我有一个web服务,我通过按原样键入以下URL(字符对字符(来访问它:
http://10.115.252.127:8980/opennms/login.jsp
网站文件由/opt/opennms/jetty-webapps/opennms/提供
我的目标是使用Apache(httpd.conf(来强制到此URL的任何流量使用SSL,而不再使用HTTP。
- 我已成功安装SSL证书,没有任何问题
- 我已经配置了一个VirtualHost指令,将端口80重定向到443
- 只有/var/www/html/*下的站点被成功重定向
示例:http://10.115.252.127/numbers成功重定向到https://10.115.252.127/numbershttp://10.115.252.127/charts成功重定向到https://10.115.252.127/charts
但是,当我输入URL时http://10.115.252.127:8980/opennms/login.jsp它总是作为HTTP。。。我如何使它像其他一样用作HTTPS?我已经查看了论坛,所有的帖子都认为你会一直重定向端口80,而不会在我解释的场景中谈论如何使用SSL。我在端口3000上运行的另一个服务也有同样的问题http://10.115.252.127:3000/login
===从我的httpd.conf===中提取
<VirtualHost *:80>
ServerName 10.115.252.127
Redirect permanent / https://10.115.252.127/
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert_mtocb2500lbscorp.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mtocb2500-lbscorp.key
ServerName 10.115.252.127
#Documentroot /var/www/html
</VirtualHost>
根据您对我理解的确认,以下是您可以做的:
############################################################################
Listen 80
# All connections on port 80 are redirected to port 443
<VirtualHost *:80>
ServerName www.example.com
CustomLog "logs/80_access.log" combined
ErrorLog "logs/80_error.log"
Redirect permanent / https://www.example.com
# No documentRoot, no content
</VirtualHost>
############################################################################
Listen 443
# All URI are answered from the documentRoot directory
# EXCEPT /openms, which is proxied to :8980
<VirtualHost *:443>
ServerName www.example.com
# temporary, remove when tests done
LogLevel debug
CustomLog "logs/443_access.log" combined
Errorlog "logs/443_error.log"
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert_mtocb2500lbscorp.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mtocb2500-lbscorp.key
# For your redirection to 8980
ProxyPass /opennms "https://www.example.com:8980/"
ProxyPassReverse /opennms "https://www.example.com:8980/"
documentRoot "/yourdir/apache/htdocs"
DirectoryIndex index.html
</VirtualHost>
先决条件
- 必须加载代理模块
- 必须加载重写模块
- 端口8980链接到一些其他软件。Apache不处理8980