先进入  /usr/local/apache2/conf  目录

修改 vim httpd.conf  把下面的去掉注释

LoadModule proxy_module modules/mod_proxy.so

LoadModule proxy_http_module modules/mod_proxy_http.so

LoadModule ssl_module modules/mod_ssl.so

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

Include conf/extra/httpd-ssl.conf

然后进入/usr/local/apache2/conf/extra

编辑vim httpd-ssl.conf

把原来的 <VirtualHost 删除

加入如下配置

<VirtualHost *:443>
ServerName www.hp_nova2.com
ServerAlias www.hp_nova2.com
SSLEngine on
SSLProxyEngine On
SSLProxyVerify none
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
# SSLCertificateFile "Path1"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
# SSLCertificateKeyFile "Path2"
# SSLCertificateChainFile "Path3"
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost On
ProxyRequests Off
<Location />
ProxyPass https://15.31.213.137:443/
ProxyPassReverse https://15.31.213.137:443/
</Location>
</VirtualHost>

然后在/usr/local/apache2/conf/拷贝进去server.crt和server.key

(具体server.crt和server.key生成方式请参考我前面的文章使用openssl生成的证书,需要保证apache配置的证书和nodejs还有springboot配置的证书一样)

然后重启apache 执行 bin/apachectl start

问题:启动apache后访问发现报错500

查看apache的日志error.log发现

[Tue Apr 30 13:38:55.077682 2019] [proxy_http:error] [pid 12090] [client 15.38.244.222:63285] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 (), referer: https://15.31.213.106/
[Tue Apr 30 13:38:55.244096 2019] [proxy:error] [pid 12089] (502)Unknown error 502: [client 15.38.244.222:63287] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137)
[Tue Apr 30 13:38:55.244214 2019] [proxy:error] [pid 12089] [client 15.38.244.222:63287] AH00898: Error during SSL Handshake with remote server returned by /
[Tue Apr 30 13:38:55.244225 2019] [proxy_http:error] [pid 12089] [client 15.38.244.222:63287] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 ()
[Tue Apr 30 13:38:55.277609 2019] [proxy:error] [pid 12093] (502)Unknown error 502: [client 15.38.244.222:63288] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137), referer: https://15.31.213.106/
[Tue Apr 30 13:38:55.277707 2019] [proxy:error] [pid 12093] [client 15.38.244.222:63288] AH00898: Error during SSL Handshake with remote server returned by /favicon.ico, referer: https://15.31.213.106/
[Tue Apr 30 13:38:55.277718 2019] [proxy_http:error] [pid 12093] [client 15.38.244.222:63288] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 (), referer: https://15.31.213.106/
[Tue Apr 30 13:38:55.441908 2019] [proxy:error] [pid 12092] (502)Unknown error 502: [client 15.38.244.222:63290] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137)
[Tue Apr 30 13:38:55.441979 2019] [proxy:error] [pid 12092] [client 15.38.244.222:63290] AH00898: Error during SSL Handshake with remote server returned by /
[Tue Apr 30 13:38:55.441990 2019] [proxy_http:error] [pid 12092] [client 15.38.244.222:63290] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 ()
[Tue Apr 30 13:38:55.472712 2019] [proxy:error] [pid 12091] (502)Unknown error 502: [client 15.38.244.222:63289] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137), referer: https://15.31.213.106/
[Tue Apr 30 13:38:55.472811 2019] [proxy:error] [pid 12091] [client 15.38.244.222:63289] AH00898: Error during SSL Handshake with remote server returned by /favicon.ico, referer: https://15.31.213.106/
[Tue Apr 30 13:38:55.472822 2019] [proxy_http:error] [pid 12091] [client 15.38.244.222:63289] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 (), referer: https://15.31.213.106/
[Tue Apr 30 13:38:58.009281 2019] [proxy:error] [pid 12090] (502)Unknown error 502: [client 15.38.244.222:63291] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137)
[Tue Apr 30 13:38:58.009379 2019] [proxy:error] [pid 12090] [client 15.38.244.222:63291] AH00898: Error during SSL Handshake with remote server returned by /
[Tue Apr 30 13:38:58.009390 2019] [proxy_http:error] [pid 12090] [client 15.38.244.222:63291] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 ()
[Tue Apr 30 13:38:58.038419 2019] [proxy:error] [pid 12089] (502)Unknown error 502: [client 15.38.244.222:63292] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137), referer: https://15.31.213.106/
[Tue Apr 30 13:38:58.038519 2019] [proxy:error] [pid 12089] [client 15.38.244.222:63292] AH00898: Error during SSL Handshake with remote server returned by /favicon.ico, referer: https://15.31.213.106/
[Tue Apr 30 13:38:58.038530 2019] [proxy_http:error] [pid 12089] [client 15.38.244.222:63292] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 (), referer: https://15.31.213.106/
[Tue Apr 30 13:39:14.614789 2019] [proxy:error] [pid 12092] (502)Unknown error 502: [client 15.38.244.222:63293] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137)
[Tue Apr 30 13:39:14.614914 2019] [proxy:error] [pid 12092] [client 15.38.244.222:63293] AH00898: Error during SSL Handshake with remote server returned by /
[Tue Apr 30 13:39:14.614958 2019] [proxy_http:error] [pid 12092] [client 15.38.244.222:63293] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 ()
[Tue Apr 30 13:39:14.646786 2019] [proxy:error] [pid 12093] (502)Unknown error 502: [client 15.38.244.222:63294] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137), referer: https://15.31.213.106/

最后网上查了下在httpd-ssl.conf中的VirtualHost加入如下配置,重启apache解决

SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off

apache2 的https配置和代理https后端nodejs配置的更多相关文章

  1. [firefox+plug-n-hack]轻松地配置burpsuite代理https流量

    http://zone.wooyun.org/content/25982 需要用到firefox的插件plug-n-hack下载https://raw.githubusercontent.com/mo ...

  2. NGINX生产环境反向代理到后端tomcat配置

    #当访问www.kazihuo.com//sichuan-user-te时,跳转到http://10.1.93.61:7005/sichuan-user server { listen ; serve ...

  3. 一文教您如何通过 Docker 搭建反向代理 Ngnix,并配置 Https SSL 证书

    欢迎关注个人微信公众号: 小哈学Java, 每日推送 Java 领域干货文章,关注附送 100G 海量学习资源哟!! 个人网站: https://www.exception.site/docker/h ...

  4. *** + Polipo 配置全局代理(Linux 版本)

    转,原文:http://blog.csdn.net/jon_me/article/details/53525059 我本来是想查这个问题: How to start server and local ...

  5. CentOS 7 安装 Nginx 配置反向代理

    Linux使用Nginx Yum存储库上安装Nginx,适用于Red Hat Enterprise Linux和CentOS系统. 1.添加设置Nginx Yum存储库 在CentOS中首次安装Ngi ...

  6. Tomcat:利用Apache配置反向代理、负载均衡

    本篇主要介绍apache配置反向代理,介绍了两种情况:第一种是,只使用apache配置反向代理:第二种是,apache与应用服务器(tomcat)结合,配置反向代理,同时了配置了负载均衡. 准备工作 ...

  7. haproxy代理https配置方法【转】

    记得在之前的一篇文章中介绍了nginx反向代理https的方法,今天这里介绍下haproxy代理https的方法: haproxy代理https有两种方式:1)haproxy服务器本身提供ssl证书, ...

  8. windows:nginx配置http、https反向代理

    一.下载 Windows 版本的 nginx nnginx下载:http://nginx.org/en/download.html 推荐稳定版本.下载完成后,解压得到 nginx-1.14.0 ,我把 ...

  9. Nginx中配置http和https做反向代理

    参考:http://www.zslin.com/web/article/detail/73 1.安装 sudo apt-get install nginx 2.配置: http_demo.conf # ...

随机推荐

  1. k8s问题记录

    1. kubectl run 起来的pod 用 kubectl delete po删不掉 kubectl delete deployment my-nginx kubelet# 看到最后一行:erro ...

  2. iOS对HTTPS证书链的验证原理

    今天看到所在的某个开发群问https原理,之前做HTTPS ,下面简单说下原理.希望能帮助你理解. HTTPS从最终的数据解析的角度,与HTTP相同.HTTPS将HTTP协议数据包放到SSL/TSL层 ...

  3. mybatis调用自定义函数

    <select id="getFunction" parameterType="int" resultType="string"> ...

  4. 在 Ruby 中执行 Shell 命令的 6 种方法

    我们时常会与操作系统交互或在 Ruby 中执行 Shell 命令.Ruby为我们提供了完成该任务的诸多方法. Exec Kernel#exec 通过执行给定的命令来替换当前进程,例如: $ irb & ...

  5. Java的类名与文件名必须一致

    1.Java保存的文件名必须与类名一致:2.如果文件中只有一个类,文件名必须与类名一致:3.一个Java文件中只能有一个public类:4.如果文件中不止一个类,文件名必须与public类名一致:5. ...

  6. loadrunner12-用Chrome如何录制脚本

    1.下载Chrome最新版本: 2.打开需要录制的网页,按下F12按钮: 3.在弹出框中,选择Network标签,在该标签下单击红色按钮(开始录制按钮): 4.按下F5刷新页面(不管是否需要录制当前页 ...

  7. android4.2 高用zing拍照后,返回其它页面操作时,主线程关掉或程序退出的问题解决

    产生错误的代码: @Override protected void onCreate(Bundle savedInstanceState) { StrictMode.setThreadPolicy(n ...

  8. 转 Spring AOP @Before @Around @After 等 advice 的执行顺序

    转自:http://blog.csdn.net/rainbow702/article/details/52185827 情况一: 一个方法只被一个Aspect类拦截 正常情况:  异常情况:  情况二 ...

  9. Ansible 笔记 (1) - 安装和配置

    本文参考 <Ansible 自动化运维和最佳实践>,这两天刚读这本书,写写总结.主控机环境是 centos 7,被控机均是 centos 6.8 . 确保 python 版本大于 2.6 ...

  10. linux每天一小步---alias命令详解

    1 命令功能     alias命令用来设置指令的别名,alias命令设置的别名只限于该次登陆操作,若要每次登入即自动设好别名,可在/etc/profile或自己的~/.bashrc中设定指令的别名. ...