good luck! ------ 博客

apache 2.4 httpd 2.4.6 反向代理后端的服务为HTTPS https 基于centos7

需求场景:通过访问apache的http地址,反向代理访问后端的https服务,而且路径带有只能特定模块才反向代理

配置如下

 1 listen 8182
 2 
 3 <VirtualHost *:8182>
 4     #管理员邮箱 随便填 可不要此指令
 5     ServerAdmin webmaster@dummy-host.example.com
 6     #域名 为IP地址
 7     ServerName 本机ip
 8 
 9     <Proxy *>
10         Order deny,allow
11         Allow from all
12     </Proxy>
13     SSLProxyEngine On  #https代理最关键就是这个
14     ProxyPreserveHost On
15     ProxyRequests Off #关闭正向代理
16     #ProxyPassMatch ^/foo/bar https://123.123.123.2 #443端口这么写
17     ProxyPassMatch ^/foo/bar https://123.123.123.2:6079(如果是443端口不要加了,否则连接不上,可以打开httpd.conf 打开debug级别日志能看到)
18     ProxyPass / ! #表示不是上面匹配的路径不转发,走默认的httpd.conf  DocumentRoot 
19     ProxyPassReverse / ! #表示不是上面匹配的路径不转发,走默认的httpd.conf  DocumentRoot
20     ErrorLog /var/log/httpd/test_error_log
21     CustomLog /var/log/httpd/test_access_log combined
22 </VirtualHost

效果展示

curl http://本地ip:8182/foo/bar/123

会转发到后端

示范日志,需要httpd开启debug 在httpd.conf 修日志级别重启l即可

[Thu Sep 05 11:04:27.575036 2019] [authz_core:debug] [pid 976] mod_authz_core.c(835): [client 192.168.10.30:51464] AH01628: authorization result: granted (no directives)
[Thu Sep 05 11:04:27.575188 2019] [proxy:debug] [pid 976] mod_proxy.c(1123): [client 192.168.10.30:51464] AH01143: Running scheme https handler (attempt 0)
[Thu Sep 05 11:04:27.575197 2019] [proxy_ajp:debug] [pid 976] mod_proxy_ajp.c(722): [client 192.168.10.30:51464] AH00894: declining URL https://123.123.123.2/foo/bar/getFPInfoByNSRSBH
[Thu Sep 05 11:04:27.575203 2019] [proxy_fcgi:debug] [pid 976] mod_proxy_fcgi.c(972): [client 192.168.10.30:51464] AH01076: url: https://123.123.123.2/foo/bar/getFPInfoByNSRSBH proxyname: (null) proxyport: 0
[Thu Sep 05 11:04:27.575207 2019] [proxy_fcgi:debug] [pid 976] mod_proxy_fcgi.c(975): [client 192.168.10.30:51464] AH01077: declining URL https://123.123.123.2/foo/bar/getFPInfoByNSRSBH
[Thu Sep 05 11:04:27.575221 2019] [proxy:debug] [pid 976] proxy_util.c(2203): AH00942: HTTPS: has acquired connection for (123.123.123.2)
[Thu Sep 05 11:04:27.575229 2019] [proxy:debug] [pid 976] proxy_util.c(2256): [client 192.168.10.30:51464] AH00944: connecting https://123.123.123.2/foo/bar/getFPInfoByNSRSBH to 123.123.123.2:443
[Thu Sep 05 11:04:27.575321 2019] [proxy:debug] [pid 976] proxy_util.c(2426): [client 192.168.10.30:51464] AH00947: connected /foo/bar/getFPInfoByNSRSBH to 123.123.123.2:443
[Thu Sep 05 11:04:27.581116 2019] [proxy:debug] [pid 976] proxy_util.c(2802): AH02824: HTTPS: connection established with 123.123.123.2:443 (123.123.123.2)
[Thu Sep 05 11:04:27.581151 2019] [proxy:debug] [pid 976] proxy_util.c(2942): AH00962: HTTPS: connection complete to 123.123.123.2:443 (123.123.123.2)
[Thu Sep 05 11:04:27.581161 2019] [ssl:info] [pid 976] [remote 123.123.123.2:443] AH01964: Connection to child 0 established (server 192.168.10.30:80)
[Thu Sep 05 11:04:27.598908 2019] [ssl:debug] [pid 976] ssl_engine_kernel.c(1360): [remote 123.123.123.2:443] AH02275: Certificate Verification, depth 1, CRL checking mode: none [subject: CN=Encryption Everywhere DV TLS CA - G1,OU=www.digicert.com,O=DigiCert Inc,C=US / issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US / serial: 0279AC458BC1B245ABF98053CD2C9BB1 / notbefore: Nov 27 12:46:10 2017 GMT / notafter: Nov 27 12:46:10 2027 GMT]
[Thu Sep 05 11:04:27.599201 2019] [ssl:debug] [pid 976] ssl_engine_kernel.c(1360): [remote 123.123.123.2:443] AH02275: Certificate Verification, depth 0, CRL checking mode: none [subject: CN=*.ele-cloud.com / issuer: CN=Encryption Everywhere DV TLS CA - G1,OU=www.digicert.com,O=DigiCert Inc,C=US / serial: 01B4CA2CA4522D242C3055C4C5920F94 / notbefore: Aug 20 00:00:00 2019 GMT / notafter: Aug 19 12:00:00 2020 GMT]
[Thu Sep 05 11:04:27.610271 2019] [ssl:debug] [pid 976] ssl_engine_kernel.c(1824): [remote 123.123.123.2:443] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-SHA256 (128/128 bits)
[Thu Sep 05 11:04:27.760324 2019] [proxy:debug] [pid 985] proxy_util.c(1843): AH00925: initializing worker https://123.123.123.2 shared
[Thu Sep 05 11:04:27.760336 2019] [proxy:debug] [pid 985] proxy_util.c(1885): AH00927: initializing worker https://123.123.123.2 local
[Thu Sep 05 11:04:27.760353 2019] [proxy:debug] [pid 985] proxy_util.c(1936): AH00931: initialized single connection worker in child 985 for (123.123.123.2)
[Thu Sep 05 11:04:28.238290 2019] [proxy:debug] [pid 976] proxy_util.c(2218): AH00943: https: has released connection for (123.123.123.2)

 

顺便记录反向代理http

 

[root@oc conf.d]# vim vhost.conf

listen 8182



<VirtualHost *:8182>

    #管理员邮箱

    ServerAdmin webmaster@dummy-host.example.com

    #域名

    ServerName 本机ip

  



    <Proxy *>

        Order deny,allow

        Allow from all

    </Proxy>

 

    ProxyPreserveHost On

    ProxyRequests Off #关闭正向代理

    ProxyPassMatch ^/recipt/checkFp http://123.48.78.9:8080 #默认端口80,不需要填端口

    ProxyPass / !

    ProxyPassReverse / !

    ErrorLog /var/log/httpd/test_error_log

    CustomLog /var/log/httpd/test_access_log combined

</VirtualHost>

 

 

反向代理不过滤path

[root@oc conf.d]# vim vhost.conf
listen 8182

<VirtualHost *:8182>
    #管理员邮箱
    ServerAdmin webmaster@dummy-host.example.com
    #域名
    ServerName 本机ip
  

    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
 
    ProxyPreserveHost On
    ProxyRequests Off #关闭正向代理
    
    ProxyPass / http://123.48.78.9:8080
    ProxyPassReverse / http://123.48.78.9:8080
    ErrorLog /var/log/httpd/test_error_log
    CustomLog /var/log/httpd/test_access_log combined
</VirtualHost>

 

 

 

posted @ 2019-09-05 11:52  木直  阅读(2112)  评论(0编辑  收藏  举报