Apache-2.2

具有兩個名稱虛擬主機的 Apache SSL 反向代理

  • June 3, 2016

我有一個正確代理 https 內部伺服器的 Apache 反向代理。它被配置為使用萬用字元自簽名證書,並被配置為具有 ServerName 指令的基於名稱的虛擬主機。

我正在嘗試將第二個 https 內部伺服器添加到代理,我從第一個伺服器複製了配置,更改了 ServerName ,但它不起作用:如果我嘗試連接到第二個伺服器的名稱,它總是將我代理到第一的。

這是配置:

NameVirtualHost *:443

<VirtualHost *:443>
       ServerAdmin webmaster@siteX.com
       SSLEngine on
       SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

       SSLCertificateFile /etc/apache2/siteX-cert/wildcard.siteX.com.crt
       SSLCertificateKeyFile /etc/apache2/siteX-cert/wildcard.siteX.com.key
       SSLCACertificateFile /etc/apache2/siteX-cert/my-ca.crt

       ServerName      "website.siteX.com"

       CustomLog       "/var/log/apache2/website.siteX.com-ssl-access.log" combined
       ErrorLog        "/var/log/apache2/website.siteX.com-ssl-error.log"

       # We're not an open proxy
       ProxyRequests off

       # Proxying is available for anyone
       <Proxy *>
               Order deny,allow
               Allow from all
       </Proxy>

       # The site we're proxying through 
       ProxyPass / https://10.3.0.16/
       ProxyPassReverse / https://10.3.0.16/

       # Allows the proxying of an SSL connection
       SSLProxyEngine On
</VirtualHost>
<VirtualHost *:443>
       ServerAdmin webmaster@siteX.com

       SSLEngine on
       SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

       SSLCertificateFile /etc/apache2/siteX-cert/wildcard.siteX.com.crt
       SSLCertificateKeyFile /etc/apache2/siteX-cert/wildcard.siteX.com.key
       SSLCACertificateFile /etc/apache2/siteX-cert/my-ca.crt

       ServerName      "website2.siteX.com"

       CustomLog       "/var/log/apache2/website.siteX.com-ssl-access.log" combined
       ErrorLog        "/var/log/apache2/website.siteX.com-ssl-error.log"

       #We're not an open proxy
       ProxyRequests off

       # Proxying is available for anyone
       <Proxy *>
               Order deny,allow
               Allow from all
       </Proxy>

       # The site we're proxying through 
       ProxyPass / https://10.3.0.26/
       ProxyPassReverse / https://10.3.0.26/

       # Allows the proxying of an SSL connection
       SSLProxyEngine On
</VirtualHost>

我切換到 Nginx 並設法讓兩個 https 站點正常工作,配置非常簡單:

ssl_certificate  /etc/nginx/siteX-cert/wildcard.siteX.com.crt;
ssl_certificate_key  /etc/nginx/siteX-cert/wildcard.siteX.com.key;
ssl_session_timeout  5m;
ssl_prefer_server_ciphers  on;
ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers  AES256+EECDH:AES256+EDH:!aNULL;

server {
       listen 443 ssl;
       server_name website.siteX.com;
       ssl on;
       location / {
               proxy_pass https://10.3.0.16/;
       }
}

server {
       listen 443 ssl;
       server_name website2.siteX.com;
       ssl on;
       location / {
               proxy_pass https://10.3.0.26/;
       }
}

引用自:https://serverfault.com/questions/779078