Apache-2.2
阿帕奇模組“mod_jk”。為特定的 url/上下文設置使用 https 的重寫條件
我確實有一個“簡單”的問題,您可能會在幾秒鐘內回答;)我設置了一個 apache 網路伺服器(v2.2),這個 apache 伺服器用作啟用“mod_jk”的平衡器。此伺服器上託管 2 個不同的應用程序,稱為“低”和“高”。我使用的 tomcat 伺服器是 V6.0x 伺服器。
這是 apache httpd.conf(摘要):
# Load mod_jk module LoadModule jk_module modules/mod_jk-1.2.30-httpd-2.2.3.so # Where to find workers.properties JkWorkersFile conf/workers.properties # loadbalancer contains the first application that may be clustered (runs on more tomcat instances/servers) JkMount /high/* loadbalancer # webworker contains the second application that runs in a single tomcat instance JkMount /low/* webworker
如您所見,有兩個已定義的映射。第一個“高”進入負載均衡器(2 個應用程序伺服器“worker1”和“worker2”,請參見下面的 worker.properties)。第二個解析為“低”並轉到 webworker(只是此伺服器上的另一個 tomcat 實例)。
這裡是worker.properties:
# Define worker list worker.list=worker1,worker2,loadbalancer,webworker # Set properties for worker1 (ajp13, http=8080, https=8443) # Note: worker1 runs on the same machine as the serving apache webserver worker.worker1.type=ajp13 worker.worker1.host=appserver1.example.com worker.worker1.port=8009 worker.worker1.lbfactor=1 # Set properties for worker2 (ajp13, http=8080, https=8443) # Note: worker2 runs on a different machine worker.worker2.type=ajp13 worker.worker2.host=appserver2.example.com worker.worker2.port=8010 worker.worker2.lbfactor=2 # Set properties for webworker (ajp13, http=9090, https=9443) # Note: webworker runs on the same machine as the serving apache webserver worker.webworker.type=ajp13 worker.webworker.host=appserver1.example.com worker.webworker.port=8010 # Set properties for load balancer worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=worker1, worker2
所以,這是我的問題:
如何設置映射“低”的所有請求都應重寫為“https”?第二個應用程序“低”應該完全安全地執行。
即呼叫“ http://www.myapplication.com/low ”導致apache伺服器將其重寫為“ https://www.myapplication.com/low ”。
“mod_rewrite”可以做到這一點嗎?我必須在哪裡放置證書文件?證書是否要在 tomcat-config (server.xml) 或 apache-config (或者可能在兩個配置文件中) 中配置?
謝謝你的幫助:)
找到了解決方案:
Bruno 幫了我,所以這是我的工作配置(將配置放在名為 httpd-vhosts.conf 的附加文件中):
<IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin webmaster@example.com ServerName appserver1.example.com:443 SSLEngine on SSLCertificateFile "conf/ssl.crt/server.crt" SSLCertificateKeyFile "conf/ssl.key/server.key" JkMount /low/* webworker </VirtualHost> </IfModule> <VirtualHost *:80> ServerAdmin webmaster@example.com ServerName appserver1.example.com JkMount /high/* loadbalancer <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/low(.*) https://appserver1.example.com/low$1 [R,L] </IfModule> </VirtualHost>
你有沒有嘗試過這樣的事情(假設你已經載入了 mod_rewrite)?
RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/low(.*) https://%{SERVER_NAME}/low$1 [R,L]
如果您使用 Apache Httpd 作為前端,則需要配置 SSL(請參閱mod_ssl 模組的文件)。
通常,這將如下所示:
<IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin webmaster@host.name.example ServerName host.name.example SSLEngine on SSLCertificateFile /etc/ssl/certs/host.pem SSLCertificateKeyFile /etc/ssl/private/host.key # ... # (the config file with your distribution will probably have # a sensible set of options for SSL as well.) JkMount /high/* loadbalancer JkMount /low/* webworker </VirtualHost> </IfModule> <VirtualHost *:80> ServerAdmin webmaster@host.name.example ServerName host.name.example # You can put the rewrite rules here for example. JkMount /high/* loadbalancer # Don't put this one if you don't want it over plain HTTP # JkMount /low/* webworker </VirtualHost>