我使用反向代理来显示子域的后端服务器内容。subdomain.mydomain.com(服务器 A)应显示 IP 为 123.123.123.123 端口为 1111 的服务器(服务器 B)的内容。
subdomain.mydomain.com 的虚拟主机(服务器 A):
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName subdomain.mydomain.com
SSLEngine on
SecAuditEngine On
RewriteEngine On
SSLProxyEngine on
ProxyPreserveHost On
LogLevel warn
<Directory />
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Location />
ProxyPass https://123.123.123.123:1111
ProxyPassReverse https://123.123.123.123:1111
</Location>
ErrorLog /var/log/apache2/error.log
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLVerifyClient none
SSLVerifyDepth 1
SSLCertificateFile /etc/apache2/cert.site/chain_wildcard_site_combined.crt
SSLCertificateKeyFile /etc/apache2/cert.site/key_wildcard_site.key
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
123.123.123.123:1111的虚拟主机(服务器B):
<IfModule mod_ssl.c>
<VirtualHost 123.123.123.123:1111>
DocumentRoot /srv/www/site/htdocs
SSLEngine on
RewriteEngine On
SSLProxyEngine on
ProxyPreserveHost On
LogLevel warn
<Location "/">
Require ip 222.222.222.222
</Location>
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /srv/www/site/htdocs>
Options -Indexes +FollowSymLinks +MultiViews
DirectoryIndex index.php
AllowOverride None
Require all granted
</Directory>
ErrorLog /srv/www/site/log/error.log
CustomLog /srv/www/site/log/access.log combined
CustomLog /srv/www/site/log/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLVerifyClient none
SSLVerifyDepth 1
SSLCertificateFile /etc/apache2/cert.site/chain_wildcard_site_combined.crt
SSLCertificateKeyFile /etc/apache2/cert.site/key_wildcard_site.key
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
如果我加载 URL: https://subdomain.mydomain.com/dir/
它加载成功。
如果我加载 URL(不带尾部斜杠): https://subdomain.mydomain.com/dir
它导致错误页面:ERR_CONNECTION_REFUSED。
编辑1:
我执行命令:
curl -IL https://subdomain.mydomain.com/dir
我得到了这个结果:
HTTP/1.1 301 Moved Permanently
Date: Mon, 23 Aug 2021 13:45:13 GMT
Server: Apache
Strict-Transport-Security: max-age=15768000; includeSubDomains
Strict-Transport-Security: max-age=15768000; includeSubDomains
Location: https://subdomain.mydomain.com:1111/dir/
Content-Type: text/html; charset=iso-8859-1
curl: (7) Failed to connect to subdomain.mydomain.com port 1111: Connection refused
编辑2:
我添加了尾部斜杠
<Location />
ProxyPass https://123.123.123.123:1111/
ProxyPassReverse https://123.123.123.123:1111/
</Location>
但我还是明白连接被拒绝错误。
知道为什么缺少尾随斜杠会导致错误吗?
谢谢!
答案1
虽然很难将 、 和 关联起来subdomain.domain.com
,123.123.123.123
但222.222.222.222
有两个问题引起了我的注意。以下是我对你所说的内容的看法。
ProxyPass 指令必须总是有一个尾部斜杠:
<Location /> ProxyPass https://123.123.123.123:1111/ ProxyPassReverse https://123.123.123.123:1111/ </Location>
您在编辑/更新中更正了此问题,但没有新的测试结果来显示修复的效果。
您正在代理到主机
123.123.123.123
,并且VirtualHost
指令需要这样做,但没有ServerName
条目可以匹配所要求的原始服务器名称ProxyPreserveHost
。ProxyPreserveHost
从服务器 B 中删除- 添加到服务器 B,以匹配服务器 A 的URI
ServerName
中定义的 IP 地址ProxyPass
不要忘记仔细查看服务器 A 和服务器 B 生成的访问和错误日志;它们的存在是有充分理由的。