Spring Boot + Apache反向代理:主机和端口的这种组合需要TLS

时间:2020-06-09 08:55:20

标签: java spring apache spring-boot ssl

我所拥有的:

  • 我有一个Spring Boot应用作为私有注册表中的docker镜像
  • 让我们加密的SSL证书

我运行了以下命令:

  • NullPointerException(获取certbot)
  • wget https://dl.eff.org/certbot-auto(使其执行)
  • chmod a+x certbot-auto(运行它)
  • ./certbot-auto(转换为与Spring Boot兼容的键)

在Spring Boot应用程序中,我将以下条目添加到了属性中:

openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomcat -CAfile chain.pem -caname root

目前,我可以通过https://example.com:8080/访问我的应用,并且证书有效。

然后我这样做: 我的security.require-ssl=true server.ssl.key-store={key_store_location} server.ssl.key-store-password={key_store_password} server.ssl.keyStoreType=PKCS12 server.ssl.keyAlias=tomcat 文件如下所示:

/etc/apache2/sites-enabled/000-default.conf

启动apache2并打开https://example.com/后,我得到

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


ServerAdmin webmaster@localhost
ServerName {domain}

SSLEngine on
SSLProxyEngine On
SSLProtocol All -SSLv2 -SSLv3 # Disable SSL versions with POODLE vulnerability

SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem

ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8080/
ProxyPassReverse / https://localhost:8080/

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

但是,如果我输入https://example.com:80/,一切正常。

所以我的问题是:我需要做些什么才能摆脱端口并仅使https://example.com/正常工作?

谢谢。

编辑:按照我的建议添加443后,问题仍然存在,并且出现相同的错误。

完整的配置文件:

Bad Request
This combination of host and port requires TLS.

1 个答案:

答案 0 :(得分:1)

默认Https端口为443。请为443创建SSL VirtualHost,然后在VirtualHost中添加所有条目并进行测试。 

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Listen 443 https
<VirtualHost Apache-IP:443>
ServerAdmin webmaster@localhost
ServerName {domain}

SSLEngine on
SSLProxyEngine On
SSLProtocol All -SSLv2 -SSLv3 # Disable SSL versions with POODLE vulnerability

SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem

ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8080/
ProxyPassReverse / https://localhost:8080/

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>
相关问题
最新问题