CentOS 7 中用於戰爭文件的 SSL 加密代理伺服器
如何將
CentOS 7Web 伺服器配置為僅提供來自文件的SSL加密內容,並在代理伺服器後面執行?war``tomcat我想這涉及使用
firewalld,https和tomcat. 那https是httpd. 目前,當我在埠 8080 上公開文件時,war文件可以完美執行。但我想阻止所有外部訪問埠 8080。這個問題是關於如何在-encrypted後面結束。tomcat``tomcat``tomcat``SSL``proxy server這是我到目前為止所擁有的。
公眾
zone號firewalld是:[root@xxx-xx-xxx-xx conf]# firewall-cmd --list-all public (default, active) interfaces: enp3s0 sources: services: https ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules:
/usr/lib/firewalld/services/https.xml看起來像這樣:<?xml version="1.0" encoding="utf-8"?> <service> <short>Secure WWW (HTTPS)</short> <description>HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.</description> <port protocol="tcp" port="443"/> </service>我
/etc/httpd/conf/httpd.conf可以通過點擊此連結準備好。請注意,我刪除了很多與文件/目錄權限相關的內容,因為我只想httpd充當tomcat. 我還添加了一個virtualhost標籤。我需要添加任何東西httpd.conf嗎?另外,會因為我添加到publichttpd而被自動呼叫嗎?https``firewalld``zone我的
/opt/tomcat/conf/server.xml可以在這個連結上閱讀。編輯:
嘗試重新啟動 httpd 失敗。結果如下:
[username@server.ip.address ~]# systemctl restart httpd.service Job for httpd.service failed. See 'systemctl status httpd.service' and 'journalctl -xn' for details. [username@server.ip.address ~]# systemctl status httpd.service -l httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled) Active: failed (Result: exit-code) since Thu 2014-12-11 15:38:00 EST; 59s ago Process: 31036 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS) Process: 31034 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE) Main PID: 31034 (code=exited, status=1/FAILURE) Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec" Dec 11 15:38:00 server.ip.address.static.servdns.com httpd[31034]: AH00526: Syntax error on line 58 of /etc/httpd/conf/httpd.conf: Dec 11 15:38:00 server.ip.address.static.servdns.com httpd[31034]: Invalid command '...///', perhaps misspelled or defined by a module not included in the server configuration Dec 11 15:38:00 server.ip.address.static.servdns.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE Dec 11 15:38:00 server.ip.address.static.servdns.com systemd[1]: Failed to start The Apache HTTP Server. Dec 11 15:38:00 server.ip.address.static.servdns.com systemd[1]: Unit httpd.service entered failed state.編輯#2:
我更改了
virtualhost標籤,在 處添加了一個簡單的index.html文件/www/example1/index.html,然後添加了一個文件標籤,httpd.conf如下所示:<VirtualHost *:443> DocumentRoot /www/example1/ SSLEngine on SSLProxyEngine on SSLCertificateFile /etc/pki/tls/certs/some.crt SSLCertificateChainFile /etc/pki/tls/certs/bundle.crt SSLCertificateKeyFile /etc/pki/tls/private/some.key # ProxyPass / http://local_host:8080/ # ProxyPassReverse / http://local_host:8080/ </VirtualHost> <Directory "/www/example1/"> Options None AllowOverride None allow from all </Directory>但是現在
https://server.ip.address在瀏覽器中輸入結果Unable to connect. Firefox can't establish a connection to the server at server.ip.address
聽上去,你在追求一個
reverse proxy. 一個快速的Google將顯示一個很好的選擇可能的解決方案。一個簡單的選擇是使用
apache您已經安裝的 Web 伺服器作為您的代理。為此,您需要更改
httpd.conf並添加:<VirtualHost your.domain.name:443> SSLEngine on SSLProxyEngine on SSLCertificateFile /etc/pki/tls/certs/your_public.crt SSLCertificateChainFile /etc/pki/tls/certs/bundle.crt SSLCertificateKeyFile /etc/pki/tls/private/your_private.key ProxyPass / http://ip.addr:8080/myappname ProxyPassReverse / http://ip.addr:8080/myappname </VirtualHost>注意:從
local_host上面刪除下劃線 - SE 不允許我將其作為一個單詞發布!根據您的其他配置,可能需要進行細微調整,但以上內容應該可以幫助您入門。