Apache 模块“mod_jk”。设置重写条件以使用 https 来处理特定 url/上下文

tag-icon tag-icon apache-2.2 tomcat mod-rewrite https mod-jk
Apache 模块“mod_jk”。设置重写条件以使用 https 来处理特定 url/上下文

我确实有一个“简单”的问题,可能您几秒钟就能回答;)我设置了一个 apache web 服务器 (v2.2),这个 apache 服务器用作启用了“mod_jk”的平衡器。此服务器上托管了 2 个不同的应用程序,分别称为“低”和“高”。我使用的 tomcat 服务器是 V6.0x 服务器。

以下是 apache httpd.conf(摘要):

# Load mod_jk module
LoadModule    jk_module  modules/mod_jk-1.2.30-httpd-2.2.3.so
# Where to find workers.properties
JkWorkersFile conf/workers.properties
# loadbalancer contains the first application that may be clustered (runs on more tomcat instances/servers)
JkMount  /high/* loadbalancer
# webworker contains the second application that runs in a single tomcat instance
JkMount  /low/* webworker

如您所见,有两个已定义的映射。第一个“high”指向负载均衡器(2 个应用服务器“worker1”和“worker2”,请参阅下面的 worker.properties)。第二个解析为“low”,指向 webworker(此服务器上的另一个 tomcat 实例)。

以下是 worker.properties:

# Define worker list
worker.list=worker1,worker2,loadbalancer,webworker

# Set properties for worker1 (ajp13, http=8080, https=8443)
# Note: worker1 runs on the same machine as the serving apache webserver
worker.worker1.type=ajp13
worker.worker1.host=appserver1.example.com
worker.worker1.port=8009
worker.worker1.lbfactor=1

# Set properties for worker2 (ajp13, http=8080, https=8443)
# Note: worker2 runs on a different machine
worker.worker2.type=ajp13
worker.worker2.host=appserver2.example.com
worker.worker2.port=8010
worker.worker2.lbfactor=2

# Set properties for webworker (ajp13, http=9090, https=9443)
# Note: webworker runs on the same machine as the serving apache webserver
worker.webworker.type=ajp13
worker.webworker.host=appserver1.example.com
worker.webworker.port=8010

# Set properties for load balancer
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=worker1, worker2

因此,我的问题是:

我如何设置将映射“low”的所有请求重写为“https”?第二个应用程序“low”应完全安全运行。

即调用“http://www.myapplication.com/low“导致 Apache 服务器将其重写为”https://www.myapplication.com/low“。

使用“mod_rewrite”可以实现这一点吗?我必须将证书文件放在哪里?证书是否要在 tomcat-config(server.xml)或 apache-config(或者可能在两个配置文件中)中配置?

谢谢你的帮助:)

找到了解决方案:

Bruno 帮助了我,所以这是我的工作配置(将配置放在名为 httpd-vhosts.conf 的附加文件中):

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin [email protected]
        ServerName appserver1.example.com:443
        SSLEngine       on
        SSLCertificateFile     "conf/ssl.crt/server.crt"
        SSLCertificateKeyFile  "conf/ssl.key/server.key"
        JkMount  /low/* webworker
</VirtualHost>
</IfModule>

<VirtualHost *:80>
        ServerAdmin [email protected]
        ServerName appserver1.example.com
        JkMount /high/* loadbalancer
        <IfModule mod_rewrite.c>
            RewriteEngine On
            RewriteCond %{HTTPS} !=on
            RewriteRule ^/low(.*) https://appserver1.example.com/low$1 [R,L]
        </IfModule>
</VirtualHost>

答案1

您是否尝试过类似的事情(假设您已经加载了 mod_rewrite)?

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/low(.*) https://%{SERVER_NAME}/low$1 [R,L]

如果你使用 Apache Httpd 作为前端,则需要配置 SSL(请参阅mod_ssl 模块的文档)。

通常情况下,它看起来像这样:

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin [email protected]
        ServerName host.name.example

        SSLEngine       on
        SSLCertificateFile      /etc/ssl/certs/host.pem
        SSLCertificateKeyFile   /etc/ssl/private/host.key

        # ...
        # (the config file with your distribution will probably have
        #  a sensible set of options for SSL as well.)

        JkMount  /high/* loadbalancer
        JkMount  /low/* webworker
</VirtualHost>
</IfModule>

<VirtualHost *:80>
        ServerAdmin [email protected]
        ServerName host.name.example


        # You can put the rewrite rules here for example.

        JkMount  /high/* loadbalancer
        # Don't put this one if you don't want it over plain HTTP
        # JkMount  /low/* webworker
</VirtualHost>

相关内容