我在本地网络中有两个通过 https 运行的站点并使用 letsencrypt 证书 - 我们将它们称为 git.foo.com 和 api.foo.com。
我想从互联网上查看这些网站。我有一个 OpenWRT 路由器,它运行在白色 IP 地址上(git.foo.com 和 api.foo.com 的 DNS 记录指向它的 IP)。
我刚刚将流量从 80 和 443 端口重定向(使用 iptables)到另一台本地机器,该机器必须是代理。问题是如何通过站点主机名将 SSL 流量传递到特定站点(已使用 SSL)服务器?
答案1
使用 apache 完成的。
<VirtualHost *:443>
ServerName git.foo.com
ErrorLog /var/log/apache2/git.error.log
TransferLog /var/log/apache2/git.com.access.log
SSLEngine On
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
SSLInsecureRenegotiation on
SSLProxyVerify none
SSLProxyCheckPeerName Off
SSLVerifyClient none
SSLCertificateFile /etc/certs/git.foo.com/fullchain2.pem
SSLCertificateKeyFile /etc/certs/git.foo.com/privkey2.pem
ProxyPass / https://192.168.3.230/
ProxyPassReverse / https://192.168.3.230/
<Location "/">
Require all granted
</Location>
</VirtualHost>
<VirtualHost *:443>
ServerName api.foo.com
ErrorLog /var/log/apache2/api.error.log
TransferLog /var/log/apache2/api.access.log
SSLEngine On
SSLProxyEngine On
ProxyPreserveHost on
ProxyRequests Off
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
SSLInsecureRenegotiation on
SSLProxyVerify none
SSLProxyCheckPeerName Off
SSLVerifyClient none
SSLCertificateFile /etc/certs/api.foo.com/fullchain5.pem
SSLCertificateKeyFile /etc/certs/api.foo.com/privkey5.pem
ProxyPass / https://192.168.3.230/
ProxyPassReverse / https://192.168.3.230/
<Location "/">
Require all granted
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName subapi.foo.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://192.168.3.27/
ProxyPassReverse / https://192.168.3.27/
<Location "/">
Require all granted
</Location>
</VirtualHost>