Ssl

如何在 Apache 中正確設置 SSL 代理?

  • February 1, 2016

我正在嘗試設置 SSL 代理以從外部訪問本地 Web 應用程序。訪問頁面時出現 500 錯誤。日誌說:

[proxy:error] [pid 17153] (502)Unknown error 502: [client 192.168.1.109:56171] AH01084: pass request body failed to [::1]:5000 (localhost)

httpd.confApache 2.4.6 上執行時,我有:

<VirtualHost *:80>
   ServerName web.domain.tld
   Redirect permanent / https://web.domain.tld/
</VirtualHost>

<VirtualHost *:443>
   ServerName  web.domain.tld

   SSLEngine on
   SSLCertificateFile /etc/letsencrypt/live/domain.tld/cert.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem
   SSLCertificateChainFile /etc/letsencrypt/live/domain.tld/chain.pem
   SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
   SSLProtocol  -All +TLSv1.1 +TLSv1.2
   SSLHonorCipherOrder On
   Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
   Header always set X-Frame-Options DENY
   <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
   </FilesMatch>

   BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
   BrowserMatch "MSIE [7-9]" ssl-unclean-shutdown

   SSLProxyEngine On
   SSLProxyCheckPeerCN on
   SSLProxyCheckPeerExpire on

   ProxyPass / https://localhost:5000/
   ProxyPassReverse / https://localhost:5000/

</VirtualHost>

問題是 Apache 正在Host:根據目標伺服器的主機名生成標頭,而我需要保留它。添加ProxyPreserveHost On解決了這個問題。

來源

引用自:https://serverfault.com/questions/752640