httpd.conf
我是新手。我有 1 台 LAMP CentOS 服务器,它托管 3 个网站,Apache配置如下:
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /home/www/html/domaina.com
ServerName www.domaina.com
ServerAlias *.domaina.com
ScriptAlias /cgi-bin/ "/home/www/html/domaina.com/cgi-bin/"
RewriteEngine On
RewriteOptions Inherit
ErrorLog /home/log/domaina.com-error_log
CustomLog /home/log/domaina.com-access_log common
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
ServerAdmin [email protected]
DocumentRoot /home/www/html/domaina.com
ServerName www.domaina.com
ServerAlias *.domaina.com
ScriptAlias /cgi-bin/ "/home/www/html/domaina.com/cgi-bin/"
RewriteEngine On
RewriteOptions Inherit
ErrorLog /home/log/domaina.com-error_log
CustomLog /home/log/domaina.com-access_log common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /home/www/html/domainb.com
ServerName www.domainb.com
ServerAlias *.domainb.com
ScriptAlias /cgi-bin/ "/home/www/html/domainb.com/cgi-bin/"
RewriteEngine On
RewriteOptions Inherit
ErrorLog /home/log/domainb.com-error_log
CustomLog /home/log/domainb.com-access_log common
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
ServerAdmin [email protected]
DocumentRoot /home/www/html/domainb.com
ServerName www.domainb.com
ServerAlias *.domainb.com
ScriptAlias /cgi-bin/ "/home/www/html/domainb.com/cgi-bin/"
RewriteEngine On
RewriteOptions Inherit
ErrorLog /home/log/domainb.com-error_log
CustomLog /home/log/domainb.com-access_log common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /home/www/html/domainc.com
ServerName www.domainc.com
ServerAlias *.domainc.com
ScriptAlias /cgi-bin/ "/home/www/html/domainc.com/cgi-bin/"
RewriteEngine On
RewriteOptions Inherit
ErrorLog /home/log/domainc.com-error_log
CustomLog /home/log/domainc.com-access_log common
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
ServerAdmin [email protected]
DocumentRoot /home/www/html/domainc.com
ServerName www.domainc.com
ServerAlias *.domainc.com
ScriptAlias /cgi-bin/ "/home/www/html/domainc.com/cgi-bin/"
RewriteEngine On
RewriteOptions Inherit
ErrorLog /home/log/domainc.com-error_log
CustomLog /home/log/domainc.com-access_log common
</VirtualHost>
当域名直接指向该服务器时,一切正常。但我想使用另一台服务器作为 domainc.com 的反向代理。因此,我在另一台 CentOS 服务器上安装了 apache,并将 domainc.com 指向该服务器。我将以下配置放入/etc/httpd/conf.d/proxy.conf
:
<IfModule mod_proxy.c>
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
ProxyVia On
</IfModule>
并将其配置到httpd.conf中:
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName www.domainc.com
ErrorLog logs/domainc.com-error_log
CustomLog logs/domainc.com-access_log common
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://[IP of server 1]:80/
ProxyPassReverse / http://[IP of server 1]:80/
</VirtualHost>
但是现在当我尝试浏览 domainc.com 时,我得到的是 domaina.com 的内容。我已经花了好几个小时试图弄清楚,尝试了在线找到的不同配置,但得到的结果仍然相同。有人能帮忙吗?可以这样做吗?
答案1
当您使用具有此配置的 mod_proxy 时,原始的Host:
-header 将被替换为您在 中写入的任何内容ProxyPass
。因此,当客户端连接到您的domainc
服务器时,客户端将发送标头Host: www.domainc.com
。您的反向代理将删除此标头并改为发送Host: [IP of server]
。而且由于您没有在任何 VirtualHost 中列出 IP,因此 apache 将简单地选择虚拟主机列表中的第一个,即domaina.com
。
解决此问题的最佳方法是更改代理配置,添加以下行
ProxyPreserveHost On
这将使得 apache 在连接到后端服务器时重新使用原始的 Host:-header。
(您也可以将 IP 地址添加到 domainc.com 的虚拟主机配置中,但如果您想代理服务器上的任何其他域,则会遇到完全相同的问题,因此这不是我推荐的。)
答案2
ssh host2 sed -i~ '
/Proxy/s/[IP of server 1]/[hostname of server 1]/
' /etc/httpd/conf/httpd.conf
请阅读机制,尤其是 RPM 中标记为 Config 的文件的更改如果被修改则不会收到任何 [安全] 更新的原因。这是最近(-ish)安全更新的一个问题,表面上是交付给 /etc/sudoers 的,但 RPM 系统的新手一直不知道要注意这一点。对于您来说,请习惯使用 /etc/httpd/conf.s/v-057-virtual-serverc.conf 和类似名称的文件。(或者暂时不要;您自己选择)