[英]How to configure two or multiple routes in an Apache reverse proxy setup
I inherited an reverse proxy setup that is part of an Apache SSL termination EC2 instance stack (with ALBs and DNS). 我继承了一个反向代理设置,它是Apache SSL终止EC2实例堆栈(带有ALB和DNS)的一部分。 The Apache server and its configurations are baked from rpm spec files that are built into RPMs that are deployed on the server during its creation or update.
Apache服务器及其配置是从rpm规范文件中提取的,这些文件构建在RPM中,这些RPM在创建或更新期间部署在服务器上。 I currently have a mapping that routes requests to a domain name or hostname to a private (not on public internet) backend API.
我目前有一个映射,将请求到域名或主机名路由到私有(不在公共互联网)后端API。 I have static assets in S3 that consume this API and my requirement is to also configure routing from a user friendly domain name to this S3 bucket, then, hopefully, make this backend S3 url private.
我在S3中有静态资产使用此API,我的要求是还要配置从用户友好域名到此S3存储桶的路由,然后,希望将此后端S3网址设为私有。
Swapping the API's backend url with the S3's url, I have been able to route from the public domain to the S3 bucket. 使用S3的url交换API的后端URL,我已经能够从公共域路由到S3存储桶。 However, I am not sure how I can have both routes in place with the same origin or domain name as I have to consume the API from the S3 bucket with certificate verification of the users accessing these resources.
但是,我不确定如何使用相同的源或域名来使用两个路由,因为我必须使用来自S3存储桶的API以及访问这些资源的用户的证书验证。
This system is like a black box and I do not currently have access to the logs. 这个系统就像一个黑盒子,我目前无法访问日志。 In the code below, I have added the S3_URL and /visualizer/ mappings to the original API mapping.
在下面的代码中,我已将S3_URL和/ visualizer / mappings添加到原始API映射中。 The API mapping is working but the S3_URL is not working when combined together.
API映射正在运行,但S3_URL在组合在一起时不起作用。
#!/bin/bash
set -eu -o pipefail
API_URL=$(cat $1 | jq -r '.configuration.API_URL')
echo $API_URL
S3_URL=$(cat $1 | jq -r '.configuration.S3_URL')
echo $S3_URL
cat > /etc/httpd/conf.d/coy-httpd-includes/https_vhost/proxypass.inc <<EOF
ProxyRequests Off
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyMachineCertificateFile /etc/pki/tls/private/client_crt_rsa.pem
<Proxy *>
Require all granted
</Proxy>
ProxyPass / ${API_URL} retry=\${CLOUD_HTTPS_PROXY_RETRY} keepalive=\${CLOUD_HTTPS_PROXY_KEEPALIVE} nocanon
ProxyPassReverse / ${API_URL}
ProxyPass /visualizer/ ${S3_URL} retry=\${CLOUD_HTTPS_PROXY_RETRY} keepalive=\${CLOUD_HTTPS_PROXY_KEEPALIVE} nocanon
ProxyPassReverse /visualizer/ ${S3_URL}
EOF
cat > /etc/httpd/conf.d/coy-httpd-includes/http_vhost/elb_health_check_proxypass.inc <<'CONFIG'
RewriteEngine on
RewriteRule / /var/www/cgi-bin/status
<Directory /var/www/cgi-bin>
Options +ExecCGI
SetHandler cgi-script
</Directory>
CONFIG
After hours of searching the internet for a solution and learning a bit more about Apache and similar servers like Nginx, I was able to find a solution. 经过几个小时的互联网搜索解决方案,并学习更多关于Apache和Nginx等类似服务器的知识,我找到了解决方案。
I added a Location directive that mapped a path on the public reverse proxy's hostname that triggered the proxying of the traffic to the static resources in the S3 buckets URL in the backend such that I can access https://app.test.api.coy.co.uk/visualizer/visualize-graph.html . 我添加了一个Location指令,该指令映射了公共反向代理的主机名上的路径,该路径触发了将流量代理到后端的S3存储桶URL中的静态资源,以便我可以访问https://app.test.api.coy .co.uk / visualizer / visualize-graph.html 。 It still raised another question of how to block directory browsing except for this particular html page.
它仍然提出了另一个问题,即如何阻止目录浏览,除了这个特定的html页面。
This is what my apache config looks like after applying the solution: 这是我的apache配置在应用解决方案后的样子:
#!/bin/bash
set -eu -o pipefail
API_URL=$(cat $1 | jq -r '.configuration.API_URL')
echo $API_URL
S3_URL=$(cat $1 | jq -r '.configuration.S3_URL')
echo $S3_URL
cat > /etc/httpd/conf.d/coy-httpd-includes/https_vhost/proxypass.inc <<EOF
ProxyRequests Off
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyMachineCertificateFile /etc/pki/tls/private/client_crt_rsa.pem
<Proxy *>
Require all granted
</Proxy>
ProxyPass / ${API_URL} retry=\${CLOUD_HTTPS_PROXY_RETRY} keepalive=\${CLOUD_HTTPS_PROXY_KEEPALIVE} nocanon
ProxyPassReverse / ${API_URL}
<Location /visualizer/ >
ProxyPreserveHost Off
ProxyPass ${S3_URL} retry=\${CLOUD_HTTPS_PROXY_RETRY} keepalive=\${CLOUD_HTTPS_PROXY_KEEPALIVE} nocanon
ProxyPassReverse ${S3_URL}
</Location>
EOF
cat > /etc/httpd/conf.d/coy-httpd-includes/http_vhost/elb_health_check_proxypass.inc <<'CONFIG'
RewriteEngine on
RewriteRule / /var/www/cgi-bin/status
<Directory /var/www/cgi-bin>
Options +ExecCGI
SetHandler cgi-script
</Directory>
CONFIG
These resources helped me in reaching my solution: Getting 404 for S3 static website JS behind Apache proxy , https://www.jamescoyle.net/how-to/116-simple-apache-reverse-proxy-example , and https://serverfault.com/questions/120488/redirect-url-within-apache-virtualhost 这些资源帮助我实现了我的解决方案: 在Apache代理后面获取404静态网站JS , https: //www.jamescoyle.net/how-to/116-simple-apache-reverse-proxy-example和https:/ /serverfault.com/questions/120488/redirect-url-within-apache-virtualhost
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.