我正在尝试将我的 Grafana 安装从非 SSL 链接移至 SSL 链接。它位于 Apache 反向代理后面,在我尝试设置 SSL 之前运行良好。
我见过很多教程这个,这就是我所做的。
我的 Apache 配置如下所示(域名更改为example.com
)
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName grafana.example.com
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L]
ErrorLog /var/log/apache2/grafana.example.com-error_log
CustomLog /var/log/apache2/grafana.example.com-access_log common
</VirtualHost>
<VirtualHost *:443>
ServerName grafana.example.com
ServerSignature Off
SSLEngine on
SSLCertificateFile /opt/repos/dehydrated/certs/grafana.example.com/cert.pem
SSLCertificateKeyFile /opt/repos/dehydrated/certs/grafana.example.com/privkey.pem
SSLCertificateChainFile /opt/repos/dehydrated/certs/grafana.example.com/chain.pem
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
ProxyPreserveHost On
ProxyPass / http://0.0.0.0:3000/
ProxyPassReverse / http://0.0.0.0:3000/
ErrorLog /var/log/apache2/grafana.example.com-error_log
CustomLog /var/log/apache2/grafana.example.com-access_log common
</VirtualHost>
在我的代码中,grafana.ini
我只更改了以下内容。其他所有内容仍被注释掉并使用默认值:
domain = grafana.example.com
root_url = https://grafana.example.com
我的 grafana.log 文件中没有错误,并且它按预期启动。它以以下内容结尾:
t=2019-05-30T14:51:31-0500 lvl=info msg="HTTP Server Listen" logger=http.server address=0.0.0.0:3000 protocol=http subUrl= socket=
我的 DNS 条目和 SSL 证书已正确安装。
如果我访问完整 URL ( grafana.example.com
),Apache 会执行大量重定向,然后请求会失败,Chrome 会报告发生了太多重定向。我的访问日志如下所示(已清除 IP)
162.158.xxx.xxx - - [30/May/2019:14:51:57 -0500] "GET /?orgId=1 HTTP/1.1" 302 581
162.158.xxx.xxx - - [30/May/2019:14:51:57 -0500] "GET /?orgId=1 HTTP/1.1" 302 581
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 581
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 581
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:59 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:59 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:59 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:59 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:59 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:59 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
我的 apache 错误日志中没有错误。
在尝试转向 SSL 之前,我的虚拟主机看起来像这样并且按预期工作:
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName grafana.example.com
ProxyPreserveHost On
ProxyPass / http://0.0.0.0:3000/
ProxyPassReverse / http://0.0.0.0:3000/
ErrorLog /var/log/apache2/grafana.example.com-error_log
CustomLog /var/log/apache2/grafana.example.com-access_log common
</VirtualHost>
我的apache2ctl -S
输出如下(再次,清除了域)。我的另一个 SSL 虚拟主机指向 GitLab 实例,并且运行正常:
VirtualHost configuration:
*:80 is a NameVirtualHost
default server default (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost default (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost repos.example.com (/etc/apache2/sites-enabled/gitlab.conf:18)
port 80 namevhost grafana.example.com (/etc/apache2/sites-enabled/grafana.conf:1)
*:443 is a NameVirtualHost
default server repos.example.com (/etc/apache2/sites-enabled/gitlab.conf:27)
port 443 namevhost repos.example.com (/etc/apache2/sites-enabled/gitlab.conf:27)
port 443 namevhost grafana.example.com (/etc/apache2/sites-enabled/grafana.conf:13)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33 not_used
Group: name="www-data" id=33 not_used
我需要做什么才能使用 Apache 作为反向代理并使用 SSL 连接到 Grafana?