因此,我尝试配置 apache 来执行两项操作:在主机上提供 mod_wsgi 应用程序,并充当主机上虚拟机内运行的 Web 服务器的反向代理。为此,我在 apache 中使用基于名称的虚拟主机。这是我的 vhost 配置:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/certs/site1.crt
SSLCertificateKeyFile /etc/apache2/certs/site1.key
SSLCACertificateFile /etc/apache2/certs/site1CA.crt
ServerName site1.com
Alias /static /static
<Directory /static>
Require all granted
</Directory>
<Directory /wsgi/files >
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess webapp python-path=/wsgi/files
WSGIProcessGroup webapp
WSGIScriptAlias / /wsgi/files/wsgi.py
</VirtualHost>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyPass / https://<local vm ip>/
ProxyPassReverse / https://<local vm ip>/
ServerName site2.com
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
SSLCertificateFile /etc/apache2/certs/site2.crt
SSLCertificateKeyFile /etc/apache2/certs/site2.key
SSLCACertificateFile /etc/apache2/certs/site2CA.crt
</VirtualHost>
的输出apache2 -S为:
<host ip>:443 is a NameVirtualHost
default server site1.com (/etc/apache2/sites-enabled/vhosts.conf:1)
port 443 namevhost site1.com (/etc/apache2/sites-enabled/vhosts.conf:1)
port 443 namevhost site2.com (/etc/apache2/sites-enabled/vhosts.conf:29)
我已经确认 site1.com 和 site2.com 的 DNS 条目是相同的 IP。但当我尝试导航到 site1.com 时,它总是显示 site2.com。但是,如果我在主机服务器上curl https://site1.com这样做,它会正确显示 site1.com。
有谁知道这可能是什么原因造成的?
答案1
问题原来是 iptables NAT 规则将通过端口 443 的所有流量转发到 site2.com,这就是为什么该流量无论如何都会得到服务。