我编写了这些Virtual Host条目,用于强制https,并将请求代理到运行在本地8080的Java Spring JSF应用程序的嵌入式tomcat。它适用于子目录,如https://my.site.com/something.jsf,但不是根https域https://my.site.com,这得到重定向到index.html(没有域前缀)。
对于http请求http://my.site.com,它被正确地重定向到https,没有问题。
当我使用相同的proxpass使用*:80时,它工作得很好。
<VirtualHost *:80>
ServerName my.site.com
RedirectPermanent / https://my.site.com/
</VirtualHost>
<VirtualHost *:443>
ServerName my.site.com
ServerAlias my.site.com
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
</VirtualHost>
httpd access_log:
https请求root产生如下日志行:
201.8.25.80 - - [12/Feb/2021:14:37:21 -0300] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36"
httpderror_log没有错误报告.
Tomcat日志:
我在应用程序日志中得到了这个堆栈跟踪,但我不确定这是相关的,因为每次调用根https时都不会记录。
INFO 3093 --- [http-nio-8080-exec-3] o.apache.coyote.http11.Http11Processor : Error parsing HTTP request header
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:479) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:684) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]
我一直在寻找这种行为的可能解决方案和原因,但一无所获…如果有人能帮忙,我会很感激的。
我没有发现为什么根请求在https被错误重定向。但通过添加与根匹配的<LocationMatch>并重定向到index.jsf,保留代理指令,如:
<VirtualHost *:443>
ServerName my.site.com
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
<LocationMatch "^/?$">
Redirect / /index.jsf
</LocationMatch>
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>