Apache-2.2
具有兩個名稱虛擬主機的 Apache SSL 反向代理
我有一個正確代理 https 內部伺服器的 Apache 反向代理。它被配置為使用萬用字元自簽名證書,並被配置為具有 ServerName 指令的基於名稱的虛擬主機。
我正在嘗試將第二個 https 內部伺服器添加到代理,我從第一個伺服器複製了配置,更改了 ServerName ,但它不起作用:如果我嘗試連接到第二個伺服器的名稱,它總是將我代理到第一的。
這是配置:
NameVirtualHost *:443 <VirtualHost *:443> ServerAdmin webmaster@siteX.com SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP SSLCertificateFile /etc/apache2/siteX-cert/wildcard.siteX.com.crt SSLCertificateKeyFile /etc/apache2/siteX-cert/wildcard.siteX.com.key SSLCACertificateFile /etc/apache2/siteX-cert/my-ca.crt ServerName "website.siteX.com" CustomLog "/var/log/apache2/website.siteX.com-ssl-access.log" combined ErrorLog "/var/log/apache2/website.siteX.com-ssl-error.log" # We're not an open proxy ProxyRequests off # Proxying is available for anyone <Proxy *> Order deny,allow Allow from all </Proxy> # The site we're proxying through ProxyPass / https://10.3.0.16/ ProxyPassReverse / https://10.3.0.16/ # Allows the proxying of an SSL connection SSLProxyEngine On </VirtualHost> <VirtualHost *:443> ServerAdmin webmaster@siteX.com SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP SSLCertificateFile /etc/apache2/siteX-cert/wildcard.siteX.com.crt SSLCertificateKeyFile /etc/apache2/siteX-cert/wildcard.siteX.com.key SSLCACertificateFile /etc/apache2/siteX-cert/my-ca.crt ServerName "website2.siteX.com" CustomLog "/var/log/apache2/website.siteX.com-ssl-access.log" combined ErrorLog "/var/log/apache2/website.siteX.com-ssl-error.log" #We're not an open proxy ProxyRequests off # Proxying is available for anyone <Proxy *> Order deny,allow Allow from all </Proxy> # The site we're proxying through ProxyPass / https://10.3.0.26/ ProxyPassReverse / https://10.3.0.26/ # Allows the proxying of an SSL connection SSLProxyEngine On </VirtualHost>
我切換到 Nginx 並設法讓兩個 https 站點正常工作,配置非常簡單:
ssl_certificate /etc/nginx/siteX-cert/wildcard.siteX.com.crt; ssl_certificate_key /etc/nginx/siteX-cert/wildcard.siteX.com.key; ssl_session_timeout 5m; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; server { listen 443 ssl; server_name website.siteX.com; ssl on; location / { proxy_pass https://10.3.0.16/; } } server { listen 443 ssl; server_name website2.siteX.com; ssl on; location / { proxy_pass https://10.3.0.26/; } }