所以我把我的Domoticz(RPi上的家庭自动化软件(放在代理后面,这样就可以从外部HTTPS地址访问它。这适用于它自己的 Web 界面,但对于它提供的 API,出了点问题。
如果我在浏览器中输入以下 URL,它工作正常:
http://localDomoticzIP:port/json.htm?username=MkE=&password=OVM=&type=command¶m=getversion
但是,如果我使用 HTTPS 版本,则会收到 401 错误:
https://myExternalURL.com/domoticz/json.htm?username=MkE=&password=OVM=&type=command¶m=getversion
正如你所看到的,变化不大,但一个有效,一个无效。
从 myExternalURL.com/domoticz/
到 localDomoticzIP:port
的转换发生在 Apache 中,其中配置文件如下所示:
<VirtualHost *:443>
ServerName myExternalURL.com
ErrorLog ${APACHE_LOG_DIR}/port_443_error.log
CustomLog ${APACHE_LOG_DIR}/port_443_access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/myExternalURL.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myExternalURL.com/privkey.pem
SSLProxyEngine on
ProxyPreserveHost On
ProxyRequests Off
RewriteEngine on
# I don't THINK the 3 lines below are important, since it's there for a
different web page, but I'll leave it in, in case it may mess with
something me knowing
# When Upgrade:websocket header is present, redirect to ws
# Using NC flag (case-insensitive) as some browsers will pass Websocket
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule .* ws://127.0.0.1:8000/socket.io%{REQUEST_URI} [P]
RewriteRule ^/domoticz$ /domoticz/ [R=307]
# The two lines below are for another web page
RewriteRule ^/sprinklers/node$ /sprinklers/node/ [R=307]
RewriteRule ^/sprinklers$ /sprinklers/ [R=307]
ProxyPassMatch /domoticz/?(.*) https://127.0.0.1:444/$1
ProxyPassReverse /domoticz/?(.*) https://127.0.0.1:444/$1
# The four lines below are for another web page
ProxyPassMatch /sprinklers/node(/?)(.*) http://127.0.0.1:8000/$2
ProxyPassReverse /sprinklers/node(/?)(.*) http://127.0.0.1:8000/$2
ProxyPassMatch /sprinklers(/?)(.*) http://127.0.0.1:8091/$2
ProxyPassReverse /sprinklers(/?)(.*) http://127.0.0.1:8091/$2
</VirtualHost>
就像我说的,在浏览器中myExternalURL.com/domoticz/
工作正常,但是如果我向其添加 API 调用,它总是返回 401。
我也尝试从 HTML 页面设置授权标头,但这会导致同样的事情:401。
有没有人知道正在更改并导致这些 401 错误的原因是什么?
事实证明,问题不在于当前的授权,而在于过去的授权。每当您注销时,我的浏览器都不会删除会话ID cookie,这会导致之后尝试进行身份验证时出现各种问题。