Apache http 与 https 反向代理不匹配

Apache http 与 https 反向代理不匹配

我在 Debian 8.2 (Jessie) 和 Apache 2.4.10-10+deb8u 中设置了反向代理,其中有两个独立的虚拟主机,一个用于 http,另一个用于 https,基于以下配置:

<IfDefine IgnoreBlockComment>
<VirtualHost *:80>
CustomLog /tmp/just_size.log just_size
        DocumentRoot /var/www/
        ServerName XXXXXXXXXX
        TraceEnable off
        RewriteEngine On
        RewriteCond %{REQUEST_METHOD} ^TRACE
        RewriteRule .* - [F]
        ExpiresActive On
        ExpiresByType image/gif "access  plus 1 year"
        ExpiresByType image/jpeg "access  plus 1 year"
        ExpiresByType image/png "access  plus 1 year"
        ExpiresByType audio/mpeg "access  plus 1 year"
        ExpiresByType video/mpeg "access  plus 1 year"
        ExpiresByType text/html "modification plus 5 minutes"
        CustomLog /dev/null combined env=!no-registrar
        ProxyPreserveHost On
        CustomLog /tmp/non_https.log non_https
        ProxyPass /telemetria-ws/  http://10.1.0.116:8080/telemetria-ws/
        ProxyPassReverse /telemetria-ws/  http://10.1.0.116:8080/telemetria-ws/

        ProxyTimeout 1200
    ProxyPass /ecobox-ws/  http://10.1.0.116:8080/ecobox-ws/
        ProxyPassReverse /ecobox-ws/ http://10.1.0.116:8080/ecobox-ws/


        ProxyPass / http://10.1.0.116:8080/WebService/ connectiontimeout=300 timeout=300 KeepAlive=On retry=1 acquire=3000
        ProxyPassReverse / http://10.1.0.116:8080/WebService/
        ProxySet "http://10.1.0.116:8080/WebService/" connectiontimeout=300 timeout=300


        FileETag MTime Size
        Header append X-Frame-Options "DENY"
</VirtualHost>
</IfDefine>

<VirtualHost *:443>
CustomLog /tmp/just_size.log just_size
        ServerName XXXXXXX
        DocumentRoot /var/www
        DirectoryIndex index.php index.html
        TraceEnable off

        RewriteEngine On
        RewriteCond %{REQUEST_METHOD} ^TRACE
        RewriteRule .* - [F]
        #RequestHeader set Front-End-Https "On"

        CustomLog /dev/null combined env=!no-registrar

        ProxyPreserveHost On
        RequestHeader set x-forwarded-server "https://XXXXXXX/"
        RequestHeader set x-forwarded-host "https://XXXXXXX/"
        SSLEngine On
        SSLCertificateKeyFile /etc/apache2/ssl/cert.key
        SSLCertificateFile /etc/apache2/ssl/cert.crt
        SSLCertificateChainFile /etc/apache2/ssl/gd_bundle-g2-g1.crt
        ProxyPass /telemetria-ws/  http://10.1.0.116:8080/telemetria-ws/
        ProxyPassReverse /telemetria-ws/  http://10.1.0.116:8080/telemetria-ws/

        ProxyTimeout 1200


        ProxyPass /TrackViewRealTime/  http://10.1.0.235:8080/TrackViewRealTime/
        ProxyPassReverse /TrackViewRealTime/  http://10.1.0.235:8080/TrackViewRealTime/

        ProxyPass /TrackViewLogin/  http://10.1.0.235:8080/TrackViewLogin/
        ProxyPassReverse /TrackViewLogin/  http://10.1.0.235:8080/TrackViewLogin/

        ProxyPass /TrackViewData/  http://10.1.0.235:8080/TrackViewData/
        ProxyPassReverse /TrackViewData/  http://10.1.0.235:8080/TrackViewData/

    ProxyPass /ecobox-ws/  http://10.1.0.116:8080/ecobox-ws/
        ProxyPassReverse /ecobox-ws/ http://10.1.0.116:8080/ecobox-ws/

                ProxyPass /puerto-coronel-ws/  http://10.1.0.116:8080/puerto-coronel-ws/
        ProxyPassReverse /puerto-coronel-ws/  http://10.1.0.116:8080/puerto-coronel-ws/


ProxyPass / http://10.1.0.116:8080/WebService/ connectiontimeout=300 timeout=300 KeepAlive=On retry=1 acquire=3000
        ProxyPassReverse / http://10.1.0.116:8080/WebService/
        ProxySet "http://10.1.0.116:8080/WebService/" connectiontimeout=300 timeout=300

        FileETag MTime Size
        Header append X-Frame-Options "DENY"
</VirtualHost>

我有几个从内部 IP 10.1.0.116 公开的 Web 服务(及其 WSDL),正如您在 Proxy* 配置指令中看到的那样,问题是我无法将传入的纯 http 流量重定向到这些 Web 服务,而且它们只使用 https 工作,所以我猜我的 VirtualHost 配置在端口 80 上肯定有问题。

更奇怪的是,当请求 URL 是这样的时:

http://HOST/telemetria-ws/frioChileTempService/

我确实收到了一个响应*,但是一个空响应,其中包含以下响应标头:

响应标头

*响应似乎是 HTTPS,因为有效证书出现在 SOAP-UI SSL 信息中

但是当我将端口 80 添加到 URL 时(应该与上面相同):

http://HOST:80/telemetria-ws/frioChileTempService/

服务器将其解释为 SSL,但使用明文连接:

Wed Feb 22 10:52:21 ART 2017:ERROR:javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

我在哪里可以得到不匹配的配置?期望的是将普通 http 重定向到 https,但不完全了解可能发生的情况。

相关内容