我正在设置一个代理,让一个完全隔离的 vlan(称为 VLAN1)通过代理访问另一个 vlan(VLAN2)。
一台服务器有两个 NIC:一个用于 VLAN1(10.1.1.50),另一个用于 VLAN2(10.1.2.254)。
在我的 VLAN1 上,我有几个服务器运行相同的 Web 应用程序(针对不同的用户):
- https://10.1.1.101/myapp
- https://10.1.1.102/myapp
- https://10.1.1.103/myapp
- ...
在我的代理服务器(10.1.2.254 或 10.1.1.50)上,在文件 /etc/httpd/conf.d/myapp.conf 上:
ServerName Proxy-IsolatedNetwork
#
# SSL
#
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerExpire Off
SSLProxyCheckPeerName Off
SSLProxyEngine On
SSLProxyProtocol All
SSLProxyVerify optional_no_ca
SSLProxyVerifyDepth 0
#
# Proxy
#
ProxyPreserveHost On
情况1
如果我这样写,它就会起作用:
ProxyPass /101 https://10.1.1.101/myapp
ProxyPassReverse /101 https://10.1.1.101/myapp
ProxyPass /myapp https://10.1.1.101/myapp
ProxyPassReverse /myapp https://10.1.1.101/myapp
如果我们访问 https://10.1.2.254/101,它可以工作,我可以访问托管在 https://10.1.1.101/myapp 上的 myapp
但
案例 2
我想要的是:
- https://10.1.2.254/101 => https://10.1.1.101/myapp
- https://10.1.2.254/102 => https://10.1.1.102/myapp
- https://10.1.2.254/103 => https://10.1.1.103/myapp
如何使多个 ProxyPass/ProxyPassReverse 工作?
ProxyPass /101 https://10.1.1.101/myapp
ProxyPassReverse /101 https://10.1.1.101/myapp
ProxyPass /myapp https://10.1.1.101/myapp
ProxyPassReverse /myapp https://10.1.1.101/myapp
ProxyPass /102 https://10.1.1.102/myapp
ProxyPassReverse /102 https://10.1.1.102/myapp
ProxyPass /myapp https://10.1.1.102/myapp
ProxyPassReverse /myapp https://10.1.1.102/myapp
ProxyPass /103 https://10.1.1.103/myapp
ProxyPassReverse /103 https://10.1.1.103/myapp
ProxyPass /myapp https://10.1.1.103/myapp
ProxyPassReverse /myapp https://10.1.1.103/myapp
答案1
答案是关闭 ProxyPreserveHost 然后我可以删除所有行 ProxyPass /myapp 和 ProxyPassReverse /myapp