从https到HTTP的Apache反向代理未传输基本身份验证

时间:2020-04-07 17:52:15

标签: apache2 reverse-proxy basic-authentication

我正在尝试建立代理服务器,以将请求从https://toing.com中继到需要在http://localhost:9999上运行的基本身份验证的本地服务。反向代理正在https://toing.com:9000监听。

基本身份验证是根据https://toing.com上的初始请求设置的。

这是我的配置文件:

<IfModule mod_ssl.c>
<VirtualHost *:9000>
                ServerName api.toing.com:9000
                ServerAdmin toing@toing.com
                SSLEngine on
                SSLCertificateFile /etc/not/telling/you.crt
                SSLCertificateKeyFile /etc/not/telling/you.key

                ProxyRequests On
                ProxyVia Block
                <Proxy *>
                Order deny,allow
                Allow from all
                SetEnv proxy-chain-auth
                SetEnv proxy-sendcl
                </Proxy>

                ProxyPass / http://localhost:9999/ retry=0
                ProxyPassReverse / http://localhost:9999/

                ### following three lines are for CORS support
                Header add Access-Control-Allow-Origin "*"
                Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
                Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

                ErrorLog ${APACHE_LOG_DIR}/toing-error.log
                LogLevel error
                CustomLog ${APACHE_LOG_DIR}/toing-access.log combined
</VirtualHost>

有了这个conf,我可以通过我的请求,但是出现401错误,这表明身份验证没有通过 阅读apache docs之后,我在ProxyPass行的上方添加了以下行:

<Location />
    AuthType basic
    SetEnv proxy-chain-auth
</Location>

现在我在CORS中收到以下错误:

访问“ https://api.toing.com:9000/bla/bla/flix”处的XMLHttpRequest 来自来源“ https://toing.com”的信息已被CORS政策阻止: 对预检请求的响应未通过访问控制检查:否 请求中出现“ Access-Control-Allow-Origin”标头 资源。

如何将我的基本身份验证传递到最终目的地,我在这里做错了什么?预先谢谢你。

注意::我已检查本地服务在http://localhost:9999上是否按预期工作

更新

感谢articleanswer的详尽解释,我已经解决了CORS问题。显然,印前检查请求没有得到200 OK的响应,因此出现了上述访问控制检查问题。

现在,我直接从服务中收到401错误,这意味着反向代理仍无法通过当前的conf文件通过身份验证:

<IfModule mod_ssl.c>
<VirtualHost *:9000>
        ServerName api.toing.com:9000
        ServerAdmin toing@toing.com
        SSLEngine on
        SSLCertificateFile /etc/not/telling/you.crt
        SSLCertificateKeyFile /etc/not/telling/you.key

    ### following three lines are for CORS support
    Header always set Access-Control-Allow-Origin "https://toing.com"
    Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
    Header always set Access-Control-Max-Age "1000"
    Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"


    # Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} OPTIONS
    RewriteRule ^(.*)$ $1 [R=200,L]

    ProxyPass / http://localhost:9999/ retry=0
    ProxyPassReverse / http://localhost:9999/

    ErrorLog ${APACHE_LOG_DIR}/toing-error.log
    LogLevel error
    CustomLog ${APACHE_LOG_DIR}/toing-access.log combined
</VirtualHost>

再次,我尝试设置:

<Location />
    AuthType basic
    SetEnv proxy-chain-auth
</Location>

对于上面的conf,但是没有用。还是很困惑!

0 个答案:

没有答案
相关问题
最新问题