堆栈内存溢出
  简体   繁体   English

Apache 2.4 SSL配置

[英]Apache 2.4 SSL Config

 原文  2016-01-08 12:17:03       apache/ ssl-certificate/ httpd.conf/ apache2.4

问题描述

I've got a question regarding ssl config for apache 2.4. 我有一个关于Apache 2.4的ssl配置的问题。 I got the following ssl settings for my vhost. 我的虚拟主机具有以下ssl设置。 There are more than 1 Directory but the config is mostly the same, only IPs are different. 目录不止1个,但配置基本相同,只是IP不同。 If I active the the three commented lines the apache should check the requests against the cert and not just pass the request through, correct? 如果我激活了三行注释,那么apache应该对照证书检查请求,而不仅仅是通过请求,对吗? I assume the apache breakts the encryption for all requests from the internet and re-encrypts again to pass the request on. 我假设apache破坏了来自互联网的所有请求的加密,然后再次重新加密以传递请求。 Am I right? 我对吗? Is there a way to not break the encryption and just delegate the cert checks to the next system? 有没有办法不破坏加密而只将证书检查委托给下一个系统? 

RequestHeader set ClientProtocol HTTPS
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
SSLProxyEngine On
SSLProxyProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH

SSLCertificateFile /path/to/file.crt
SSLCertificateKeyFile /path/to/file.key

 <Directory /folder-name>
    #SSLVerifyClient optional_no_ca
    #SSLVerifyDepth 1
    #SSLOptions +OptRenegotiate +ExportCertData

    ProxyPass https://10.20.30.40:8443/
    ProxyPassReverse https://10.20.30.40:8443/
</Directory>

Thanks for your help guys and regards. 感谢您的帮助和问候。 Sebastian 塞巴斯蒂安

1 个解决方案

解决方案1
 0  2016-01-22 18:19:21

Yes, this Apache acting as a proxy terminates SSL. 是的,此充当代理的Apache终止SSL。 It then makes or reuses a pooled SSL connection to the backend. 然后,它建立或重新使用与后端的池化SSL连接。

There's no way to truly let the backend think it's handshaking with the client unless it accessed apache as a forward proxy using the mod_proxy_connect module. 除非它使用mod_proxy_connect模块将apache作为前向代理访问,否则无法真正让后端认为它与客户端握手。

Some application servers accept the body of the client certificate in a proprietary header, making that identity available in the backend server. 某些应用程序服务器在专有标头中接受客户端证书的主体,从而使该身份在后端服务器中可用。 But they are not actually authenticating it in the handshake like the proxy/apache has done. 但是他们实际上并没有像代理/ apache那样在握手中对它进行身份验证。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Apache 2.4 SSL Config-服务器使用HTTP 400拒绝请求 - Apache 2.4 SSL Config - Server rejects requests with HTTP 400 使用 SSL 在 Apache 2.4 上启用网站图标 - Enable favicon on Apache 2.4 with SSL Apache 2.4中的SSL证书错误 - SSL Certificate error in Apache 2.4 Apache Config代理SSL - Apache Config proxy SSL Apache2.4 - SSL 证书安装不起作用 - Apache2.4 - SSL Certificate Installation is not working Apache 2.4搞砸了SSL证书 - Apache 2.4 is messing up with SSL certificates 如何在 Apache 2.4 (Windows 7) 上配置 SSL? - How to configure SSL on Apache 2.4 (Windows 7)? 如何将 ssl_module 包含到 Apache 2.4? - How to include ssl_module to Apache 2.4? Apache 2.4 将 SSL 限制为特定子域 Vhosts - Apache 2.4 Restrict SSL to specific subdomain Vhosts 带有.htaccess的Apache 2.4配置别名不起作用 - Apache 2.4 config alias with .htaccess does not work
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM