Apache Web 服务器端口 433 和 Tomcat 端口 8080,重定向不起作用

Apache Web 服务器端口 433 和 Tomcat 端口 8080,重定向不起作用

我的 Apache Web 服务器在端口 433 上运行,使用 https 协议。我希望在端口 8080 上运行 Tomcat,因为不需要额外的加密,Tomcat 在同一台机器上,所以我不需要端口 8433。但是当我通过 转发流量从 433 到 8080 时,iptables我收到一个错误:此站点无法提供安全连接

ERR_SSL_PROTOCOL_ERROR

为了使其工作,我需要在 tomcat server.xml 和 apache.conf 中进行哪些配置?

    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               URIEncoding="UTF-8"
               redirectPort="8443" />
    
    <!-- A "Connector" using the shared thread pool-->
    
    <Connector executor="tomcatThreadPool"
               port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
<!-- I've tried this before when I thought I need an SSL for Tomcat. I think it's irrelevant now -->
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
                         certificateFile="conf/localhost-rsa-cert.pem"
                         certificateChainFile="conf/localhost-rsa-chain.pem"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

在 httpd.conf 中

<VirtualHost *:80>
     ServerAdmin root@localhost
     DocumentRoot "/var/www/html"
     DirectoryIndex index.html
     ServerName mydomain.zone
     ErrorLog "/var/log/httpd/mydomain.zone.error_log"
     CustomLog "/var/log/httpd/mydomain.zone.access_log" common
RewriteEngine on
RewriteCond %{SERVER_NAME} =mydomain.zone
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Include /etc/httpd/conf/httpd-le-ssl.conf

编辑:我按照建议尝试了ProxyPass "/" "http://mydomain.zone:8080/"ProxyPassReverse "/" "http://mydomain.zone:8080/"。问题依然存在。

我想知道我之前是否iptables实施过任何规则,但似乎没有。这些是当前活动的 iptables 规则:

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N FORWARD_IN_ZONES
-N FORWARD_IN_ZONES_SOURCE
-N FORWARD_OUT_ZONES
-N FORWARD_OUT_ZONES_SOURCE
-N FORWARD_direct
-N FWDI_trusted
-N FWDI_trusted_allow
-N FWDI_trusted_deny
-N FWDI_trusted_log
-N FWDO_trusted
-N FWDO_trusted_allow
-N FWDO_trusted_deny
-N FWDO_trusted_log
-N INPUT_ZONES
-N INPUT_ZONES_SOURCE
-N INPUT_direct
-N IN_trusted
-N IN_trusted_allow
-N IN_trusted_deny
-N IN_trusted_log
-N OUTPUT_direct
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES_SOURCE
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES_SOURCE
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES_SOURCE
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j OUTPUT_direct
-A FORWARD_IN_ZONES -i eth0 -g FWDI_trusted
-A FORWARD_IN_ZONES -g FWDI_trusted
-A FORWARD_OUT_ZONES -o eth0 -g FWDO_trusted
-A FORWARD_OUT_ZONES -g FWDO_trusted
-A FWDI_trusted -j FWDI_trusted_log
-A FWDI_trusted -j FWDI_trusted_deny
-A FWDI_trusted -j FWDI_trusted_allow
-A FWDI_trusted -j ACCEPT
-A FWDO_trusted -j FWDO_trusted_log
-A FWDO_trusted -j FWDO_trusted_deny
-A FWDO_trusted -j FWDO_trusted_allow
-A FWDO_trusted -j ACCEPT
-A INPUT_ZONES -i eth0 -g IN_trusted
-A INPUT_ZONES -g IN_trusted
-A IN_trusted -j IN_trusted_log
-A IN_trusted -j IN_trusted_deny
-A IN_trusted -j IN_trusted_allow
-A IN_trusted -j ACCEPT

答案1

使用代理传递而不是使用 iptables 进行端口转发

答案2

ProxyPass "/" "http://www.example.com/" ProxyPassReverse "/" "http://www.example.com/"

按照上面所述修改你的代理密码

相关内容