时间戳

首页 > 解决方案 > 如何使用反向代理将 HTTPS 端口 80 请求重定向到 HTTPS 端口 8080 上的 Spring Boot 后端服务器应用程序?

https - 如何使用反向代理将 HTTPS 端口 80 请求重定向到 HTTPS 端口 8080 上的 Spring Boot 后端服务器应用程序?

问题描述

安装/运行:

问题:通过将 HTTPS 请求(https:// 或 https://:443)重定向到 https://:8080,使后端服务器和端口可通过普通 HTTPS 端口 (443) 访问

标签: httpsproxybackendreverse

解决方案

这花了很长时间才弄清楚。关键是检查日志文件,默认位置(var/log/apache2),然后得出关键缺失指令是

SSLProxyEngine On
SSLProxyCheckPeerName Off

完整的说明如下:

启用 SSL

sudo a2enmod ssl

重启阿帕奇

systemctl restart apache2

生成自签名证书

sudo openssl genrsa -out ca.key 2048

生成证书签名请求

sudo openssl req -nodes -new -key ca.key -out ca.csr

您应该看到以下输出:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:NL
State or Province Name (full name) [Some-State]:NEDERLAND
Locality Name (eg, city) []:AMSTERDAM
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ORG
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:MYNAME
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

生成有效期为 365 天的 X509 类型的自签名证书 (ca.crt)

sudo openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

创建一个目录来放置我们创建的证书文件。

sudo mkdir /etc/apache2/ssl

接下来,将所有证书文件复制到 /etc/apache2/ssl 目录。

sudo cp ca.crt ca.key ca.csr /etc/apache2/ssl/

现在所有的证书都准备好了。接下来要做的是设置 Apache 以显示新证书。

为此,您需要创建新的虚拟主机文件 proxy-ssl-host.conf

nano /etc/apache2/sites-available/proxy-ssl-host.conf

添加以下内容:

<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        #DocumentRoot /
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine On
        # Set the path to SSL certificate
        # Usage: SSLCertificateFile /path/to/cert.pem
        SSLCertificateFile /etc/apache2/ssl/ca.crt
        SSLCertificateKeyFile /etc/apache2/ssl/ca.key
        SSLProxyEngine On
        SSLProxyCheckPeerName Off
        ProxyPreserveHost On
        ProxyPass / https://127.0.0.1:8080/
        ProxyPassReverse / http://127.0.0.1:8080/
        ProxyPassReverse /alert https://127.0.0.1:8080/alert
        ServerName localhost
</VirtualHost>

保存并关闭文件。

启用新的虚拟主机文件:

sudo a2ensite proxy-ssl-host.conf

现在,重新启动 Apache 服务以使此更改生效:

systemctl restart apache2

而已。您现在可以使用 URL
https://<your server>访问您的后端服务器

推荐阅读