我正在尝试使用 SSL 配置 Apache 转发代理。以下是我的虚拟主机配置。
Listen 192.168.2.1:12149
<VirtualHost 192.168.2.1:12149>
ServerName ech-192-168-2-1.test.com
SSLEngine On
SSLCertificateFile /opt/ssl/apache-selfsigned-new.crt
SSLCertificateKeyFile /opt/ssl/apache-selfsigned-new.key
ProxyVia On
ProxyRequests On
SSLProxyEngine On
RewriteEngine On
RewriteCond %{REQUEST_URI} !https://www.google.com/ [NC]
RewriteCond %{REQUEST_URI} !http://www.google.com/ [NC]
RewriteRule .* - [F]
</VirtualHost>
场景一:使用Curl尝试访问https://www.goole.com
curl -v --proxy 192.168.2.1:12149 https://www.google.com
* About to connect() to proxy 192.168.2.1 port 12149 (#0)
* Trying 192.168.2.1... connected
* Connected to 192.168.2.1 (192.168.2.1) port 12149 (#0)
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Proxy-Connection: Keep-Alive
>
* Proxy CONNECT aborted
* Closing connection #0
curl: (56) Proxy CONNECT aborted
Seenario 2:使用Curl尝试访问http://www.google.com
curl -v --proxy 192.168.2.1:12149 http://www.google.com
* About to connect() to proxy 192.168.2.1 port 12149 (#0)
* Trying 192.168.2.1... connected
* Connected to 192.168.2.1 (192.168.2.1) port 12149 (#0)
> GET http://www.google.com/ HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: www.google.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 400 Bad Request
< Date: Wed, 15 Feb 2017 10:03:52 GMT
< Server: Apache
< Content-Length: 362
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
</p>
</body></html>
* Closing connection #0
但是当我在虚拟主机中禁用 SSL 并尝试连接出站 http 时,它正在工作。
虚拟主机配置:
Listen 192.168.2.1:12149
<VirtualHost 192.168.2.1:12149>
ServerName ech-192-168-2-1.test.com
#SSLEngine On
#SSLCertificateFile /opt/ssl/apache-selfsigned-new.crt
#SSLCertificateKeyFile /opt/ssl/apache-selfsigned-new.key
ProxyVia On
ProxyRequests On
#SSLProxyEngine On
RewriteEngine On
RewriteCond %{REQUEST_URI} !https://www.google.com/ [NC]
RewriteCond %{REQUEST_URI} !http://www.google.com/ [NC]
RewriteRule .* - [F]
</VirtualHost>
场景一:使用Curl尝试访问https://www.goole.com
curl -v --proxy 192.168.2.1:12149 https://www.google.com
* About to connect() to proxy 192.168.2.1 port 12149 (#0)
* Trying 192.168.2.1... connected
* Connected to 192.168.2.1 (192.168.2.1) port 12149 (#0)
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 500 Internal Server Error
< Date: Wed, 15 Feb 2017 10:13:15 GMT
< Server: Apache
< Content-Length: 546
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<
* Received HTTP code 500 from proxy after CONNECT
* Closing connection #0
curl: (56) Received HTTP code 500 from proxy after CONNECT
Seenario 2:使用Curl尝试访问http://www.google.com
curl -v --proxy 192.168.2.1:12149 http://www.google.com
* About to connect() to proxy 192.168.2.1 port 12149 (#0)
* Trying 192.168.2.1... connected
* Connected to 192.168.2.1 (192.168.2.1) port 12149 (#0)
> GET http://www.google.com/ HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: www.google.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 302 Found
< Date: Wed, 15 Feb 2017 10:14:20 GMT
< Server: Apache
< Location: http://www.cfauth.com/?cfru=aHR0cDovL3d3dy5nb29nbGUuY29tLw==
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Content-Length: 660
< Via: 1.1 ech-192-168-2-1.test.com
<
<HTML><HEAD>
<TITLE>Redirect</TITLE>
</HEAD>
<BODY>
<FONT face="Helvetica">
<big><strong></strong></big><BR>
</FONT>
<blockquote>
<TABLE border=0 cellPadding=1 width="80%">
<TR><TD>
<FONT face="Helvetica">
<big>Redirect (authentication_redirect_to_virtual_host)</big>
<BR>
<BR>
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica">
You are being redirected to the authentication virtual host.
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica">
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Helvetica" SIZE=2>
<BR>
For assistance, contact your network support team.
</FONT>
</TD></TR>
</TABLE>
</blockquote>
</FONT>
</BODY></HTML>
* Connection #0 to host 192.168.2.1 left intact
* Closing connection #0
重置证书,尝试提出这样的请求
curl -x https://proxy.com https://google.com -v -L
在您的虚拟主机中使用它来配置转发 froxy:
代理请求开启 ProxyPreserveHost 打开 订单拒绝、允许 允许所有 ProxyRemote * https://主机名