ApacheRe+Proxy文档.docx
《ApacheRe+Proxy文档.docx》由会员分享,可在线阅读,更多相关《ApacheRe+Proxy文档.docx(51页珍藏版)》请在冰豆网上搜索。
ApacheRe+Proxy文档
ForcingURLRewritebeforeProxypass
Apache:
2.2.0
Ineedto
a)requireSSLonrequeststo/secure(i.e., http:
//server/secure ->
https:
//server/secure)
b)andasthesecondstep,offload(proxy) https:
//server/secure to
http:
//server:
8080/secure
IthoughtIcouldaccomplish(a)usingmod_rewriteand(b)usingProxypass
asfollows:
RewriteEngineOn
RewriteLog"/tmp/http.log"
RewriteLogLevel9
RewriteCond%{SERVER_PORT}!
443$
RewriteRule^/secure(.*)https:
//%{HTTP_HOST}:
443/secure$1[R=301,L]
//clusterx>
BalancerMember http:
//localhost:
8080/
ProxyPass/securebalancer:
//clusterx/
However,thisdoesnotwork.Arequest http:
//server/secure isdirectly
forwardedto
http:
//server:
8080/secure
IsthereanywaytoforceRewritebeforeproxypass?
Plhelp..
Thanx,
/U
--
Viewthismessageincontext:
SentfromtheApacheHTTPServer-UsersmailinglistarchiveatN.
---------------------------------------------------------------------
TheofficialUser-To-UsersupportforumoftheApacheHTTPServerProject.
Seehttp:
//httpd.apache.org/userslist.html>formoreinfo.
Tounsubscribe,e-mail:
users-unsubscribe[at]httpd
"fromthedigest:
users-digest-unsubscribe[at]httpd
Foradditionalcommands,e-mail:
users-help[at]httpd
coveneratgmail
Jul 31, 2009, 5:
37 PM
Post#2of7(6561views)
Permalink
Re:
ForcingURLRewritebeforeProxypass [Inreplyto]
OnFri,Jul31,2009at8:
20PM,/Uwrote:
>
>Apache:
2.2.0
>
>Ineedto
>�a)requireSSLonrequeststo/secure(i.e., http:
//server/secure ->
> https:
//server/secure)
>�b)andasthesecondstep,offload(proxy) https:
//server/secure to
> http:
//server:
8080/secure
>
>IthoughtIcouldaccomplish(a)usingmod_rewriteand(b)usingProxypass
>asfollows:
>
>RewriteEngineOn
>RewriteLog�"/tmp/http.log"
>RewriteLogLevel9
>RewriteCond%{SERVER_PORT}!
443$
>RewriteRule^/secure(.*)https:
//%{HTTP_HOST}:
443/secure$1[R=301,L]
>
>//clusterx>
>BalancerMember http:
//localhost:
8080/
>
>ProxyPass/securebalancer:
//clusterx/
>
>However,thisdoesnotwork.Arequest http:
//server/secure isdirectly
>forwardedto
> http:
//server:
8080/secure
>
>
>IsthereanywaytoforceRewritebeforeproxypass?
Usethe"P"flaginrewriteinsteadofProxyPass,andyoucancontrol
theflowdirectly.
--
EricCovener
covener[at]gmail
---------------------------------------------------------------------
TheofficialUser-To-UsersupportforumoftheApacheHTTPServerProject.
Seehttp:
//httpd.apache.org/userslist.html>formoreinfo.
Tounsubscribe,e-mail:
users-unsubscribe[at]httpd
"fromthedigest:
users-digest-unsubscribe[at]httpd
Foradditionalcommands,e-mail:
users-help[at]httpd
uma_rkatcomcast
Jul 31, 2009, 6:
32 PM
Post#3of7(6577views)
Permalink
Re:
ForcingURLRewritebeforeProxypass [Inreplyto]
Thanksforthenote.
WhenIusethePflagwiththeRewriteRule,ProxyPass
fails,sinceIdonothaveanSSLProxy.
WhatIhaveisthis:
(Apachewebserver)<----->Tomcatservletcontainer
WhatIneedisto:
-requireallrequestsfor^/secure/...tobemadethruhttps
-terminateSSLonApache
-afterSSLtermination,forwardallrequestsfor^/secure/
to http:
//localhost:
8080/secure
IdonotwanttoproxySSLontoomcatfromApache.
AmIheadedintherightdirectionwithregardstotheconfiguration?
Thanx!
/U
EricCovenerwrote:
>
>OnFri,Jul31,2009at8:
20PM,/Uwrote:
>>
>>Apache:
2.2.0
>>
>>Ineedto
>>聽a)requireSSLonrequeststo/secure(i.e., http:
//server/secure ->
>> https:
//server/secure)
>>聽b)andasthesecondstep,offload(proxy) https:
//server/secure to
>> http:
//server:
8080/secure
>>
>>IthoughtIcouldaccomplish(a)usingmod_rewriteand(b)usingProxy
>>pass
>>asfollows:
>>
>>RewriteEngineOn
>>RewriteLog聽"/tmp/http.log"
>>RewriteLogLevel9
>>RewriteCond%{SERVER_PORT}!
443$
>>RewriteRule^/secure(.*)https:
//%{HTTP_HOST}:
443/secure$1[R=301,L]
>>
>>//clusterx>
>>BalancerMember http:
//localhost:
8080/
>>
>>ProxyPass/securebalancer:
//clusterx/
>>
>>However,thisdoesnotwork.Arequest http:
//server/secure isdirectly
>>forwardedto
>> http:
//server:
8080/secure
>>
>>
>>IsthereanywaytoforceRewritebeforeproxypass?
>
>Usethe"P"flaginrewriteinsteadofProxyPass,andyoucancontrol
>theflowdirectly.
>
>
>
>--
>EricCovener
>covener[at]gmail
>
>---------------------------------------------------------------------
>TheofficialUser-To-UsersupportforumoftheApacheHTTPServerProject.
>Seehttp:
//httpd.apache.org/userslist.html>formoreinfo.
>Tounsubscribe,e-mail:
users-unsubscribe[at]httpd
>"fromthedigest:
users-digest-unsubscribe[at]httpd
>Foradditionalcommands,e-mail:
users-help[at]httpd
>
>
>
--
Viewthismessageincontext:
SentfromtheApacheHTTPServer-UsersmailinglistarchiveatN.
---------------------------------------------------------------------
TheofficialUser-To-UsersupportforumoftheApacheHTTPServerProject.
Seehttp:
//httpd.apache.org/userslist.html>formoreinfo.
Tounsubscribe,e-mail:
users-unsubscribe[at]httpd
"fromthedigest:
users-digest-unsubscribe[at]httpd
Foradditionalcommands,e-mail:
users-help[at]httpd
awatice-sa
Aug 1, 2009, 3:
24 AM
Post#4of7(6567views)
Permalink
Re:
ForcingURLRewritebeforeProxypass [Inreplyto]
/Uwrote:
>Apache:
2.2.0
>
>Ineedto
>a)requireSSLonrequeststo/secure(i.e., http:
//server/secure ->
> https:
//server/secure)
>b)andasthesecondstep,offload(proxy) https:
//server/secure to
> http:
//server:
8080/secure
>
Idon'tknowthedetails,butthefollowingmaywork:
Youmayneedis2sections,asfollows:
mainconfig:
Listen*:
80
Listen*:
443
...
80>
...
>RewriteEngineOn
>RewriteLog"/tmp/http.log"
>RewriteLogLevel9
>RewriteCond%{SERVER_PORT}!
443$
>RewriteRule^/secure(.*)https:
//%{HTTP_HOST}:
443/secure$1[R=301,L]
>
...
443>
..yourproxystuff..
Thegeneralideabeing:
-thefirstVirtualHostactsasthedefault(andonly)hostforall
requeststoport80.Ifthereisarequestto/secure,itsendsan
externalre-directtothebrowser,re-directingittoHTTPSonport443
-thesecondVirtualHostactsasthedefault(andonly)hostonport
443.ItterminatesSSLandproxiestherequeststoyourTomcat(I
suppose)viaHTTP.
(Notethatyoucouldalsousemod_jkormod_proxy_ajpthere,probably
moreefficiently.)
---------------------------------------------------------------------
TheofficialUser-To-UsersupportforumoftheApacheHTTPServerProject.
Seehttp:
//httpd.apache.org/userslist.html>formoreinfo.
Tounsubscribe,e-mail:
users-unsubscribe[at]httpd
"fromthedigest:
users-digest-unsubscribe[at]httpd
Foradditionalcommands,e-mail:
users-help[at]httpd
jorge.schrauwenatgmail
Aug 1, 2009, 3:
48 AM
Post#5of7(6562views)
Permalink
Re:
ForcingURLRewritebeforeProxypass [Inreplyto]
IfyouwanttogoSSLhereisaneasierwaytocheckforSSL
RewriteEngineOn
RewriteCond%{HTTPS}!
=on[NC]
RewriteRule^/secure(.*)https:
//%{SERVER_NAME}/secure$1[R,L]
YouwayalsowanttolookatthePflagtoproxytherequest.
http:
//httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewriteflags
'proxy|P'(forceproxy)Thisflagforcesthesubstitutionparttobe
internallysentasaproxyrequestandimmediately(rewriteprocessingstops
here)putthroughtheproxy
module//httpd.apache.org/docs/2.2/mod/mod_proxy.html>.
YoumustmakesurethatthesubstitutionstringisavalidURI(typically
startingwithhttp:
//*hostname*)whichcanbehandledbytheApacheproxy
module.Ifnot,youwillgetanerrorfromtheproxymodule.Usethisflag
toachieveamorepowerfulimplementationofthe
ProxyPass//httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass>directive,
tomapremotecontentintothenamespaceofthelocalserver.
Note:
mod_proxy//httpd.apache.org/docs/2.2/mod/mod_proxy.html>must
beenabledinordertousethisflag.
Whicisprobablywhatyouwantedfromthebeginning.
AlsoifyougoAndr�'sway,youcandoa
Redirect/secure https:
//yourdomain/secure
thatshouldbefasterthanrewrite.
~Jorge
OnSat,Aug1,2009at12:
24PM,Andr�Warnierwrote:
>/Uwrote:
>
>>Apache:
2.2.0
>>
>>Ineedto
>>a)requireSSLonrequeststo/secure(i.e., http:
//server/secure ->
>> https:
//server/secure)
>>b)andasthesecondstep,offload(proxy) https:
//server/secure to
>> http:
//server:
8080/secure
>>
>>Idon'tknowthedetails,butthefollowingmaywork:
>
>Youmayneedis2sections,asfollows:
>
>mainconfig:
>Listen*:
80
>Listen*:
443
>
>...
>80>
>...
>
>RewriteEngineOn
>>RewriteLog"/tmp/http.log"
>>RewriteLogLevel9
>>RewriteCond%{SERVER_PORT}!
443$
>>RewriteRule^/secure(.*)https:
//%{HTTP_HOST}:
443/secure$1[