springboot+apache反向代理：这种主机和端口的组合需要tls

我所拥有的：
我有一个SpringBoot应用程序作为docker映像在私有注册表中
ssl证书来自let's encrypt
我运行了以下命令： wget https://dl.eff.org/certbot-auto （获取certbot） chmod a+x certbot-auto （执行） ./certbot-auto （运行它） openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomcat -CAfile chain.pem -caname root （转换为与spring boot兼容的键）
在我的spring boot应用程序中，我将以下条目添加到属性：

security.require-ssl=true
server.ssl.key-store={key_store_location}
server.ssl.key-store-password={key_store_password}
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat

此时，我可以通过以下方式访问我的应用程序：https://example.com：8080/证书有效。
然后我做这个：我的 /etc/apache2/sites-enabled/000-default.conf 文件如下所示：

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

ServerAdmin webmaster@localhost
ServerName {domain}

SSLEngine on
SSLProxyEngine On
SSLProtocol All -SSLv2 -SSLv3 # Disable SSL versions with POODLE vulnerability

SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem

ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8080/
ProxyPassReverse / https://localhost:8080/

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

在我启动apache2并打开https://example.com/ 我明白了

Bad Request
This combination of host and port requires TLS.

但是，如果我进去https://example.com：80/一切正常。
所以我的问题是：我需要做些什么来摆脱港口，然后https://example.com/ 去上班？
谢谢您。
编辑：在我按照建议添加了443之后，问题仍然是相同的错误。
完整配置文件：

<VirtualHost *:80>
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

        ServerAdmin webmaster@localhost
        ServerName example.com

        SSLEngine on
        SSLProxyEngine On
        SSLProtocol All -SSLv2 -SSLv3

        SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
        SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem

        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass / https://localhost:8080/
        ProxyPassReverse / https://localhost:8080/

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

<VirtualHost *:443>
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

        ServerAdmin webmaster@localhost
        ServerName example.com

        SSLEngine on
        SSLProxyEngine On
        SSLProtocol All -SSLv2 -SSLv3

        SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
        SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem

        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass / https://localhost:8080/
        ProxyPassReverse / https://localhost:8080/

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

默认https端口为443。请为443创建sslvirtualhost并在virtualhost和test中添加所有条目。

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Listen 443 https
<VirtualHost Apache-IP:443>
ServerAdmin webmaster@localhost
ServerName {domain}

SSLEngine on
SSLProxyEngine On
SSLProtocol All -SSLv2 -SSLv3 # Disable SSL versions with POODLE vulnerability

SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem

ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8080/
ProxyPassReverse / https://localhost:8080/

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

springboot+apache反向代理：这种主机和端口的组合需要tls

1条答案

相关问题

热门标签

最新问答