apache虚拟主机proxypass不适用于https中的根url

jaxagkaj  于 2021-07-23  发布在  Java
关注(0)|答案(1)|浏览(383)

我为force https编写了这些虚拟主机条目,并将请求代理给运行在本地8080的javaspring jsf应用程序的嵌入式tomcat。它适用于子目录,如 https://my.site.com/something.jsf 但不是根https域 https://my.site.com ,那就转到 index.html (没有域前缀)。
用于http请求 http://my.site.com 它正确地重定向到https,没有任何问题。
当我刚刚 *:80 用同样的proxypass,效果很好。

<VirtualHost *:80>
        ServerName my.site.com
        RedirectPermanent / https://my.site.com/
</VirtualHost>

<VirtualHost *:443>
        ServerName my.site.com
        ServerAlias my.site.com
        ProxyPreserveHost On
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/
        SSLEngine On
        SSLCertificateFile /etc/pki/tls/certs/localhost.crt
</VirtualHost>

httpd访问日志:
对根用户的https请求生成以下日志行:

201.8.25.80 - - [12/Feb/2021:14:37:21 -0300] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36"

httpd错误日志中未报告任何错误。
tomcat日志:
我在应用程序日志中得到了这个stacktrace,但我不确定它是否相关,因为每次调用根https时都没有记录它。

INFO 3093 --- [http-nio-8080-exec-3] o.apache.coyote.http11.Http11Processor   : Error parsing HTTP request header
 Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.

java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
    at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:479) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:684) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na]
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
    at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]

我一直在为这种行为寻找可能的解决方案和原因,但一无所获。。。如果有人能帮忙,我会很感激的。

esbemjvw

esbemjvw1#

我没有发现为什么请求根在https是错误的重定向。但通过添加一个 <LocationMatch> 匹配到根并重定向到 index.jsf ,保留代理指令,如下所示:

<VirtualHost *:443>
        ServerName my.site.com
        SSLEngine On
        SSLCertificateFile /etc/pki/tls/certs/localhost.crt

        <LocationMatch "^/?$">
                Redirect / /index.jsf
        </LocationMatch>

        ProxyPreserveHost On
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/
</VirtualHost>

相关问题