Centos 7、Apache 2.4、TomCat 7.0.52、Java 1.7
我正在尝试配置Apache以使用HTTPS代理Tomcat服务器(运行Jira / Confluence):
(HTTPS:443)-> ApacheServer ->(HTTP:8090 or HTTPS:8091)TomCat
目前HTTP代理工作得很好,但我想让HTTPS工作。我不介意Apache和Tomcat之间的连接是否是SSL(在同一台服务器上)。
当我访问https://confluence.company.co.uk/时,我得到的是/var/www/html/index. html而不是代理。
下面是来自tomcat的Server.xml:
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="200" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" />
<Connector port="8091" proxyPort="443" proxyName="confluence.company.co.uk" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" protocol="HTTP/1.1"
redirectPort="8443" useBodyEncodingForURI="true" scheme="https" secure="true" />Apache中的/etc/httpd/conf.d/ssl.conf中的行已更改:
ServerName confluence.company.co.uk:443
SSLCertificateFile /etc/pki/tls/certs/company.pem
SSLCertificateKeyFile /etc/pki/tls/private/company.keyApache VHost配置(在/etc/httpd/conf.d/proxy_vhost.conf中):
<VirtualHost *:80>
ServerName confluence.company.co.uk
ProxyRequests Off
<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy>
<Location />
AuthType Basic
AuthName "Proxy Auth"
AuthUserFile /var/www/company-auth/CONFLUENCE/.htpasswd
Require user ukuser
Satisfy any
Deny from all
Allow from 192.168.0.0/21
</Location>
ProxyPreserveHost On
ProxyPass / http://confluence.company.co.uk:8090/
ProxyPassReverse / http://confluence.company.co.uk:8090/
</VirtualHost>
<VirtualHost *:443>
SSLProxyEngine On
ProxyRequests Off
<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy>
ProxyPreserveHost On
ProxyPass / https://confluence.company.co.uk:8091/
ProxyPassReverse / https://confluence.company.co.uk:8091/
</VirtualHost>更新
httpd.conf:http://pastebin.com/4bzwKLac ssl.conf:http://pastebin.com/M5FpJTMz
当我在HTTPS vhost中包含ServerName时,httpd不会启动,并且我得到以下错误:
systemctl status httpd
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
Active: failed (Result: exit-code) since Wed 2015-07-22 13:00:22 BST; 7s ago
Process: 25953 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 15243 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
Process: 25951 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 25951 (code=exited, status=1/FAILURE)
Jul 22 13:00:21 confluence.syzygy.co.uk systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jul 22 13:00:22 confluence.syzygy.co.uk kill[25953]: kill: cannot find process ""
Jul 22 13:00:22 confluence.syzygy.co.uk systemd[1]: httpd.service: control process exited, code=exited status=1
Jul 22 13:00:22 confluence.syzygy.co.uk systemd[1]: Failed to start The Apache HTTP Server.
Jul 22 13:00:22 confluence.syzygy.co.uk systemd[1]: Unit httpd.service entered failed state.日志中似乎没有任何相关内容,除了:
[ssl:warn] [pid 25447] AH01916: Init: (confluence.company.co.uk:443) You configured HTTP(80) on the standard HTTPS(443) port!与HTTPd未启动分开发生
更新2
所以我把下面的代码移到ssl.conf的vhost中来解决这个问题:
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://confluence.company.co.uk:8091/
ProxyPassReverse / http://confluence.company.co.uk:8091/为什么我不能有它在我的单独的虚拟主机?
1条答案
按热度按时间gcuhipw91#
您忘记将
ServerName confluence.company.co.uk添加到433 vhost。这可能会导致httpd默认为不同的TLS vhost。