Apache 和 Tomcat EE 上的 HTTPS GWT 应用程序

Apache 和 Tomcat EE 上的 HTTPS GWT 应用程序

我想了解如何在全新安装的 Ubuntu Server 16.04.3 上为 GWT HTTPS 应用程序正确配置 Apache2 和 Tomcat (TomEE)/8.5.6 (7.0.2)。

以下是我所采用的步骤。

  1. 配置了我的 DNS 记录。

    在此处输入图片描述

  2. 检查 Apache 配置。

    $ sudo apache2ctl -S
    VirtualHost configuration: 
    *:80   zethanath.tk (/etc/apache2/sites-enabled/000-default.conf:1)
    *:443 is a NameVirtualHost default server zethanath.tk (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
    port 443 namevhost zethanath.tk (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
    alias www.zethanath.tk
    alias servlet.zethanath.tk
    port 443 namevhost zethanath.tk (/etc/apache2/sites-enabled/default-ssl.conf:2)
    port 443 namevhost www.zethanath.tk (/etc/apache2/sites-enabled/default-ssl.conf:140)
    
    ServerRoot: "/etc/apache2"
    Main DocumentRoot: "/var/www/html"
    Main ErrorLog: "/var/log/apache2/error.log"
    Mutex rewrite-map: using_defaults
    Mutex ssl-stapling-refresh: using_defaults
    Mutex ssl-stapling: using_defaults
    Mutex proxy: using_defaults
    Mutex ssl-cache: using_defaults
    Mutex default: dir="/var/lock/apache2" mechanism=fcntl 
    Mutex watchdog-callback: using_defaults
    Mutex proxy-balancer-shm: using_defaults
    PidFile: "/var/run/apache2/apache2.pid"
    Define: DUMP_VHOSTS
    Define: DUMP_RUN_CFG
    User: name="www-data" id=33
    Group: name="www-data" id=33
    
  3. 配置我的/etc/apache2/sites-enabled/default-ssl.conf

    <IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin [email protected]
                ServerName  zethanath.tk
    
                ProxyPreserveHost On
                ProxyPass / http://192.168.1.70:8080/index//
                ProxyPassReverse / http://192.168.1.70:8080/index//
    
                JKMount /* ajp13_worker
    
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
    
                SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on
    
                #   A self-signed (snakeoil) certificate can be created by installing
                #   the ssl-cert package. See
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
                SSLCertificateFile /etc/letsencrypt/live/zethanath.tk/fullchain.pem
                SSLCertificateKeyFile /etc/letsencrypt/live/zethanath.tk/privkey.pem
                Include /etc/letsencrypt/options-ssl-apache.conf
    
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
    
        </VirtualHost>
    
        <VirtualHost _default_:443>
                ServerAdmin [email protected]
                ServerName  www.zethanath.tk
    
                ProxyPreserveHost On
                ProxyPass / http://192.168.1.70:8080/index//
                ProxyPassReverse / http://192.168.1.70:8080/index//
    
                JKMount /* ajp13_worker
    
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
    
                SSLEngine on
    
                #   A self-signed (snakeoil) certificate can be created by installing
                #   the ssl-cert package. See
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
                SSLCertificateFile /etc/letsencrypt/live/zethanath.tk/fullchain.pem
                SSLCertificateKeyFile /etc/letsencrypt/live/zethanath.tk/privkey.pem
                Include /etc/letsencrypt/options-ssl-apache.conf
    
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
    
        </VirtualHost>
    </IfModule>
    
    # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
    
  4. 配置我的/etc/apache2/sites-enabled/000-default-le-ssl.conf

    <IfModule mod_ssl.c>
    <VirtualHost *:443>
    
        ServerName zethanath.tk
        ServerAlias www.zethanath.tk servlet.zethanath.tk
    
        ProxyPreserveHost On
        ProxyPass / http://192.168.1.70:8080/index//
        ProxyPassReverse / http://192.168.1.70:8080/index//
    
        JKMount /* ajp13_worker
    
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
    
        SSLCertificateFile /etc/letsencrypt/live/zethanath.tk/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/zethanath.tk/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
    
    </VirtualHost>
    </IfModule>
    
  5. 配置我的/etc/apache2/sites-enabled/000-default.conf

    <VirtualHost *:80 >
        ServerName  zethanath.tk
        ServerAlias www.zethanath.tk servlet.zethanath.tk
    
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        #JKMount /* ajp13_worker
    
        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
    
        RewriteEngine on
        RewriteCond %{SERVER_NAME} =zethanath.tk
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}   
    [END,NE,R=permanent]
    </VirtualHost>
    
    # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
    

请注意,我已经安装了libapache2-mod-jk。我的目录/etc/hosts如下。

127.0.0.1       localhost
127.0.1.1       erick-ASRock-N68C-GS4-FX
192.168.1.70    zethanath.tk

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

对于 Firefox 中的以下地址,我得到了这些结果。它们正确吗?

  1. http://zethanath.tk
    在此处输入图片描述

  2. http://www.zethanath.tk

    http://192.168.1.70:8080/index/
    
  3. http://servlet.zethanath.tk

    http://servlet.zethanath.tk
    Unable to Connect
    
  4. 我真正想要做的是让 Apache2 提供我的证书,然后它将我重定向到 TomEE 服务器。除了证书之外,我不会让 Apache2 提供任何内容。其余内容应仅通过 GWT(Google Web 工具包)应用程序提供。我认为 GWT 会期望如下所示的设置,但我不知道该怎么做。

GWT 文档

Your Apache server is running on www.example.com
Your Tomcat server is running on servlet.example.com:8080
Your GWT module has a `<rename-to="myapp">`
You have one RPC servlet, mapped into /myapp/myService 

这个想法是让 Apache 代理将对 servlet 的请求发送到另一台服务器,这样:

(http)://www.example.com/MyApp/myapp/myService --> (http)://servlet.example.com:8080/MyApp/myapp/myService

以下 Apache 配置使用代理设置了这样的规则:

ProxyPass /MyApp/myapp/myService (http)://servlet.example.com:8080/MyApp/myapp/myService 
ProxyPassReverse /MyApp/myapp/myService (http)://servlet.example.com:8080/MyApp/myapp/myService 

为了验证其是否正常工作,请使用 Web 浏览器访问 (http)://www.example.com/MyApp/myapp/myService 和 (http)://servlet.example.com:8080/MyApp/myapp/myService。

在两种情况下,您应该会得到相同的结果(通常为 405:此 URL 不支持 HTTP 方法 GET,这很好)。如果您在访问第二个 URL 时得到不同的结果,则可能是配置问题。

答案1

以下步骤解决了我的问题。

  1. sudo nano /etc/apache2/sites-enabled/000-default.conf

    <VirtualHost *:80 >
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    
    ServerName  www.zethanath.tk
    ServerAlias servlet.zethanath.tk zethanath.tk
    
    Redirect permanent "/" "https://www.zethanath.tk/"
    
    ProxyPreserveHost On
    ProxyPass / http://192.168.1.70:8080/Index/
    ProxyPassReverse / http://192.168.1.70:8080/Index/
    
    #ServerAdmin [email protected]
    #DocumentRoot /var/www/html
    
    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn
    
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    #JKMount /* ajp13_worker
    
    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    
    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn
    
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    #JKMount /* ajp13_worker
    
    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf
    
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =www.zethanath.tk
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    
    </VirtualHost>
    
    # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
    
  2. sudo nano /etc/apache2/sites-enabled/000-default-le-ssl.conf

    <IfModule mod_ssl.c>
    <VirtualHost *:443>
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    
    ServerName  www.zethanath.tk
    ServerAlias servlet.zethanath.tk zethanath.tk
    
    Redirect permanent "/" "https://www.zethanath.tk/"
    
    ProxyPreserveHost On
    ProxyPass / http://192.168.1.70:8080/Index/
    ProxyPassReverse / http://192.168.1.70:8080/Index/
    
    #DocumentRoot /var/www/html
    
    #JKMount /* ajp13_worker
    
    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn
    
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    
    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf
    
    SSLCertificateFile /etc/letsencrypt/live/zethanath.tk/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/zethanath.tk/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
    
    </VirtualHost>
    
    </IfModule>
    
  3. sudo nano /etc/apache2/sites-available/default-ssl.conf

    <IfModule mod_ssl.c>
            <VirtualHost _default_:443>
            ServerAdmin [email protected]
            ServerName  www.zethanath.tk
            ServerAlias servlet.zethanath.tk zethanath.tk
    
            Redirect permanent "/" "https://www.zethanath.tk/"
    
            ProxyPreserveHost On
            ProxyPass / http://192.168.1.70:8080/Index/
            ProxyPassReverse / http://192.168.1.70:8080/Index/
    
            #DocumentRoot /var/www/html
            #JKMount /* ajp13_worker
    
            # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
            # error, crit, alert, emerg.
            # It is also possible to configure the loglevel for particular
            # modules, e.g.
            #LogLevel info ssl:warn
    
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
    
            # For most configuration files from conf-available/, which are
            # enabled or disabled at a global level, it is possible to
            # include a line for only one particular virtual host. For example the
            # following line enables the CGI configuration for this host only
            # after it has been globally disabled with "a2disconf".
            #Include conf-available/serve-cgi-bin.conf
    
            #   SSL Engine Switch:
            #   Enable/Disable SSL for this virtual host.
            SSLEngine on
    
            #   A self-signed (snakeoil) certificate can be created by installing
            #   the ssl-cert package. See
            #   /usr/share/doc/apache2/README.Debian.gz for more info.
            #   If both key and certificate are stored in the same file, only the
            #   SSLCertificateFile directive is needed.
            SSLCertificateFile /etc/letsencrypt/live/zethanath.tk/fullchain.pem
            SSLCertificateKeyFile /etc/letsencrypt/live/zethanath.tk/privkey.pem
            Include /etc/letsencrypt/options-ssl-apache.conf
    
            #   Server Certificate Chain:
            #   Point SSLCertificateChainFile at a file containing the
            #   concatenation of PEM encoded CA certificates which form the
            #   certificate chain for the server certificate. Alternatively
            #   the referenced file can be the same as SSLCertificateFile
            #   when the CA certificates are directly appended to the server
            #   certificate for convinience.
            #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
    
            #   Certificate Authority (CA):
            #   Set the CA certificate verification path where to find CA
            #   certificates for client authentication or alternatively one
            #   huge file containing all of them (file must be PEM encoded)
            #   Note: Inside SSLCACertificatePath you need hash symlinks
            #                to point to the certificate files. Use the provided
            #                Makefile to update the hash symlinks after changes.
            #SSLCACertificatePath /etc/ssl/certs/
            #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
    
            #   Certificate Revocation Lists (CRL):
            #   Set the CA revocation path where to find CA CRLs for client
            #   authentication or alternatively one huge file containing all
            #   of them (file must be PEM encoded)
            #   Note: Inside SSLCARevocationPath you need hash symlinks
            #                to point to the certificate files. Use the provided
            #                Makefile to update the hash symlinks after changes.
            #SSLCARevocationPath /etc/apache2/ssl.crl/
            #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
    
            #   Client Authentication (Type):
            #   Client certificate verification type and depth.  Types are
            #   none, optional, require and optional_no_ca.  Depth is a
            #   number which specifies how deeply to verify the certificate
            #   issuer chain before deciding the certificate is not valid.
            #SSLVerifyClient require
            #SSLVerifyDepth  10
    
            #   SSL Engine Options:
            #   Set various options for the SSL engine.
            #   o FakeBasicAuth:
            #        Translate the client X.509 into a Basic Authorisation.  This means that
            #        the standard Auth/DBMAuth methods can be used for access control.  The
            #        user name is the `one line' version of the client's X.509 certificate.
            #        Note that no password is obtained from the user. Every entry in the user
            #        file needs this password: `xxj31ZMTZzkVA'.
            #   o ExportCertData:
            #        This exports two additional environment variables: SSL_CLIENT_CERT and
            #        SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
            #        server (always existing) and the client (only existing when client
            #        authentication is used). This can be used to import the certificates
            #        into CGI scripts.
            #   o StdEnvVars:
            #        This exports the standard SSL/TLS related `SSL_*' environment variables.
            #        Per default this exportation is switched off for performance reasons,
            #        because the extraction step is an expensive operation and is usually
            #        useless for serving static content. So one usually enables the
            #        exportation for CGI and SSI requests only.
            #   o OptRenegotiate:
            #        This enables optimized SSL connection renegotiation handling when SSL
            #        directives are used in per-directory context.
            #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
            <FilesMatch "\.(cgi|shtml|phtml|php)$">
                            SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory /usr/lib/cgi-bin>
                            SSLOptions +StdEnvVars
            </Directory>
    
            #   SSL Protocol Adjustments:
            #   The safe and default but still SSL/TLS standard compliant shutdown
            #   approach is that mod_ssl sends the close notify alert but doesn't wait for
            #   the close notify alert from client. When you need a different shutdown
            #   approach you can use one of the following variables:
            #   o ssl-unclean-shutdown:
            #        This forces an unclean shutdown when the connection is closed, i.e. no
            #        SSL close notify alert is send or allowed to received.  This violates
            #        the SSL/TLS standard but is needed for some brain-dead browsers. Use
            #        this when you receive I/O errors because of the standard approach where
            #        mod_ssl sends the close notify alert.
            #   o ssl-accurate-shutdown:
            #        This forces an accurate shutdown when the connection is closed, i.e. a
            #        SSL close notify alert is send and mod_ssl waits for the close notify
            #        alert of the client. This is 100% SSL/TLS standard compliant, but in
            #        practice often causes hanging connections with brain-dead browsers. Use
            #        this only for browsers where you know that their SSL implementation
            #        works correctly.
            #   Notice: Most problems of broken clients are also related to the HTTP
            #   keep-alive facility, so you usually additionally want to disable
            #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
            #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
            #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
            #   "force-response-1.0" for this.
            # BrowserMatch "MSIE [2-6]" \
            #               nokeepalive ssl-unclean-shutdown \
            #               downgrade-1.0 force-response-1.0
    
    </VirtualHost>
    
    </IfModule>
    
    # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
    
  4. $ sudo apache2ctl configtest 语法 OK

  5. $ sudo systemctl 重新启动 apache2

答案2

我可以再进步一点。但是,我仍然不明白某些事情。我把我的问题粘贴在了这篇文章的末尾。

以下是我刚刚完成的步骤。

  1. 我重新配置了000-default-le-ssl.conf

    $ sudo nano /etc/apache2/sites-enabled/000-default-le-ssl.conf
    
     <IfModule mod_ssl.c>
     <VirtualHost *:443>
         ServerName  zethanath.tk
         ServerAlias zethanath.tk
    
         ProxyPreserveHost On
         ProxyPass / (http)://192.168.1.70:8080/Index//
         ProxyPassReverse / (http)://192.168.1.70:8080/Index//
    
         #DocumentRoot /var/www/html
    
         JKMount /* ajp13_worker
    
         ErrorLog ${APACHE_LOG_DIR}/error.log
         CustomLog ${APACHE_LOG_DIR}/access.log combined
    
         SSLCertificateFile /etc/letsencrypt/live/zethanath.tk/fullchain.pem
         SSLCertificateKeyFile /etc/letsencrypt/live/zethanath.tk/privkey.pem
         Include /etc/letsencrypt/options-ssl-apache.conf
     </VirtualHost> 
     <VirtualHost *:443>
         ServerName (www).zethanath.tk
         ServerAlias zethanath.tk
    
         ProxyPreserveHost On
         ProxyPass / (http)://192.168.1.70:8080/Index//
         ProxyPassReverse / (http)://192.168.1.70:8080/Index//
    
         #DocumentRoot /var/www/html
    
         JKMount /* ajp13_worker
    
         ErrorLog ${APACHE_LOG_DIR}/error.log
         CustomLog ${APACHE_LOG_DIR}/access.log combined
    
         SSLCertificateFile /etc/letsencrypt/live/zethanath.tk/fullchain.pem
         SSLCertificateKeyFile /etc/letsencrypt/live/zethanath.tk/privkey.pem
         Include /etc/letsencrypt/options-ssl-apache.conf
     </VirtualHost>
     <VirtualHost *:443>
         ServerName  servlet.zethanath.tk
         ServerAlias zethanath.tk
    
         ProxyPreserveHost On
         ProxyPass / (http)://192.168.1.70:8080/Index//
         ProxyPassReverse / (http)://192.168.1.70:8080/Index//
    
         #DocumentRoot /var/www/html
    
         JKMount /* ajp13_worker
    
         ErrorLog ${APACHE_LOG_DIR}/error.log
         CustomLog ${APACHE_LOG_DIR}/access.log combined
    
         SSLCertificateFile /etc/letsencrypt/live/zethanath.tk/fullchain.pem
         SSLCertificateKeyFile /etc/letsencrypt/live/zethanath.tk/privkey.pem
         Include /etc/letsencrypt/options-ssl-apache.conf
     </VirtualHost>
     </IfModule>
    
  2. 我重新配置了default-ssl.conf

    $ sudo nano /etc/apache2/sites-enabled/default-ssl.conf
    
     <IfModule mod_ssl.c>
     <VirtualHost _default_:443>
             ServerAdmin [email protected]
             ServerName  zethanath.tk
             ServerAlias zethanath.tk
    
             ProxyPreserveHost On
             ProxyPass / (http)://192.168.1.70:8080/Index//
             ProxyPassReverse / (http)://192.168.1.70:8080/Index//
    
             #DocumentRoot /var/www/html
             JKMount /* ajp13_worker
    
             ErrorLog ${APACHE_LOG_DIR}/error.log
             CustomLog ${APACHE_LOG_DIR}/access.log combined
    
             SSLEngine on
    
             SSLCertificateFile /etc/letsencrypt/live/zethanath.tk/fullchain.pem
             SSLCertificateKeyFile /etc/letsencrypt/live/zethanath.tk/privkey.pem
             Include /etc/letsencrypt/options-ssl-apache.conf
    
             <FilesMatch "\.(cgi|shtml|phtml|php)$">
                             SSLOptions +StdEnvVars
             </FilesMatch>
             <Directory /usr/lib/cgi-bin>
                             SSLOptions +StdEnvVars
             </Directory>
     </VirtualHost>
    
     <VirtualHost _default_:443>
             ServerAdmin [email protected]
             ServerName  (www).zethanath.tk
             ServerAlias zethanath.tk
    
             ProxyPreserveHost On
             ProxyPass / (http)://192.168.1.70:8080/Index//
             ProxyPassReverse / (http)://192.168.1.70:8080/Index//
    
             #DocumentRoot /var/www/html
             JKMount /* ajp13_worker
    
             ErrorLog ${APACHE_LOG_DIR}/error.log
             CustomLog ${APACHE_LOG_DIR}/access.log combined
    
             SSLEngine on
    
             SSLCertificateFile /etc/letsencrypt/live/zethanath.tk/fullchain.pem
             SSLCertificateKeyFile /etc/letsencrypt/live/zethanath.tk/privkey.pem
             Include /etc/letsencrypt/options-ssl-apache.conf
    
             <FilesMatch "\.(cgi|shtml|phtml|php)$">
                             SSLOptions +StdEnvVars
             </FilesMatch>
             <Directory /usr/lib/cgi-bin>
                             SSLOptions +StdEnvVars
             </Directory>
     </VirtualHost>
     <VirtualHost _default_:443>
             ServerAdmin [email protected]
             ServerName  servlet.zethanath.tk
             ServerAlias zethanath.tk
    
             ProxyPreserveHost On
             ProxyPass / (http)://192.168.1.70:8080/Index//
             ProxyPassReverse / (http)://192.168.1.70:8080/Index//
    
             #DocumentRoot /var/www/html
             JKMount /* ajp13_worker
    
             ErrorLog ${APACHE_LOG_DIR}/error.log
             CustomLog ${APACHE_LOG_DIR}/access.log combined
    
             SSLEngine on
    
             SSLCertificateFile /etc/letsencrypt/live/zethanath.tk/fullchain.pem
             SSLCertificateKeyFile /etc/letsencrypt/live/zethanath.tk/privkey.pem
             Include /etc/letsencrypt/options-ssl-apache.conf
    
             <FilesMatch "\.(cgi|shtml|phtml|php)$">
                             SSLOptions +StdEnvVars
             </FilesMatch>
             <Directory /usr/lib/cgi-bin>
                             SSLOptions +StdEnvVars
             </Directory>
         </VirtualHost>
     </IfModule>
    
     # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
    
  3. 我重新配置了000-default.conf

    $ sudo nano /etc/apache2/sites-enabled/000-default.conf
    
     <VirtualHost *:80 >
         ServerName  zethanath.tk
         ServerAlias zethanath.tk
    
         ProxyPreserveHost On
         ProxyPass / (http)://192.168.1.70:8080/Index//
         ProxyPassReverse / (http)://192.168.1.70:8080/Index//
    
         #ServerAdmin [email protected]
         #DocumentRoot /var/www/html
    
         ErrorLog ${APACHE_LOG_DIR}/error.log
         CustomLog ${APACHE_LOG_DIR}/access.log combined
         #JKMount /* ajp13_worker
    
     RewriteEngine on
     RewriteCond %{SERVER_NAME} =zethanath.tk
     RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    
     </VirtualHost>
    
     <VirtualHost *:80 >
         ServerName  (www).zethanath.tk
         ServerAlias zethanath.tk
    
         ProxyPreserveHost On
         ProxyPass / (http)://192.168.1.70:8080/Index//
         ProxyPassReverse / (http)://192.168.1.70:8080/Index//
    
         #ServerAdmin [email protected]
         #DocumentRoot /var/www/html
    
         ErrorLog ${APACHE_LOG_DIR}/error.log
         CustomLog ${APACHE_LOG_DIR}/access.log combined
         #JKMount /* ajp13_worker
    
         RewriteEngine on
         RewriteCond %{SERVER_NAME} =(www).zethanath.tk
         RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    
     </VirtualHost>
    
     <VirtualHost *:80 >
         ServerName  servlet.zethanath.tk
         ServerAlias zethanath.tk
    
         ProxyPreserveHost On
         ProxyPass / (http)://192.168.1.70:8080/Index//
         ProxyPassReverse / (http)://192.168.1.70:8080/Index//
    
         #ServerAdmin [email protected]
         #DocumentRoot /var/www/html
    
         ErrorLog ${APACHE_LOG_DIR}/error.log
         CustomLog ${APACHE_LOG_DIR}/access.log combined
         #JKMount /* ajp13_worker
    
         RewriteEngine on
         RewriteCond %{SERVER_NAME} =zethanath.tk
         RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    
     </VirtualHost>
    
     # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
    
  4. 我检查了这些配置语法。

    $ sudo apache2ctl configtest
    Syntax OK
    
  5. 我重新启动了服务器。

    $ sudo systemctl restart apache2
    
  6. 现在,当我输入时http://zethanath.tk,我会收到以下内容:

    在此处输入图片描述

  7. 现在,当我输入时http://www.zethanath.tk,我会收到 HTTPS 站点,这正是我想要的。

    在此处输入图片描述1

  8. 现在,当我输入时http://servlet.zethanath.tk,我也会收到 HTTPS 站点,这也是我想要的。

我的问题是:

  1. http://zethanath.tk当我在浏览器中输入时,我必须做什么才能获取 https ?

  2. http://servlet.zethanath.tk仅在路由器后面提供服务的正确方法是什么https://servlet.zethanath.tk?我不希望它显示在路由器外面。

谢谢。

相关内容