ProxyRemote指令不适用于HTTPS:
<VirtualHost *:443>
ServerName foo.foo
SSLProxyEngine on
SSLProxyVerify none
#SSLProxyVerifyDepth 10
SSLProxyCheckPeerCN off
# SAAS: disable hostname check
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLProxyCACertificatePath /etc/ssl/certs/
ProxyRemote * https://10.27.73.178:443/
ProxyPass /api/ https://foo.gw.dev/api/
ProxyPassReverse /api/ https://foo.gw.dev/api/
SSLEngine on
SSLCertificateFile /storage/user/conf/ssl/web_cert.pem
SSLCertificateKeyFile /storage/user/conf/ssl/web_key.pem
SSLCertificateChainFile /storage/user/conf/ssl/web_chain.pem
SSLCACertificatePath /storage/user/conf/ssl/
SSLVerifyClient none
</VirtualHost>
如果我指定了http URL(例如
),则可以使用 ProxyRemote * http://10.27.73.178:3128/
我认为这是一个证书检查问题,我应该在哪里指定代理CA证书?
我得到以下错误日志:
[Wed Nov 27 14:35:40.961981 2019] [proxy_http:trace1] [pid 32633:tid 140286441285376] mod_proxy_http.c(1931): [client 127.0.0.1:54302] HTTP: serving URL https://foo.gw.dev/api/
[Wed Nov 27 14:35:40.961989 2019] [proxy:debug] [pid 32633:tid 140286441285376] proxy_util.c(2302): AH00942: HTTPS: has acquired connection for (foo.gw.dev)
[Wed Nov 27 14:35:40.961993 2019] [proxy:debug] [pid 32633:tid 140286441285376] proxy_util.c(2355): [client 127.0.0.1:54302] AH00944: connecting https://foo.gw.dev/api/ to foo.gw.dev:443
[Wed Nov 27 14:35:40.962067 2019] [proxy:debug] [pid 32633:tid 140286441285376] proxy_util.c(2564): [client 127.0.0.1:54302] AH00947: connected /api to 10.27.73.178:443
[Wed Nov 27 14:35:40.962086 2019] [proxy:trace2] [pid 32633:tid 140286441285376] proxy_util.c(2999): HTTPS: fam 2 socket created to connect to foo.gw.dev
[Wed Nov 27 14:35:41.172521 2019] [proxy:debug] [pid 32633:tid 140286441285376] proxy_util.c(3033): AH02824: HTTPS: connection established with 10.27.73.178:443 (foo.gw.dev)
[Wed Nov 27 14:35:41.172570 2019] [proxy:debug] [pid 32633:tid 140286441285376] proxy_util.c(2660): AH00948: CONNECT: sending the CONNECT request for foo.gw.dev:443 to the remote proxy 10.27.73.178:443 (10.27.73.178)
[Wed Nov 27 14:35:41.383758 2019] [proxy:error] [pid 32633:tid 140286441285376] (104)Connection reset by peer: AH00958: HTTPS: attempt to connect to foo.gw.dev:443 via http CONNECT through 10.27.73.178:443 (foo.gw.dev) failed
[Wed Nov 27 14:35:41.383798 2019] [proxy_http:error] [pid 32633:tid 140286441285376] [client 127.0.0.1:54302] AH01114: HTTP: failed to make connection to backend: 10.27.73.178
[Wed Nov 27 14:35:41.383802 2019] [proxy:debug] [pid 32633:tid 140286441285376] proxy_util.c(2317): AH00943: HTTPS: has released connection for (foo.gw.dev)