Я хочу создать обратный прокси-сервер в Apache2, который также завершает SSL
Итак, это то, что я хочу
Клиент --- HTTPS ---> Apache2 --- HTTP ---> Example.com
Example.com --- HTTP -> Apache2 --HTTPS -> Клиент
Мои файлы .conf
Listen *:80
<VirtualHost *:80>
Redirect / https://localhost:443/
</VirtualHost>
Listen *:443
<VirtualHost *:443>
ErrorLog ${APACHE_LOG_DIR}/shr_t2_error.log
CustomLog ${APACHE_LOG_DIR}/shr_t2_access.log combined
ProxyPass /example/ http://http://example.com/
ProxyPassReverse /example/ http://http://example.com/
ProxyPreserveHost On
ProxyRequests Off
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLCertificateFile /etc/ssl/certs/mysitename.crt
SSLCertificateKeyFile /etc/ssl/private/mysitename.key
SSLInsecureRenegotiation on
SSLVerifyClient none
RequestHeader set X-Forwarded-Proto "https" env=HTTPS
</VirtualHost>
Команда скручивания
curl -v -k -x http://localhost:80 https://test.com/example
выход
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 302 Found
< Date: Mon, 19 Nov 2018 00:09:52 GMT
< Server: Apache/2.4.18 (Ubuntu)
< Location: https://localhost:443/
< Content-Length: 305
< Content-Type: text/html; charset=iso-8859-1
<
* Received HTTP code 302 from proxy after CONNECT
* Closing connection 0
curl: (56) Received HTTP code 302 from proxy after CONNECT
Журнал ошибок
[Mon Nov 19 10:56:31.787534 2018] [ssl:warn] [pid 34403:tid
139940947908480] AH01906: 127.0.0.1:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Nov 19 10:56:31.787556 2018] [ssl:debug] [pid 34403:tid 139940947908480] ssl_util_ssl.c(443): AH02412: [127.0.0.1:443] Cert does not match for name '127.0.0.1' [subject: O=Internet Widgits Pty Ltd,ST=Some-State,C=JP / issuer: O=Internet Widgits Pty Ltd,ST=Some-State,C=JP / serial: <Random> / notbefore: Nov 15 12:08:51 2018 GMT / notafter: Nov 15 12:08:51 2019 GMT]
[Mon Nov 19 10:56:31.787559 2018] [ssl:warn] [pid 34403:tid 139940947908480] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Mon Nov 19 10:56:31.787561 2018] [ssl:info] [pid 34403:tid 139940947908480] AH02568: Certificate and private key 127.0.0.1:443:0 configured from /etc/ssl/certs/mysitename.crt and /etc/ssl/private/mysitename.key
[Mon Nov 19 10:56:31.788216 2018] [proxy:debug] [pid 34406:tid 139940947908480] proxy_util.c(1790): AH00925: initializing worker http://example.com/ shared
[Mon Nov 19 10:56:31.788221 2018] [proxy:debug] [pid 34406:tid 139940947908480] proxy_util.c(1832): AH00927: initializing worker http://example.com/ local
[Mon Nov 19 10:56:31.788229 2018] [proxy:debug] [pid 34406:tid 139940947908480] proxy_util.c(1867): AH00930: initialized pool in child 34406 for (example.com) min=0 max=25 smax=25
[Mon Nov 19 10:56:31.788435 2018] [proxy:debug] [pid 34407:tid 139940947908480] proxy_util.c(1790): AH00925: initializing worker http://example.com/ shared
[Mon Nov 19 10:56:31.788441 2018] [proxy:debug] [pid 34407:tid 139940947908480] proxy_util.c(1832): AH00927: initializing worker http://example.com/ local
[Mon Nov 19 10:56:31.788449 2018] [proxy:debug] [pid 34407:tid 139940947908480] proxy_util.c(1867): AH00930: initialized pool in child 34407 for (example.com) min=0 max=25 smax=25