我有一个 Apache 反向代理,可以正确代理 https 内部服务器。它配置为使用通配符自签名证书,并配置为具有 ServerName 指令的基于名称的虚拟主机。
我正在尝试将第二个 https 内部服务器添加到代理,我从第一个服务器复制了配置,更改了 ServerName ,但它不起作用:如果我尝试连接到第二个服务器的名称,它总是将我代理到第一个服务器。
配置如下:
NameVirtualHost *:443
<VirtualHost *:443>
ServerAdmin [email protected]
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/apache2/siteX-cert/wildcard.siteX.com.crt
SSLCertificateKeyFile /etc/apache2/siteX-cert/wildcard.siteX.com.key
SSLCACertificateFile /etc/apache2/siteX-cert/my-ca.crt
ServerName "website.siteX.com"
CustomLog "/var/log/apache2/website.siteX.com-ssl-access.log" combined
ErrorLog "/var/log/apache2/website.siteX.com-ssl-error.log"
# We're not an open proxy
ProxyRequests off
# Proxying is available for anyone
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# The site we're proxying through
ProxyPass / https://10.3.0.16/
ProxyPassReverse / https://10.3.0.16/
# Allows the proxying of an SSL connection
SSLProxyEngine On
</VirtualHost>
<VirtualHost *:443>
ServerAdmin [email protected]
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/apache2/siteX-cert/wildcard.siteX.com.crt
SSLCertificateKeyFile /etc/apache2/siteX-cert/wildcard.siteX.com.key
SSLCACertificateFile /etc/apache2/siteX-cert/my-ca.crt
ServerName "website2.siteX.com"
CustomLog "/var/log/apache2/website.siteX.com-ssl-access.log" combined
ErrorLog "/var/log/apache2/website.siteX.com-ssl-error.log"
#We're not an open proxy
ProxyRequests off
# Proxying is available for anyone
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# The site we're proxying through
ProxyPass / https://10.3.0.26/
ProxyPassReverse / https://10.3.0.26/
# Allows the proxying of an SSL connection
SSLProxyEngine On
</VirtualHost>
答案1
我切换到 Nginx 并设法使两个 https 站点正常运行,配置非常简单:
ssl_certificate /etc/nginx/siteX-cert/wildcard.siteX.com.crt;
ssl_certificate_key /etc/nginx/siteX-cert/wildcard.siteX.com.key;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
server {
listen 443 ssl;
server_name website.siteX.com;
ssl on;
location / {
proxy_pass https://10.3.0.16/;
}
}
server {
listen 443 ssl;
server_name website2.siteX.com;
ssl on;
location / {
proxy_pass https://10.3.0.26/;
}
}