Reverse-Proxy
ProxyPass ip地址變數
我正在設置一個代理,讓一個完全隔離的 vlan(稱為 VLAN1)通過代理訪問另一個 vlan(VLAN2)。
一台伺服器有兩個網卡:一個用於 VLAN1 (10.1.1.50),一個用於 VLAN2 (10.1.2.254)。
在我的 VLAN1 上,我有幾台伺服器執行相同的 Web 應用程序(針對不同的使用者):
- https://10.1.1.101/myapp
- https://10.1.1.102/myapp
- https://10.1.1.103/myapp
- …
在我的代理伺服器(10.1.2.254 或 10.1.1.50)上,在文件 /etc/httpd/conf.d/myapp.conf 上:
ServerName Proxy-IsolatedNetwork # # SSL # SSLProxyCheckPeerCN Off SSLProxyCheckPeerExpire Off SSLProxyCheckPeerName Off SSLProxyEngine On SSLProxyProtocol All SSLProxyVerify optional_no_ca SSLProxyVerifyDepth 0 # # Proxy # ProxyPreserveHost On
情況1
如果我寫這個,它的工作原理:
ProxyPass /101 https://10.1.1.101/myapp ProxyPassReverse /101 https://10.1.1.101/myapp ProxyPass /myapp https://10.1.1.101/myapp ProxyPassReverse /myapp https://10.1.1.101/myapp
如果我們轉到 https://10.1.2.254/101,它可以工作,我可以訪問託管在 https://10.1.1.101/myapp 上的 myapp
但
案例二
我想要的是:
- https://10.1.2.254/101 => https://10.1.1.101/myapp
- https://10.1.2.254/102 => https://10.1.1.102/myapp
- https://10.1.2.254/103 => https://10.1.1.103/myapp
如何讓多個 ProxyPass/ProxyPassReverse 工作?
ProxyPass /101 https://10.1.1.101/myapp ProxyPassReverse /101 https://10.1.1.101/myapp ProxyPass /myapp https://10.1.1.101/myapp ProxyPassReverse /myapp https://10.1.1.101/myapp ProxyPass /102 https://10.1.1.102/myapp ProxyPassReverse /102 https://10.1.1.102/myapp ProxyPass /myapp https://10.1.1.102/myapp ProxyPassReverse /myapp https://10.1.1.102/myapp ProxyPass /103 https://10.1.1.103/myapp ProxyPassReverse /103 https://10.1.1.103/myapp ProxyPass /myapp https://10.1.1.103/myapp ProxyPassReverse /myapp https://10.1.1.103/myapp
答案是關閉 ProxyPreserveHost 然後我可以刪除所有行 ProxyPass /myapp & ProxyPassReverse /myapp