Apache-2.2

阿帕奇模組“mod_jk”。為特定的 url/上下文設置使用 https 的重寫條件

  • July 2, 2010

我確實有一個“簡單”的問題,您可能會在幾秒鐘內回答;)我設置了一個 apache 網路伺服器(v2.2),這個 apache 伺服器用作啟用“mod_jk”的平衡器。此伺服器上託管 2 個不同的應用程序,稱為“低”和“高”。我使用的 tomcat 伺服器是 V6.0x 伺服器。

這是 apache httpd.conf(摘要):

# Load mod_jk module
LoadModule    jk_module  modules/mod_jk-1.2.30-httpd-2.2.3.so
# Where to find workers.properties
JkWorkersFile conf/workers.properties
# loadbalancer contains the first application that may be clustered (runs on more tomcat instances/servers)
JkMount  /high/* loadbalancer
# webworker contains the second application that runs in a single tomcat instance
JkMount  /low/* webworker

如您所見,有兩個已定義的映射。第一個“高”進入負載均衡器(2 個應用程序伺服器“worker1”和“worker2”,請參見下面的 worker.properties)。第二個解析為“低”並轉到 webworker(只是此伺服器上的另一個 tomcat 實例)。

這裡是worker.properties:

# Define worker list
worker.list=worker1,worker2,loadbalancer,webworker

# Set properties for worker1 (ajp13, http=8080, https=8443)
# Note: worker1 runs on the same machine as the serving apache webserver
worker.worker1.type=ajp13
worker.worker1.host=appserver1.example.com
worker.worker1.port=8009
worker.worker1.lbfactor=1

# Set properties for worker2 (ajp13, http=8080, https=8443)
# Note: worker2 runs on a different machine
worker.worker2.type=ajp13
worker.worker2.host=appserver2.example.com
worker.worker2.port=8010
worker.worker2.lbfactor=2

# Set properties for webworker (ajp13, http=9090, https=9443)
# Note: webworker runs on the same machine as the serving apache webserver
worker.webworker.type=ajp13
worker.webworker.host=appserver1.example.com
worker.webworker.port=8010

# Set properties for load balancer
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=worker1, worker2

所以,這是我的問題:

如何設置映射“低”的所有請求都應重寫為“https”?第二個應用程序“低”應該完全安全地執行。

即呼叫“ http://www.myapplication.com/low ”導致apache伺服器將其重寫為“ https://www.myapplication.com/low ”。

“mod_rewrite”可以做到這一點嗎?我必須在哪裡放置證書文件?證書是否要在 tomcat-config (server.xml) 或 apache-config (或者可能在兩個配置文件中) 中配置?

謝謝你的幫助:)


找到了解決方案:

Bruno 幫了我,所以這是我的工作配置(將配置放在名為 httpd-vhosts.conf 的附加文件中):

<IfModule mod_ssl.c>
<VirtualHost *:443>
       ServerAdmin webmaster@example.com
       ServerName appserver1.example.com:443
       SSLEngine       on
       SSLCertificateFile     "conf/ssl.crt/server.crt"
       SSLCertificateKeyFile  "conf/ssl.key/server.key"
       JkMount  /low/* webworker
</VirtualHost>
</IfModule>

<VirtualHost *:80>
       ServerAdmin webmaster@example.com
       ServerName appserver1.example.com
       JkMount /high/* loadbalancer
       <IfModule mod_rewrite.c>
           RewriteEngine On
           RewriteCond %{HTTPS} !=on
           RewriteRule ^/low(.*) https://appserver1.example.com/low$1 [R,L]
       </IfModule>
</VirtualHost>

你有沒有嘗試過這樣的事情(假設你已經載入了 mod_rewrite)?

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/low(.*) https://%{SERVER_NAME}/low$1 [R,L]

如果您使用 Apache Httpd 作為前端,則需要配置 SSL(請參閱mod_ssl 模組的文件)。

通常,這將如下所示:

<IfModule mod_ssl.c>
<VirtualHost *:443>
       ServerAdmin webmaster@host.name.example
       ServerName host.name.example

       SSLEngine       on
       SSLCertificateFile      /etc/ssl/certs/host.pem
       SSLCertificateKeyFile   /etc/ssl/private/host.key

       # ...
       # (the config file with your distribution will probably have
       #  a sensible set of options for SSL as well.)

       JkMount  /high/* loadbalancer
       JkMount  /low/* webworker
</VirtualHost>
</IfModule>

<VirtualHost *:80>
       ServerAdmin webmaster@host.name.example
       ServerName host.name.example


       # You can put the rewrite rules here for example.

       JkMount  /high/* loadbalancer
       # Don't put this one if you don't want it over plain HTTP
       # JkMount  /low/* webworker
</VirtualHost>

引用自:https://serverfault.com/questions/154851