Ssl
如何在 Apache 中正確設置 SSL 代理?
我正在嘗試設置 SSL 代理以從外部訪問本地 Web 應用程序。訪問頁面時出現 500 錯誤。日誌說:
[proxy:error] [pid 17153] (502)Unknown error 502: [client 192.168.1.109:56171] AH01084: pass request body failed to [::1]:5000 (localhost)
在
httpd.conf
Apache 2.4.6 上執行時,我有:<VirtualHost *:80> ServerName web.domain.tld Redirect permanent / https://web.domain.tld/ </VirtualHost> <VirtualHost *:443> ServerName web.domain.tld SSLEngine on SSLCertificateFile /etc/letsencrypt/live/domain.tld/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/domain.tld/chain.pem SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK SSLProtocol -All +TLSv1.1 +TLSv1.2 SSLHonorCipherOrder On Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" Header always set X-Frame-Options DENY <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [7-9]" ssl-unclean-shutdown SSLProxyEngine On SSLProxyCheckPeerCN on SSLProxyCheckPeerExpire on ProxyPass / https://localhost:5000/ ProxyPassReverse / https://localhost:5000/ </VirtualHost>
問題是 Apache 正在
Host:
根據目標伺服器的主機名生成標頭,而我需要保留它。添加ProxyPreserveHost On
解決了這個問題。