我设置了一个 Apache 反向代理,试图通过 https 及其 IP 地址路由到远程 IIS 网站。 该网站是一个使用 Microsoft 的 Azure 身份验证的 .Net5.0 网站,因此其回复 URL 中需要 https。
我在旧的 Apache 服务器(2.2 版)上使用过这个功能,其 VirtualHost 配置如下
<VirtualHost *:80>
ServerName subdomain.domain.com
RewriteEngine on
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/apache2/ssl.certs/x.crt
SSLCertificateKeyFile /etc/apache2/ssl.certs/x.key
SSLCertificateChainFile /etc/apache2/ssl.certs/gd_bundle-g2-g1.crt
ServerAdmin webmaster@localhost
ServerName subdomain.domain.com
AcceptPathInfo On
ProxyPreserveHost On
ProxyPass / https://192.168.1.30/
ProxyPassReverse / https://192.168.1.30/
</VirtualHost>
在新的 Apache 服务器(版本 2.4.38)中,我有以下 VirtualHost 配置。
<VirtualHost *:80>
ServerName subdomain.domain.com
RewriteEngine on
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
<VirtualHost *:443>
ServerName subdomain.domain.com
SSLEngine on
ProxyRequests off
ProxyPreserveHost on
SSLCertificateFile /etc/apache2/ssl.certs/x.crt
SSLCertificateKeyFile /etc/apache2/ssl.certs/x.key
SSLCertificateChainFile /etc/apache2/ssl.certs/gd_bundle-g2-g1.crt
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
AcceptPathInfo on
ProxyPass / https://192.168.1.30/
ProxyPassReverse / https://192.168.1.30/
ErrorLog /root/logs/error.log
</VirtualHost>
当指向我的 IIS 站点时,新服务器无法工作。但是,我使用相同的代码块指向不同的 IP 地址(这是 Linux Webshell 的地址并使用上述 https)成功了
apache2ctl -S 结果:
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress thi
s message
VirtualHost configuration:
*:80 is a NameVirtualHost
default server webserver.domain.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost webserver.domain.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost subdomain.domain.com (/etc/apache2/sites-enabled/000-default.conf:6)
port 80 namevhost alternatesubdomain.domain.com (/etc/apache2/sites-enabled/000-default.conf:45)
*:443 is a NameVirtualHost
default server subdomain.domain.com (/etc/apache2/sites-enabled/000-default.conf:12)
port 443 namevhost subdomain.domain.com (/etc/apache2/sites-enabled/000-default.conf:12)
port 443 namevhost alternatesubdomain.domain.com (/etc/apache2/sites-enabled/000-default.conf:51)
port 443 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/default-ssl.conf:2)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33