Centos 7、Apache 2.4、TomCat 7.0.52、Java 1.7
我正在尝试配置 Apache 以使用 HTTPS 代理 tomcat 服务器(运行 Jira / Confluence):
(HTTPS:443)-> Apache服务器-> (HTTP:8090或HTTPS:8091)TomCat
目前 HTTP 代理运行良好,但我希望 HTTPS 也能正常工作。我不介意 Apache 和 Tomcat 之间的连接是否是 SSL(在同一台服务器上)。
当我访问https://confluence.company.co.uk/我得到的是 /var/www/html/index.html 而不是代理。
以下是来自 tomcat 的 Server.xml:
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="200" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" />
<Connector port="8091" proxyPort="443" proxyName="confluence.company.co.uk" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" protocol="HTTP/1.1"
redirectPort="8443" useBodyEncodingForURI="true" scheme="https" secure="true" />
与 Apache 默认的 /etc/httpd/conf.d/ssl.conf 相比,以下行有所更改:
ServerName confluence.company.co.uk:443
SSLCertificateFile /etc/pki/tls/certs/company.pem
SSLCertificateKeyFile /etc/pki/tls/private/company.key
Apache VHost 配置(在 /etc/httpd/conf.d/proxy_vhost.conf 中):
<VirtualHost *:80>
ServerName confluence.company.co.uk
ProxyRequests Off
<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy>
<Location />
AuthType Basic
AuthName "Proxy Auth"
AuthUserFile /var/www/company-auth/CONFLUENCE/.htpasswd
Require user ukuser
Satisfy any
Deny from all
Allow from 192.168.0.0/21
</Location>
ProxyPreserveHost On
ProxyPass / http://confluence.company.co.uk:8090/
ProxyPassReverse / http://confluence.company.co.uk:8090/
</VirtualHost>
<VirtualHost *:443>
SSLProxyEngine On
ProxyRequests Off
<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy>
ProxyPreserveHost On
ProxyPass / https://confluence.company.co.uk:8091/
ProxyPassReverse / https://confluence.company.co.uk:8091/
</VirtualHost>
答案1
我建议你启用急性日照Tomcat 和 Apache httpd 中的连接器。此二进制协议专用于 Java HTTP 代理。使用它可以节省您的配置时间和精力,并降低带宽和资源要求。
顺便说一句,<Proxy *>指令与反向代理无关。