具有两个名称虚拟主机的 Apache SSL 反向代理

tag-icon tag-icon apache-2.2 ssl reverse-proxy
具有两个名称虚拟主机的 Apache SSL 反向代理

我有一个 Apache 反向代理,可以正确代理 https 内部服务器。它配置为使用通配符自签名证书,并配置为具有 ServerName 指令的基于名称的虚拟主机。

我正在尝试将第二个 https 内部服务器添加到代理,我从第一个服务器复制了配置,更改了 ServerName ,但它不起作用:如果我尝试连接到第二个服务器的名称,它总是将我代理到第一个服务器。

配置如下:

NameVirtualHost *:443

<VirtualHost *:443>
        ServerAdmin [email protected]
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

        SSLCertificateFile /etc/apache2/siteX-cert/wildcard.siteX.com.crt
        SSLCertificateKeyFile /etc/apache2/siteX-cert/wildcard.siteX.com.key
        SSLCACertificateFile /etc/apache2/siteX-cert/my-ca.crt

        ServerName      "website.siteX.com"

        CustomLog       "/var/log/apache2/website.siteX.com-ssl-access.log" combined
        ErrorLog        "/var/log/apache2/website.siteX.com-ssl-error.log"

        # We're not an open proxy
        ProxyRequests off

        # Proxying is available for anyone
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        # The site we're proxying through 
        ProxyPass / https://10.3.0.16/
        ProxyPassReverse / https://10.3.0.16/

        # Allows the proxying of an SSL connection
        SSLProxyEngine On
</VirtualHost>
<VirtualHost *:443>
        ServerAdmin [email protected]

        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

        SSLCertificateFile /etc/apache2/siteX-cert/wildcard.siteX.com.crt
        SSLCertificateKeyFile /etc/apache2/siteX-cert/wildcard.siteX.com.key
        SSLCACertificateFile /etc/apache2/siteX-cert/my-ca.crt

        ServerName      "website2.siteX.com"

        CustomLog       "/var/log/apache2/website.siteX.com-ssl-access.log" combined
        ErrorLog        "/var/log/apache2/website.siteX.com-ssl-error.log"

        #We're not an open proxy
        ProxyRequests off

        # Proxying is available for anyone
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        # The site we're proxying through 
        ProxyPass / https://10.3.0.26/
        ProxyPassReverse / https://10.3.0.26/

        # Allows the proxying of an SSL connection
        SSLProxyEngine On
</VirtualHost>

答案1

我切换到 Nginx 并设法使两个 https 站点正常运行,配置非常简单:

ssl_certificate  /etc/nginx/siteX-cert/wildcard.siteX.com.crt;
ssl_certificate_key  /etc/nginx/siteX-cert/wildcard.siteX.com.key;
ssl_session_timeout  5m;
ssl_prefer_server_ciphers  on;
ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers  AES256+EECDH:AES256+EDH:!aNULL;

server {
        listen 443 ssl;
        server_name website.siteX.com;
        ssl on;
        location / {
                proxy_pass https://10.3.0.16/;
        }
}

server {
        listen 443 ssl;
        server_name website2.siteX.com;
        ssl on;
        location / {
                proxy_pass https://10.3.0.26/;
        }
}

相关内容