我正在使用 Apache - 在 Mac 上,Apache 是通过 brew 安装的 - 作为反向代理连接到位于 docker 容器内的 Web 服务器。 apache 具有以下规格:
Server version: Apache/2.4.48 (Unix)
Server built: May 26 2021 07:00:18
除了作为反向代理运行的 Apache 将 authorization
标头从到达上游服务器之外,一切正常。以下是我的 .conf 设置 -
<VirtualHost *:80>
ServerName web.test
ServerAlias www.web.test
ServerAdmin mail@web.test
# Redirecting insecure connections to secure connections
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://web.test%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>
<VirtualHost *:443>
ServerName web.test
ServerAlias www.web.test
<Directory />
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
Satisfy Any
</Directory>
ErrorLog "/Users/test/websites/web.test/logs/host/error.log"
CustomLog "/Users/test/websites/web.test/logs/host/access.log" combined
<Location />
ProxyPass "https://127.0.0.1:14443/"
ProxyPassReverse "https://127.0.0.1:14443/"
Order deny,allow
Allow from all
</Location>
SSLEngine on
SSLCertificateFile "/path/to/certificates/web.test/web.test.crt"
SSLCertificateKeyFile "/path/to/certificates/web.test/web.test.key"
ProxyRequests on
ProxyPreserveHost On
ProxyTimeout 1000
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://web.test%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>
在 docker 中,端口 443 映射到主机端口 1443,我使用自签名证书进行开发。我知道出于安全考虑,Apache 可能会从其 authorization : Bearer value
令牌中剥离请求。但就我而言,剥离 authorization
是不可取的,因为授权是在上游服务器上处理的。
我在 SO 中看到过类似的问题 - 几乎所有问题 - 但没有人为我提供解决方案。有人能告诉我如何解决这个问题吗?