Ssl
Apache2.4 RewriteRule 作為遠端 Apache2.2 伺服器的代理
我們有一個帶有 URL 的舊應用程序
https://www2.devDocApp.com/
正在執行,Ubuntu8
並且apache2.2
沒有 TLS 1.2 支持,我們apache2.2
在 Ubuntu 8 機器上進行了艱難的升級和 openSSL,所以現在我們正在使用代理apache
伺服器(devapp01
帶有 Apache/2.4.29(Win64)的 Windows 2012 VM ) 將所有請求重定向到https://www2.devDocApp.com/
下面是我用來設置代理伺服器的 apache 配置
devapp01
<VirtualHost *:443> Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" DocumentRoot "C:/apache/htdocs" ServerName devapp01 #ErrorLog "|bin/rotatelogs.exe -l -f C:/apache/logs/apache_error_log.%m-%d-%y-%I-%M-%S.log 86400" #TransferLog "|bin/rotatelogs.exe -l -f C:/apache/logs/apache_transfer_log.%m-%d-%y-%I-%M-%S.log 86400" SSLEngine on #SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2 #SSLHonorCipherOrder on #SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" #SSLCompression off SSLProtocol -ALL TLSv1.2 SSLCertificateFile "C:/apache/conf/server.cer" SSLCertificateKeyFile "C:/apache/conf/server.key" #SSLCertificateChainFile "C:/apache/conf/server-ca.cer" SSLCACertificateFile "C:/apache/conf/ca.cer" SSLVerifyClient optional SSLVerifyDepth 3 <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "C:/apache/cgi-bin"> SSLOptions +StdEnvVars </Directory> #CustomLog "|bin/rotatelogs.exe C:/apache/logs/ssl_request.%m-%d-%Y_%H_%M_%S.log 86400" \ # "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> #ProxyPass should be prior to any other Proxy directives ProxyPass /DocApp https://www2.devDocApp.com/ SSLProxyEngine on RewriteEngine On RewriteRule ^/DocApp$ https://www2.devDocApp.com/ [R,L] RequestHeader set X_SSL_CLIENT_M_SERIAL "%{SSL_CLIENT_M_SERIAL}s" RequestHeader set X_FORWARDED_PROTO "https" env=HTTPS RequestHeader set SslSubject "%{SSL_CLIENT_S_DN}s" </VirtualHost>
https://devapp01/DocApp/
當我點擊它在瀏覽器中重定向到的代理 apache URL時https://www2.devDocApp.com/
,我如何使其工作,以使瀏覽器中的 URL 始終https://devapp01/DocApp/<Page>
用於所有嵌套路徑,https://devapp01/DocApp/page1
https://devapp01/DocApp/page2/page1
而不是重定向到https://www2.devDocApp.com/page1
等等https://www2.devDocApp.com/page2
?
這會進行重定向:
RewriteEngine On RewriteRule ^/DocApp$ https://www2.devDocApp.com/ [R,L]
去掉它。
ProxyPass
已經成功了。
你應該以這種方式嘗試代理
RewriteEngine on RewriteRule "^DocApp/(.*)$" "https://www2.devDocApp.com/DocApp/$1" [P] ProxyPassReverse "/DocApp/" "http://www2.devDocApp.com/DocApp/"
我們添加了一個 ProxyPassReverse 指令,以確保後端發出的任何重定向都正確傳遞給客戶端。
更好的資訊在這裡: https ://httpd.apache.org/docs/2.4/rewrite/proxy.html