Apache 多个域的反向代理配置

tag-icon tag-icon apache-2.2 centos web-server reverse-proxy
Apache 多个域的反向代理配置

httpd.conf我是新手。我有 1 台 LAMP CentOS 服务器,它托管 3 个网站,Apache配置如下:

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot /home/www/html/domaina.com
    ServerName www.domaina.com
    ServerAlias *.domaina.com
    ScriptAlias /cgi-bin/ "/home/www/html/domaina.com/cgi-bin/"
    RewriteEngine On
    RewriteOptions Inherit
    ErrorLog /home/log/domaina.com-error_log
    CustomLog /home/log/domaina.com-access_log common
</VirtualHost>
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/ca.crt
    SSLCertificateKeyFile /etc/pki/tls/private/ca.key   
    ServerAdmin [email protected]
    DocumentRoot /home/www/html/domaina.com
    ServerName www.domaina.com
    ServerAlias *.domaina.com 
    ScriptAlias /cgi-bin/ "/home/www/html/domaina.com/cgi-bin/"
    RewriteEngine On
    RewriteOptions Inherit 
    ErrorLog /home/log/domaina.com-error_log
    CustomLog /home/log/domaina.com-access_log common
</VirtualHost>
<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot /home/www/html/domainb.com
    ServerName www.domainb.com
    ServerAlias *.domainb.com
    ScriptAlias /cgi-bin/ "/home/www/html/domainb.com/cgi-bin/"
    RewriteEngine On
    RewriteOptions Inherit
    ErrorLog /home/log/domainb.com-error_log
    CustomLog /home/log/domainb.com-access_log common
</VirtualHost>
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/ca.crt
    SSLCertificateKeyFile /etc/pki/tls/private/ca.key   
    ServerAdmin [email protected]
    DocumentRoot /home/www/html/domainb.com
    ServerName www.domainb.com
    ServerAlias *.domainb.com 
    ScriptAlias /cgi-bin/ "/home/www/html/domainb.com/cgi-bin/"
    RewriteEngine On
    RewriteOptions Inherit 
    ErrorLog /home/log/domainb.com-error_log
    CustomLog /home/log/domainb.com-access_log common
</VirtualHost>
<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot /home/www/html/domainc.com
    ServerName www.domainc.com
    ServerAlias *.domainc.com
    ScriptAlias /cgi-bin/ "/home/www/html/domainc.com/cgi-bin/"
    RewriteEngine On
    RewriteOptions Inherit
    ErrorLog /home/log/domainc.com-error_log
    CustomLog /home/log/domainc.com-access_log common
</VirtualHost>
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/ca.crt
    SSLCertificateKeyFile /etc/pki/tls/private/ca.key   
    ServerAdmin [email protected]
    DocumentRoot /home/www/html/domainc.com
    ServerName www.domainc.com
    ServerAlias *.domainc.com 
    ScriptAlias /cgi-bin/ "/home/www/html/domainc.com/cgi-bin/"
    RewriteEngine On
    RewriteOptions Inherit 
    ErrorLog /home/log/domainc.com-error_log
    CustomLog /home/log/domainc.com-access_log common
</VirtualHost>

当域名直接指向该服务器时,一切正常。但我想使用另一台服务器作为 domainc.com 的反向代理。因此,我在另一台 CentOS 服务器上安装了 apache,并将 domainc.com 指向该服务器。我将以下配置放入/etc/httpd/conf.d/proxy.conf

<IfModule mod_proxy.c>
        #turning ProxyRequests on and allowing proxying from all may allow
        #spammers to use your proxy to send email.

        ProxyRequests Off

        <Proxy *>
                AddDefaultCharset off
                Order deny,allow
                Allow from all
        </Proxy>

        # Enable/disable the handling of HTTP/1.1 "Via:" headers.
        # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
        # Set to one of: Off | On | Full | Block

        ProxyVia On
</IfModule>

并将其配置到httpd.conf中:

NameVirtualHost *:80

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName www.domainc.com
    ErrorLog logs/domainc.com-error_log
    CustomLog logs/domainc.com-access_log common

    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://[IP of server 1]:80/
    ProxyPassReverse / http://[IP of server 1]:80/
</VirtualHost>

但是现在当我尝试浏览 domainc.com 时,我得到的是 domaina.com 的内容。我已经花了好几个小时试图弄清楚,尝试了在线找到的不同配置,但得到的结果仍然相同。有人能帮忙吗?可以这样做吗?

答案1

当您使用具有此配置的 mod_proxy 时,原始的Host:-header 将被替换为您在 中写入的任何内容ProxyPass。因此,当客户端连接到您的domainc服务器时,客户端将发送标头Host: www.domainc.com。您的反向代理将删除此标头并改为发送Host: [IP of server]。而且由于您没有在任何 VirtualHost 中列出 IP,因此 apache 将简单地选择虚拟主机列表中的第一个,即domaina.com

解决此问题的最佳方法是更改​​代理配置,添加以下行

ProxyPreserveHost On

这将使得 apache 在连接到后端服务器时重新使用原始的 Host:-header。

(您也可以将 IP 地址添加到 domainc.com 的虚拟主机配置中,但如果您想代理服务器上的任何其他域,则会遇到完全相同的问题,因此这不是我推荐的。)

答案2

ssh host2 sed -i~ '
  /Proxy/s/[IP of server 1]/[hostname of server 1]/
' /etc/httpd/conf/httpd.conf

请阅读机制,尤其是 RPM 中标记为 Config 的文件的更改如果被修改则不会收到任何 [安全] 更新的原因。这是最近(-ish)安全更新的一个问题,表面上是交付给 /etc/sudoers 的,但 RPM 系统的新手一直不知道要注意这一点。对于您来说,请习惯使用 /etc/httpd/conf.s/v-057-virtual-serverc.conf 和类似名称的文件。(或者暂时不要;您自己选择)

相关内容