我在 Debian 8.2 (Jessie) 和 Apache 2.4.10-10+deb8u 中设置了反向代理,其中有两个独立的虚拟主机,一个用于 http,另一个用于 https,基于以下配置:
<IfDefine IgnoreBlockComment>
<VirtualHost *:80>
CustomLog /tmp/just_size.log just_size
DocumentRoot /var/www/
ServerName XXXXXXXXXX
TraceEnable off
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
ExpiresActive On
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType audio/mpeg "access plus 1 year"
ExpiresByType video/mpeg "access plus 1 year"
ExpiresByType text/html "modification plus 5 minutes"
CustomLog /dev/null combined env=!no-registrar
ProxyPreserveHost On
CustomLog /tmp/non_https.log non_https
ProxyPass /telemetria-ws/ http://10.1.0.116:8080/telemetria-ws/
ProxyPassReverse /telemetria-ws/ http://10.1.0.116:8080/telemetria-ws/
ProxyTimeout 1200
ProxyPass /ecobox-ws/ http://10.1.0.116:8080/ecobox-ws/
ProxyPassReverse /ecobox-ws/ http://10.1.0.116:8080/ecobox-ws/
ProxyPass / http://10.1.0.116:8080/WebService/ connectiontimeout=300 timeout=300 KeepAlive=On retry=1 acquire=3000
ProxyPassReverse / http://10.1.0.116:8080/WebService/
ProxySet "http://10.1.0.116:8080/WebService/" connectiontimeout=300 timeout=300
FileETag MTime Size
Header append X-Frame-Options "DENY"
</VirtualHost>
</IfDefine>
<VirtualHost *:443>
CustomLog /tmp/just_size.log just_size
ServerName XXXXXXX
DocumentRoot /var/www
DirectoryIndex index.php index.html
TraceEnable off
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
#RequestHeader set Front-End-Https "On"
CustomLog /dev/null combined env=!no-registrar
ProxyPreserveHost On
RequestHeader set x-forwarded-server "https://XXXXXXX/"
RequestHeader set x-forwarded-host "https://XXXXXXX/"
SSLEngine On
SSLCertificateKeyFile /etc/apache2/ssl/cert.key
SSLCertificateFile /etc/apache2/ssl/cert.crt
SSLCertificateChainFile /etc/apache2/ssl/gd_bundle-g2-g1.crt
ProxyPass /telemetria-ws/ http://10.1.0.116:8080/telemetria-ws/
ProxyPassReverse /telemetria-ws/ http://10.1.0.116:8080/telemetria-ws/
ProxyTimeout 1200
ProxyPass /TrackViewRealTime/ http://10.1.0.235:8080/TrackViewRealTime/
ProxyPassReverse /TrackViewRealTime/ http://10.1.0.235:8080/TrackViewRealTime/
ProxyPass /TrackViewLogin/ http://10.1.0.235:8080/TrackViewLogin/
ProxyPassReverse /TrackViewLogin/ http://10.1.0.235:8080/TrackViewLogin/
ProxyPass /TrackViewData/ http://10.1.0.235:8080/TrackViewData/
ProxyPassReverse /TrackViewData/ http://10.1.0.235:8080/TrackViewData/
ProxyPass /ecobox-ws/ http://10.1.0.116:8080/ecobox-ws/
ProxyPassReverse /ecobox-ws/ http://10.1.0.116:8080/ecobox-ws/
ProxyPass /puerto-coronel-ws/ http://10.1.0.116:8080/puerto-coronel-ws/
ProxyPassReverse /puerto-coronel-ws/ http://10.1.0.116:8080/puerto-coronel-ws/
ProxyPass / http://10.1.0.116:8080/WebService/ connectiontimeout=300 timeout=300 KeepAlive=On retry=1 acquire=3000
ProxyPassReverse / http://10.1.0.116:8080/WebService/
ProxySet "http://10.1.0.116:8080/WebService/" connectiontimeout=300 timeout=300
FileETag MTime Size
Header append X-Frame-Options "DENY"
</VirtualHost>
我有几个从内部 IP 10.1.0.116 公开的 Web 服务(及其 WSDL),正如您在 Proxy* 配置指令中看到的那样,问题是我无法将传入的纯 http 流量重定向到这些 Web 服务,而且它们只使用 https 工作,所以我猜我的 VirtualHost 配置在端口 80 上肯定有问题。
更奇怪的是,当请求 URL 是这样的时:
http://HOST/telemetria-ws/frioChileTempService/
我确实收到了一个响应*,但是一个空响应,其中包含以下响应标头:
*响应似乎是 HTTPS,因为有效证书出现在 SOAP-UI SSL 信息中
但是当我将端口 80 添加到 URL 时(应该与上面相同):
http://HOST:80/telemetria-ws/frioChileTempService/
服务器将其解释为 SSL,但使用明文连接:
Wed Feb 22 10:52:21 ART 2017:ERROR:javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
我在哪里可以得到不匹配的配置?期望的是将普通 http 重定向到 https,但不完全了解可能发生的情况。