stackoom
  简体   繁体   中英

Apache, Tomcat & SSL: ProxyPass and ProxyPassReverse

 原文  2018-07-01 04:08:47       apache/ tomcat/ https/ proxy/ reverse-proxy

Question

I'am having troubles configuring Apache, Tomcat and SSL, this is the scenario:

I have an Apache Web Server, running and working normally (but , I can access to this one just typing: 

https://example.com

Also, in this host, I have a Tomcat running and working fine in port 8080 (HTTP); I've created a mini web-app which files are inside "test" directory, I can access typing: 

http://example.com:8080/test

(I know that Apache is running in 80 port and Tomcat in 8080)

What I want to do is that througt Apache an user can access to 'test' (running on Tomcat) using HTTPS, I mean: 

https://example.com/test

But when I access this link appers this:

网页未找到

When I access using HTTP http://example/test works, but I need that be HTTPS.

I also create a file config in /etc/httpd/conf.d/vhost.conf , this is the content: 

<VirtualHost *:80>
    ServerName www.example.com
    DocumentRoot /var/www/html
    Redirect permanent / https://example.com/
</VirtualHost>

<VirtualHost *:443>
    ServerName www.example.com
    DocumentRoot /var/www/html

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem

    SSLProxyEngine on
    ProxyPass /test http://xxx.xxx.xxx.xxx:8080/test
    ProxyPassReverse /test http://xxx.xxx.xxx.xxx:8080/test
</VirtualHost>

xxx.xxx.xxx.xxx is the IP of website.

When I access the website https://example.com/ (with HTTPS) I got this issue (I use the web-app in the website):

安全概述

I use certificate Let's Encrypt (in the photo above).

I'm working with Apache/2.4.33 (Amazon) and Tomcat 8.5.29

Has anyone knows why or how solve this? Thanks in advance guys.

Log files:

access_log 

yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:29 +0000] "GET /test HTTP/1.1" 301 245 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
::1 - - [01/Jul/2018:06:42:51 +0000] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.33 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.30 (internal dummy connection)"

error_log - empty

ssl_access_log 

yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:29 +0000] "GET /test HTTP/1.1" 404 206
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:29 +0000] "GET /test HTTP/1.1" 404 206
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:49 +0000] "-" 408 -
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:49 +0000] "-" 408 -
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:49 +0000] "-" 408 -
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:49 +0000] "-" 408 -

ssl_request_log 

[01/Jul/2018:06:42:29 +0000] yyy.yyy.yyy.yyy TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /test HTTP/1.1" 206
[01/Jul/2018:06:42:29 +0000] yyy.yyy.yyy.yyy TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /test HTTP/1.1" 206
[01/Jul/2018:06:42:49 +0000] yyy.yyy.yyy.yyy TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "-" -
[01/Jul/2018:06:42:49 +0000] yyy.yyy.yyy.yyy TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "-" -
[01/Jul/2018:06:42:49 +0000] yyy.yyy.yyy.yyy TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "-" -
[01/Jul/2018:06:42:49 +0000] yyy.yyy.yyy.yyy TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "-" -

ssl_error_log - empty

yyy.yyy.yyy.yyy = IP of my machine

2 answers

solution1
 1 ACCPTED  2018-07-01 04:15:48

There are 4 problem with the code

First: Problem with the port .Https works on port 443 and http on port 80 

 <VirtualHost *:443> 
    ServerName www.example.com
    DocumentRoot /var/www/html 
    ###Remove this redirection line to move it in separate virtual host listening to port 80
    Redirect permanent / https://example.com/
    SSLProxyEngine on
    ProxyPass /test http://xxx.xxx.xxx.xxx:8080/test
    ProxyPassReverse /test http://xxx.xxx.xxx.xxx:8080/test 
 </VirtualHost>

Second: Not having SSLProxyEngine on so that proxy pass and proxy reverse pass works for https connection.

Third: Remove the redirection rule of https from this virtual host to a new one.You need to create a new virtual host for port 80 in which there should be a redirect rule in which all http connections redirect to https permanently. 

Redirect permanent / https://example.com/

Fourth: Also add below to all virtual host 

ServerName example.com 
ServerAlias www.example.com

solution2
 0  2018-07-01 07:01:12

The result file /etc/httpd/conf.d/vhost.conf : 

<VirtualHost *:80>
    ServerName www.example.com
    ServerAlias example.com
    DocumentRoot /var/www/html
    Redirect permanent / https://example.com/
</VirtualHost>

<VirtualHost *:443>
    ServerName www.example.com
    ServerAlias example.com
    DocumentRoot /var/www/html

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem

    SSLProxyEngine on
    ProxyPass /test http://xxx.xxx.xxx.xxx:8080/test
    ProxyPassReverse /test http://xxx.xxx.xxx.xxx:8080/test
</VirtualHost>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Apache rewriterule with proxyPass and proxyPassReverse Apache's ProxyPass and ProxyPassReverse equivalent in IIS Apache ProxyPass Tomcat Tell browser to retain original base URL with ProxyPass and ProxyPassReverse Apache ProxyPass and ProxyPassReverse for Django app ProxyPass module configuration in apache tomcat Can ProxyPass and ProxyPassReverse work in htaccess? apache mod_proxy, configuring ProxyPass & ProxyPassReverse for cross-domain ajax calls Apache ProxyPass to 2 different tomcat servers with same URI Apache - Tomcat ProxyPass VirtualHost - Context Path
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM