我理解这个主题在几篇较旧的帖子中进行了讨论,特别 是自签名证书是否会在Apache反向代理之后工作?由@Ryan发布
我面临同样的问题,但无法绕过它.我在Apache HTTP服务器前面将Apache 2.4.12设置为反向代理.我在代理服务器上有有效的证书,但在Oracle HTTP服务器上有自签名的证书.目标是一直执行https,但是每当浏览器到达myhost.domain时,它都会抛出一个证书警告(因为自签名证书).在Oracle HTTP服务器上拥有正式证书不是一种选择,用户浏览器受到限制,因此无法忽略自签名证书警告.
这是我的虚拟主机
LogLevel ERROR ServerName myhost.domain ServerAlias xxx.xxx.xxx.xx DocumentRoot D:/xyz/pubdocs SSLEngine On SSLProxyEngine On SSLCertificateFile certs/myserver.crt SSLCertificateKeyFile certs/myserver.key SSLCertificateChainFile certs/myserver_chain.crt SSLProxyCACertificateFile certs/my_self_signed.pem SSLProxyVerify none SSLProxyCheckPeerName off SSLProxyCheckPeerCN off SSLProxyCheckPeerExpire off SSLProtocol -all +TLSv1 SSLProxyProtocol +SSLv3 +TLSv1 +TLSv1.1 #SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!NULL:RC4+RSA:+HIGH:+MEDIUM ErrorLog "logs/abc-error.log" CustomLog "logs/abc-access.log" cert ProxyRequests Off # IE compatibility Header set X-UA-Compatible "IE=EmulateIE8" # Prevent page from being loaded within an IFrame (Cross-Frame Scripting protection) Header always append X-Frame-Options SAMEORIGIN # Prevent mime sniffing exploint ; disabled breaks PEM Popup image rendering # Header set X-Content-Type-Options: nosniff # Disable caching Header set Cache-Control "no-cache, must-revalidate, private" # Enable X-XSS-Protection Header set X-XSS-Protection: "1; mode=block" ProxyPass / https://myhost.domain/ ProxyPassReverse / https://myhost.domain/
似乎使用以下指令适用于许多人,但似乎并不适合我
SSLProxyVerify无
SSLProxyCheckPeerName关闭
SSLProxyCheckPeerCN关闭
SSLProxyCheckPeerExpire off
还有什么我想念的吗?
任何帮助表示赞赏.
谢谢,拉吉
京公网安备 11010802040832号 | 京ICP备19059560号-6 