Apache2 ReverseProxy 用于 mattermost

Question 1

经过一整夜的挖掘，我找到了一种适合我的配置。

<VirtualHost *:443>
  SSLEngine on
  SSLProtocol all -SSLv2
  SSLHonorCipherOrder on
  SSLCipherSuite "ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH"
  Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
  SSLCompression Off
  SSLCertificateChainFile /etc/apache2/ssl/zcore_ORG_chain.pem
  SSLCertificateFile      /etc/apache2/ssl/zcore.intra.pem
  SSLCertificateKeyFile   /etc/apache2/ssl/zcore.intra.key.pem
  ServerName mattermost.zcore.intra
  ServerSignature Off
  ServerAlias mattermost

  ProxyPreserveHost On
  ProxyRequests Off

  RewriteEngine on
  RewriteCond %{REQUEST_URI} ^/api/v1/websocket [NC,OR]
  RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
  RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
  RewriteRule .* ws://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
  RewriteRule .* http://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
  RequestHeader set X-Forwarded-Proto "https"

  <Location /api/v1/websocket>
    Require all granted
    ProxyPassReverse http://127.0.0.1:8065
    ProxyPassReverseCookieDomain 127.0.0.1 mattermost.zcore.intra
  </Location>
  <Location />
    Require all granted
    ProxyPassReverse http://127.0.0.1:8065
    ProxyPassReverseCookieDomain 127.0.0.1 mattermost zcore.intra
  </Location>

  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
  ErrorLog /var/log/apache2/mattermost.zcore.intra/mattermost.zcore.intra_error.log
  CustomLog /var/log/apache2/mattermost.zcore.intra/mattermost.zcore.intra_forwarded.log common_forwarded
  CustomLog /var/log/apache2/mattermost.zcore.intra/mattermost.zcore.intra_access.log combined env=!dontlog
  CustomLog /var/log/apache2/mattermost.zcore.intra/mattermost.zcore.intra.log combined
</VirtualHost>
<VirtualHost *:80>
  ServerName mattermost.zcore.intra
  Redirect permanent / https://mattermost.zcore.intra
</VirtualHost>

Answer

经过一整夜的挖掘，我找到了一种适合我的配置。

<VirtualHost *:443>
  SSLEngine on
  SSLProtocol all -SSLv2
  SSLHonorCipherOrder on
  SSLCipherSuite "ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH"
  Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
  SSLCompression Off
  SSLCertificateChainFile /etc/apache2/ssl/zcore_ORG_chain.pem
  SSLCertificateFile      /etc/apache2/ssl/zcore.intra.pem
  SSLCertificateKeyFile   /etc/apache2/ssl/zcore.intra.key.pem
  ServerName mattermost.zcore.intra
  ServerSignature Off
  ServerAlias mattermost

  ProxyPreserveHost On
  ProxyRequests Off

  RewriteEngine on
  RewriteCond %{REQUEST_URI} ^/api/v1/websocket [NC,OR]
  RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
  RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
  RewriteRule .* ws://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
  RewriteRule .* http://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
  RequestHeader set X-Forwarded-Proto "https"

  <Location /api/v1/websocket>
    Require all granted
    ProxyPassReverse http://127.0.0.1:8065
    ProxyPassReverseCookieDomain 127.0.0.1 mattermost.zcore.intra
  </Location>
  <Location />
    Require all granted
    ProxyPassReverse http://127.0.0.1:8065
    ProxyPassReverseCookieDomain 127.0.0.1 mattermost zcore.intra
  </Location>

  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
  ErrorLog /var/log/apache2/mattermost.zcore.intra/mattermost.zcore.intra_error.log
  CustomLog /var/log/apache2/mattermost.zcore.intra/mattermost.zcore.intra_forwarded.log common_forwarded
  CustomLog /var/log/apache2/mattermost.zcore.intra/mattermost.zcore.intra_access.log combined env=!dontlog
  CustomLog /var/log/apache2/mattermost.zcore.intra/mattermost.zcore.intra.log combined
</VirtualHost>
<VirtualHost *:80>
  ServerName mattermost.zcore.intra
  Redirect permanent / https://mattermost.zcore.intra
</VirtualHost>

Question 2

你还需要做sudo a2enmod headers proxy_wstunnel

我的代理配置如下所示：

ProxyPreserveHost On
ProxyRequests Off

RewriteEngine On
RewriteCond %{REQUEST_URI} ^/api/v3/users/websocket [NC,OR]
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:11080%{REQUEST_URI} [P,QSA,L]
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://127.0.0.1:11080%{REQUEST_URI} [P,QSA,L]
RequestHeader set X-Forwarded-Proto "https"

  <Location /api/v3/users/websocket>
    Require all granted
    ProxyPassReverse ws://127.0.0.1:11080/api/v3/users/websocket
    ProxyPassReverseCookieDomain 127.0.0.1 xxxxxx.xx
  </Location>

  <Location />
    Require all granted
    ProxyPassReverse https://127.0.0.1:11080/
    ProxyPassReverseCookieDomain 127.0.0.1 xxxxxx.xx
  </Location>

Answer

你还需要做sudo a2enmod headers proxy_wstunnel

我的代理配置如下所示：

ProxyPreserveHost On
ProxyRequests Off

RewriteEngine On
RewriteCond %{REQUEST_URI} ^/api/v3/users/websocket [NC,OR]
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:11080%{REQUEST_URI} [P,QSA,L]
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://127.0.0.1:11080%{REQUEST_URI} [P,QSA,L]
RequestHeader set X-Forwarded-Proto "https"

  <Location /api/v3/users/websocket>
    Require all granted
    ProxyPassReverse ws://127.0.0.1:11080/api/v3/users/websocket
    ProxyPassReverseCookieDomain 127.0.0.1 xxxxxx.xx
  </Location>

  <Location />
    Require all granted
    ProxyPassReverse https://127.0.0.1:11080/
    ProxyPassReverseCookieDomain 127.0.0.1 xxxxxx.xx
  </Location>

Apache2 ReverseProxy 用于 mattermost

答案1

答案2

相关内容