使用 Apache 作为 Varnish 的 https 反向代理

tag-icon tag-icon apache-2.4 varnish debian-jessie
使用 Apache 作为 Varnish 的 https 反向代理

Debian 杰西我正在尝试使用 varnish 反向代理提供 https 服务,并且发现了以下解决方案:http://davidbu.ch/mann/blog/2015-03-20/varnish-and-https-apache.html:apache 在端口 443 上管理 ssl 内容,然后传递到端口 80 上的 varnish,再传递到端口 8080 上的 apache。

但是,https://myserver.com/index.html我在浏览器中收到的请求是:

403 Forbidden

You don't have permission to access / on this server.

Apache 的 error.log 显示:

[authz_core:error] [pid 12662] [client 151.16.175.15:38240] AH01630: client denied by server configuration: proxy:http://127.0.0.1:80/index.html

我错过了什么?

我的 vhost 定义

<VirtualHost *:8080>
    ServerAdmin [email protected]
    ServerName myserver.com

    DocumentRoot /home/paolo/weewx
    <Directory /home/paolo/weewx/>
        DirectoryIndex index.html
        Options FollowSymLinks
        AllowOverride All
        Require all granted
        order allow,deny
        allow from all
    </Directory>

    ErrorLog /var/log/apache2/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    # ErrorDocument 404 /index.html

    CustomLog /var/log/apache2/access.log combined

</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin [email protected]
    ServerName myserver.com

    DocumentRoot /home/paolo/weewx/
    <Directory /home/paolo/weewx/>
        DirectoryIndex index.html
        Options FollowSymLinks
        AllowOverride All
        order allow,deny
        allow from all
    </Directory>

    ErrorLog /var/log/apache2/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    # ErrorDocument 404 /index.html

    CustomLog /var/log/apache2/access.log combined

    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:80/
    ProxyPassReverse / http://127.0.0.1:80/
    RequestHeader set X-Forwarded-Port "443"
    RequestHeader set X-Forwarded-Proto "https"

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/qumran2/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/qumran2/privkey.pem
</VirtualHost>


</IfModule>

答案1

我不会在仅用于代理请求的虚拟主机条目中设置文档根目录。尤其是当您包含指令时,AllowOverride All文件.htaccess可以发挥作用。

为了进行调试,为每个虚拟主机条目定义单独的日志文件也可能有帮助。

<VirtualHost *:443>
    ServerAdmin [email protected]
    ServerName example.com
    LogLevel warn
    ErrorLog /var/log/apache2/example.com-ssl-error.log
    CustomLog /var/log/apache2/example.com-ssl-access.log combined
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:80/
    ProxyPassReverse / http://127.0.0.1:80/
    RequestHeader set X-Forwarded-Port "443"
    RequestHeader set X-Forwarded-Proto "https"
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/qumran2/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/qumran2/privkey.pem
</VirtualHost>

您可以通过直接从端口 8080 请求资源进行调试,curl --verbose --header 'Host: example.com' 'http://localhost:8080/index.html'看看 VirtualHost 是否存在问题。

如果不是,则尝试在端口 80 上使用 varnish,看看问题是否出在 Varnish 上。curl --verbose --header 'Host: example.com' 'http://localhost:80/index.html

相关内容