如何配置apache作为HTTPS tomcat7后端的反向代理?

如何配置apache作为HTTPS tomcat7后端的反向代理?

我已经将我的 tomcat7 配置为在端口 8443 上成功使用 LetsEncrypt SSL。现在我只想接受 443 端口,我在它前面使用 apache2。我添加了虚拟主机,这是 ubuntu /etc/apache2/av​​ailable-site/example.com.conf 上的内容:

ServerName example.com
ServerAlias *.example.com
ProxyPreserveHost on
ProxyRequests off

      <Proxy *>
              Order deny,allow
              Allow from all
       </Proxy>

SSLEngine on
SSLProxyEngine on
SSLVerifyClient None
SSLCertificateFile    /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/fullchain.pem



ProxyPass / https://localhost:8443/
ProxyPassReverse / https://localhost:8443/
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"

这是与 SSL 相关的 tomcat 7 server.xml 的内容:

<Connector executor="tomcatThreadPool"
            port="8080" protocol="HTTP/1.1"
            connectionTimeout="20000"
            redirectPort="8443" />


<Connector
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true" keystoreType="PKCS12"
           keystoreFile="/home/ubuntu/example.jks" keystorePass="example"
           clientAuth="false" sslProtocol="TLS"/>

当我尝试使用 elinks 连接时:

$ elinks https://localhost

我收到这条消息:

503 proxy Error the proxy server received an invalid response from an upstream server.

另外我应该为 Apache 配置证书位置还是只为 tomcat 7 配置证书位置。任何帮助!

相关内容