Apache反向代理实现HTTPS

反向代理（Reverse Proxy）是什么？

反向代理（Reverse Proxy）是指以代理服务器来接受Internet上的连接请求，将请求转发给内部或者其他网络上的服务器，并将从服务器上得到的结果返回给Internet上请求连接的客户端，此时代理服务器对外表现为一个服务器。

 

最近在项目上客户要求将已有的认证系统http访问的系统改造成https方式访问，同时要求实现http和https访问共存。

 

 

环境：

负载均衡：192.168.10.10

反向代理1：192.168.10.8

反向代理2：192.168.10.9

app1:192.168.10.6

app2:192.168.10.7

 

一、签发证书

 

1、生成私钥

[root @proxy misc]#openssl genrsa -des3 -out wdfang.com.key 2048
Generating RSA private key, 2048 bit long modulus
..........................+++
.....................................................+++
e is 65537 (0x10001)
Enter pass phrase for wdfang.com.key:               -------输入密码
Verifying - Enter pass phrase for wdfang.com.key:   -------输入密码

 

2、生成CSR证书请求

[root@proxy misc]# openssl req -new -key wdfang.com.key -out wdfang.com.csr
Enter pass phrase for wdfang.com.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:JiangSu
Locality Name (eg, city) [Newbury]:NanJing
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:wdfang.com
Email Address []:webmaster@wdfang.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:            -----------回车
An optional company name []:        -----------回车

 

3、签发证书

[root@proxy misc]# openssl x509 -days 365 -req -in server.csr -signkey server.key -out server.crt
Signature ok

 

二、apache安装

 

1、apache源码编译安装

[root@proxy httpd-2.2.24]#./configure --prefix=/opt/apache \
--enable-so \
--enable-mods-shared=all \
--enable-proxy \
--enable-proxy-connect \
--enable-proxy-ftp \
--enable-proxy-http \
--enable-proxy-ajp \
--enable-proxy-balancer \
--enable-rewrite \
--enable-ssl
[root@proxy httpd-2.2.24]#make && make install

 

2、虚拟主机设置

找到Virtual hosts，去掉Include conf/extra/httpd-ssl.conf头部的#

 

3、反向代理设置

<VirtualHost _default_:443>
#   General setup for the virtual host
ServerName wdfang.com:443
ServerAlias wdfang.com
<IfModule mod_proxy.c>
SSLProxyEngine on
ProxyRequests Off
</IfModule>
<Proxy balancer://webcluster>
BalancerMember http://app1:82 loadfactor=1
BalancerMember http://app2:82 loadfactor=2
ProxySet lbmethod=bytraffic
</Proxy>
ProxyPass / balancer://webcluster/
ProxyPa***everse / balancer://webcluster/
SSLCertificateFile "/opt/apache/conf/server.crt"
SSLCertificateKeyFile "/opt/apache/conf/server.key"
</VirtualHost>

 

转载于:https://blog.51cto.com/wdfang/1243764