有時內網有其他的伺服器,但是對外僅有一個 80、443 PORT
這時就能利用 Apache 設定 Virtual Host 做代理,將內網的伺服器的資訊轉發出來。
需要的 Apache 套件
mod_proxy、mod_proxy_connect、mod_proxy_http、mod_proxy_ajp.so、mod_ssl、mod_rewrite
查看已啟用套件:apachectl -M
Apache 設定檔路徑:/etc/httpd/conf/httpd.conf、/etc/httpd/conf.d/ssl.conf
|
LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule ssl_module modules/mod_ssl.so LoadModule rewrite_module modules/mod_rewrite.so |
設定訪問 HTTP 跳轉到 HTTPS (安全性考量)。/etc/httpd/conf.d/vhost_proxy.conf
|
# demo.rusnake.com <VirtualHost *:80> ServerName demo.rusnake.com ServerAlias demo2.rusnake.com RewriteEngine on ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] </VirtualHost> |
以下為 3 台伺服器 IP
Apache Proxy:192.168.1.200
Web Server01:192.168.1.201
Web Server02:192.168.1.202
方式一:設定 proxy 代理內部 HTTP 8000 PORT,外網則是 HTTPS。/etc/httpd/conf.d/vhost_proxy.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
|
# demo.rusnake.com <VirtualHost 192.168.1.200:443> ServerName demo.rusnake.com SSLEngine On SSLProtocol -ALL +TLSv1 +TLSv1.2 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA SSLCertificateFile /etc/httpd/ssl/rusnake/demo.rusnake.com.crt SSLCertificateKeyFile /etc/httpd/ssl/rusnake/demo.rusnake.com.key SSLCACertificateFile /etc/httpd/ssl/rusnake/demo.rusnake.com.ca.crt ProxyRequests Off ProxyPass / http://192.168.1.201:8000/ ProxyPassReverse / http://192.168.1.201:8000/ <Proxy *> Order Deny,Allow Deny from all #內部 IP Allow from 192.168.1 #外部 IP Allow from 210.61.12.219 </Proxy> ProxyPreserveHost on </VirtualHost> |
方式二:設定 proxy 代理內部 HTTPS 443 PORT,外網也是 HTTPS。/etc/httpd/conf.d/vhost_proxy.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
|
<virtualHost 192.168.1.200:443> ServerName demo2.rusnake.com ProxyRequests Off #LogLevel debug #ErrorLog /home/proxy_err.txt #TransferLog /home/proxy_trans.txt SSLEngine On SSLProxyEngine On SSLProtocol -ALL +TLSv1.1 +TLSv1.2 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA SSLCertificateFile /etc/httpd/ssl/rusnake/demo2.rusnake.com.crt SSLCertificateKeyFile /etc/httpd/ssl/rusnake/demo2.rusnake.com.key SSLCACertificateFile /etc/httpd/ssl/rusnake/demo2.rusnake.com.ca.crt <Proxy *> Order Deny,Allow Deny from all #內部 IP Allow from 192.168.1 #外部 IP Allow from 210.61.12.219 </Proxy> ProxyPreserveHost on ProxyPass / https://192.168.1.202:443/ ProxyPassMatch / https://192.168.1.202:443/(.*) ProxyPassReverse / https://192.168.1.202:443/(.*) </virtualHost> |
設定好之後,要記得重載設定檔