如何配置Apache作为反向代理时终止ssl在负载均衡器?
2023-01-22还剩11分08秒
主题:
在某些情况下,您可能会在负载均衡器上终止SSL(因此所有命中反向代理的请求都是http)。如果是,反向代理配置将不同于Artifactory生成的默认配置。
解决方案:
下面是一个apache配置的例子(nginx应该是类似的),重要的部分涉及必要的请求头粗体和下划线:
<虚拟主机>
ProxyPreserveHost上
ServerName test.artifactory.com
ServerAlias * .test.artifactory.com
ErrorLog /var/log/httpd/error - 80. -日志
LogLevel警告
CustomLog /var/log/httpd/access-80.log组合
AllowEncodedSlashes上
RewriteEngine上
RewriteCond %{SERVER_PORT} (.*)
RewriteRule (.*) - [E=my_server_port:%1]
##注意:'REQUEST_SCHEME'报头仅在apache 2.4及以上版本支持
重写%{REQUEST_SCHEME} (.*)
RewriteRule (.*) - [E=my_scheme:%1]
重写%{HTTP_HOST} (.*)
RewriteRule (.*) - [E=my_custom_host:%1]
RewriteCond "%{REQUEST_URI}" "^/(v1|v2)/"
% {HTTP_HOST RewriteCond” }" "^(.*)\. test.artifactory $”
RewriteRule”^ / (v1 | v2 )/(.*)$" "/ artifactory / api /码头工人/ % 1 / 1 / 2美元”[葡文]
RewriteRule ^/$ https://artifactory.test.artifactory/artifactory/webapp/ [R,L]
RewriteRule ^ / artifactory (/) ?$ https://artifactory.test.artifactory/artifactory/webapp/ [R,L]
RewriteRule ^/artifactory/webapp$ https://artifactory.test.artifactory/artifactory/webapp/ [R,L]
RequestHeader设置主机%{my_custom_host}e
RequestHeader设置X-Forwarded-Port 443
##注意:{my_scheme}需要一个只有apache 2.4及以上版本支持的模块
requesttheader设置X-Forwarded-Proto https
RequestHeader设置x - artifactory - overrides - base - url https://artifactory.test.artifactory/artifactory
ProxyPassReverseCookiePath /artifactory /artifactory
ProxyRequests掉
ProxyPreserveHost上
ProxyPass /artifactory/ http://artifactoryhaaz01.azw.gapinc.com:8081/artifactory/
ProxyPassReverse /artifactory/ http://artifactoryhaaz01.azw.gapinc.com:8081/artifactory/
< /虚拟主机>
对于上面的,你也可以选择取出下面的rewriterrules,并让Artifactory处理重定向:
RewriteRule ^/$ https://artifactory.test.artifactory/artifactory/webapp/ [R,L]
RewriteRule ^ / artifactory (/) ?$ https://artifactory.test.artifactory/artifactory/webapp/ [R,L]
RewriteRule ^/artifactory/webapp$ https://artifactory.test.artifactory/artifactory/webapp/ [R,L]
