我有一台运行 OS X Server 5.1.7 的 Mac Mini。我有一个本地运行的服务,可通过http://127.0.0.1:3000/询问(无需身份验证)并且我想让它对外部可用,但使用 OS X Server 目录进行身份验证。
因此,在网站部分,我创建了一个名为 intranet.mydomain.com 的新网站,该网站仅供“Intranet 用户”(我创建的组)访问。
完成此操作后,我尝试访问https://intranet.mydomain.com,它要求输入用户名和密码,并使用属于“Intranet 用户”的用户的凭据。
现在,要设置反向代理,我转到文件
/库/服务器/Web/配置/apache2/站点/0000_127.0.0.1_34543_intranet.mydomain.com.conf
并添加以下内容:
ProxyPass /询问http://127.0.0.1:3000/询问
ProxyPassReverse /询问http://127.0.0.1:3000/询问
节点后Directory。
现在,当访问https://intranet.mydomain.com/ask,我进入了内部服务,但未请求身份验证。我认为这应该没问题,因为在 XML 配置中只有节点Directory配置了身份验证:
<Directory "/Library/Server/Web/Data/Sites/intranet.mydomain.com">
Options All -Indexes -ExecCGI -Includes +MultiViews
AllowOverride None
<IfModule mod_dav.c>
DAV Off
</IfModule>
<IfDefine !WEBSERVICE_ON>
Require all denied
ErrorDocument 403 /customerror/websitesoff403.html
</IfDefine>
AuthType Digest
AuthName "Realm ID 75040558"
<Limit PUT DELETE PROPPATCH PROPFIND MKCOL COPY MOVE LOCK UNLOCK>
Require no-user
</Limit>
<Limit GET HEAD OPTIONS CONNECT POST>
Require group memberusers
</Limit>
<IfDefine !WEBSERVICE_ON>
Require all denied
ErrorDocument 403 /customerror/websitesoff403.html
</IfDefine>
</Directory>
因此,为了使其成为全局的(对于文件系统和不在文件系统中的路径),我将节点更改Directory为位置节点,如下所示:
<Location "/">
Options All -Indexes -ExecCGI -Includes +MultiViews
AllowOverride None
<IfModule mod_dav.c>
DAV Off
</IfModule>
<IfDefine !WEBSERVICE_ON>
Require all denied
ErrorDocument 403 /customerror/websitesoff403.html
</IfDefine>
AuthType Digest
AuthName "Realm ID 75040558"
<Limit PUT DELETE PROPPATCH PROPFIND MKCOL COPY MOVE LOCK UNLOCK>
Require no-user
</Limit>
<Limit GET HEAD OPTIONS CONNECT POST>
Require group memberusers
</Limit>
<IfDefine !WEBSERVICE_ON>
Require all denied
ErrorDocument 403 /customerror/websitesoff403.html
</IfDefine>
</Location>
完成此操作后,访问我的域的路由时,系统会要求我进行身份验证,然后我就可以登录了。但是,访问路径时,系统https://intranet.mydomain.com/ask会要求我进行身份验证(一切正常!),但它不接受任何有效用户的用户名/密码(请注意,它适用于 ,/但不适用于/ask)。
知道为什么吗?
Directory在将其更改为之前,这是我的该网站的完整配置文件Location:
<VirtualHost 127.0.0.1:34543>
ServerName https://intranet.mydomain.com:443
ServerAdmin [email protected]
DocumentRoot "/Library/Server/Web/Data/Sites/intranet.mydomain.com"
DirectoryIndex index.html index.php default.html
CustomLog /var/log/apache2/access_log combinedvhost
ErrorLog /var/log/apache2/error_log
<IfModule mod_ssl.c>
SSLEngine Off
SSLCipherSuite "HIGH:MEDIUM:!MD5:!RC4"
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLProxyEngine On
SSLCertificateFile "/etc/certificates/intranet.mydomain.com.A86175C9AFAC45AA2D0D590A8B94ACC1455519F8.cert.pem"
SSLCertificateKeyFile "/etc/certificates/intranet.mydomain.com.A86175C9AFAC45AA2D0D590A8B94ACC1455519F8.key.pem"
SSLCertificateChainFile "/etc/certificates/intranet.mydomain.com.A86175C9AFAC45AA2D0D590A8B94ACC1455519F8.chain.pem"
SSLProxyProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
</IfModule>
<Directory "/Library/Server/Web/Data/Sites/intranet.mydomain.com">
Options All -Indexes -ExecCGI -Includes +MultiViews
AllowOverride None
<IfModule mod_dav.c>
DAV Off
</IfModule>
<IfDefine !WEBSERVICE_ON>
Require all denied
ErrorDocument 403 /customerror/websitesoff403.html
</IfDefine>
AuthType Digest
AuthName "Realm ID 75040558"
<Limit PUT DELETE PROPPATCH PROPFIND MKCOL COPY MOVE LOCK UNLOCK>
Require no-user
</Limit>
<Limit GET HEAD OPTIONS CONNECT POST>
Require group memberusers
</Limit>
<IfDefine !WEBSERVICE_ON>
Require all denied
ErrorDocument 403 /customerror/websitesoff403.html
</IfDefine>
</Directory>
ProxyPass /ask http://127.0.0.1:3000/ask
ProxyPassReverse /ask http://127.0.0.1:3000/ask
</VirtualHost>