Question

我正在尝试在CentOS7上安装的Apache 2.4反向代理上启用google身份验证。我安装了 mod_auth_openidc 我在GSUITE控制台上创建了 OAuth 2.0客户端ID

这是我的 /etc/httpd/conf/http.conf ：

<VirtualHost mtest.mydomain.com:80>    
  ServerName mtest.mydomain.com
  OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration    
  OIDCClientID xxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
  OIDCClientSecret xxxxxxxxxxxxxxxxxxxxxxxx
  OIDCRedirectURI https://mtest.mydomain.com/    
  OIDCScope "profile openid"    
  OIDCCryptoPassphrase example@3003    
  OIDCCookiePath /    
  OIDCAuthNHeader X-Forwarded-User    
  OIDCRemoteUserClaim sub    
  OIDCClaimPrefix example_

<Location />
  AuthType openid-connect
  Require valid-user    
</Location>

 Redirect / https://mtest.mydomain.com/  

</VirtualHost> <VirtualHost mtest.mydomain.com:443>   
  ServerName mtest.mydomain.com   
  SSLEngine on   
  SSLCertificateFile /etc/httpd/ssl/mydomain.com.crt   
  SSLCertificateKeyFile /etc/httpd/ssl/mydomain.com.key   
  SSLCACertificateFile /etc/httpd/ssl/gd_bundle-g2-g1.crt   
</VirtualHost>

但是当我输入网址http://mtest.mydomain.com时，我并没有重新进入google身份验证页面。

我的错误在哪里？

Answer 1

我以这种方式解决了

ProxyRequests off

<Proxy *>
        Order deny,allow
        Deny from all
        Allow from all 
</Proxy> ProxyTimeout 300

<VirtualHost test.mydomain.com:80>    
   ServerName test.mydomain.com    
   Redirect / https://test.mydomain.com/ 
</VirtualHost>

<VirtualHost test.mydomain.com:443>
        ServerName test.mydomain.com
        SSLEngine on
        SSLCertificateFile /etc/httpd/ssl/mydomain.crt
        SSLCertificateKeyFile /etc/httpd/ssl/mydomain.key
        SSLCACertificateFile /etc/httpd/ssl/gd_bundle-g2-g1.crt


OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration
OIDCClientID xxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com   
OIDCClientSecret xxxxxxxxxxxxxxxxxxxxx   
OIDCRedirectURI https://test.mydomain.com/home.html   
OIDCScope "profile openid"   
OIDCCryptoPassphrase example@3003   
OIDCCookiePath /   
OIDCAuthNHeader X-Forwarded-User   
OIDCRemoteUserClaim sub   
OIDCClaimPrefix example_
<Location />   
    AuthType openid-connect   
    Require valid-user </Location>

    ProxyPreserveHost On
    ProxyPass / http://192.168.1.1/
    ProxyPassReverse / http://192.168.1.1/ 
</VirtualHost>

反向代理Apche2.4如何启用Google身份验证

1 个答案: