перенаправить внутренний IP с HTTP на HTTPS с помощью Apache - PullRequest
Новая
       38

перенаправить внутренний IP с HTTP на HTTPS с помощью Apache

1 голос
/ 30 сентября 2010

Привет всем Я посмотрел это здесь и в Google, но ни одно из предложений, похоже, не работает для меня. Сейчас я работаю над внутренним сайтом, поэтому конечные точки - это IP-адреса и URL-адреса. Доступ к сайту через HTTPS работает, но HTTP просто говорит: «Не удается установить соединение». Я не могу найти ничего в журналах, что объясняет, почему. У меня есть предупреждения о моем сертификате, поскольку он самоподписан, но я не думаю, что это вызывает его. Я попытался переписать и перенаправить оба по отдельности без удачи. У меня есть оба комментария ниже, но я попробовал один или другой. 

#<VirtualHost *:80>
#    RewriteEngine On
#    RewriteCond %{HTTPS} off
#    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
#</VirtualHost>
<VirtualHost *:443>
    ServerName 192.168.xxx.xxx
    ProxyRequests Off
    ProxyPreserveHost On
    SSLEngine On
    SSLCertificateFile /etc/httpd/ssl/server.crt
    SSLCertificateKeyFile /etc/httpd/ssl/server.key
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
</VirtualHost>
#Redirect permanent http://192.168.xxx.xxx https://192.168.xxx.xxx

Это error_log запроса. Rewrite_log остается пустым. 

[Wed Sep 29 17:22:17 2010] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Wed Sep 29 17:22:17 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Sep 29 17:22:17 2010] [info] Init: Seeding PRNG with 256 bytes of entropy
[Wed Sep 29 17:22:17 2010] [notice] SSL FIPS mode disabled
[Wed Sep 29 17:22:17 2010] [info] Loading certificate & private key of SSL-aware server
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required
[Wed Sep 29 17:22:17 2010] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Wed Sep 29 17:22:17 2010] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Wed Sep 29 17:22:17 2010] [info] Init: Initializing (virtual) servers for SSL
[Wed Sep 29 17:22:17 2010] [info] Configuring server for SSL protocol
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_init.c(465): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_init.c(420): Configuring TLS extension handling
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_init.c(792): Configuring RSA server certificate
[Wed Sep 29 17:22:17 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Sep 29 17:22:17 2010] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!?
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_init.c(831): Configuring RSA server private key
[Wed Sep 29 17:22:17 2010] [info] mod_ssl/2.2.16 compiled against Server: Apache/2.2.16, Library: OpenSSL/1.0.0a-fips
[Wed Sep 29 17:22:17 2010] [notice] Digest: generating secret for digest authentication ...
[Wed Sep 29 17:22:17 2010] [notice] Digest: done
[Wed Sep 29 17:22:17 2010] [debug] util_ldap.c(1990): LDAP merging Shared Cache conf: shm=0x1df29a8 rmm=0x1df29d8 for VHOST: 192.168.xxx.xxx
[Wed Sep 29 17:22:17 2010] [debug] util_ldap.c(1990): LDAP merging Shared Cache conf: shm=0x1df29a8 rmm=0x1df29d8 for VHOST: jira.test.com
[Wed Sep 29 17:22:17 2010] [debug] util_ldap.c(1990): LDAP merging Shared Cache conf: shm=0x1df29a8 rmm=0x1df29d8 for VHOST: jira.test.com
[Wed Sep 29 17:22:17 2010] [info] APR LDAP: Built with OpenLDAP LDAP SDK
[Wed Sep 29 17:22:17 2010] [info] LDAP: SSL support available
[Wed Sep 29 17:22:17 2010] [info] Init: Seeding PRNG with 256 bytes of entropy
[Wed Sep 29 17:22:17 2010] [notice] SSL FIPS mode disabled
[Wed Sep 29 17:22:17 2010] [info] Loading certificate & private key of SSL-aware server
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required
[Wed Sep 29 17:22:17 2010] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Wed Sep 29 17:22:17 2010] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Wed Sep 29 17:22:17 2010] [debug] ssl_scache_shmcb.c(253): shmcb_init allocated 512000 bytes of shared memory
[Wed Sep 29 17:22:17 2010] [debug] ssl_scache_shmcb.c(272): for 511952 bytes (512000 including header), recommending 32 subcaches, 133 indexes each
[Wed Sep 29 17:22:17 2010] [debug] ssl_scache_shmcb.c(306): shmcb_init_memory choices follow
[Wed Sep 29 17:22:17 2010] [debug] ssl_scache_shmcb.c(308): subcache_num = 32
[Wed Sep 29 17:22:17 2010] [debug] ssl_scache_shmcb.c(310): subcache_size = 15996
[Wed Sep 29 17:22:17 2010] [debug] ssl_scache_shmcb.c(312): subcache_data_offset = 2144
[Wed Sep 29 17:22:17 2010] [debug] ssl_scache_shmcb.c(314): subcache_data_size = 13852
[Wed Sep 29 17:22:17 2010] [debug] ssl_scache_shmcb.c(316): index_num = 133
[Wed Sep 29 17:22:17 2010] [info] Shared memory session cache initialised
[Wed Sep 29 17:22:17 2010] [info] Init: Initializing (virtual) servers for SSL
[Wed Sep 29 17:22:17 2010] [info] Configuring server for SSL protocol
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_init.c(465): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_init.c(420): Configuring TLS extension handling
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_init.c(792): Configuring RSA server certificate
[Wed Sep 29 17:22:17 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Sep 29 17:22:17 2010] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!?
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_init.c(831): Configuring RSA server private key
[Wed Sep 29 17:22:17 2010] [info] mod_ssl/2.2.16 compiled against Server: Apache/2.2.16, Library: OpenSSL/1.0.0a-fips
[Wed Sep 29 17:22:17 2010] [error] avahi_entry_group_add_service_strlst("192.168.xxx.xxx") failed: Invalid host name
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 6661 for worker proxy:reverse
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 6660 for worker proxy:reverse
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 6660 for (*)
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 6660 for worker http://localhost:8080/
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 6660 for (localhost)
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 6662 for worker proxy:reverse
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 6661 for (*)
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 6663 for worker proxy:reverse
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 6661 for worker http://localhost:8080/
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker http://localhost:8080/ already initialized
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 6663 for (*)
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 6663 for worker http://localhost:8080/
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 6661 for (localhost)
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker http://localhost:8080/ already initialized
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 6663 for (localhost)
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 6662 for (*)
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 6662 for worker http://localhost:8080/
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker http://localhost:8080/ already initialized
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 6662 for (localhost)
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 6664 for worker proxy:reverse
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 6664 for (*)
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 6664 for worker http://localhost:8080/
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker http://localhost:8080/ already initialized
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 6664 for (localhost)
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 6665 for worker proxy:reverse
[Wed Sep 29 17:22:17 2010] [notice] Apache/2.2.16 (Unix) DAV/2 mod_ssl/2.2.16 OpenSSL/1.0.0a-fips configured -- resuming normal operations
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized
[Wed Sep 29 17:22:17 2010] [info] Server built: Jul 27 2010 15:58:08
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 6665 for (*)
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 6665 for worker http://localhost:8080/
[Wed Sep 29 17:22:17 2010] [debug] prefork.c(1013): AcceptMutex: sysvsem (default: sysvsem)
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker http://localhost:8080/ already initialized
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 6665 for (localhost)
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 6666 for worker proxy:reverse
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 6666 for (*)
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 6666 for worker http://localhost:8080/
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 6667 for worker proxy:reverse
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker http://localhost:8080/ already initialized
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 6667 for (*)
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 6666 for (localhost)
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 6667 for worker http://localhost:8080/
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker http://localhost:8080/ already initialized
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 6667 for (localhost)

1 Ответ

1 голос
/ 30 сентября 2010

Если ваш первый раздел этого файла закомментирован, Apache не имеет никакой конфигурации, говорящей ему о прослушивании через порт 80 (http).

Вам нужно запустить оба сайта, чтобы оба дали вамответ (даже если HTTP-ответ просто «перейти к HTTPS»)

...