Apache Httpd 反向代理配置 (笔记)
Apache Httpd 配置Http反向代理
打开配置文件 httpd.conf
先启动相关模块(去掉前面的注释#)
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
然后在文件最后加上
Listen 443 <VirtualHost *:443> ServerName example ServerAlias example ProxyRequests off <Proxy *> Order allow,deny Allow from all </Proxy> ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/ SSLEngine on SSLProxyEngine on SSLCertificateFile C:/Software/Apache2.2/_ssh/server.crt SSLCertificateKeyFile C:/Software/Apache2.2/_ssh/server.key </VirtualHost>
如果是 Apache与应用服务器(tomcat)结合,可以使用AJP协议
Listen 9009 <VirtualHost *:9009> ServerName example ServerAlias example ProxyRequests off <Proxy *> Order allow,deny Allow from all </Proxy> ProxyPass / ajp://127.0.0.1:8009/ ProxyPassReverse / ajp://127.0.0.1:8009/ SSLEngine on SSLProxyEngine on SSLCertificateFile C:/Software/Apache2.2/_ssh/server.crt SSLCertificateKeyFile C:/Software/Apache2.2/_ssh/server.key </VirtualHost>
证书制作:
私钥
openssl genrsa -des3 -out server.key 1024
签名请求证书(CSR)
openssl req -new -key server.key -out server.csr
去掉口令
cp server.key server.key.org openssl rsa -in server.key.org -out server.key
cp 是拷贝命令,如果是win环境,使用copy命令
使用上述私钥和CSR创建标记证书
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
tomcat 开启HTTPS方式
编辑 conf\server.xml ,修改其中配置
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="D:/tomcat-8/_ssl/ssl_demo.jks" keystorePass="password" />
jks证书制作 (使用JDK的keytool工具)
keytool -genkey -alias ssl_demo -keyalg RSA -keysize 1024 -keystore ssl_demo.jks -validity 365