apache 2.4 httpd 2.4.6 反向代理后端的服务为HTTPS https 基于centos7
需求场景:通过访问apache的http地址,反向代理访问后端的https服务,而且路径带有只能特定模块才反向代理
配置如下
listen <VirtualHost *:>
#管理员邮箱 随便填 可不要此指令
ServerAdmin webmaster@dummy-host.example.com
#域名 为IP地址
ServerName 本机ip <Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine On #https代理最关键就是这个
ProxyPreserveHost On
ProxyRequests Off #关闭正向代理
#ProxyPassMatch ^/foo/bar https://123.123.123.2 #443端口这么写
ProxyPassMatch ^/foo/bar https://123.123.123.2:6079(如果是443端口不要加了,否则连接不上,可以打开httpd.conf 打开debug级别日志能看到)
ProxyPass / ! #表示不是上面匹配的路径不转发,走默认的httpd.conf DocumentRoot
ProxyPassReverse / ! #表示不是上面匹配的路径不转发,走默认的httpd.conf DocumentRoot
ErrorLog /var/log/httpd/test_error_log
CustomLog /var/log/httpd/test_access_log combined
</VirtualHost
效果展示
curl http://本地ip:8182/foo/bar/123
会转发到后端
示范日志,需要httpd开启debug 在httpd.conf 修日志级别重启l即可
[Thu Sep ::27.575036 ] [authz_core:debug] [pid ] mod_authz_core.c(): [client 192.168.10.30:] AH01628: authorization result: granted (no directives)
[Thu Sep ::27.575188 ] [proxy:debug] [pid ] mod_proxy.c(): [client 192.168.10.30:] AH01143: Running scheme https handler (attempt )
[Thu Sep ::27.575197 ] [proxy_ajp:debug] [pid ] mod_proxy_ajp.c(): [client 192.168.10.30:] AH00894: declining URL https://123.123.123.2/foo/bar/getFPInfoByNSRSBH
[Thu Sep ::27.575203 ] [proxy_fcgi:debug] [pid ] mod_proxy_fcgi.c(): [client 192.168.10.30:] AH01076: url: https://123.123.123.2/foo/bar/getFPInfoByNSRSBH proxyname: (null) proxyport: 0
[Thu Sep ::27.575207 ] [proxy_fcgi:debug] [pid ] mod_proxy_fcgi.c(): [client 192.168.10.30:] AH01077: declining URL https://123.123.123.2/foo/bar/getFPInfoByNSRSBH
[Thu Sep ::27.575221 ] [proxy:debug] [pid ] proxy_util.c(): AH00942: HTTPS: has acquired connection for (123.123.123.2)
[Thu Sep ::27.575229 ] [proxy:debug] [pid ] proxy_util.c(): [client 192.168.10.30:] AH00944: connecting https://123.123.123.2/foo/bar/getFPInfoByNSRSBH to 123.123.123.2:443
[Thu Sep ::27.575321 ] [proxy:debug] [pid ] proxy_util.c(): [client 192.168.10.30:] AH00947: connected /foo/bar/getFPInfoByNSRSBH to 123.123.123.2:
[Thu Sep ::27.581116 ] [proxy:debug] [pid ] proxy_util.c(): AH02824: HTTPS: connection established with 123.123.123.2: (123.123.123.2)
[Thu Sep ::27.581151 ] [proxy:debug] [pid ] proxy_util.c(): AH00962: HTTPS: connection complete to 123.123.123.2: (123.123.123.2)
[Thu Sep ::27.581161 ] [ssl:info] [pid ] [remote 123.123.123.2:] AH01964: Connection to child established (server 192.168.10.30:)
[Thu Sep ::27.598908 ] [ssl:debug] [pid ] ssl_engine_kernel.c(): [remote 123.123.123.2:] AH02275: Certificate Verification, depth , CRL checking mode: none [subject: CN=Encryption Everywhere DV TLS CA - G1,OU=www.digicert.com,O=DigiCert Inc,C=US / issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US / serial: 0279AC458BC1B245ABF98053CD2C9BB1 / notbefore: Nov :: GMT / notafter: Nov :: GMT]
[Thu Sep ::27.599201 ] [ssl:debug] [pid ] ssl_engine_kernel.c(): [remote 123.123.123.2:] AH02275: Certificate Verification, depth , CRL checking mode: none [subject: CN=*.ele-cloud.com / issuer: CN=Encryption Everywhere DV TLS CA - G1,OU=www.digicert.com,O=DigiCert Inc,C=US / serial: 01B4CA2CA4522D242C3055C4C5920F94 / notbefore: Aug :: GMT / notafter: Aug :: GMT]
[Thu Sep ::27.610271 ] [ssl:debug] [pid ] ssl_engine_kernel.c(): [remote 123.123.123.2:] AH02041: Protocol: TLSv1., Cipher: ECDHE-RSA-AES128-SHA256 (/ bits)
[Thu Sep ::27.760324 ] [proxy:debug] [pid ] proxy_util.c(): AH00925: initializing worker https://123.123.123.2 shared
[Thu Sep ::27.760336 ] [proxy:debug] [pid ] proxy_util.c(): AH00927: initializing worker https://123.123.123.2 local
[Thu Sep ::27.760353 ] [proxy:debug] [pid ] proxy_util.c(): AH00931: initialized single connection worker in child for (123.123.123.2)
[Thu Sep ::28.238290 ] [proxy:debug] [pid ] proxy_util.c(): AH00943: https: has released connection for (123.123.123.2)
顺便记录反向代理http
[root@oc conf.d]# vim vhost.conf listen <VirtualHost *:> #管理员邮箱 ServerAdmin webmaster@dummy-host.example.com #域名 ServerName 本机ip <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPreserveHost On ProxyRequests Off #关闭正向代理 ProxyPassMatch ^/recipt/checkFp http://123.48.78.9:8080 #默认端口80,不需要填端口 ProxyPass / ! ProxyPassReverse / ! ErrorLog /var/log/httpd/test_error_log CustomLog /var/log/httpd/test_access_log combined </VirtualHost>
反向代理不过滤path
[root@oc conf.d]# vim vhost.conf
listen <VirtualHost *:>
#管理员邮箱
ServerAdmin webmaster@dummy-host.example.com
#域名
ServerName 本机ip <Proxy *>
Order deny,allow
Allow from all
</Proxy> ProxyPreserveHost On
ProxyRequests Off #关闭正向代理 ProxyPass / http://123.48.78.9:8080
ProxyPassReverse / http://123.48.78.9:8080
ErrorLog /var/log/httpd/test_error_log
CustomLog /var/log/httpd/test_access_log combined
</VirtualHost>
apache 2.4 httpd 2.4.6 反向代理后端的服务为HTTPS https 基于centos7的更多相关文章
- Apache服务器中设置端口映射和反向代理的方法
在/etc/httpd/conf路径下的httpd.conf文件###new add for webui.cong###Include "E:/local/Wamp/bin/apache/A ...
- tomcat部署虚拟主机-搭建两个应用以及httpd和Nginx的反向代理
实验环境:CentOS7 前提:已经安装好tomcat,未安装请查看http://www.cnblogs.com/wzhuo/p/7111135.html: 目的:基于主机名访问两个应用: [root ...
- Nginx反向代理+负载均衡简单实现(https方式)
背景:A服务器(192.168.1.8)作为nginx代理服务器B服务器(192.168.1.150)作为后端真实服务器 现在需要访问https://testwww.huanqiu.com请求时从A服 ...
- Nginx负载均衡反向代理 后端Nginx获取客户端真实IP
Nginx 反向代理后,后端Nginx服务器无法正常获取客户端的真实IP nginx通过http_realip_module模块来实现的这需要重新编译,如果提前编译好了就无需重新编译了1,重新编译ng ...
- 十.nginx反向代理负载均衡服务实践部署
期中集群架构-第十章-nginx反向代理负载均衡章节章节====================================================================== 0 ...
- haproxy反向代理环境部署(http和https代理)
操作背景:前方有一台haproxy代理机器(115.100.120.57/192.168.1.7),后方两台realserver机器(192.168.1.150.192.168.1.151,没有公网i ...
- nginx设置反向代理后端jenklins,页面上的js css文件无法加载
转载 2017年06月14日 22:36:59 8485 问题现象: nginx配置反向代理后,网页可以正常访问,但是页面上的js css文件无法加载,页面样式乱了. (1)nginx配置如下: (2 ...
- nginx反向代理-后端服务器组设置
nginx服务器的反向代理时其最常用的重要功能之一,在实际工作中应用广泛,涉及的配置指令也比较多.下面会尽量详细地介绍对应的指令,及其使用状态. 反向代理一般是互联网需要向内网拉取资源,比如访问一个w ...
- Linux基础-----------nginx安装和nginx web、nginx反向代理、nfs 服务
作业一:nginx服务1)二进制安装nginx包 yum install epel-release -y 先安装epel-release 再查看yum源中已经安装上了epel相关文件 中间省去了一些安 ...
随机推荐
- Django模板之模板标签
标签比变量更加复杂:一些在输出中创建文本,一些通过循环或逻辑来控制流程,一些加载其后的变量将使用到的额外信息到模版中. 一些标签需要开始和结束标签 (例如:{% tag %} ...标签 内容 ... ...
- TCP三次握手的seq和ack号的【正确】理解
1 理论知识 先上一张图,TCP/IP详解第18章的这张图描述了一个正常的三次握手和四次挥手的状态迁移,以及seq.ack序号的变化. 基本状态看图就能了解,本文主要围绕序号的变化进行讲解. 1)se ...
- java数值类型之间的转换
说明:图中6个实心箭头代表转换无信息丢失,3个虚线箭头表示可能有精度损失的转换.
- Yii2.0 URL美化功能Nginx与Apache配置文件
NGinx: location / { index index.html index.htm index.php; try_files $uri $uri/ /index.php$is_args$ar ...
- shiro认证通过之后的授权
subject.hasRole("") ; subject.hasRoles(List); subject.hasAllRoles(); subject.isPermitted(& ...
- MongoDB -MSC集群的部署
一.Shard节点配置过程 1. 目录创建:mkdir -p /mongodb/38021/conf /mongodb/38021/log /mongodb/38021/datamkdir -p ...
- redis使用技巧十连胜,学会工作六到飞起
Redis 在当前的技术社区里是非常热门的.从来自 Antirez 一个小小的个人项目到成为内存数据存储行业的标准,Redis已经走过了很长的一段路. 随之而来的一系列最佳实践,使得大多数人可以正确地 ...
- [微信营销企划之路]003.Access forbidden!
引言 继<[微信营销企划之路]001.环境搭建(XAMPP+WeiPHP)>后,有不少朋友反应按照001教程配置虚拟多站点(<VirtualHost/>)后,部分站点会出现Ac ...
- 读Pyqt4教程,带你入门Pyqt4 _005
对话框窗体或对话框是现代GUI应用不可或缺的一部分.dialog定义为两个或多个人之间的交谈.在计算机程序中dialog是一个窗体,用来和程序“交谈”.对话框用来输入数据.修改数据.改变程序设置等等. ...
- [JavaWeb基础] 005.Hibernate的配置和简单使用
1.Hibernate简介 Hibernate是一个基于Java的开源的持久化中间件,对JDBC做了轻量的封装.采用ORM映射机制,负责实现Java对象和关系数据库之间的映射,把sql语句传给数据库, ...