLProxyEngine On
ProxyPreserveHost On
ProxyPass / https://127.0.0.1:5001
ProxyPassReverse / https://127.0.0.1:5001
LogLevel info ssl:warn warn debug
ErrorLog ${APACHE_LOG_DIR}/privateinfo.app/error.log
CustomLog ${APACHE_LOG_DIR}/privateinfo.app/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias privateinfo.app
SSLCertificateFile /etc/letsencrypt/live/privateinfo.app/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/privateinfo.app/privkey.pem
</VirtualHost>