如何通过 HTTPS 将 Apache 反向代理连接到远程服务器?

如何通过 HTTPS 将 Apache 反向代理连接到远程服务器?

我设置了一个 Apache 反向代理,试图通过 https 及其 IP 地址路由到远程 IIS 网站。 该网站是一个使用 Microsoft 的 Azure 身份验证的 .Net5.0 网站,因此其回复 URL 中需要 https。

我在旧的 Apache 服务器(2.2 版)上使用过这个功能,其 VirtualHost 配置如下

<VirtualHost *:80>
    ServerName subdomain.domain.com
    RewriteEngine on
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile /etc/apache2/ssl.certs/x.crt
    SSLCertificateKeyFile /etc/apache2/ssl.certs/x.key
    SSLCertificateChainFile /etc/apache2/ssl.certs/gd_bundle-g2-g1.crt
    ServerAdmin webmaster@localhost
    ServerName subdomain.domain.com
    AcceptPathInfo On
    ProxyPreserveHost On
    ProxyPass / https://192.168.1.30/
    ProxyPassReverse / https://192.168.1.30/
</VirtualHost>

在新的 Apache 服务器(版本 2.4.38)中,我有以下 VirtualHost 配置。

<VirtualHost *:80>
    ServerName subdomain.domain.com
    RewriteEngine on
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost *:443>
    ServerName subdomain.domain.com
    SSLEngine on
    ProxyRequests off
    ProxyPreserveHost on
    SSLCertificateFile /etc/apache2/ssl.certs/x.crt
    SSLCertificateKeyFile /etc/apache2/ssl.certs/x.key
    SSLCertificateChainFile /etc/apache2/ssl.certs/gd_bundle-g2-g1.crt
    SSLProxyEngine on
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off
    AcceptPathInfo on
    ProxyPass / https://192.168.1.30/
    ProxyPassReverse / https://192.168.1.30/
    ErrorLog /root/logs/error.log
</VirtualHost>

当指向我的 IIS 站点时,新服务器无法工作。但是,我使用相同的代码块指向不同的 IP 地址(这是 Linux Webshel​​l 的地址并使用上述 https)成功了

apache2ctl -S 结果:

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress thi
s message                                                                                                                                                        
VirtualHost configuration:                                                                                                                                       
*:80                   is a NameVirtualHost                                                                                                                      
         default server webserver.domain.com (/etc/apache2/sites-enabled/000-default.conf:1)                                                              
         port 80 namevhost webserver.domain.com (/etc/apache2/sites-enabled/000-default.conf:1)                                                           
         port 80 namevhost subdomain.domain.com (/etc/apache2/sites-enabled/000-default.conf:6)                                                          
         port 80 namevhost alternatesubdomain.domain.com (/etc/apache2/sites-enabled/000-default.conf:45)                                                     
*:443                  is a NameVirtualHost                                                                                                                      
         default server subdomain.domain.com (/etc/apache2/sites-enabled/000-default.conf:12)                                                            
         port 443 namevhost subdomain.domain.com (/etc/apache2/sites-enabled/000-default.conf:12)                                                      
         port 443 namevhost alternatesubdomain.domain.com (/etc/apache2/sites-enabled/000-default.conf:51)                                                    
         port 443 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/default-ssl.conf:2)                                                                            
ServerRoot: "/etc/apache2"                                                                                                                                       
Main DocumentRoot: "/var/www/html"                                                                                                                               
Main ErrorLog: "/var/log/apache2/error.log"                                                                                                                      
Mutex watchdog-callback: using_defaults                                                                                                                          
Mutex proxy-balancer-shm: using_defaults                                                                                                                         
Mutex rewrite-map: using_defaults                                                                                                                                
Mutex ssl-stapling-refresh: using_defaults                                                                                                                       
Mutex ssl-stapling: using_defaults                                                                                                                               
Mutex proxy: using_defaults                                                                                                                                      
Mutex ssl-cache: using_defaults                                                                                                                                  
Mutex default: dir="/var/run/apache2/" mechanism=default                                                                                                         
PidFile: "/var/run/apache2/apache2.pid"                                                                                                                          
Define: DUMP_VHOSTS                                                                                                                                              
Define: DUMP_RUN_CFG                                                                                                                                             
User: name="www-data" id=33                                                                                                                                      
Group: name="www-data" id=33  

相关内容