需求场景:通过访问apache的http地址,反向代理访问后端的https服务,而且路径带有只能特定模块才反向代理
配置如下
1 listen 8182 2 3 <VirtualHost *:8182> 4 #管理员邮箱 随便填 可不要此指令 5 ServerAdmin webmaster@dummy-host.example.com 6 #域名 为IP地址 7 ServerName 本机ip 8 9 <Proxy *> 10 Order deny,allow 11 Allow from all 12 </Proxy> 13 SSLProxyEngine On #https代理最关键就是这个 14 ProxyPreserveHost On 15 ProxyRequests Off #关闭正向代理 16 #ProxyPassMatch ^/foo/bar https://123.123.123.2 #443端口这么写 17 ProxyPassMatch ^/foo/bar https://123.123.123.2:6079(如果是443端口不要加了,否则连接不上,可以打开httpd.conf 打开debug级别日志能看到) 18 ProxyPass / ! #表示不是上面匹配的路径不转发,走默认的httpd.conf DocumentRoot 19 ProxyPassReverse / ! #表示不是上面匹配的路径不转发,走默认的httpd.conf DocumentRoot 20 ErrorLog /var/log/httpd/test_error_log 21 CustomLog /var/log/httpd/test_access_log combined 22 </VirtualHost
效果展示
curl http://本地ip:8182/foo/bar/123
会转发到后端
示范日志,需要httpd开启debug 在httpd.conf 修日志级别重启l即可
[Thu Sep 05 11:04:27.575036 2019] [authz_core:debug] [pid 976] mod_authz_core.c(835): [client 192.168.10.30:51464] AH01628: authorization result: granted (no directives) [Thu Sep 05 11:04:27.575188 2019] [proxy:debug] [pid 976] mod_proxy.c(1123): [client 192.168.10.30:51464] AH01143: Running scheme https handler (attempt 0) [Thu Sep 05 11:04:27.575197 2019] [proxy_ajp:debug] [pid 976] mod_proxy_ajp.c(722): [client 192.168.10.30:51464] AH00894: declining URL https://123.123.123.2/foo/bar/getFPInfoByNSRSBH [Thu Sep 05 11:04:27.575203 2019] [proxy_fcgi:debug] [pid 976] mod_proxy_fcgi.c(972): [client 192.168.10.30:51464] AH01076: url: https://123.123.123.2/foo/bar/getFPInfoByNSRSBH proxyname: (null) proxyport: 0 [Thu Sep 05 11:04:27.575207 2019] [proxy_fcgi:debug] [pid 976] mod_proxy_fcgi.c(975): [client 192.168.10.30:51464] AH01077: declining URL https://123.123.123.2/foo/bar/getFPInfoByNSRSBH [Thu Sep 05 11:04:27.575221 2019] [proxy:debug] [pid 976] proxy_util.c(2203): AH00942: HTTPS: has acquired connection for (123.123.123.2) [Thu Sep 05 11:04:27.575229 2019] [proxy:debug] [pid 976] proxy_util.c(2256): [client 192.168.10.30:51464] AH00944: connecting https://123.123.123.2/foo/bar/getFPInfoByNSRSBH to 123.123.123.2:443 [Thu Sep 05 11:04:27.575321 2019] [proxy:debug] [pid 976] proxy_util.c(2426): [client 192.168.10.30:51464] AH00947: connected /foo/bar/getFPInfoByNSRSBH to 123.123.123.2:443 [Thu Sep 05 11:04:27.581116 2019] [proxy:debug] [pid 976] proxy_util.c(2802): AH02824: HTTPS: connection established with 123.123.123.2:443 (123.123.123.2) [Thu Sep 05 11:04:27.581151 2019] [proxy:debug] [pid 976] proxy_util.c(2942): AH00962: HTTPS: connection complete to 123.123.123.2:443 (123.123.123.2) [Thu Sep 05 11:04:27.581161 2019] [ssl:info] [pid 976] [remote 123.123.123.2:443] AH01964: Connection to child 0 established (server 192.168.10.30:80) [Thu Sep 05 11:04:27.598908 2019] [ssl:debug] [pid 976] ssl_engine_kernel.c(1360): [remote 123.123.123.2:443] AH02275: Certificate Verification, depth 1, CRL checking mode: none [subject: CN=Encryption Everywhere DV TLS CA - G1,OU=www.digicert.com,O=DigiCert Inc,C=US / issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US / serial: 0279AC458BC1B245ABF98053CD2C9BB1 / notbefore: Nov 27 12:46:10 2017 GMT / notafter: Nov 27 12:46:10 2027 GMT] [Thu Sep 05 11:04:27.599201 2019] [ssl:debug] [pid 976] ssl_engine_kernel.c(1360): [remote 123.123.123.2:443] AH02275: Certificate Verification, depth 0, CRL checking mode: none [subject: CN=*.ele-cloud.com / issuer: CN=Encryption Everywhere DV TLS CA - G1,OU=www.digicert.com,O=DigiCert Inc,C=US / serial: 01B4CA2CA4522D242C3055C4C5920F94 / notbefore: Aug 20 00:00:00 2019 GMT / notafter: Aug 19 12:00:00 2020 GMT] [Thu Sep 05 11:04:27.610271 2019] [ssl:debug] [pid 976] ssl_engine_kernel.c(1824): [remote 123.123.123.2:443] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-SHA256 (128/128 bits) [Thu Sep 05 11:04:27.760324 2019] [proxy:debug] [pid 985] proxy_util.c(1843): AH00925: initializing worker https://123.123.123.2 shared [Thu Sep 05 11:04:27.760336 2019] [proxy:debug] [pid 985] proxy_util.c(1885): AH00927: initializing worker https://123.123.123.2 local [Thu Sep 05 11:04:27.760353 2019] [proxy:debug] [pid 985] proxy_util.c(1936): AH00931: initialized single connection worker in child 985 for (123.123.123.2) [Thu Sep 05 11:04:28.238290 2019] [proxy:debug] [pid 976] proxy_util.c(2218): AH00943: https: has released connection for (123.123.123.2)
顺便记录反向代理http
[root@oc conf.d]# vim vhost.conf listen 8182 <VirtualHost *:8182> #管理员邮箱 ServerAdmin webmaster@dummy-host.example.com #域名 ServerName 本机ip <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPreserveHost On ProxyRequests Off #关闭正向代理 ProxyPassMatch ^/recipt/checkFp http://123.48.78.9:8080 #默认端口80,不需要填端口 ProxyPass / ! ProxyPassReverse / ! ErrorLog /var/log/httpd/test_error_log CustomLog /var/log/httpd/test_access_log combined </VirtualHost>
反向代理不过滤path
[root@oc conf.d]# vim vhost.conf listen 8182 <VirtualHost *:8182> #管理员邮箱 ServerAdmin webmaster@dummy-host.example.com #域名 ServerName 本机ip <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPreserveHost On ProxyRequests Off #关闭正向代理 ProxyPass / http://123.48.78.9:8080 ProxyPassReverse / http://123.48.78.9:8080 ErrorLog /var/log/httpd/test_error_log CustomLog /var/log/httpd/test_access_log combined </VirtualHost>
