请帮忙,我一直尝试配置 httpd,但没有成功。我需要以下行为:
- 如果我访问https://example.org/,https://example.org/anything/.../...-> 我需要代理到 localhost:8080 (tomcat),并在 http 请求中保留主机名“example.org”
ProxyPreserveHost On - 如果我访问https://example.org/api/system-a/... -> 我需要代理到外部服务器,而无需在 http 请求中保留主机名“example.org”
ProxyPreserveHost Off
两个 URL 的 SSL 设置、主机名、端口等应该相同...
我在 httpd 中找不到解决方案(在 nginx 中,您只需将指令从配置部分移出或移至proxy_set_header Host $host/$proxy_host下一级,但在 httpd 中,据我所知没有这样的事情)。我无法运行具有相同服务器名称和端口的 2 个虚拟主机...httpserverlocation
Listen 443 https
<VirtualHost *:443>
ServerName example.org
SSLEngine On
SSLProxyEngine On
ProxyErrorOverride On
ProxyPreserveHost On
ProxyRequests Off
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass /api/system-a/ https://external-domain.example2.org/system-a/
ProxyPassReverse /api/system-a/ https://external-domain.example2.org/system-a/
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
SSLEngine On
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 +TLSv1.2
SSLCipherSuite HIGH:!aNULL:!MD5
SSLHonorCipherOrder On
RequestHeader set X-Forwarded-Proto "https"
SSLCompression off
SSLSessionTickets Off
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
#websockets
RewriteEngine On
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:8080%{REQUEST_URI} [P]
ProxyPass /websocket/ "ws://localhost:8080/websocket/"
ProxyPassReverse /websocket/ "ws://localhost:8080/websocket/"
</VirtualHost>
答案1
解决方案是关闭部分中的“ProxyPreserveHost”...
ProxyPreserveHost On
<Location "/api">
ProxyPreserveHost Off
ProxyErrorOverride Off
</Location>
ProxyPass /api/system-a/ https://external-domain.example2.org/system-a/
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/