Yesterday, I developed a chrome plug-in browser plug-in: the plug-in automatically grabs the html code of the currently browsed page, and sends the html code to the server for parsing through ajax. The captured site is https, and our parsing is http used by ordinary tomcat. During the process, we encountered the following problems:
was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://127.0.0.1/'. This request has been blocked; the content must be served over HTTPS.
The reason is that the source site is https, my local tomcat is http, there is a cross-domain problem, so I need to use the apache proxy to wrap the local http into an https shell.
First, configure Apache to support SSL
Step 1: Configure APACHE to support SSL
Find the following two lines and remove the preceding comment #
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
Step 2: Generate certificate and private key files for the website server
C:/Program Files/Apache Software Foundation/Apache2.2/bin>openssl genrsa -out server.key 1024
Generate a server.key
Step 3: Generate Signing Application
C:/Program Files/Apache Software Foundation/Apache2.2/bin>openssl req -new -out server.csr -key server.key -config ../conf/openssl.cnf
At this point, the signature file SERVER.CSR is generated
Step 4: Generate CA private key using OPENSSL
C:/Program Files/Apache Software Foundation/Apache2.2/bin>openssl genrsa -out ca.key 1024
Extra CA.key file
Step 5: Use the CA's private key to generate the CA's self-signed certificate
C:/Program Files/Apache Software Foundation/Apache2.2/bin>openssl req -new -x509 -days 365 -key ca.key -out ca.crt -config ../conf/openssl.cnf
Step 6: Create a new demoCA directory under the bin directory, and create a new index.txt, newcerts, serial directory structure under the demoCA as follows
demoCA
|--index.txt (text, empty content)
|--newcerts(folder)
|--serial (text, content is 01)
Step 7: Prepare to sign the certificate for the website server
C:/Program Files/Apache Software Foundation/Apache2.2/bin>openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config ../conf/openssl.cnf
Generate server.crt file
Step 8: Copy server.crt server.key to the conf folder
------------------Configuring ssl FAQ--------------------
During the configuration process of win7 system 64-bit, there may be problems when restarting apache
Question 1: apache fails to restart, and the error message Syntax error on line 62 of C:/Program Files (x86)/Apache Software Foundation/Apache2.2/conf/extra/httpd-ssl.conf:
SSLSessionCache: Invalid argument: size has to be >= 8192 bytes
Solution:
Modify lines 61-63 in conf/extra/httpd-ssl.conf to the following: SSLSessionCache "dbm:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache"
# SSLSessionCache "shmcb:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
Second, set the proxy
Modify the http.cnf file
Step 1: Open proxy moduls
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules / mod_proxy_ajp.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
Step 2: Add some code
# Forward proxy switch
ProxyRequests On
ProxyVia On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# Set up reverse proxy
ProxyPass / http://127.0.0.1:8080/
# Set the reverse proxy to use the HOST of the proxy service to rewrite the Location and Content-Location in the response header of the internal origin server
ProxyPassReverse / http://127.0.0.1:8080/