apache 2.4 httpd 2.4.6 反向代理后端的服务为HTTPS https 基于centos7
需求场景:通过访问apache的http地址,反向代理访问后端的https服务,而且路径带有只能特定模块才反向代理
配置如下
listen <VirtualHost *:>
#管理员邮箱 随便填 可不要此指令
ServerAdmin webmaster@dummy-host.example.com
#域名 为IP地址
ServerName 本机ip <Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine On #https代理最关键就是这个
ProxyPreserveHost On
ProxyRequests Off #关闭正向代理
#ProxyPassMatch ^/foo/bar https://123.123.123.2 #443端口这么写
ProxyPassMatch ^/foo/bar https://123.123.123.2:6079(如果是443端口不要加了,否则连接不上,可以打开httpd.conf 打开debug级别日志能看到)
ProxyPass / ! #表示不是上面匹配的路径不转发,走默认的httpd.conf DocumentRoot
ProxyPassReverse / ! #表示不是上面匹配的路径不转发,走默认的httpd.conf DocumentRoot
ErrorLog /var/log/httpd/test_error_log
CustomLog /var/log/httpd/test_access_log combined
</VirtualHost
效果展示
curl http://本地ip:8182/foo/bar/123
会转发到后端
示范日志,需要httpd开启debug 在httpd.conf 修日志级别重启l即可
[Thu Sep ::27.575036 ] [authz_core:debug] [pid ] mod_authz_core.c(): [client 192.168.10.30:] AH01628: authorization result: granted (no directives)
[Thu Sep ::27.575188 ] [proxy:debug] [pid ] mod_proxy.c(): [client 192.168.10.30:] AH01143: Running scheme https handler (attempt )
[Thu Sep ::27.575197 ] [proxy_ajp:debug] [pid ] mod_proxy_ajp.c(): [client 192.168.10.30:] AH00894: declining URL https://123.123.123.2/foo/bar/getFPInfoByNSRSBH
[Thu Sep ::27.575203 ] [proxy_fcgi:debug] [pid ] mod_proxy_fcgi.c(): [client 192.168.10.30:] AH01076: url: https://123.123.123.2/foo/bar/getFPInfoByNSRSBH proxyname: (null) proxyport: 0
[Thu Sep ::27.575207 ] [proxy_fcgi:debug] [pid ] mod_proxy_fcgi.c(): [client 192.168.10.30:] AH01077: declining URL https://123.123.123.2/foo/bar/getFPInfoByNSRSBH
[Thu Sep ::27.575221 ] [proxy:debug] [pid ] proxy_util.c(): AH00942: HTTPS: has acquired connection for (123.123.123.2)
[Thu Sep ::27.575229 ] [proxy:debug] [pid ] proxy_util.c(): [client 192.168.10.30:] AH00944: connecting https://123.123.123.2/foo/bar/getFPInfoByNSRSBH to 123.123.123.2:443
[Thu Sep ::27.575321 ] [proxy:debug] [pid ] proxy_util.c(): [client 192.168.10.30:] AH00947: connected /foo/bar/getFPInfoByNSRSBH to 123.123.123.2:
[Thu Sep ::27.581116 ] [proxy:debug] [pid ] proxy_util.c(): AH02824: HTTPS: connection established with 123.123.123.2: (123.123.123.2)
[Thu Sep ::27.581151 ] [proxy:debug] [pid ] proxy_util.c(): AH00962: HTTPS: connection complete to 123.123.123.2: (123.123.123.2)
[Thu Sep ::27.581161 ] [ssl:info] [pid ] [remote 123.123.123.2:] AH01964: Connection to child established (server 192.168.10.30:)
[Thu Sep ::27.598908 ] [ssl:debug] [pid ] ssl_engine_kernel.c(): [remote 123.123.123.2:] AH02275: Certificate Verification, depth , CRL checking mode: none [subject: CN=Encryption Everywhere DV TLS CA - G1,OU=www.digicert.com,O=DigiCert Inc,C=US / issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US / serial: 0279AC458BC1B245ABF98053CD2C9BB1 / notbefore: Nov :: GMT / notafter: Nov :: GMT]
[Thu Sep ::27.599201 ] [ssl:debug] [pid ] ssl_engine_kernel.c(): [remote 123.123.123.2:] AH02275: Certificate Verification, depth , CRL checking mode: none [subject: CN=*.ele-cloud.com / issuer: CN=Encryption Everywhere DV TLS CA - G1,OU=www.digicert.com,O=DigiCert Inc,C=US / serial: 01B4CA2CA4522D242C3055C4C5920F94 / notbefore: Aug :: GMT / notafter: Aug :: GMT]
[Thu Sep ::27.610271 ] [ssl:debug] [pid ] ssl_engine_kernel.c(): [remote 123.123.123.2:] AH02041: Protocol: TLSv1., Cipher: ECDHE-RSA-AES128-SHA256 (/ bits)
[Thu Sep ::27.760324 ] [proxy:debug] [pid ] proxy_util.c(): AH00925: initializing worker https://123.123.123.2 shared
[Thu Sep ::27.760336 ] [proxy:debug] [pid ] proxy_util.c(): AH00927: initializing worker https://123.123.123.2 local
[Thu Sep ::27.760353 ] [proxy:debug] [pid ] proxy_util.c(): AH00931: initialized single connection worker in child for (123.123.123.2)
[Thu Sep ::28.238290 ] [proxy:debug] [pid ] proxy_util.c(): AH00943: https: has released connection for (123.123.123.2)
顺便记录反向代理http
[root@oc conf.d]# vim vhost.conf
listen
<VirtualHost *:>
#管理员邮箱
ServerAdmin webmaster@dummy-host.example.com
#域名
ServerName 本机ip
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost On
ProxyRequests Off #关闭正向代理
ProxyPassMatch ^/recipt/checkFp http://123.48.78.9:8080 #默认端口80,不需要填端口
ProxyPass / !
ProxyPassReverse / !
ErrorLog /var/log/httpd/test_error_log
CustomLog /var/log/httpd/test_access_log combined
</VirtualHost>
反向代理不过滤path
[root@oc conf.d]# vim vhost.conf
listen <VirtualHost *:>
#管理员邮箱
ServerAdmin webmaster@dummy-host.example.com
#域名
ServerName 本机ip <Proxy *>
Order deny,allow
Allow from all
</Proxy> ProxyPreserveHost On
ProxyRequests Off #关闭正向代理 ProxyPass / http://123.48.78.9:8080
ProxyPassReverse / http://123.48.78.9:8080
ErrorLog /var/log/httpd/test_error_log
CustomLog /var/log/httpd/test_access_log combined
</VirtualHost>

apache 2.4 httpd 2.4.6 反向代理后端的服务为HTTPS https 基于centos7的更多相关文章
- Apache服务器中设置端口映射和反向代理的方法
在/etc/httpd/conf路径下的httpd.conf文件###new add for webui.cong###Include "E:/local/Wamp/bin/apache/A ...
- tomcat部署虚拟主机-搭建两个应用以及httpd和Nginx的反向代理
实验环境:CentOS7 前提:已经安装好tomcat,未安装请查看http://www.cnblogs.com/wzhuo/p/7111135.html: 目的:基于主机名访问两个应用: [root ...
- Nginx反向代理+负载均衡简单实现(https方式)
背景:A服务器(192.168.1.8)作为nginx代理服务器B服务器(192.168.1.150)作为后端真实服务器 现在需要访问https://testwww.huanqiu.com请求时从A服 ...
- Nginx负载均衡反向代理 后端Nginx获取客户端真实IP
Nginx 反向代理后,后端Nginx服务器无法正常获取客户端的真实IP nginx通过http_realip_module模块来实现的这需要重新编译,如果提前编译好了就无需重新编译了1,重新编译ng ...
- 十.nginx反向代理负载均衡服务实践部署
期中集群架构-第十章-nginx反向代理负载均衡章节章节====================================================================== 0 ...
- haproxy反向代理环境部署(http和https代理)
操作背景:前方有一台haproxy代理机器(115.100.120.57/192.168.1.7),后方两台realserver机器(192.168.1.150.192.168.1.151,没有公网i ...
- nginx设置反向代理后端jenklins,页面上的js css文件无法加载
转载 2017年06月14日 22:36:59 8485 问题现象: nginx配置反向代理后,网页可以正常访问,但是页面上的js css文件无法加载,页面样式乱了. (1)nginx配置如下: (2 ...
- nginx反向代理-后端服务器组设置
nginx服务器的反向代理时其最常用的重要功能之一,在实际工作中应用广泛,涉及的配置指令也比较多.下面会尽量详细地介绍对应的指令,及其使用状态. 反向代理一般是互联网需要向内网拉取资源,比如访问一个w ...
- Linux基础-----------nginx安装和nginx web、nginx反向代理、nfs 服务
作业一:nginx服务1)二进制安装nginx包 yum install epel-release -y 先安装epel-release 再查看yum源中已经安装上了epel相关文件 中间省去了一些安 ...
随机推荐
- RAID0、RAID1及RAID5的区别详解
目前已有的RAID(Redundant Array of Independent Disks,独立冗余磁盘阵列)技术有很多种,但是RAID0.RAID1.RAID5是最常见的几种方案. 1 RAID0 ...
- Java并发(3)
线程安全: 允许被多个线程同时执行的代码称作线程安全的代码.线程安全的代码不包含竞态条件.当多个线程同时更新共享资源时会引发竞态条件.因此,了解Java线程执行时共享了什么资源很重要. 局部变量: 局 ...
- 如何使用JPA的@Formula注解?
背景描述 我们经常会在项目中用到一些数据字典,在存储和传输时使用Code,在前端展示时使用Name,这样做的好处是便于系统维护,比如项目中用到了"医院"这个名称,如果后期需求发生变 ...
- Redis详解(十)------ 从零开始搭建集群
在上一篇博客我们介绍了------Redis哨兵(Sentinel)模式,哨兵模式主要是解决高可用问题,在master节点宕机时,slave节点能够自动切换成为master节点 本篇博客我们来介绍Re ...
- 括号树 noip(csp??) 2019 洛谷 P5658
洛谷AC通道 本题,题目长,但是实际想起来十分简单. 首先,对于树上的每一个后括号,我们很容易知道,他的贡献值等于上一个后括号的贡献值 + 1.(当然,前提是要有人跟他匹配,毕竟题目中要求了,是不同的 ...
- PAT 1033 To Fill or Not to Fill (25分) 贪心思想
题目 With highways available, driving a car from Hangzhou to any other city is easy. But since the tan ...
- STM32读取Guidance数据——Guidance SDK
更新记录:2019/11/14 更新STM32(F407VET6)读取Guidance数据 Github地址. 背景:想要将祖传的Guidance用于DJI A3/新固件的N3飞控.DJI已经停 ...
- 关于STL-map容器
1.使用时加入头文件#include <map>; 2.从前遍历it = map.begin(); it != map.end(); it++ 3.从后遍历it = map.rbegin( ...
- thymeleaf怎么在页面上面格式化时间
th:value="${#dates.format(后端传递的时间,‘yyyy-MM-dd HH:mm:ss’)}"
- jchdl - RTL实例 - And
https://mp.weixin.qq.com/s/86d_sFN0xVqk1xRaRyoAkg 使用rtl语法,实现简单的与门. 参考链接 https://github.com/wjcdx ...