从 apache 到 tomcat 的反向代理(用于 https 到 http)

从 apache 到 tomcat 的反向代理(用于 https 到 http)

我正在尝试tomcat使用 webserver 来前置我的安装Apache 2。这个想法是让它apache处理该SSL/https部分,然后将正常请求转发到在端口上运行的同一台机器上的 tomcat8080

如上所述这里,我使用以下配置:

<VirtualHost *:*>
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:8080/
    ProxyPassReverse / http://127.0.0.1:8080/

    ServerName my-server-name.com
</VirtualHost>

Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/archive/my-server-name.com/cert-file
    SSLCertificateKeyFile /etc/letsencrypt/archive/my-server-name.com/key-file
    SSLCertificateChainFile /etc/letsencrypt/archive/my-server-name.com/chain-file

    ProxyPass / http://127.0.0.1:8080/
    ProxyPassReverse / http://127.0.0.1:8080/

</VirtualHost>

上述配置导致:

  1. 访问http://my-server-name.com正在打开tomcat登陆页面
  2. 访问https://my-server-name.com正在打开apache登陆页面

但我期望的是始终重定向到https://my-server-name.com应该打开tomcat登录页面的页面(最终将被部署在 ROOT 上的应用程序取代)

有人可以指导我吗,或者任何指向一步一步指南的指针,tomcat以便处理apachehttpshttp

答案1

第一个 vhost 似乎不需要,并且该NameVirtualHost指令也可以被删除,结果是:

Listen 80    
Listen 443

<VirtualHost *:80>
    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^(.*)$
    RewriteRule ^(.*)$ https://%1$1 [R=Permanent,L,QSA]
</VirtualHost>

<VirtualHost *:443>
    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/archive/my-server-name.com/cert-file
    SSLCertificateKeyFile /etc/letsencrypt/archive/my-server-name.com/key-file
    SSLCertificateChainFile /etc/letsencrypt/archive/my-server-name.com/chain-file

    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:8080/
    ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>

答案2

在我的服务器上,我有针对您的问题的以下配置:

Listen 80
Listen 443

<VirtualHost *:80>
   ErrorLog /var/log/apache2/myserver.error.log
   CustomLog /var/log/apache2/myserver.log combined

#settings for AJP to tomcat
   ProxyPass / ajp://localhost:8009/
   ProxyPassReverse / ajp://localhost:8009/

</VirtualHost>

<VirtualHost *:443>
   ErrorLog /var/log/apache2/myserver.error.log
   CustomLog /var/log/apache2/myserver.log combined

   <Proxy *>
     AddDefaultCharset Off
     Order deny,allow
     Allow from all
   </Proxy>
   SSLEngine on
   SSLCertificateKeyFile /etc/letsencrypt/live/myserver.com/privkey.pem
   SSLCertificateFile /etc/letsencrypt/live/myserver.com/cert.pem

#settings for AJP to tomcat
   ProxyPass / ajp://localhost:8009/
   ProxyPassReverse / ajp://localhost:8009/

</VirtualHost>

我通过 AJP 8009 转发,这通常在 tomcat 中激活。在 apache 中mod_proxy_ajp必须启用。但配置将适用于http也是。我的配置和你的配置的区别:我没有

<VirtualHost *:*>

NameVirtualHost *:443

相关内容