如何通过 Apache 中的 ProxyPass 访问服务器信息?

如何通过 Apache 中的 ProxyPass 访问服务器信息?

我有一个负载均衡器,后面有 3 个 Web 服务器(a、b 和 c),所有服务器都运行 apache 和 RHEL 8。我想做的事情相对简单 - 我想获取后面的盒子的 apache 服务器状态负载均衡器,通过 http://loadbalancer/a/server-status、http://loadbalancer/b/server-status 等。

使用 http://ipofbox:8000/server-status 直接访问这些框时,服务器状态工作正常

在负载均衡器的 httpd.conf 中,我有以下几行。

<VirtualHost *:80>

ProxyRequests off

#Start Proxy balancer block and define cluster
<Proxy balancer://thecluster>

    BalancerMember http://172.31.19.205:8080
    BalancerMember http://172.31.28.85:8080 loadfactor=3
    BalancerMember http://172.31.28.49:8080
    #weighted traffic byte count balancing
    ProxySet lbmethod=bytraffic nofailover=off

</Proxy>

ProxyPass /worksa http://172.31.19.205:8080
ProxyPass /worksb http://172.31.28.85:8080
ProxyPass /worksc http://172.31.28.49:8080

ProxyPass /a http://172.31.19.205:8000
ProxyPass /b http://172.31.28.85:8000
ProxyPass /c http://172.31.28.49:8000

#pass through any other proxy requests
ProxyPass / balancer://thecluster/

#route traffic back through the cluster and act as a load balancer, ensure headers generated from any workers are modified to point to the load balancer, masking the backend web servers
#ProxyPassReverse / balancer://thecluster/

#balancer-manager GUI via port 80
<Location /balancer-manager>
    SetHandler balancer-manager
</Location>

#don't pass requests to the BM through to the cluster
ProxyPass /balancer-manager !

<Location "/~Alice">
    AuthType Digest
    AuthName "private"
    AuthDigestDomain "/~Alice"
    AuthDigestProvider file
    AuthUserFile "/etc/httpd-auth/digest_passwords_file2"
    Require valid-user
</Location>

<Location "/~Bob">
    AuthType Digest
    AuthName "private"
    AuthDigestDomain "/~Bob"
    AuthDigestProvider file
    AuthUserFile "/etc/httpd-auth/digest_passwords_file2"
    Require valid-user
</Location>

</VirtualHost>

<VirtualHost *:8000>
ProxyRequests off

#server-info GUI via port 8000
<Location /server-info>
    SetHandler server-info
</Location>

#server-status GUI via port 8000
<Location /server-status>
    SetHandler server-status
</Location>

<Location "/server-info">
    AuthType Digest
    AuthName "realm"
    AuthDigestDomain "/server-info"
    AuthDigestProvider file
    AuthUserFile /etc/httpd-auth/digest_passwords_file
    Require valid-user
</Location>

<Location "/server-status">
    AuthType Digest
    AuthName "realm"
    AuthDigestDomain "/server-status"
    AuthDigestProvider file
    AuthUserFile /etc/httpd-auth/digest_passwords_file
    Require valid-user
</Location>

</VirtualHost>

编辑:现在似乎已经通过了,但是这次我收到了 400 bad request。服务请求的后端服务器上的错误日志显示:

[auth_digest:error] [pid 9105:tid 139830629422848] [client ***.***.***.***:50720] AH01786: uri mismatch - </a/server-info/> does not match request-uri </server-info/>

似乎启用摘要身份验证后,从负载均衡器访问时会失败。在worksa上我有以下内容:

在worksa上我有以下内容:

<VirtualHost *:8000>

#balancer-manager GUI via port 8000
<Location /balancer-manager>
    SetHandler balancer-manager
</Location>

#Req 4.b
<Location "/server-info">
    SetHandler server-info
    AuthType Digest
    AuthName "realm"
    AuthDigestDomain "/server-info"
    AuthDigestProvider file
    AuthUserFile /etc/httpd-auth/digest_passwords_file
    Require valid-user
</Location>

# Req 4.a, Req 4.b
<Location "/server-status">
    SetHandler server-status
    AuthType Digest
    AuthName "realm"
    AuthDigestDomain "/server-status"
    AuthDigestProvider file
    AuthUserFile /etc/httpd-auth/digest_passwords_file
    Require valid-user
</Location>

</VirtualHost>

其次,当尝试访问http://loadbalancer/worksa/index.html时,我收到403禁止,worksa的访问日志如下所示

(13)Permission denied: file permissions deny server access: /var/www/html/index.html.

我在index.html上使用了chmod 0644,但它似乎没有帮助。

总之,http://loadbalancer/a/server-info 请求凭据然后返回 400 错误请求,而 http://loadbalancer/a/index.html 返回 403 禁止。

非常感谢。

答案1

将特定ProxyPass指令移到平衡器之前,ProxyPass然后平衡器将其他所有内容与 相匹配/。并删除尾部斜杠。

这是第一个虚拟主机:

<VirtualHost *:80>
    ProxyRequests off

    #Start Proxy balancer block and define cluster
    <Proxy balancer://thecluster>
        BalancerMember http://172.31.27.155:8080
        BalancerMember http://172.31.21.185:8080 loadfactor=3
        BalancerMember http://172.31.28.201:8080

        #weighted traffic byte count balancing
        ProxySet lbmethod=bytraffic nofailover=off
    </Proxy>

    ProxyPass /worksa http://172.31.27.155:8080
    ProxyPass /worksb http://172.31.21.185:8080
    ProxyPass /worksc http://172.31.28.201:8080

    # pass through balancer member
    ProxyPass /a http://172.31.27.155:8000
    ProxyPass /b http://172.31.21.185:8000
    ProxyPass /c http://172.31.28.201:8000

    # pass through any other proxy requests
    ProxyPass / balancer://thecluster/

    #route traffic back through the cluster and act as a load balancer, ensure headers generated from$
    #ProxyPassReverse / balancer://thecluster/
</VirtualHost>

您可能需要调整后端的访问控制以防止出现“403 Forbidden”:

<Location /server-status>
    SetHandler server-status
    # limit to ip addresses, hosts or whatever you need
    Require ip 172.31
</Location>

相关内容