我在让 M/Monit 在代理后工作时遇到了一些困难。我尝试将 HTTPS 连接从 https://monit.mydomain.com 代理到 http://monit.realserver.com:8082。
使用以下配置,如果我访问 https://monit.mydomain.com/index.csp 或任何其他有效路径,则一切正常。但是,如果我尝试仅访问 https://monit.mydomain.com 或 https://monit.mydomain.com/,它会重定向到 http://monit.mydomain.com:8082/index.csp
[root@uk1001 conf.d]# curl -k -v --fail https://monit.mydomain.com
* About to connect() to monit.mydomain.com port 443 (#0)
* Trying 10.0.35.80... connected
* Connected to monit.mydomain.com (10.0.35.80) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
... omitted cert details ...
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.3.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: monit.mydomain.com
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Date: Thu, 26 Jan 2017 11:20:01 GMT
< Server: mmonit/3.5
< Content-Type: text/plain; charset=UTF-8
< Location: http://monit.mydomain.com:8082/index.csp
< Connection: close
< Transfer-Encoding: chunked
<
这是我的虚拟主机配置:
<VirtualHost *:443 >
ServerName monit.mydomain.com
SSLEngine on
SSLProxyEngine on
ProxyRequests Off
ProxyPreserveHost On
RequestHeader set X-FORWARDED-PROTO "https"
ProxyPass / http://monit.realserver.com:8082/ connectiontimeout=5 timeout=300
ProxyPassReverse / http://monit.realserver.com:8082/
</VirtualHost>
答案1
文档的第 83 页告诉您如何操作:https://mmonit.com/documentation/mmonit_manual.pdf
你忘了告诉 M/Monit 它已被代理,应该用另一个数据进行广告,注意连接器。
proxyScheme="https" proxyName="monit.mydomain.com" proxyPort="443"
答案2
我知道这是一个老问题,但是因为我偶然发现了同样的问题:在 Monit 配置中的某个地方,HeaderLocation设置为:
http://monit.mydomain.com:8082/index.csp
但是您的ProxyPassReverse指令:
ProxyPassReverse / http://monit.realserver.com:8082/
正在监听Location http://monit.realserver.com:8082/ -,因此位置标头不会更改。将指令更改为:
ProxyPassReverse http://monit.mydomain.com:8082/
它应该可以工作。