带有 SSL 和 Apache 反向代理的 Grafana 持续重定向

2024-6-1 • tag-icon

我正在尝试将我的 Grafana 安装从非 SSL 链接移至 SSL 链接。它位于 Apache 反向代理后面，在我尝试设置 SSL 之前运行良好。

我见过很多教程这个，这就是我所做的。

我的 Apache 配置如下所示（域名更改为example.com）

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName grafana.example.com
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L]

    ErrorLog /var/log/apache2/grafana.example.com-error_log
    CustomLog /var/log/apache2/grafana.example.com-access_log common
</VirtualHost>

<VirtualHost *:443>
    ServerName grafana.example.com
    ServerSignature Off

    SSLEngine on
    SSLCertificateFile /opt/repos/dehydrated/certs/grafana.example.com/cert.pem
    SSLCertificateKeyFile /opt/repos/dehydrated/certs/grafana.example.com/privkey.pem
    SSLCertificateChainFile /opt/repos/dehydrated/certs/grafana.example.com/chain.pem
    <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
    </IfModule>

    ProxyPreserveHost On
    ProxyPass / http://0.0.0.0:3000/
    ProxyPassReverse / http://0.0.0.0:3000/

    ErrorLog /var/log/apache2/grafana.example.com-error_log
    CustomLog /var/log/apache2/grafana.example.com-access_log common

 </VirtualHost>

在我的代码中，grafana.ini我只更改了以下内容。其他所有内容仍被注释掉并使用默认值：

domain = grafana.example.com
root_url = https://grafana.example.com

我的 grafana.log 文件中没有错误，并且它按预期启动。它以以下内容结尾：

t=2019-05-30T14:51:31-0500 lvl=info msg="HTTP Server Listen" logger=http.server address=0.0.0.0:3000 protocol=http subUrl= socket=

我的 DNS 条目和 SSL 证书已正确安装。

如果我访问完整 URL ( grafana.example.com)，Apache 会执行大量重定向，然后请求会失败，Chrome 会报告发生了太多重定向。我的访问日志如下所示（已清除 IP）

162.158.xxx.xxx - - [30/May/2019:14:51:57 -0500] "GET /?orgId=1 HTTP/1.1" 302 581
162.158.xxx.xxx - - [30/May/2019:14:51:57 -0500] "GET /?orgId=1 HTTP/1.1" 302 581
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 581
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 581
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:59 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:59 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:59 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:59 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:59 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:59 -0500] "GET /?orgId=1 HTTP/1.1" 302 580

我的 apache 错误日志中没有错误。

在尝试转向 SSL 之前，我的虚拟主机看起来像这样并且按预期工作：

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName grafana.example.com
    ProxyPreserveHost On
    ProxyPass / http://0.0.0.0:3000/
    ProxyPassReverse / http://0.0.0.0:3000/


    ErrorLog /var/log/apache2/grafana.example.com-error_log
    CustomLog /var/log/apache2/grafana.example.com-access_log common
</VirtualHost>

我的apache2ctl -S输出如下（再次，清除了域）。我的另一个 SSL 虚拟主机指向 GitLab 实例，并且运行正常：

VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server default (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost default (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost repos.example.com (/etc/apache2/sites-enabled/gitlab.conf:18)
         port 80 namevhost grafana.example.com (/etc/apache2/sites-enabled/grafana.conf:1)
*:443                  is a NameVirtualHost
         default server repos.example.com (/etc/apache2/sites-enabled/gitlab.conf:27)
         port 443 namevhost repos.example.com (/etc/apache2/sites-enabled/gitlab.conf:27)
         port 443 namevhost grafana.example.com (/etc/apache2/sites-enabled/grafana.conf:13)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
Mutex mpm-accept: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33 not_used
Group: name="www-data" id=33 not_used

我需要做什么才能使用 Apache 作为反向代理并使用 SSL 连接到 Grafana？

相关内容