我正在尝试tomcat
使用 webserver 来前置我的安装Apache 2
。这个想法是让它apache
处理该SSL/https
部分,然后将正常请求转发到在端口上运行的同一台机器上的 tomcat8080。
如上所述这里,我使用以下配置:
<VirtualHost *:*>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
ServerName my-server-name.com
</VirtualHost>
Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/letsencrypt/archive/my-server-name.com/cert-file
SSLCertificateKeyFile /etc/letsencrypt/archive/my-server-name.com/key-file
SSLCertificateChainFile /etc/letsencrypt/archive/my-server-name.com/chain-file
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
上述配置导致:
- 访问
http://my-server-name.com
正在打开tomcat
登陆页面 - 访问
https://my-server-name.com
正在打开apache
登陆页面
但我期望的是始终重定向到https://my-server-name.com
应该打开tomcat
登录页面的页面(最终将被部署在 ROOT 上的应用程序取代)
有人可以指导我吗,或者任何指向一步一步指南的指针,tomcat
以便处理apache
https
http
答案1
第一个 vhost 似乎不需要,并且该NameVirtualHost
指令也可以被删除,结果是:
Listen 80
Listen 443
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(.*)$
RewriteRule ^(.*)$ https://%1$1 [R=Permanent,L,QSA]
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/letsencrypt/archive/my-server-name.com/cert-file
SSLCertificateKeyFile /etc/letsencrypt/archive/my-server-name.com/key-file
SSLCertificateChainFile /etc/letsencrypt/archive/my-server-name.com/chain-file
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
答案2
在我的服务器上,我有针对您的问题的以下配置:
Listen 80
Listen 443
<VirtualHost *:80>
ErrorLog /var/log/apache2/myserver.error.log
CustomLog /var/log/apache2/myserver.log combined
#settings for AJP to tomcat
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
</VirtualHost>
<VirtualHost *:443>
ErrorLog /var/log/apache2/myserver.error.log
CustomLog /var/log/apache2/myserver.log combined
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
SSLEngine on
SSLCertificateKeyFile /etc/letsencrypt/live/myserver.com/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/myserver.com/cert.pem
#settings for AJP to tomcat
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
</VirtualHost>
我通过 AJP 8009 转发,这通常在 tomcat 中激活。在 apache 中mod_proxy_ajp必须启用。但配置将适用于http也是。我的配置和你的配置的区别:我没有
<VirtualHost *:*>
和
NameVirtualHost *:443