服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 从Nginx迁移到Apache
Intereting Posts
Linux软件RAID6:重build速度慢 IBM System x3850 M2 Ubuntu服务器安装 我怎样才能分享现有的文件夹,而无需去用户 扩大无线Gnetworking范围的最佳select是什么? Ncurses或命令行替代ClusterSSH Robocopy – 更改修改date 是否有Cisco ASA设备的“show cdp neighbors”types命令? 如何在apache中设置默认的umask? 你可以使用Windows 7 WAIK和程序来形象Vista? 通过SSH转发SNMP端口 通过联系人过滤Live Messengerstream量 无法通过VPN从VM访问共享文件夹 VMware ESXi VS Citrix XenServer 垃圾邮件从我的Linux服务器 最好的方式来redirect一个坏评级的域名到一个新的?

从Nginx迁移到Apache

反向代理专家

目前,我正面临着从NGINX移植到APACHE的挑战。 我不是很有经验,尽pipe我设法编写APACHE,虽然我仍然坚持使用正确的指令(mod_proxy和mod_rewrite),以便它可以作为NGINX上的configuration。 下面是NGINX和APACHE的代码。

NGINX 

#authentication server upstream auth_servers { server 5.5.5.120:80; } upstream gate_servers { server 5.5.5.121:8020; } server { listen 443; server_name abc.example.com; ##########################SSL config file######################## ssl on; ssl_certificate /etc/nginx/ssl/abc.example.com/server.crt; ssl_certificate_key /etc/nginx/ssl/abc.example.com/server_2048.key; ssl_session_timeout 90; ssl_ciphers EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://auth_servers; } location /sap{ proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; #Fix the "It appears that your reverse proxy is broken" error. proxy_pass http://gateserver/sap; proxy_read_timeout 900; proxy_redirect http://gate_servers/sap https://5.5.5.121/; } location /ui{ proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; #Fix the "It appears that your reverse proxy is broken" error. proxy_pass http://gate_servers/ui; proxy_read_timeout 900; proxy_redirect http://gate_servers/ui https://5.5.5.121/; } error_page 404 /custom_404.html; location = /custom_404.html { root /usr/share/nginx/html; internal; } error_page 500 502 503 504 /custom_50x.html; location = /custom_50x.html{ root /usr/share/nginx/html; internal; }

APACHE 

 # General setup for the virtual host DocumentRoot /var/www/vhosts/abc.example.com ServerName abc.example.com #ServerAdmin [email protected] ErrorLog /var/log/apache2/abc.example.com-error_ssl_log TransferLog /var/log/apache2/abc.example.com-access_ssl_log # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine On SSLProxyEngine On ProxyRequests Off ProxyPreserveHost On SSLProxyCheckPeerCN Off SSLProxyCheckPeerName Off SSLVerifyClient require RequestHeader unset Accept-Encoding SSLVerifyDepth 10 SSLCertificateFile /etc/apache2/ssl.crt/server.crt AllowEncodedSlashes On ProxyPass / https://gateserver.example.com:44320/ nocanon ProxyPassReverse / https://gateserver.example.com:44320/ # SSL protocols # Supporting TLS only is adequate nowadays SSLProtocol all -SSLv2 -SSLv3 #SSL Cipher Suite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:+SSLv3 # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. # # SSLCipherSuite is commented out here as a configuration directive, # as it is already contained in /etc/apache2/ssl-global.conf . # It remains here as a comment so that it is clear that the cipher suite # can be configured inside a VirtualHost context, too. # SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS SSLCertificateKeyFile /etc/apache2/ssl.key/server.key SSLCACertificatePath /etc/apache2/ssl.prm SSLCACertificateFile /etc/apache2/ssl.prm/wildcard.pem SSLProxyCACertificateFile /etc/apache2/ssl.prm/wildcard.pem SSLProxyMachineCertificateFile /etc/apache2/ssl.prm/server.pem ProxyPassReverseCookiePath / / ProxyHTMLEnable On RequestHeader set SSL_CLIENT_CERT "" RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/srv/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/apache2/ssl_request_log "%t %h %r %s %l %p User:%u %{Foobar}i client_cert:%{SSL_CLIENT_CERT}x client_verify:%{SSL_CLIENT_VERIFY}x client_cert_dn:%{SSL_CLIENT_S_DN}x \"%r\" %b"

谢谢,希望能尽快收到你的来信。 🙂