apache 2.4 httpd 2.4.6 反向代理后端的服务为HTTPS https 基于centos7
2024-08-27 20:23:44
需求场景:通过访问apache的http地址,反向代理访问后端的https服务,而且路径带有只能特定模块才反向代理
配置如下
listen <VirtualHost *:>
#管理员邮箱 随便填 可不要此指令
ServerAdmin webmaster@dummy-host.example.com
#域名 为IP地址
ServerName 本机ip <Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine On #https代理最关键就是这个
ProxyPreserveHost On
ProxyRequests Off #关闭正向代理
#ProxyPassMatch ^/foo/bar https://123.123.123.2 #443端口这么写
ProxyPassMatch ^/foo/bar https://123.123.123.2:6079(如果是443端口不要加了,否则连接不上,可以打开httpd.conf 打开debug级别日志能看到)
ProxyPass / ! #表示不是上面匹配的路径不转发,走默认的httpd.conf DocumentRoot
ProxyPassReverse / ! #表示不是上面匹配的路径不转发,走默认的httpd.conf DocumentRoot
ErrorLog /var/log/httpd/test_error_log
CustomLog /var/log/httpd/test_access_log combined
</VirtualHost
效果展示
curl http://本地ip:8182/foo/bar/123
会转发到后端
示范日志,需要httpd开启debug 在httpd.conf 修日志级别重启l即可
[Thu Sep ::27.575036 ] [authz_core:debug] [pid ] mod_authz_core.c(): [client 192.168.10.30:] AH01628: authorization result: granted (no directives)
[Thu Sep ::27.575188 ] [proxy:debug] [pid ] mod_proxy.c(): [client 192.168.10.30:] AH01143: Running scheme https handler (attempt )
[Thu Sep ::27.575197 ] [proxy_ajp:debug] [pid ] mod_proxy_ajp.c(): [client 192.168.10.30:] AH00894: declining URL https://123.123.123.2/foo/bar/getFPInfoByNSRSBH
[Thu Sep ::27.575203 ] [proxy_fcgi:debug] [pid ] mod_proxy_fcgi.c(): [client 192.168.10.30:] AH01076: url: https://123.123.123.2/foo/bar/getFPInfoByNSRSBH proxyname: (null) proxyport: 0
[Thu Sep ::27.575207 ] [proxy_fcgi:debug] [pid ] mod_proxy_fcgi.c(): [client 192.168.10.30:] AH01077: declining URL https://123.123.123.2/foo/bar/getFPInfoByNSRSBH
[Thu Sep ::27.575221 ] [proxy:debug] [pid ] proxy_util.c(): AH00942: HTTPS: has acquired connection for (123.123.123.2)
[Thu Sep ::27.575229 ] [proxy:debug] [pid ] proxy_util.c(): [client 192.168.10.30:] AH00944: connecting https://123.123.123.2/foo/bar/getFPInfoByNSRSBH to 123.123.123.2:443
[Thu Sep ::27.575321 ] [proxy:debug] [pid ] proxy_util.c(): [client 192.168.10.30:] AH00947: connected /foo/bar/getFPInfoByNSRSBH to 123.123.123.2:
[Thu Sep ::27.581116 ] [proxy:debug] [pid ] proxy_util.c(): AH02824: HTTPS: connection established with 123.123.123.2: (123.123.123.2)
[Thu Sep ::27.581151 ] [proxy:debug] [pid ] proxy_util.c(): AH00962: HTTPS: connection complete to 123.123.123.2: (123.123.123.2)
[Thu Sep ::27.581161 ] [ssl:info] [pid ] [remote 123.123.123.2:] AH01964: Connection to child established (server 192.168.10.30:)
[Thu Sep ::27.598908 ] [ssl:debug] [pid ] ssl_engine_kernel.c(): [remote 123.123.123.2:] AH02275: Certificate Verification, depth , CRL checking mode: none [subject: CN=Encryption Everywhere DV TLS CA - G1,OU=www.digicert.com,O=DigiCert Inc,C=US / issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US / serial: 0279AC458BC1B245ABF98053CD2C9BB1 / notbefore: Nov :: GMT / notafter: Nov :: GMT]
[Thu Sep ::27.599201 ] [ssl:debug] [pid ] ssl_engine_kernel.c(): [remote 123.123.123.2:] AH02275: Certificate Verification, depth , CRL checking mode: none [subject: CN=*.ele-cloud.com / issuer: CN=Encryption Everywhere DV TLS CA - G1,OU=www.digicert.com,O=DigiCert Inc,C=US / serial: 01B4CA2CA4522D242C3055C4C5920F94 / notbefore: Aug :: GMT / notafter: Aug :: GMT]
[Thu Sep ::27.610271 ] [ssl:debug] [pid ] ssl_engine_kernel.c(): [remote 123.123.123.2:] AH02041: Protocol: TLSv1., Cipher: ECDHE-RSA-AES128-SHA256 (/ bits)
[Thu Sep ::27.760324 ] [proxy:debug] [pid ] proxy_util.c(): AH00925: initializing worker https://123.123.123.2 shared
[Thu Sep ::27.760336 ] [proxy:debug] [pid ] proxy_util.c(): AH00927: initializing worker https://123.123.123.2 local
[Thu Sep ::27.760353 ] [proxy:debug] [pid ] proxy_util.c(): AH00931: initialized single connection worker in child for (123.123.123.2)
[Thu Sep ::28.238290 ] [proxy:debug] [pid ] proxy_util.c(): AH00943: https: has released connection for (123.123.123.2)
顺便记录反向代理http
[root@oc conf.d]# vim vhost.conf listen <VirtualHost *:> #管理员邮箱 ServerAdmin webmaster@dummy-host.example.com #域名 ServerName 本机ip <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPreserveHost On ProxyRequests Off #关闭正向代理 ProxyPassMatch ^/recipt/checkFp http://123.48.78.9:8080 #默认端口80,不需要填端口 ProxyPass / ! ProxyPassReverse / ! ErrorLog /var/log/httpd/test_error_log CustomLog /var/log/httpd/test_access_log combined </VirtualHost>
反向代理不过滤path
[root@oc conf.d]# vim vhost.conf
listen <VirtualHost *:>
#管理员邮箱
ServerAdmin webmaster@dummy-host.example.com
#域名
ServerName 本机ip <Proxy *>
Order deny,allow
Allow from all
</Proxy> ProxyPreserveHost On
ProxyRequests Off #关闭正向代理 ProxyPass / http://123.48.78.9:8080
ProxyPassReverse / http://123.48.78.9:8080
ErrorLog /var/log/httpd/test_error_log
CustomLog /var/log/httpd/test_access_log combined
</VirtualHost>
最新文章
- 模块化之Spring3.0 web fragment和gradle构建项目
- asp.net中获取本机的相关信息!(CPU、内存、硬盘序列号等)
- Hadoop HDFS 用户指南
- Hot code replace failed
- Yii源码阅读笔记(十三)
- shell 脚本文件Windows传到Linux后编码问题
- EasyUI 自定义DataGrid分页
- asp.net MVC dropList 绑定
- Big Data Analytics for Security(Big Data Analytics for Security Intelligence)
- .NET参数化Oracle查询参数
- NUnit实战,第一个测试类,测试事件触发是否是并行的
- Java的参数传递是值传递还是引用传递
- vue3+typescript引入外部文件
- Oracle初级优化sql
- Django框架详细介绍---ORM相关操作---select_related和prefetch_related函数对 QuerySet 查询的优化
- Python中的包ImportError
- JVM总结-虚拟机怎么执行字节码
- (第十二周)Debug阶段成员贡献分
- django字段查询参数及聚合函数
- [mysql] mysql如何实现更新一条记录中某个字段值的一部分呢?