Apache 不将 HTTPS 请求代理到 tomcat

Apache 不将 HTTPS 请求代理到 tomcat

Centos 7、Apache 2.4、TomCat 7.0.52、Java 1.7

我正在尝试配置 Apache 以使用 HTTPS 代理 tomcat 服务器(运行 Jira / Confluence):

(HTTPS:443)-> Apache服务器-> (HTTP:8090或HTTPS:8091)TomCat

目前 HTTP 代理运行良好,但我希望 HTTPS 也能正常工作。我不介意 Apache 和 Tomcat 之间的连接是否是 SSL(在同一台服务器上)。

当我访问https://confluence.company.co.uk/我得到的是 /var/www/html/index.html 而不是代理。

以下是来自 tomcat 的 Server.xml:

<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
           maxThreads="200" minSpareThreads="10"
           enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" />

<Connector port="8091" proxyPort="443" proxyName="confluence.company.co.uk"   acceptCount="100"
           connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
           maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" protocol="HTTP/1.1"
           redirectPort="8443" useBodyEncodingForURI="true" scheme="https" secure="true" />

与 Apache 默认的 /etc/httpd/conf.d/ssl.conf 相比,以下行有所更改:

ServerName confluence.company.co.uk:443
SSLCertificateFile /etc/pki/tls/certs/company.pem
SSLCertificateKeyFile /etc/pki/tls/private/company.key

Apache VHost 配置(在 /etc/httpd/conf.d/proxy_vhost.conf 中):

<VirtualHost *:80>
    ServerName  confluence.company.co.uk
    ProxyRequests Off
    <Proxy *>
    Order deny,allow
    Deny from all
    Allow from all
    </Proxy>
    <Location />
            AuthType Basic
            AuthName "Proxy Auth"
            AuthUserFile /var/www/company-auth/CONFLUENCE/.htpasswd
            Require user ukuser
            Satisfy any
            Deny from all
            Allow from 192.168.0.0/21
    </Location>
    ProxyPreserveHost On
    ProxyPass / http://confluence.company.co.uk:8090/
    ProxyPassReverse / http://confluence.company.co.uk:8090/
</VirtualHost>
<VirtualHost *:443>
    SSLProxyEngine On
    ProxyRequests Off
    <Proxy *>
    Order deny,allow
    Deny from all
    Allow from all
    </Proxy>
    ProxyPreserveHost On
    ProxyPass / https://confluence.company.co.uk:8091/
    ProxyPassReverse / https://confluence.company.co.uk:8091/
</VirtualHost>

答案1

我建议你启用急性日照Tomcat 和 Apache httpd 中的连接器。此二进制协议专用于 Java HTTP 代理。使用它可以节省您的配置时间和精力,并降低带宽和资源要求。

顺便说一句,<Proxy *>指令与反向代理无关。

相关内容