mod_proxy + mod_reqrite 导致错误 502 或 502

tag-icon tag-icon mod-rewrite httpd mod-proxy
mod_proxy + mod_reqrite 导致错误 502 或 502

我有有效的 httpd 配置(反向代理),可以将请求转发到代理:

Listen 443 https

<VirtualHost *:443>
    ServerName  public-dns.example.org
    ServerAlias internal-hostname.internal

    ProxyPreserveHost On

    RewriteEngine On

    #check & block some URLs in target service
    RewriteCond %{REQUEST_URI} ^/service
    RewriteRule /service(/(api(/(([a-zA-Z_-]+)(/|/.*swagger.*)?(\.\.)?)?)?)?)?$ - [F,L]

    <Location "/service/api/">
      ProxyPreserveHost Off
      ProxyErrorOverride Off
    </Location>

    ProxyPass /service/api/ https://services.apps.cloud.example.internal/

    ProxyErrorOverride On

    SSLProxyEngine On
#START - avoid unnecessary checks in internal network - development environment
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off
#END - avoid unnecessary checks in internal network - development environment

#START - not relevant part of config (for this question)
    SSLEngine On
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
    SSLProtocol All -SSLv2 +TLSv1.2
    SSLCipherSuite HIGH:!aNULL:!MD5
    SSLHonorCipherOrder On

    SSLCompression off
    SSLSessionTickets Off
    SSLCertificateFile      /etc/ssl/certs/apache-selfsigned.crt
    SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
#END - not relevant part of config (for this question)
</VirtualHost>

我想丰富对上游服务器的请求 - 添加一个查询字符串参数,但我甚至在应用 rewriteRule 并将其转发到代理时遇到问题。

由于服务使用另一个查询字符串参数,我发现 mod_rewrite 标志 QSA 应该正确处理 ?/&...

当我添加这组重写规则时,所有 rewriteRules 尝试都会失败并出现相同的 502 代理错误。

根据 error_log,似乎 mod_proxy 没有根据上面定义的 ProxyPass 指令进行转发。

    #test - adding query parameter to proxy request

    RewriteCond %{REQUEST_URI} ^/service
# attempt 1 failed - match all under the rewriteCond "^/service", add "queryStringParam" and apply flags QSA & P (proxy)
#    RewriteRule ^(.*)$ $1?queryStringParam=example [QSA,P]
# attempt 2 failed - try the same without QSA
#    RewriteRule ^(.*)$ $1 [P]
# attempt 3/4 failed - try absolute url in target url 
#    RewriteRule ^(.*)$ %{REQUEST_SCHEME}://%{HTTP_HOST}$1?queryStringParam=example [QSA,P]
#    RewriteRule ^(.*)$ %{REQUEST_SCHEME}://%{HTTP_HOST}$1 [P]

所有尝试均因代理错误(http 502)而失败:

The proxy server received an invalid response from an upstream server. 
The proxy server could not handle the request "GET /services/api/example-service/list/".

你能给我指明正确的方向吗?谢谢

答案1

我发现标志 P 不适用于 ProxyPass 指令,而是立即转发到代理。因此目标 url 需要是上游的 url... ProxyPass 指令可以从原始配置中删除

相关内容