Demand Scenario: apache by accessing the address of http, https reverse proxy to access back-end services, but only a particular path with only a reverse proxy module
Configuration is as follows
. 1 the listen 8182 2 . 3 <VirtualHost *: 8182 > . 4 # mailbox administrator can not easily fill the instruction . 5 the ServerAdmin webmaster @ dummy- host.example.com . 6 # domain names into IP addresses . 7 ServerName native IP . 8 . 9 <* the Proxy> 10 the Order deny, the allow 11 the Allow from All 12 </ proxy> 13 SSLProxyEngine the On #https agent most critical is this 14 ProxyPreserveHost the On 15 ProxyRequests closed forward proxy Off # 16 #ProxyPassMatch ^ / foo / bar HTTPS:// 123.123.123.2 # 443 written so 17 ProxyPassMatch ^ / foo / bar HTTPS: // 123.123.123.2:6079 (if port 443 is not added, or the connection is not on, you can turn on debug-level logging can open httpd.conf see) 18 ProxyPass /! # represents the path forward is not matching the above does not take the default DocumentRoot the httpd.conf 19 ProxyPassReverse /! # represents the path forward is not matching the above does not take the default DocumentRoot the httpd.conf 20 ErrorLog / var / log / the httpd / test_error_log 21 is the CustomLog / var / log / the httpd / test_access_log Combined 22 is </ VirtualHost
Show results
curl http: // local ip: 8182 / foo / bar / 123
It will be forwarded to the backend
Demonstration logs, need httpd to open debug log level in httpd.conf restart l can repair
[Thu Sep 05 11:04:27.575036 2019] [authz_core:debug] [pid 976] mod_authz_core.c(835): [client 192.168.10.30:51464] AH01628: authorization result: granted (no directives) [Thu Sep 05 11:04:27.575188 2019] [proxy:debug] [pid 976] mod_proxy.c(1123): [client 192.168.10.30:51464] AH01143: Running scheme https handler (attempt 0) [Thu Sep 05 11:04:27.575197 2019] [proxy_ajp:debug] [pid 976] mod_proxy_ajp.c(722): [client 192.168.10.30:51464] AH00894: declining URL https://123.123.123.2/foo/bar/getFPInfoByNSRSBH [Thu Sep 05 11:04:27.575203 2019] [proxy_fcgi:debug] [pid 976] mod_proxy_fcgi.c(972): [client 192.168.10.30:51464] AH01076: url: https://123.123.123.2/foo/bar/getFPInfoByNSRSBH proxyname: (null) proxyport: 0 [Thu Sep 05 11:04:27.575207 2019] [proxy_fcgi:debug] [pid 976] mod_proxy_fcgi.c(975): [client 192.168.10.30:51464] AH01077: declining URL https://123.123.123.2/foo/bar/getFPInfoByNSRSBH [Thu Sep 05 11:04:27.575221 2019] [proxy:debug] [pid 976] proxy_util.c(2203): AH00942: HTTPS: has acquired connection for (123.123.123.2) [Thu Sep 05 11:04:27.575229 2019] [proxy:debug] [pid 976] proxy_util.c(2256): [client 192.168.10.30:51464] AH00944: connecting https://123.123.123.2/foo/bar/getFPInfoByNSRSBH to 123.123.123.2:443 [Thu Sep 05 11:04:27.575321 2019] [proxy:debug] [pid 976] proxy_util.c(2426): [client 192.168.10.30:51464] AH00947: connected /foo/bar/getFPInfoByNSRSBH to 123.123.123.2:443 [Thu Sep 05 11:04:27.581116 2019] [proxy:debug] [pid 976] proxy_util.c(2802): AH02824: HTTPS: connection established with 123.123.123.2:443 (123.123.123.2) [Thu Sep 05 11:04:27.581151 2019] [proxy:debug] [pid 976] proxy_util.c(2942): AH00962: HTTPS: connection complete to 123.123.123.2:443 (123.123.123.2) [Thu Sep 05 11:04:27.581161 2019] [ssl:info] [pid 976] [remote 123.123.123.2:443] AH01964: Connection to child 0 established (server 192.168.10.30:80) [Thu Sep 05 11:04:27.598908 2019] [ssl:debug] [pid 976] ssl_engine_kernel.c(1360): [remote 123.123.123.2:443] AH02275: Certificate Verification, depth 1, CRL checking mode: none [subject: CN=Encryption Everywhere DV TLS CA - G1,OU=www.digicert.com,O=DigiCert Inc,C=US / issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US / serial: 0279AC458BC1B245ABF98053CD2C9BB1 / notbefore: Nov 27 12:46:10 2017 GMT / notafter: Nov 27 12:46:10 2027 GMT] [Thu Sep 05 11:04:27.599201 2019] [ssl:debug] [pid 976] ssl_engine_kernel.c(1360): [remote 123.123.123.2:443] AH02275: Certificate Verification, depth 0, CRL checking mode: none [subject: CN=*.ele-cloud.com / issuer: CN=Encryption Everywhere DV TLS CA - G1,OU=www.digicert.com,O=DigiCert Inc,C=US / serial: 01B4CA2CA4522D242C3055C4C5920F94 / notbefore: Aug 20 00:00:00 2019 GMT / notafter: Aug 19 12:00:00 2020 GMT] [Thu Sep 05 11:04:27.610271 2019] [ssl:debug] [pid 976] ssl_engine_kernel.c(1824): [remote 123.123.123.2:443] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-SHA256 (128/128 bits) [Thu Sep 05 11:04:27.760324 2019] [proxy:debug] [pid 985] proxy_util.c(1843): AH00925: initializing worker https://123.123.123.2 shared [Thu Sep 05 11:04:27.760336 2019] [proxy:debug] [pid 985] proxy_util.c(1885): AH00927: initializing worker https://123.123.123.2 local [Thu Sep 05 11:04:27.760353 2019] [proxy:debug] [pid 985] proxy_util.c(1936): AH00931: initialized single connection worker in child 985 for (123.123.123.2) [Thu Sep 05 11:04:28.238290 2019] [proxy:debug] [pid 976] proxy_util.c(2218): AH00943: https: has released connection for (123.123.123.2)
Incidentally record reverse proxy http
[root @ OC conf.d] # vim vhost.conf the listen 8182 <VirtualHost *: 8182 > # administrator mailbox ServerAdmin webmaster @ dummy - host.example.com # domain name ServerName native ip <Proxy *> the Order deny, the allow the Allow from All </ proxy> ProxyPreserveHost the On ProxyRequests Off # closed forward proxy ProxyPassMatch ^ / recipt / checkFp HTTP: // 123.48.78.9:8080 # default port 80, the port does not need to fill ProxyPass /! ProxyPassReverse /! ErrorLog / var / log / httpd /test_error_log CustomLog /var/log/httpd/test_access_log combined </VirtualHost>
The reverse proxy does not filter path
[root @ OC conf.d] # vim vhost.conf the listen 8182 <VirtualHost *: 8182 > # administrator mailbox ServerAdmin webmaster @ dummy - host.example.com # domain name ServerName native ip <Proxy *> the Order deny, the allow the Allow from All </ proxy> ProxyPreserveHost the On ProxyRequests Off # closed forward proxy ProxyPass / HTTP: // 123.48.78.9:8080 ProxyPassReverse / HTTP: // 123.48.78.9:8080 ErrorLog / var / log / httpd / test_error_log CustomLog /var/log/httpd/test_access_log combined </VirtualHost>