Apache 配置Https 转发Tomcat Http

时间:2023-03-08 22:55:30
Apache 配置Https 转发Tomcat Http

Apache 相对于nginx的配置对比起来相当复杂啦,朋友之前的系统使用的是Apache需要增加一个虚拟主机,主要配置从Apache转发Tomcat。

首先需要拆解下步骤:

  1. Apache 支持Https;
  2. Apache 代理转发;
  3. Apache https 代理转发Tomcat http;

1.Apache 支持 https

( 1 )打开 apache 安装目录下 conf 目录中的 httpd.conf 文件,找到以下内容并去掉“#”:

#LoadModule ssl_module modules/mod_ssl.so (如果找不到请确认是否编译过 openssl 插件)

#Include conf/extra/httpd-ssl.conf

如果mod_ssl.so 文件不存在的时候

( 2 ) 打开 apache 安装目录下 conf/extra/httpd-ssl.conf 文件 (也可能是conf.d/ssl.conf,与操作系统及安装方式有关),在配置文件中查找以下配置语句:
# 添加 SSL 协议支持协议,去掉不安全的协议

SSLProtocol all -SSLv2 -SSLv3

# 修改加密套件如下

SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM

SSLHonorCipherOrder on

# 证书公钥配置

SSLCertificateFile cert/public.pem

# 证书私钥配置

SSLCertificateKeyFile cert/214105172620338.key

# 证书链配置,如果该属性开头有 '#'字符,请删除掉

SSLCertificateChainFile cert/chain.pem

( 3 ) 重启 Apache。

2.Apache 代理转发

(1)在http.conf 配置文件中开启代理模块

LoadModule proxy_module modules/mod_proxy.so

LoadModule proxy_connect_module modules/mod_proxy_connect.so

LoadModule proxy_ftp_module modules/mod_proxy_ftp.so

LoadModule proxy_http_module modules/mod_proxy_http.so

(2)配置反向代理

<VirtualHost _default_:443>

DocumentRoot "/usr/local/httpd/apache2/htdocs"

ServerName xxx.deercity.cn

ServerAdmin xxx.deercity.cn

ErrorLog "/usr/local/httpd/apache2/logs/error_log"

TransferLog "/usr/local/httpd/apache2/logs/access_log"

ProxyPass / http://127.0.0.1:9080/

ProxyPassReverse / http://127.0.0.1:9080/

</VirtualHost>

3. 配置Apache Https 转发Tomcat Http

(1) 配置Tomcat server.xml 文件,添加proxyPort和scheme如下图:

    <Connector port="9080" protocol="HTTP/1.1"

               connectionTimeout="20000"

               redirectPort="8443"

               proxyPort="443"

               scheme="https"

                />

4.重启启动Tomcat和Apache 实现https 转发Tomcat http

完全的APache配置文件

Listen 443

AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache        "shmcb:/usr/local/httpd/apache2/logs/ssl_scache(512000)"

SSLSessionCacheTimeout  300

SSLMutex  "file:/usr/local/httpd/apache2/logs/ssl_mutex"

ProxyPreserveHost On

<VirtualHost _default_:443>

DocumentRoot "/usr/local/httpd/apache2/htdocs"

ServerName xxx.deercity.cn

ServerAdmin xxx.deercity.cn

ErrorLog "/usr/local/httpd/apache2/logs/error_log"

TransferLog "/usr/local/httpd/apache2/logs/access_log"

ProxyPass / http://127.0.0.1:9080/

ProxyPassReverse / http://127.0.0.1:9080/

SSLEngine on

SSLProxyEngine on

SSLProtocol all -SSLv2

SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

SSLHonorCipherOrder on

SSLCertificateFile "/usr/local/httpd/apache2/conf/cert/public.pem"

SSLCertificateKeyFile "/usr/local/httpd/apache2/conf/cert/214194390240886.key"

SSLCertificateChainFile "/usr/local/httpd/apache2/conf/cert/chain.pem"

<FilesMatch "\.(cgi|shtml|phtml|php)$">

    SSLOptions +StdEnvVars

</FilesMatch>

<Directory "/usr/local/httpd/apache2/cgi-bin">

    SSLOptions +StdEnvVars

</Directory>

BrowserMatch "MSIE [2-5]" \

         nokeepalive ssl-unclean-shutdown \

         downgrade-1.0 force-response-1.0

CustomLog "/usr/local/httpd/apache2/logs/ssl_request_log" \

          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

相关文章