Apache 反向代理 ssl

Question

客户端和此 httpd 实例之间连接的传输方法完全独立于 httpd 实例和您代理的服务器之间的传输方法。这意味着，只需将代理线路（至少ProxyPass和ProxyPassReverse）添加到您的 HTTPS 配置中：

NameVirtualHost *:443
<VirtualHost *:443>
    ServerName sub.domain.com

    # Certificate stuff goes here...
    SSLEngine on
    SSLCertificateFile              /etc/pki/http/certs/sub.domain.com.crt
    SSLCertificateKeyFile   /etc/pki/http/private/sub.domain.com.key
    SSLCertificateChainFile /etc/pki/http/certs/interims-cert.crt
    SSLProtocol All -SSLv2 -SSLv3
    SSLHonorCipherOrder on
    SSLCipherSuite +EDH:HIGH:!LOW:!ADH:-MEDIUM:RC4+SHA

    ProxyRequests Off
    ProxyVia Off
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>                              
    ProxyPass / http://localhost:5010
    ProxyPassReverse / http://localhost:5010/
</VirtualHost>

这些SSL*指令仅用于示例目的！您应该检查如何安全地配置 HTTPS 的 httpd。

Answer 1

客户端和此 httpd 实例之间连接的传输方法完全独立于 httpd 实例和您代理的服务器之间的传输方法。这意味着，只需将代理线路（至少ProxyPass和ProxyPassReverse）添加到您的 HTTPS 配置中：

NameVirtualHost *:443
<VirtualHost *:443>
    ServerName sub.domain.com

    # Certificate stuff goes here...
    SSLEngine on
    SSLCertificateFile              /etc/pki/http/certs/sub.domain.com.crt
    SSLCertificateKeyFile   /etc/pki/http/private/sub.domain.com.key
    SSLCertificateChainFile /etc/pki/http/certs/interims-cert.crt
    SSLProtocol All -SSLv2 -SSLv3
    SSLHonorCipherOrder on
    SSLCipherSuite +EDH:HIGH:!LOW:!ADH:-MEDIUM:RC4+SHA

    ProxyRequests Off
    ProxyVia Off
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>                              
    ProxyPass / http://localhost:5010
    ProxyPassReverse / http://localhost:5010/
</VirtualHost>

这些SSL*指令仅用于示例目的！您应该检查如何安全地配置 HTTPS 的 httpd。

Apache 反向代理 ssl

答案1

相关内容