前端之家

  1. 首页
  2. 问答

ProxyRemote适用于HTTP URL,但不适用于HTTPS

问答

ProxyRemote指令不适用于HTTPS:

    <VirtualHost *:443>
    ServerName foo.foo

    SSLProxyEngine on
    SSLProxyVerify none
    #SSLProxyVerifyDepth 10
    SSLProxyCheckPeerCN off
    # SAAS: disable hostname check
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off

    SSLProxyCACertificatePath /etc/ssl/certs/


    ProxyRemote * https://10.27.73.178:443/
    ProxyPass /api/ https://foo.gw.dev/api/
    ProxyPassReverse /api/ https://foo.gw.dev/api/

    SSLEngine on
    SSLCertificateFile /storage/user/conf/ssl/web_cert.pem
    SSLCertificateKeyFile /storage/user/conf/ssl/web_key.pem
    SSLCertificateChainFile /storage/user/conf/ssl/web_chain.pem


    SSLCACertificatePath /storage/user/conf/ssl/
    SSLVerifyClient none
    </VirtualHost>

如果我指定了http URL(例如

),则可以使用 
    ProxyRemote * http://10.27.73.178:3128/

我认为这是一个证书检查问题,我应该在哪里指定代理CA证书?

我得到以下错误日志:

[Wed Nov 27 14:35:40.961981 2019] [proxy_http:trace1] [pid 32633:tid 140286441285376] mod_proxy_http.c(1931): [client 127.0.0.1:54302] HTTP: serving URL https://foo.gw.dev/api/
[Wed Nov 27 14:35:40.961989 2019] [proxy:debug] [pid 32633:tid 140286441285376] proxy_util.c(2302): AH00942: HTTPS: has acquired connection for (foo.gw.dev)
[Wed Nov 27 14:35:40.961993 2019] [proxy:debug] [pid 32633:tid 140286441285376] proxy_util.c(2355): [client 127.0.0.1:54302] AH00944: connecting https://foo.gw.dev/api/ to foo.gw.dev:443
[Wed Nov 27 14:35:40.962067 2019] [proxy:debug] [pid 32633:tid 140286441285376] proxy_util.c(2564): [client 127.0.0.1:54302] AH00947: connected /api to 10.27.73.178:443
[Wed Nov 27 14:35:40.962086 2019] [proxy:trace2] [pid 32633:tid 140286441285376] proxy_util.c(2999): HTTPS: fam 2 socket created to connect to foo.gw.dev
[Wed Nov 27 14:35:41.172521 2019] [proxy:debug] [pid 32633:tid 140286441285376] proxy_util.c(3033): AH02824: HTTPS: connection established with 10.27.73.178:443 (foo.gw.dev)
[Wed Nov 27 14:35:41.172570 2019] [proxy:debug] [pid 32633:tid 140286441285376] proxy_util.c(2660): AH00948: CONNECT: sending the CONNECT request for foo.gw.dev:443 to the remote proxy 10.27.73.178:443 (10.27.73.178)
[Wed Nov 27 14:35:41.383758 2019] [proxy:error] [pid 32633:tid 140286441285376] (104)Connection reset by peer: AH00958: HTTPS: attempt to connect to foo.gw.dev:443 via http CONNECT through 10.27.73.178:443 (foo.gw.dev) failed
[Wed Nov 27 14:35:41.383798 2019] [proxy_http:error] [pid 32633:tid 140286441285376] [client 127.0.0.1:54302] AH01114: HTTP: failed to make connection to backend: 10.27.73.178
[Wed Nov 27 14:35:41.383802 2019] [proxy:debug] [pid 32633:tid 140286441285376] proxy_util.c(2317): AH00943: HTTPS: has released connection for (foo.gw.dev)
zhw335152 回答:ProxyRemote适用于HTTP URL,但不适用于HTTPS
暂时没有好的解决方案,如果你有好的解决方案,请发邮件至:iooj@foxmail.com
apachehttpd.confmod-proxyproxyssl
本文链接:https://www.f2er.com/3027336.html

大家都在问