如何对 Redis 实例进行正确的反向代理?

如何对 Redis 实例进行正确的反向代理?

我正在运行一个名为安巴尔在 (Samba) 文件服务器上。我希望网络中的用户能够自由、安全地搜索文档。由于 Ambar 在 HTTP 上运行,并且服务器上之前已经有 Apache,因此我决定通过端口 443 设置 Ambar 的反向代理。人们可能会认为这应该很简单,但事实并非如此,显然 Ambar(在 Redis 上运行)说了以下内容:

Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted. (取自docker-compose日志)。

我可以访问应用程序的 GUI,但无法在那里执行任何操作。无论如何,这是一件好事,因为至少我知道这不是证书问题。

这是我的 Apache 配置:

LoadModule ssl_module modules/mod_ssl.so


<VirtualHost *:443>
    ServerName ambar.internal

    ProxyPreserveHost On
    ProxyPass / http://ambar.internal:1000/
    ProxyPassReverse / http://ambar.internal:1000/

    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/ambar.crt
    SSLCertificateKeyFile /etc/ssl/private/ambar.pem
</VirtualHost>

编辑:从另一台机器激活 SSL/TLS 的反向代理也不起作用。

由于整个应用程序都带有现成的 Docker 容器,因此手动修改 Ambar 软件包并不是一个好主意。因此,我的下一个尝试是在文件中设置 SSL docker-compose.yml,但难道不应该有办法通过老式的反向代理来实现这一点吗?

这是我的docker-compose.yml:

version: "2.1"
networks:
  internal_network:
services:
  db:
    restart: always
    networks:
      - internal_network
    image: ambar/ambar-mongodb:latest
    environment:
      - cacheSizeGB=2
    volumes:
      - /opt/ambar/db:/data/db
    expose:
      - "27017"
  es:
    restart: always
    networks:
      - internal_network
    image: ambar/ambar-es:latest
    expose:
      - "9200"
    environment:
      - cluster.name=ambar-es
      - ES_JAVA_OPTS=-Xms2g -Xmx2g
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    cap_add:
      - IPC_LOCK
    volumes:
      - /opt/ambar/es:/usr/share/elasticsearch/data
  rabbit:
    restart: always
    networks:
      - internal_network
    image: ambar/ambar-rabbit:latest
    hostname: rabbit
    expose:
      - "15672"
      - "5672"
    volumes:
      - /opt/ambar/rabbit:/var/lib/rabbitmq
  redis:
    restart: always
    sysctls:
      - net.core.somaxconn=1024
    networks:
      - internal_network
    image: ambar/ambar-redis:latest
    expose:
      - "6379"
  serviceapi:
    depends_on:
      redis:
        condition: service_healthy
      rabbit:
        condition: service_healthy
      es:
        condition: service_healthy
      db:
        condition: service_healthy
    restart: always
    networks:
      - internal_network
    image: ambar/ambar-serviceapi:latest
    expose:
      - "8081"
    environment:
      - mongoDbUrl=mongodb://db:27017/ambar_data
      - elasticSearchUrl=http://es:9200
      - redisHost=redis
      - redisPort=6379
      - rabbitHost=amqp://rabbit
      - langAnalyzer=ambar_en
  webapi:
    depends_on:
      serviceapi:
        condition: service_healthy
    restart: always
    networks:
      - internal_network
    image: ambar/ambar-webapi:latest
    expose:
      - "8080"
    ports:
      - "8080:8080"
    environment:
      - uiLang=en
      - mongoDbUrl=mongodb://db:27017/ambar_data
      - elasticSearchUrl=http://es:9200
      - redisHost=redis
      - redisPort=6379
      - serviceApiUrl=http://serviceapi:8081
      - rabbitHost=amqp://rabbit
  frontend:
    depends_on:
      webapi:
        condition: service_healthy
    image: ambar/ambar-frontend:latest
    restart: always
    networks:
      - internal_network
    ports:
      - "1000:80"
    expose:
      - "1000"
    environment:
      - api=http://192.168.123.123:8080
  pipeline0:
    depends_on:
      serviceapi:
        condition: service_healthy
    image: ambar/ambar-pipeline:latest
    restart: always
    networks:
      - internal_network
    environment:
      - id=0
      - apiUrl=http://serviceapi:8081
      - rabbit_host=amqp://rabbit
  documentation:
    depends_on:
      serviceapi:
        condition: service_healthy
    image: ambar/ambar-local-crawler
    restart: always
    networks:
      - internal_network
    expose:
      - "8082"
    environment:
      - name=documentation
      - ignoreExtensions=.{exe,dll,rar,s,so}
      - apiUrl=http://serviceapi:8081
    volumes:
      - /media/Documentation:/usr/data

相关内容