我有一个 Apache httpd 2.4 的测试实例,其配置如下:
<VirtualHost *:9979>
ServerName 192.168.0.162
# Encoded slashes need to be allowed
AllowEncodedSlashes On
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Main websocket
ProxyPass /lool/ws wss://127.0.0.1:9980/lool/ws
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
<Proxy *>
# Auth changes in 2.4 - see http://httpd.apache.org/docs/2.4/upgrading.html#run-time
Require all granted
</Proxy>
</VirtualHost>
我已经加载了所需的模块:
root@dd340bf80de3:/etc/apache2# apache2ctl -M
[Fri Aug 19 12:49:48.930521 2016] [core:trace3] [pid 21392:tid 140679377049472] core.c(3056): Setting LogLevel for all modules to trace8
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.3. Set the 'ServerName' directive globally to suppress this message
Loaded Modules:
core_module (static)
so_module (static)
watchdog_module (static)
http_module (static)
log_config_module (static)
logio_module (static)
version_module (static)
unixd_module (static)
access_compat_module (shared)
alias_module (shared)
auth_basic_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
filter_module (shared)
mime_module (shared)
mpm_event_module (shared)
negotiation_module (shared)
proxy_module (shared)
proxy_http_module (shared)
proxy_wstunnel_module (shared)
setenvif_module (shared)
socache_shmcb_module (shared)
ssl_module (shared)
status_module (shared)
但是,Apache 不会代理请求:
[Fri Aug 19 09:40:04.701822 2016] [core:trace5] [pid 10272:tid 139810871797504] protocol.c(618): [client 192.168.0.162:42645] Request received from client: GET /loleaflet HTTP/1.1
[Fri Aug 19 09:40:04.701934 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(301): [client 192.168.0.162:42645] Headers received from client:
[Fri Aug 19 09:40:04.701945 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645] Host: 192.168.0.162:9979
[Fri Aug 19 09:40:04.701955 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645] Connection: keep-alive
[Fri Aug 19 09:40:04.701979 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645] Cache-Control: max-age=0
[Fri Aug 19 09:40:04.701989 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645] Upgrade-Insecure-Requests: 1
[Fri Aug 19 09:40:04.701998 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645] User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
[Fri Aug 19 09:40:04.702008 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645] Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
[Fri Aug 19 09:40:04.702017 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645] DNT: 1
[Fri Aug 19 09:40:04.702026 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645] Accept-Encoding: gzip, deflate, sdch
[Fri Aug 19 09:40:04.702035 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645] Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4,ru;q=0.2,de;q=0.2
[Fri Aug 19 09:40:04.702122 2016] [authz_core:debug] [pid 10272:tid 139810871797504] mod_authz_core.c(809): [client 192.168.0.162:42645] AH01626: authorization result of Require all granted: granted
[Fri Aug 19 09:40:04.702133 2016] [authz_core:debug] [pid 10272:tid 139810871797504] mod_authz_core.c(809): [client 192.168.0.162:42645] AH01626: authorization result of <RequireAny>: granted
[Fri Aug 19 09:40:04.702143 2016] [core:trace3] [pid 10272:tid 139810871797504] request.c(293): [client 192.168.0.162:42645] request authorized without authentication by access_checker_ex hook: /loleaflet
[Fri Aug 19 09:40:04.702171 2016] [core:info] [pid 10272:tid 139810871797504] [client 192.168.0.162:42645] AH00128: File does not exist: /var/www/html/loleaflet
[Fri Aug 19 09:40:04.702217 2016] [http:trace3] [pid 10272:tid 139810871797504] http_filters.c(1003): [client 192.168.0.162:42645] Response sent with status 404, headers:
[Fri Aug 19 09:40:04.702228 2016] [http:trace5] [pid 10272:tid 139810871797504] http_filters.c(1010): [client 192.168.0.162:42645] Date: Fri, 19 Aug 2016 09:40:04 GMT
[Fri Aug 19 09:40:04.702237 2016] [http:trace5] [pid 10272:tid 139810871797504] http_filters.c(1013): [client 192.168.0.162:42645] Server: Apache/2.4.10 (Debian)
[Fri Aug 19 09:40:04.702247 2016] [http:trace4] [pid 10272:tid 139810871797504] http_filters.c(832): [client 192.168.0.162:42645] Content-Length: 288
[Fri Aug 19 09:40:04.702256 2016] [http:trace4] [pid 10272:tid 139810871797504] http_filters.c(832): [client 192.168.0.162:42645] Keep-Alive: timeout=5, max=100
[Fri Aug 19 09:40:04.702265 2016] [http:trace4] [pid 10272:tid 139810871797504] http_filters.c(832): [client 192.168.0.162:42645] Connection: Keep-Alive
[Fri Aug 19 09:40:04.702274 2016] [http:trace4] [pid 10272:tid 139810871797504] http_filters.c(832): [client 192.168.0.162:42645] Content-Type: text/html; charset=iso-8859-1
tcpdump确认没有与 127.0.0.1:9980 有任何数据包交换,甚至连一个 TCP SYN 都没有。可以看到,Apache httpd 只是在其目录中搜索请求的 URL 并返回 404,而不是按照配置中的要求将请求传递给 127.0.0.1。这是怎么回事?
答案1
<Proxy *> 块通常只对正向代理有用,对反向代理无用。您可以将其删除。
如果没有发生代理,那么我将添加特定于 vhost 的访问和错误日志来验证 a) 请求是否确实到达了您认为的 vhost 以及 b) 是否请求了正确的 URI 路径。
将这些添加到您的
CustomLog 日志/port_9979_access_log ErrorLog 日志/port_9979_error_log
提出请求后查看它们