APACHE配置SSL【使用代理转发/请求分别走HTTP和HTTPS】
来源:互联网 发布:言论自由 知乎 编辑:程序博客网 时间:2024/06/14 17:09
使用场景:
(1)手机APP使用HTTP访问http://192.0.0.1:81/server1/与后台服务器通信;
(2)管理台通过HTTPS访问http://192.0.0.1:1443/server2/与后台服务器通信;
(3)部分资源文件通过访问http://192.0.0.1:81/server2/apk/获取;
apache服务器主机:192.0.10.1
apache对外访问地址:192.0.0.1
weblogic服务器主机:192.0.10.2
网络主机地址192.0.0.1对外暴露供用户访问;192.0.10.1和192.0.10.2处于内网,对外隔绝
1.软件解压缩:
1)将以下软件放到/home/software/目录中
httpd-2.2.29.tar.gz
openssl-1.0.1c.tar.gz
zlib-1.2.7.tar.gz
2)执行以下操作,解压软件到当前目录中
cd /home/software/
tar zxvf httpd-2.2.29.tar.gz
tar zxvf openssl-1.0.1c.tar.gz
tar zxvf zlib-1.2.7.tar.gz
2.软件安装:
1)安装Apache依赖插件zlib:
cd zlib-1.2.7/
./configure --prefix=/usr/httpd/zlib
make
make install
2)安装openssl:
cd ../openssl-1.0.1c
./config --prefix=/usr/httpd/openssl
make
make install
# make && make install后的额外步骤:
#a.在/usr/httpd目录下添加一个软链接,便于以后设置ssl
cd /usr/httpd/
ln -s openssl ssl
#b.在/etc/ld.so.conf文件的最后面,添加如下内容:/usr/httpd/openssl/lib
vi /etc/ld.so.conf
/usr/httpd/openssl/lib
#c.执行ldconfig
ldconfig
#d.添加openssl的环境变量:
vi /etc/profile
export OPENSSL=/usr/httpd/ssl/bin
export PATH=$OPENSSL:$PATH:$HOME/bin
source /etc/profile
#e.检测openssl的安装情况
ldd /usr/httpd/ssl/bin/openssl
此步骤执行后会出现类似如下信息:
linux-vdso.so.1 => (0x00007fff8a053000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fc406ce2000)
libc.so.6 => /lib64/libc.so.6 (0x00007fc40696b000)
/lib64/ld-linux-x86-64.so.2 (0x00007fc406f19000)
查看路径
which openssl
显示:/usr/httpd/ssl/bin/openssl
查看版本
openssl version
显示:OpenSSL 1.0.1c 10 May 2012
至此,openssl-1.0.1c安装完毕。
3)安装apache:
cd /home/software/httpd-2.2.29/
make clean
export LDFLAGS=-ldl
./configure --prefix=/usr/httpd/apache --enable-so --enable-ssl=static --with-ssl=/usr/httpd/ssl --enable-mods-shared=all --with-z=/usr/httpd/zlib
make
make install
修改主机名及监听端口号
vi /usr/httpd/apache/conf/httpd.conf
Listen 80 ==> Listen 1333
#ServerName www.example.com:80 ==> ServerName 192.0.10.1
启动Apache服务器:
/usr/httpd/apache/bin/apachectl start
浏览器输入地址验证:
http://192.0.10.1:1333/
显示:It works! 表示Apache服务器启动成功.
3.openssl制作证书:
#openssl genrsa -des3 1024 > /usr/httpd/apache/conf/server.key
Generating RSA private key, 1024 bit long modulus
.................++++++
..............++++++
e is 65537 (0x10001)
Enter pass phrase: 密码:8888
Verifying - Enter pass phrase: 确认密码:8888
#openssl rsa -in /usr/httpd/apache/conf/server.key > /usr/httpd/apache/conf/server2.key
Enter pass phrase for /usr/httpd/apache/conf/server.key: 确认密码:8888
writing RSA key
#mv /usr/httpd/apache/conf/server2.key /usr/httpd/apache/conf/server.key
#openssl req -new -key /usr/httpd/apache/conf/server.key -out /usr/httpd/apache/conf/server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN 国家名称缩写
State or Province Name (full name) [Some-State]:BEIJING 省份
Locality Name (eg, city) []:BEIJING 城市
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SZKINGDOM 公司名称
Organizational Unit Name (eg, section) []:SZKINGDOM
Common Name (e.g. server FQDN or YOUR name) []:192.0.10.1 服务器主机或域名
Email Address []: 可跳过
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:可跳过
An optional company name []:可跳过
#openssl x509 -in /usr/httpd/apache/conf/server.csr -out /usr/httpd/apache/conf/server.crt -req -signkey /usr/httpd/apache/conf/server.key -days 3650
Signature ok
subject=/C=CN/ST=BEIJING/L=BEIJING/O=SZKINGDOM/OU=SZKINGDOM/CN=192.0.10.1
Getting Private key
4.apache配置ssl接收https请求:
vi /usr/httpd/apache/conf/httpd.conf
#Include conf/extra/httpd-ssl.conf ==> Include conf/extra/httpd-ssl.conf
vi /usr/httpd/apache/conf/
检查证书所在位置是否正确:
SSLCertificateFile "/usr/httpd/apache/conf/server.crt"
SSLCertificateKeyFile "/usr/httpd/apache/conf/server.key"
启动Apache服务器:
/usr/httpd/apache/bin/apachectl restart
浏览器输入地址验证:
https://192.0.10.1:443/
显示:It works! 表示Apache服务器启动成功且上一步中生成的证书有用.
5.apache配置反向代理转发请求:
1)向apache添加mod_proxy模块:
cd /home/software/httpd-2.2.29/modules/proxy/
/usr/httpd/apache/bin/apxs -i -c -a mod_proxy.c proxy_util.c
/usr/httpd/apache/bin/apxs -i -c -a mod_proxy_http.c
/usr/httpd/apache/bin/apxs -i -c -a mod_proxy_ftp.c
/usr/httpd/apache/bin/apxs -i -c -a mod_proxy_connect.c
2)检查是否安装成功:
cd /usr/httpd/apache/modules/
查看该目录下是否有mod_proxy_http.so, mod_proxy_ftp.so, mod_proxy_connect.so, mod_proxy.so四个模块
vi /usr/httpd/apache/conf/httpd.conf
查看该文件是否生成了以下四行配置:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
若以上两项都有,则mod_proxy模块安装成功.
3)配置虚拟主机转发请求:
vi /usr/httpd/apache/conf/httpd.conf
#Include conf/extra/httpd-vhosts.conf ==> Include conf/extra/httpd-vhosts.conf
vi /usr/httpd/apache/conf/extra/httpd-vhosts.conf
NameVirtualHost *:80 ==> #NameVirtualHost *:80
注释或者删除最后两个<VirtualHost *:80>标签
在最后添加以下内容:
Listen 81 #HTTP请求监听端口
<VirtualHost *:81>
ServerAdmin webmaster@dummy-host.example.com
ServerName 192.0.0.1 #主机名或域名
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /server1/ http://192.0.10.2:7080/server1/ #weblogic所在主机和端口号
ProxyPassReverse /server1/ http://192.0.10.2:7080/server1/ #weblogic所在主机和端口号
ProxyPass /server2/apk/ http://192.0.10.2:7080/server2/apk/
ProxyPassReverse /server2/apk/ http://192.0.10.2:7080/server2/apk/
</VirtualHost>
Listen 1443 #HTTPS监听端口号
<VirtualHost *:1443>
ServerName 192.0.0.1 #主机名或域名
SetEnv force-proxy-request-1.0.1
SetEnv proxy-nokeepalive 1
SSLEngine on
SSLProxyEngine on
SSLCertificateFile "/usr/httpd/apache/conf/server.crt" #证书地址
SSLCertificateKeyFile "/usr/httpd/apache/conf/server.key" #密匙地址
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /server2/ http://192.0.10.2:7080/server2/ #weblogic所在主机和端口号
ProxyPassReverse /server2/ http://192.0.10.2:7080/server2/ #weblogic所在主机和端口号
</VirtualHost>
4)验证能否实现http和https分别转发:
浏览器输入:https://192.0.0.1:1443/server2 正常显示
浏览器输入:http://192.0.0.1:1443/server2 异常显示
浏览器输入:http://192.0.0.1:81/server1 正常显示
浏览器输入:https://192.0.0.1:81/server1 异常显示
浏览器输入:http://192.0.0.1:81/server2/apk/ 正常显示
(1)手机APP使用HTTP访问http://192.0.0.1:81/server1/与后台服务器通信;
(2)管理台通过HTTPS访问http://192.0.0.1:1443/server2/与后台服务器通信;
(3)部分资源文件通过访问http://192.0.0.1:81/server2/apk/获取;
apache服务器主机:192.0.10.1
apache对外访问地址:192.0.0.1
weblogic服务器主机:192.0.10.2
网络主机地址192.0.0.1对外暴露供用户访问;192.0.10.1和192.0.10.2处于内网,对外隔绝
1.软件解压缩:
1)将以下软件放到/home/software/目录中
httpd-2.2.29.tar.gz
openssl-1.0.1c.tar.gz
zlib-1.2.7.tar.gz
2)执行以下操作,解压软件到当前目录中
cd /home/software/
tar zxvf httpd-2.2.29.tar.gz
tar zxvf openssl-1.0.1c.tar.gz
tar zxvf zlib-1.2.7.tar.gz
2.软件安装:
1)安装Apache依赖插件zlib:
cd zlib-1.2.7/
./configure --prefix=/usr/httpd/zlib
make
make install
2)安装openssl:
cd ../openssl-1.0.1c
./config --prefix=/usr/httpd/openssl
make
make install
# make && make install后的额外步骤:
#a.在/usr/httpd目录下添加一个软链接,便于以后设置ssl
cd /usr/httpd/
ln -s openssl ssl
#b.在/etc/ld.so.conf文件的最后面,添加如下内容:/usr/httpd/openssl/lib
vi /etc/ld.so.conf
/usr/httpd/openssl/lib
#c.执行ldconfig
ldconfig
#d.添加openssl的环境变量:
vi /etc/profile
export OPENSSL=/usr/httpd/ssl/bin
export PATH=$OPENSSL:$PATH:$HOME/bin
source /etc/profile
#e.检测openssl的安装情况
ldd /usr/httpd/ssl/bin/openssl
此步骤执行后会出现类似如下信息:
linux-vdso.so.1 => (0x00007fff8a053000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fc406ce2000)
libc.so.6 => /lib64/libc.so.6 (0x00007fc40696b000)
/lib64/ld-linux-x86-64.so.2 (0x00007fc406f19000)
查看路径
which openssl
显示:/usr/httpd/ssl/bin/openssl
查看版本
openssl version
显示:OpenSSL 1.0.1c 10 May 2012
至此,openssl-1.0.1c安装完毕。
3)安装apache:
cd /home/software/httpd-2.2.29/
make clean
export LDFLAGS=-ldl
./configure --prefix=/usr/httpd/apache --enable-so --enable-ssl=static --with-ssl=/usr/httpd/ssl --enable-mods-shared=all --with-z=/usr/httpd/zlib
make
make install
修改主机名及监听端口号
vi /usr/httpd/apache/conf/httpd.conf
Listen 80 ==> Listen 1333
#ServerName www.example.com:80 ==> ServerName 192.0.10.1
启动Apache服务器:
/usr/httpd/apache/bin/apachectl start
浏览器输入地址验证:
http://192.0.10.1:1333/
显示:It works! 表示Apache服务器启动成功.
3.openssl制作证书:
#openssl genrsa -des3 1024 > /usr/httpd/apache/conf/server.key
Generating RSA private key, 1024 bit long modulus
.................++++++
..............++++++
e is 65537 (0x10001)
Enter pass phrase: 密码:8888
Verifying - Enter pass phrase: 确认密码:8888
#openssl rsa -in /usr/httpd/apache/conf/server.key > /usr/httpd/apache/conf/server2.key
Enter pass phrase for /usr/httpd/apache/conf/server.key: 确认密码:8888
writing RSA key
#mv /usr/httpd/apache/conf/server2.key /usr/httpd/apache/conf/server.key
#openssl req -new -key /usr/httpd/apache/conf/server.key -out /usr/httpd/apache/conf/server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN 国家名称缩写
State or Province Name (full name) [Some-State]:BEIJING 省份
Locality Name (eg, city) []:BEIJING 城市
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SZKINGDOM 公司名称
Organizational Unit Name (eg, section) []:SZKINGDOM
Common Name (e.g. server FQDN or YOUR name) []:192.0.10.1 服务器主机或域名
Email Address []: 可跳过
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:可跳过
An optional company name []:可跳过
#openssl x509 -in /usr/httpd/apache/conf/server.csr -out /usr/httpd/apache/conf/server.crt -req -signkey /usr/httpd/apache/conf/server.key -days 3650
Signature ok
subject=/C=CN/ST=BEIJING/L=BEIJING/O=SZKINGDOM/OU=SZKINGDOM/CN=192.0.10.1
Getting Private key
4.apache配置ssl接收https请求:
vi /usr/httpd/apache/conf/httpd.conf
#Include conf/extra/httpd-ssl.conf ==> Include conf/extra/httpd-ssl.conf
vi /usr/httpd/apache/conf/
检查证书所在位置是否正确:
SSLCertificateFile "/usr/httpd/apache/conf/server.crt"
SSLCertificateKeyFile "/usr/httpd/apache/conf/server.key"
启动Apache服务器:
/usr/httpd/apache/bin/apachectl restart
浏览器输入地址验证:
https://192.0.10.1:443/
显示:It works! 表示Apache服务器启动成功且上一步中生成的证书有用.
5.apache配置反向代理转发请求:
1)向apache添加mod_proxy模块:
cd /home/software/httpd-2.2.29/modules/proxy/
/usr/httpd/apache/bin/apxs -i -c -a mod_proxy.c proxy_util.c
/usr/httpd/apache/bin/apxs -i -c -a mod_proxy_http.c
/usr/httpd/apache/bin/apxs -i -c -a mod_proxy_ftp.c
/usr/httpd/apache/bin/apxs -i -c -a mod_proxy_connect.c
2)检查是否安装成功:
cd /usr/httpd/apache/modules/
查看该目录下是否有mod_proxy_http.so, mod_proxy_ftp.so, mod_proxy_connect.so, mod_proxy.so四个模块
vi /usr/httpd/apache/conf/httpd.conf
查看该文件是否生成了以下四行配置:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
若以上两项都有,则mod_proxy模块安装成功.
3)配置虚拟主机转发请求:
vi /usr/httpd/apache/conf/httpd.conf
#Include conf/extra/httpd-vhosts.conf ==> Include conf/extra/httpd-vhosts.conf
vi /usr/httpd/apache/conf/extra/httpd-vhosts.conf
NameVirtualHost *:80 ==> #NameVirtualHost *:80
注释或者删除最后两个<VirtualHost *:80>标签
在最后添加以下内容:
Listen 81 #HTTP请求监听端口
<VirtualHost *:81>
ServerAdmin webmaster@dummy-host.example.com
ServerName 192.0.0.1 #主机名或域名
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /server1/ http://192.0.10.2:7080/server1/ #weblogic所在主机和端口号
ProxyPassReverse /server1/ http://192.0.10.2:7080/server1/ #weblogic所在主机和端口号
ProxyPass /server2/apk/ http://192.0.10.2:7080/server2/apk/
ProxyPassReverse /server2/apk/ http://192.0.10.2:7080/server2/apk/
</VirtualHost>
Listen 1443 #HTTPS监听端口号
<VirtualHost *:1443>
ServerName 192.0.0.1 #主机名或域名
SetEnv force-proxy-request-1.0.1
SetEnv proxy-nokeepalive 1
SSLEngine on
SSLProxyEngine on
SSLCertificateFile "/usr/httpd/apache/conf/server.crt" #证书地址
SSLCertificateKeyFile "/usr/httpd/apache/conf/server.key" #密匙地址
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /server2/ http://192.0.10.2:7080/server2/ #weblogic所在主机和端口号
ProxyPassReverse /server2/ http://192.0.10.2:7080/server2/ #weblogic所在主机和端口号
</VirtualHost>
4)验证能否实现http和https分别转发:
浏览器输入:https://192.0.0.1:1443/server2 正常显示
浏览器输入:http://192.0.0.1:1443/server2 异常显示
浏览器输入:http://192.0.0.1:81/server1 正常显示
浏览器输入:https://192.0.0.1:81/server1 异常显示
浏览器输入:http://192.0.0.1:81/server2/apk/ 正常显示
阅读全文
1 0
- APACHE配置SSL【使用代理转发/请求分别走HTTP和HTTPS】
- nginx配置将http请求转发支持ssl双向认证https请求的正向代理
- nginx配置将http请求转发支持ssl双向认证https请求的正向代理
- TOMCAT配置HTTPS和SSL并HTTP请求强转为HTTPS请求
- TOMCAT配置HTTPS和SSL并HTTP请求强转为HTTPS请求
- Apache 使用ssl模块配置HTTPS
- Apache 使用ssl模块配置HTTPS
- Apache使用ssl模块配置HTTPS
- Apache 使用ssl模块配置HTTPS
- Apache 使用ssl模块配置HTTPS
- apache做http和https反向代理
- apache 代理转发 配置
- nginx+ssl配置http和https共存
- apache配置请求转发
- apache配置请求转发
- apache配置请求转发
- apache 请求转发配置
- Apache 代理(Proxy) 转发请求
- C#中委托的+=和-=深入研究 委托的多次注册
- TensorFlow 学习积累(1):variable 和 placeholder
- 趋势递增分布式ID生成方法:Snowflake
- Java中静态、动态代理的实现
- 代码上传git 码云
- APACHE配置SSL【使用代理转发/请求分别走HTTP和HTTPS】
- codility CountDistinctSlices
- 飞跃绝境长城之openVPN的搭建
- 近期海投笔试遇到的问题(2)
- 报警邮件的php脚本
- 【HDU6199 2017 ACM ICPC Asia Regional Shenyang Online F】【博弈 DP】gems gems gems 双人从左侧拿宝石 每次拿相同或加一的最小差值
- Scipy:高端科学计算
- Linux下的crontab定时执行任务命令详解
- python if语法
