apache 2.4 httpd 2.4.6 reverse proxy backend services for HTTPS https based centos7

Others 2019-09-05 16:40:05 views: null

Demand Scenario: apache by accessing the address of http, https reverse proxy to access back-end services, but only a particular path with only a reverse proxy module

Configuration is as follows

. 1 the listen 8182 
2  
. 3 <VirtualHost *: 8182 >
 . 4      # mailbox administrator can not easily fill the instruction
 . 5      the ServerAdmin webmaster @ dummy- host.example.com
 . 6      # domain names into IP addresses
 . 7      ServerName native IP
 . 8  
. 9      <* the Proxy>
 10          the Order deny, the allow
 11          the Allow from All
 12      </ proxy>
 13      SSLProxyEngine the On #https agent most critical is this
 14      ProxyPreserveHost the On
 15      ProxyRequests closed forward proxy Off #
 16      #ProxyPassMatch ^ / foo / bar HTTPS:// 123.123.123.2 # 443 written so 
17      ProxyPassMatch ^ / foo / bar HTTPS: // 123.123.123.2:6079 (if port 443 is not added, or the connection is not on, you can turn on debug-level logging can open httpd.conf see) 
18      ProxyPass /! # represents the path forward is not matching the above does not take the default DocumentRoot the httpd.conf 
 19      ProxyPassReverse /! # represents the path forward is not matching the above does not take the default DocumentRoot the httpd.conf
 20      ErrorLog / var / log / the httpd / test_error_log
 21 is      the CustomLog / var / log / the httpd / test_access_log Combined
 22 is </ VirtualHost

Show results

curl http: // local ip: 8182 / foo / bar / 123

It will be forwarded to the backend

Demonstration logs, need httpd to open debug log level in httpd.conf restart l can repair

[Thu Sep 05 11:04:27.575036 2019] [authz_core:debug] [pid 976] mod_authz_core.c(835): [client 192.168.10.30:51464] AH01628: authorization result: granted (no directives)
[Thu Sep 05 11:04:27.575188 2019] [proxy:debug] [pid 976] mod_proxy.c(1123): [client 192.168.10.30:51464] AH01143: Running scheme https handler (attempt 0)
[Thu Sep 05 11:04:27.575197 2019] [proxy_ajp:debug] [pid 976] mod_proxy_ajp.c(722): [client 192.168.10.30:51464] AH00894: declining URL https://123.123.123.2/foo/bar/getFPInfoByNSRSBH
[Thu Sep 05 11:04:27.575203 2019] [proxy_fcgi:debug] [pid 976] mod_proxy_fcgi.c(972): [client 192.168.10.30:51464] AH01076: url: https://123.123.123.2/foo/bar/getFPInfoByNSRSBH proxyname: (null) proxyport: 0
[Thu Sep 05 11:04:27.575207 2019] [proxy_fcgi:debug] [pid 976] mod_proxy_fcgi.c(975): [client 192.168.10.30:51464] AH01077: declining URL https://123.123.123.2/foo/bar/getFPInfoByNSRSBH
[Thu Sep 05 11:04:27.575221 2019] [proxy:debug] [pid 976] proxy_util.c(2203): AH00942: HTTPS: has acquired connection for (123.123.123.2)
[Thu Sep 05 11:04:27.575229 2019] [proxy:debug] [pid 976] proxy_util.c(2256): [client 192.168.10.30:51464] AH00944: connecting https://123.123.123.2/foo/bar/getFPInfoByNSRSBH to 123.123.123.2:443
[Thu Sep 05 11:04:27.575321 2019] [proxy:debug] [pid 976] proxy_util.c(2426): [client 192.168.10.30:51464] AH00947: connected /foo/bar/getFPInfoByNSRSBH to 123.123.123.2:443
[Thu Sep 05 11:04:27.581116 2019] [proxy:debug] [pid 976] proxy_util.c(2802): AH02824: HTTPS: connection established with 123.123.123.2:443 (123.123.123.2)
[Thu Sep 05 11:04:27.581151 2019] [proxy:debug] [pid 976] proxy_util.c(2942): AH00962: HTTPS: connection complete to 123.123.123.2:443 (123.123.123.2)
[Thu Sep 05 11:04:27.581161 2019] [ssl:info] [pid 976] [remote 123.123.123.2:443] AH01964: Connection to child 0 established (server 192.168.10.30:80)
[Thu Sep 05 11:04:27.598908 2019] [ssl:debug] [pid 976] ssl_engine_kernel.c(1360): [remote 123.123.123.2:443] AH02275: Certificate Verification, depth 1, CRL checking mode: none [subject: CN=Encryption Everywhere DV TLS CA - G1,OU=www.digicert.com,O=DigiCert Inc,C=US / issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US / serial: 0279AC458BC1B245ABF98053CD2C9BB1 / notbefore: Nov 27 12:46:10 2017 GMT / notafter: Nov 27 12:46:10 2027 GMT]
[Thu Sep 05 11:04:27.599201 2019] [ssl:debug] [pid 976] ssl_engine_kernel.c(1360): [remote 123.123.123.2:443] AH02275: Certificate Verification, depth 0, CRL checking mode: none [subject: CN=*.ele-cloud.com / issuer: CN=Encryption Everywhere DV TLS CA - G1,OU=www.digicert.com,O=DigiCert Inc,C=US / serial: 01B4CA2CA4522D242C3055C4C5920F94 / notbefore: Aug 20 00:00:00 2019 GMT / notafter: Aug 19 12:00:00 2020 GMT]
[Thu Sep 05 11:04:27.610271 2019] [ssl:debug] [pid 976] ssl_engine_kernel.c(1824): [remote 123.123.123.2:443] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-SHA256 (128/128 bits)
[Thu Sep 05 11:04:27.760324 2019] [proxy:debug] [pid 985] proxy_util.c(1843): AH00925: initializing worker https://123.123.123.2 shared
[Thu Sep 05 11:04:27.760336 2019] [proxy:debug] [pid 985] proxy_util.c(1885): AH00927: initializing worker https://123.123.123.2 local
[Thu Sep 05 11:04:27.760353 2019] [proxy:debug] [pid 985] proxy_util.c(1936): AH00931: initialized single connection worker in child 985 for (123.123.123.2)
[Thu Sep 05 11:04:28.238290 2019] [proxy:debug] [pid 976] proxy_util.c(2218): AH00943: https: has released connection for (123.123.123.2)

 

Incidentally record reverse proxy http

 

[root @ OC conf.d] # vim vhost.conf 

the listen 8182


 
<VirtualHost *: 8182 > 

    # administrator mailbox 

    ServerAdmin webmaster @ dummy - host.example.com 

    # domain name 

    ServerName native ip

  



     <Proxy *> 

        the Order deny, the allow 

        the Allow from All

     </ proxy> 

 

    ProxyPreserveHost the On 

    ProxyRequests Off # closed forward proxy 

    ProxyPassMatch ^ / recipt / checkFp HTTP: // 123.48.78.9:8080 # default port 80, the port does not need to fill 

    ProxyPass /! 

    ProxyPassReverse /! 

    ErrorLog / var / log / httpd /test_error_log

    CustomLog /var/log/httpd/test_access_log combined

</VirtualHost>

 

 

The reverse proxy does not filter path

[root @ OC conf.d] # vim vhost.conf 
the listen 8182
 
<VirtualHost *: 8182 > 
    # administrator mailbox 
    ServerAdmin webmaster @ dummy - host.example.com 
    # domain name 
    ServerName native ip
  

     <Proxy *> 
        the Order deny, the allow 
        the Allow from All
     </ proxy> 
 
    ProxyPreserveHost the On 
    ProxyRequests Off # closed forward proxy 
    
    ProxyPass / HTTP: // 123.48.78.9:8080 
    ProxyPassReverse / HTTP: // 123.48.78.9:8080 
    ErrorLog / var / log / httpd / test_error_log 
    CustomLog /var/log/httpd/test_access_log combined
</VirtualHost>

 

 

 

Guess you like

Origin www.cnblogs.com/muzhifei/p/11465000.html
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com