Reverse-Proxy

ProxyPass ip地址變數

  • March 26, 2019

我正在設置一個代理,讓一個完全隔離的 vlan(稱為 VLAN1)通過代理訪問另一個 vlan(VLAN2)。

一台伺服器有兩個網卡:一個用於 VLAN1 (10.1.1.50),一個用於 VLAN2 (10.1.2.254)。

在我的 VLAN1 上,我有幾台伺服器執行相同的 Web 應用程序(針對不同的使用者):

  • https://10.1.1.101/myapp
  • https://10.1.1.102/myapp
  • https://10.1.1.103/myapp

在我的代理伺服器(10.1.2.254 或 10.1.1.50)上,在文件 /etc/httpd/conf.d/myapp.conf 上:

ServerName  Proxy-IsolatedNetwork
#
# SSL
#
SSLProxyCheckPeerCN     Off
SSLProxyCheckPeerExpire Off
SSLProxyCheckPeerName   Off
SSLProxyEngine          On
SSLProxyProtocol        All
SSLProxyVerify          optional_no_ca
SSLProxyVerifyDepth     0

#
# Proxy
#
ProxyPreserveHost On

情況1

如果我寫這個,它的工作原理:

ProxyPass /101 https://10.1.1.101/myapp
ProxyPassReverse /101 https://10.1.1.101/myapp

ProxyPass /myapp https://10.1.1.101/myapp
ProxyPassReverse /myapp https://10.1.1.101/myapp

如果我們轉到 https://10.1.2.254/101,它可以工作,我可以訪問託管在 https://10.1.1.101/myapp 上的 myapp

案例二

我想要的是:

  • https://10.1.2.254/101 => https://10.1.1.101/myapp
  • https://10.1.2.254/102 => https://10.1.1.102/myapp
  • https://10.1.2.254/103 => https://10.1.1.103/myapp

如何讓多個 ProxyPass/ProxyPassReverse 工作?

ProxyPass /101 https://10.1.1.101/myapp
ProxyPassReverse /101 https://10.1.1.101/myapp
ProxyPass /myapp https://10.1.1.101/myapp
ProxyPassReverse /myapp https://10.1.1.101/myapp

ProxyPass /102 https://10.1.1.102/myapp
ProxyPassReverse /102 https://10.1.1.102/myapp
ProxyPass /myapp https://10.1.1.102/myapp
ProxyPassReverse /myapp https://10.1.1.102/myapp

ProxyPass /103 https://10.1.1.103/myapp
ProxyPassReverse /103 https://10.1.1.103/myapp
ProxyPass /myapp https://10.1.1.103/myapp
ProxyPassReverse /myapp https://10.1.1.103/myapp

答案是關閉 ProxyPreserveHost 然後我可以刪除所有行 ProxyPass /myapp & ProxyPassReverse /myapp

引用自:https://serverfault.com/questions/914259