幾個月之前的記錄,結果現在想在ubuntu17.10上重現一遍,竟然失敗。有必要對apache反向代理進一步總結,深入學習。
1 第一次實驗
1.1 試驗環境
系統版本:
root@ubuntu-14-dev:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.4 LTS
Release: 14.04
Codename: trusty
apache版本:
root@ubuntu-14-dev:~# apachectl -v
Server version: Apache/2.4.7 (Ubuntu)
Server built: Sep 18 2017 16:37:54
用于當做反向代理的主機IP:192.168.80.156
用于提供應用的主機IP:192.168.80.157(另一個apache服務)
安裝方式
源碼安裝
二進制安裝
sudo apt-get install apache2(參考Ubuntu 14.04安裝Apache)
1.2 反向代理
找到apache的配置目錄,默認位于/etc/apache2/(注意這個是對照我的環境,不同的版本以下的配置目錄不同)
.
|__apache2.conf
|__conf-available
| |__*.conf
|__conf-enable
| |__*.conf
|__mods-available
| |__*.conf
|__mods-enable
| |__*.conf
|__ports.conf
|__sites-available
| |__*.conf
|__sites-enable
|__*.conf
在mods-available/proxy.conf文件內修改
<IfModule mod_proxy.c>
# If you want to use apache2 as a forward proxy, uncomment the
# 'ProxyRequests On' line and the <Proxy *> block below.
# WARNING: Be careful to restrict access inside the <Proxy *> block.
# Open proxy servers are dangerous both to your network and to the
# Internet at large.
#
# If you only want to use apache2 as a reverse proxy/gateway in
# front of some web application server, you DON'T need
# 'ProxyRequests On'.
#ProxyRequests On
<Proxy *>
AddDefaultCharset off
Require all granted
#Require local
</Proxy>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
ProxyVia On
ProxyPass "/test" "http://192.168.80.157:56785/"
ProxyPassReverse "/test" "http://192.168.80.157:56785/"
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
根據注釋的提示,如果你想把apache2用作一個反向代理網關,用來代理某些web應用服務,把<proxy *>塊的代碼注釋,不要注釋掉ProxyRequests On
這里發現了一個以前的錯誤,反向代理不需要
ProxyRequest
需要注意的一點是,你還需要將Require all deny修改為Require all granted。查閱apache文檔發現:
Require all granted
? Access is allowed unconditionally.訪問被無條件接受
Require all denied
? Access is denied unconditionally.訪問被無條件拒絕
然后利用ProxyPass和ProxyPassReverse來設置后端應用。
在192.168.80.155的主機瀏覽器中輸入http://192.168.80.156/test,出現的界面和輸入http://192.168.80.157相同。
最簡反向代理配置
在試玩上述的改動之后,我又將配置精簡為:
<IfModule mod_proxy.c>
ProxyPass "/test" "http://192.168.80.157:56785/"
ProxyPassReverse "/test" "http://192.168.80.157:56785/"
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
并使用隱身窗口登錄,反向代理仍然成功。
1.3 正向代理
<IfModule mod_proxy.c>
# If you want to use apache2 as a forward proxy, uncomment the
# 'ProxyRequests On' line and the <Proxy *> block below.
# WARNING: Be careful to restrict access inside the <Proxy *> block.
# Open proxy servers are dangerous both to your network and to the
# Internet at large.
#
# If you only want to use apache2 as a reverse proxy/gateway in
# front of some web application server, you DON'T need
# 'ProxyRequests On'.
ProxyRequests On
# <Proxy *>
# AddDefaultCharset off
# Require all granted
# #Require local
# </Proxy>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
# ProxyVia On
ProxyPass "/" "http://192.168.80.157:56785/"
ProxyPassReverse "/" "http://192.168.80.157:56785/"
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
在IE設置里點擊連接->局域網設置
- [x] 自動檢測設置(A)
代理服務器
- [x] 為LAN使用代理服務器
地址 [gateway-ip]端口[gateway-port]
奇怪的是該設置對chrome同樣有效
以上便是幾個月前使用Ubuntu14進行反向代理的嘗試。下面將對apache反向代理的一些指令和流程的說明。
...表明未完成
首先解決問題吧。google了一篇博客總結的精煉——在Ubuntu17.04/17.10為Nginx設置Apache2反向代理
試了一下原來是Apache2的代理模塊未啟用:
a2enmod proxy
a2enmod proxy_http
然后重啟:
systemctl restart apache2
我的問題解決了,就不樂意繼續總結了。
先留個坑以后慢慢填
...
