apache2 的https配置和代理https后端nodejs配置
先进入 /usr/local/apache2/conf 目录
修改 vim httpd.conf 把下面的去掉注释
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Include conf/extra/httpd-ssl.conf
然后进入/usr/local/apache2/conf/extra
编辑vim httpd-ssl.conf
把原来的 <VirtualHost 删除
加入如下配置
<VirtualHost *:443>
ServerName www.hp_nova2.com
ServerAlias www.hp_nova2.com
SSLEngine on
SSLProxyEngine On
SSLProxyVerify none
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
# SSLCertificateFile "Path1"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
# SSLCertificateKeyFile "Path2"
# SSLCertificateChainFile "Path3"
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost On
ProxyRequests Off
<Location />
ProxyPass https://15.31.213.137:443/
ProxyPassReverse https://15.31.213.137:443/
</Location>
</VirtualHost>
然后在/usr/local/apache2/conf/拷贝进去server.crt和server.key
(具体server.crt和server.key生成方式请参考我前面的文章使用openssl生成的证书,需要保证apache配置的证书和nodejs还有springboot配置的证书一样)
然后重启apache 执行 bin/apachectl start
问题:启动apache后访问发现报错500
查看apache的日志error.log发现
[Tue Apr 30 13:38:55.077682 2019] [proxy_http:error] [pid 12090] [client 15.38.244.222:63285] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 (), referer: https://15.31.213.106/
[Tue Apr 30 13:38:55.244096 2019] [proxy:error] [pid 12089] (502)Unknown error 502: [client 15.38.244.222:63287] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137)
[Tue Apr 30 13:38:55.244214 2019] [proxy:error] [pid 12089] [client 15.38.244.222:63287] AH00898: Error during SSL Handshake with remote server returned by /
[Tue Apr 30 13:38:55.244225 2019] [proxy_http:error] [pid 12089] [client 15.38.244.222:63287] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 ()
[Tue Apr 30 13:38:55.277609 2019] [proxy:error] [pid 12093] (502)Unknown error 502: [client 15.38.244.222:63288] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137), referer: https://15.31.213.106/
[Tue Apr 30 13:38:55.277707 2019] [proxy:error] [pid 12093] [client 15.38.244.222:63288] AH00898: Error during SSL Handshake with remote server returned by /favicon.ico, referer: https://15.31.213.106/
[Tue Apr 30 13:38:55.277718 2019] [proxy_http:error] [pid 12093] [client 15.38.244.222:63288] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 (), referer: https://15.31.213.106/
[Tue Apr 30 13:38:55.441908 2019] [proxy:error] [pid 12092] (502)Unknown error 502: [client 15.38.244.222:63290] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137)
[Tue Apr 30 13:38:55.441979 2019] [proxy:error] [pid 12092] [client 15.38.244.222:63290] AH00898: Error during SSL Handshake with remote server returned by /
[Tue Apr 30 13:38:55.441990 2019] [proxy_http:error] [pid 12092] [client 15.38.244.222:63290] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 ()
[Tue Apr 30 13:38:55.472712 2019] [proxy:error] [pid 12091] (502)Unknown error 502: [client 15.38.244.222:63289] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137), referer: https://15.31.213.106/
[Tue Apr 30 13:38:55.472811 2019] [proxy:error] [pid 12091] [client 15.38.244.222:63289] AH00898: Error during SSL Handshake with remote server returned by /favicon.ico, referer: https://15.31.213.106/
[Tue Apr 30 13:38:55.472822 2019] [proxy_http:error] [pid 12091] [client 15.38.244.222:63289] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 (), referer: https://15.31.213.106/
[Tue Apr 30 13:38:58.009281 2019] [proxy:error] [pid 12090] (502)Unknown error 502: [client 15.38.244.222:63291] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137)
[Tue Apr 30 13:38:58.009379 2019] [proxy:error] [pid 12090] [client 15.38.244.222:63291] AH00898: Error during SSL Handshake with remote server returned by /
[Tue Apr 30 13:38:58.009390 2019] [proxy_http:error] [pid 12090] [client 15.38.244.222:63291] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 ()
[Tue Apr 30 13:38:58.038419 2019] [proxy:error] [pid 12089] (502)Unknown error 502: [client 15.38.244.222:63292] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137), referer: https://15.31.213.106/
[Tue Apr 30 13:38:58.038519 2019] [proxy:error] [pid 12089] [client 15.38.244.222:63292] AH00898: Error during SSL Handshake with remote server returned by /favicon.ico, referer: https://15.31.213.106/
[Tue Apr 30 13:38:58.038530 2019] [proxy_http:error] [pid 12089] [client 15.38.244.222:63292] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 (), referer: https://15.31.213.106/
[Tue Apr 30 13:39:14.614789 2019] [proxy:error] [pid 12092] (502)Unknown error 502: [client 15.38.244.222:63293] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137)
[Tue Apr 30 13:39:14.614914 2019] [proxy:error] [pid 12092] [client 15.38.244.222:63293] AH00898: Error during SSL Handshake with remote server returned by /
[Tue Apr 30 13:39:14.614958 2019] [proxy_http:error] [pid 12092] [client 15.38.244.222:63293] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 ()
[Tue Apr 30 13:39:14.646786 2019] [proxy:error] [pid 12093] (502)Unknown error 502: [client 15.38.244.222:63294] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137), referer: https://15.31.213.106/
最后网上查了下在httpd-ssl.conf中的VirtualHost加入如下配置,重启apache解决
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
apache2 的https配置和代理https后端nodejs配置的更多相关文章
- [firefox+plug-n-hack]轻松地配置burpsuite代理https流量
http://zone.wooyun.org/content/25982 需要用到firefox的插件plug-n-hack下载https://raw.githubusercontent.com/mo ...
- NGINX生产环境反向代理到后端tomcat配置
#当访问www.kazihuo.com//sichuan-user-te时,跳转到http://10.1.93.61:7005/sichuan-user server { listen ; serve ...
- 一文教您如何通过 Docker 搭建反向代理 Ngnix,并配置 Https SSL 证书
欢迎关注个人微信公众号: 小哈学Java, 每日推送 Java 领域干货文章,关注附送 100G 海量学习资源哟!! 个人网站: https://www.exception.site/docker/h ...
- *** + Polipo 配置全局代理(Linux 版本)
转,原文:http://blog.csdn.net/jon_me/article/details/53525059 我本来是想查这个问题: How to start server and local ...
- CentOS 7 安装 Nginx 配置反向代理
Linux使用Nginx Yum存储库上安装Nginx,适用于Red Hat Enterprise Linux和CentOS系统. 1.添加设置Nginx Yum存储库 在CentOS中首次安装Ngi ...
- Tomcat:利用Apache配置反向代理、负载均衡
本篇主要介绍apache配置反向代理,介绍了两种情况:第一种是,只使用apache配置反向代理:第二种是,apache与应用服务器(tomcat)结合,配置反向代理,同时了配置了负载均衡. 准备工作 ...
- haproxy代理https配置方法【转】
记得在之前的一篇文章中介绍了nginx反向代理https的方法,今天这里介绍下haproxy代理https的方法: haproxy代理https有两种方式:1)haproxy服务器本身提供ssl证书, ...
- windows:nginx配置http、https反向代理
一.下载 Windows 版本的 nginx nnginx下载:http://nginx.org/en/download.html 推荐稳定版本.下载完成后,解压得到 nginx-1.14.0 ,我把 ...
- Nginx中配置http和https做反向代理
参考:http://www.zslin.com/web/article/detail/73 1.安装 sudo apt-get install nginx 2.配置: http_demo.conf # ...
随机推荐
- interrupt()方法的简单理解
interrupt() 方法只是改变中断状态而已,它不会中断一个正在运行的线程.这一方法实际完成的是,给受阻塞的线程发出一个中断信号,这样受阻线程就得以退出阻塞的状态.更确切的说,如果线程被Objec ...
- 127. Word Ladder (Tree, Queue; WFS)
Given two words (beginWord and endWord), and a dictionary's word list, find the length of shortest t ...
- 12. Integer to Roman (HashTable)
Given an integer, convert it to a roman numeral. Input is guaranteed to be within the range from 1 t ...
- nat转发
http://www.revsys.com/writings/quicktips/nat.html https://www.alibabacloud.com/zh/product/nat?spm=a3 ...
- java代码实现网络远程开机
http://my.oschina.net/kingfire/blog/156764 概述 远程开机(Wake onLAN)是指通过网络实现对服务器或者pc启动运行,现在很多网卡都支持的这个功能. 其 ...
- 7-linux-Centos7安装python3并与python2共存
转载自:https://www.cnblogs.com/JahanGu/p/7452527.html linux-Centos7安装python3并与python2共存 1.查看是否已经安装Pyt ...
- 18-(unicode error) 'unicodeescape' codec can't decode bytes in position 16-17: truncated \uXXXX escape
读取文件时碰到问题: 1.(unicode error) 'unicodeescape' codec can't decode bytes in position 16-17: truncated \ ...
- 对于一个web工程,如果我们复制一个已有的工程粘贴到同一个workspace下,我们除了需要更改工程的名字还需要更改这个新工程的content root,否则会报错。
对于一个web工程,如果我们复制一个已有的工程粘贴到同一个workspace下,我们除了需要更改工程的名字还需要更改这个新工程的content root,否则会报错.步骤如下: 右键新的工程---&g ...
- springMVC入门程序。使用springmvc实现商品列表的展示。
1.1 开发环境 本教程使用环境: Jdk:jdk1.7.0_72 Eclipse:mars Tomcat:apache-tomcat-7.0.53 Springmvc:4.1.3 1.2 需求 使用 ...
- Homestead window10 storage:link 不能建立符号链接的处理办法
重启电脑 1. 以管理员身份运行 cmd 2. vagrant up 3. vagrant ssh 4. php artisan storage:link