Centos 7,Apache 2.4,TomCat 7.0.52,Java 1.7
我正在尝试使用HTTPSconfigurationApache来代理一个tomcat服务器(运行Jira / Confluence):
(HTTPS:443) – > ApacheServer – >(HTTP:8090或HTTPS:8091)TomCat
目前HTTP代理工作完美,但我想获得HTTPS的工作。 我不介意Apache和Tomcat之间的连接是SSL(在同一台服务器上)。
当我访问https://confluence.company.co.uk/我得到/var/www/html/index.html而不是代理。
这里是tomcat的Server.xml:
<Connector port="8090" connectionTimeout="20000" redirectPort="8443" maxThreads="200" minSpareThreads="10" enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" /> <Connector port="8091" proxyPort="443" proxyName="confluence.company.co.uk" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true" scheme="https" secure="true" /> 行从Apache的默认/etc/httpd/conf.d/ssl.conf中更改:
ServerName confluence.company.co.uk:443 SSLCertificateFile /etc/pki/tls/certs/company.pem SSLCertificateKeyFile /etc/pki/tls/private/company.key
Apache VHostconfiguration(在/etc/httpd/conf.d/proxy_vhost.conf中):
<VirtualHost *:80> ServerName confluence.company.co.uk ProxyRequests Off <Proxy *> Order deny,allow Deny from all Allow from all </Proxy> <Location /> AuthType Basic AuthName "Proxy Auth" AuthUserFile /var/www/company-auth/CONFLUENCE/.htpasswd Require user ukuser Satisfy any Deny from all Allow from 192.168.0.0/21 </Location> ProxyPreserveHost On ProxyPass / http://confluence.company.co.uk:8090/ ProxyPassReverse / http://confluence.company.co.uk:8090/ </VirtualHost> <VirtualHost *:443> SSLProxyEngine On ProxyRequests Off <Proxy *> Order deny,allow Deny from all Allow from all </Proxy> ProxyPreserveHost On ProxyPass / https://confluence.company.co.uk:8091/ ProxyPassReverse / https://confluence.company.co.uk:8091/ </VirtualHost>
我build议你在Tomcat和Apache httpd中启用AJP连接器。 这个二进制协议专用于Java HTTP代理。 使用它可以节省您的configuration时间和精力,降低带宽和资源需求。
顺便说一下, <Proxy *>指令在反向代理上是不相关的。