1. Accueil
  2. Question et réponse
  3. rediriger une adresse IP interne de HTTP à HTTPS avec Apache

rediriger une adresse IP interne de HTTP à HTTPS avec Apache

2010-09-29 14 views
1

Salut à tous- J'ai regardé ceci ici et Google mais aucune des suggestions ne semble fonctionner pour moi. Je travaille sur un site interne à ce stade donc les points de terminaison sont des adresses IP par rapport aux URL. L'accès au site via HTTPS fonctionne, mais HTTP dit simplement "Impossible d'établir une connexion". Je n'arrive pas à trouver quoi que ce soit dans les journaux qui explique pourquoi. J'ai des avertissements à propos de mon CERT car il est auto-signé mais je ne pense pas que cela le cause. J'ai essayé une réécriture et une redirection à la fois séparément sans chance. Je les ai tous les deux commentés ci-dessous, mais j'ai essayé l'un ou l'autre.rediriger une adresse IP interne de HTTP à HTTPS avec Apache

#<VirtualHost *:80> 
# RewriteEngine On 
# RewriteCond %{HTTPS} off 
# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} 
#</VirtualHost> 
<VirtualHost *:443> 
    ServerName 192.168.xxx.xxx 
    ProxyRequests Off 
    ProxyPreserveHost On 
    SSLEngine On 
    SSLCertificateFile /etc/httpd/ssl/server.crt 
    SSLCertificateKeyFile /etc/httpd/ssl/server.key 
    ProxyPass/http://localhost:8080/ 
    ProxyPassReverse/http://localhost:8080/ 
    <Proxy *> 
     Order deny,allow 
     Allow from all 
    </Proxy> 
</VirtualHost> 
#Redirect permanent http://192.168.xxx.xxx https://192.168.xxx.xxx

Il s'agit du journal des erreurs d'une requête. Le fichier rewrite_log reste vide.

[Wed Sep 29 17:22:17 2010] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0 
[Wed Sep 29 17:22:17 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) 
[Wed Sep 29 17:22:17 2010] [info] Init: Seeding PRNG with 256 bytes of entropy 
[Wed Sep 29 17:22:17 2010] [notice] SSL FIPS mode disabled 
[Wed Sep 29 17:22:17 2010] [info] Loading certificate & private key of SSL-aware server 
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required 
[Wed Sep 29 17:22:17 2010] [info] Init: Generating temporary RSA private keys (512/1024 bits) 
[Wed Sep 29 17:22:17 2010] [info] Init: Generating temporary DH parameters (512/1024 bits) 
[Wed Sep 29 17:22:17 2010] [info] Init: Initializing (virtual) servers for SSL 
[Wed Sep 29 17:22:17 2010] [info] Configuring server for SSL protocol 
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_init.c(465): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) 
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_init.c(420): Configuring TLS extension handling 
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_init.c(792): Configuring RSA server certificate 
[Wed Sep 29 17:22:17 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) 
[Wed Sep 29 17:22:17 2010] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!? 
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_init.c(831): Configuring RSA server private key 
[Wed Sep 29 17:22:17 2010] [info] mod_ssl/2.2.16 compiled against Server: Apache/2.2.16, Library: OpenSSL/1.0.0a-fips 
[Wed Sep 29 17:22:17 2010] [notice] Digest: generating secret for digest authentication ... 
[Wed Sep 29 17:22:17 2010] [notice] Digest: done 
[Wed Sep 29 17:22:17 2010] [debug] util_ldap.c(1990): LDAP merging Shared Cache conf: shm=0x1df29a8 rmm=0x1df29d8 for VHOST: 192.168.xxx.xxx 
[Wed Sep 29 17:22:17 2010] [debug] util_ldap.c(1990): LDAP merging Shared Cache conf: shm=0x1df29a8 rmm=0x1df29d8 for VHOST: jira.test.com 
[Wed Sep 29 17:22:17 2010] [debug] util_ldap.c(1990): LDAP merging Shared Cache conf: shm=0x1df29a8 rmm=0x1df29d8 for VHOST: jira.test.com 
[Wed Sep 29 17:22:17 2010] [info] APR LDAP: Built with OpenLDAP LDAP SDK 
[Wed Sep 29 17:22:17 2010] [info] LDAP: SSL support available 
[Wed Sep 29 17:22:17 2010] [info] Init: Seeding PRNG with 256 bytes of entropy 
[Wed Sep 29 17:22:17 2010] [notice] SSL FIPS mode disabled 
[Wed Sep 29 17:22:17 2010] [info] Loading certificate & private key of SSL-aware server 
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required 
[Wed Sep 29 17:22:17 2010] [info] Init: Generating temporary RSA private keys (512/1024 bits) 
[Wed Sep 29 17:22:17 2010] [info] Init: Generating temporary DH parameters (512/1024 bits) 
[Wed Sep 29 17:22:17 2010] [debug] ssl_scache_shmcb.c(253): shmcb_init allocated 512000 bytes of shared memory 
[Wed Sep 29 17:22:17 2010] [debug] ssl_scache_shmcb.c(272): for 511952 bytes (512000 including header), recommending 32 subcaches, 133 indexes each 
[Wed Sep 29 17:22:17 2010] [debug] ssl_scache_shmcb.c(306): shmcb_init_memory choices follow 
[Wed Sep 29 17:22:17 2010] [debug] ssl_scache_shmcb.c(308): subcache_num = 32 
[Wed Sep 29 17:22:17 2010] [debug] ssl_scache_shmcb.c(310): subcache_size = 15996 
[Wed Sep 29 17:22:17 2010] [debug] ssl_scache_shmcb.c(312): subcache_data_offset = 2144 
[Wed Sep 29 17:22:17 2010] [debug] ssl_scache_shmcb.c(314): subcache_data_size = 13852 
[Wed Sep 29 17:22:17 2010] [debug] ssl_scache_shmcb.c(316): index_num = 133 
[Wed Sep 29 17:22:17 2010] [info] Shared memory session cache initialised 
[Wed Sep 29 17:22:17 2010] [info] Init: Initializing (virtual) servers for SSL 
[Wed Sep 29 17:22:17 2010] [info] Configuring server for SSL protocol 
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_init.c(465): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) 
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_init.c(420): Configuring TLS extension handling 
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_init.c(792): Configuring RSA server certificate 
[Wed Sep 29 17:22:17 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) 
[Wed Sep 29 17:22:17 2010] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!? 
[Wed Sep 29 17:22:17 2010] [debug] ssl_engine_init.c(831): Configuring RSA server private key 
[Wed Sep 29 17:22:17 2010] [info] mod_ssl/2.2.16 compiled against Server: Apache/2.2.16, Library: OpenSSL/1.0.0a-fips 
[Wed Sep 29 17:22:17 2010] [error] avahi_entry_group_add_service_strlst("192.168.xxx.xxx") failed: Invalid host name 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 6661 for worker proxy:reverse 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 6660 for worker proxy:reverse 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 6660 for (*) 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 6660 for worker http://localhost:8080/ 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 6660 for (localhost) 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 6662 for worker proxy:reverse 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 6661 for (*) 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 6663 for worker proxy:reverse 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 6661 for worker http://localhost:8080/ 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker http://localhost:8080/ already initialized 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 6663 for (*) 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 6663 for worker http://localhost:8080/ 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 6661 for (localhost) 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker http://localhost:8080/ already initialized 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 6663 for (localhost) 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 6662 for (*) 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 6662 for worker http://localhost:8080/ 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker http://localhost:8080/ already initialized 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 6662 for (localhost) 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 6664 for worker proxy:reverse 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 6664 for (*) 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 6664 for worker http://localhost:8080/ 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker http://localhost:8080/ already initialized 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 6664 for (localhost) 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 6665 for worker proxy:reverse 
[Wed Sep 29 17:22:17 2010] [notice] Apache/2.2.16 (Unix) DAV/2 mod_ssl/2.2.16 OpenSSL/1.0.0a-fips configured -- resuming normal operations 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized 
[Wed Sep 29 17:22:17 2010] [info] Server built: Jul 27 2010 15:58:08 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 6665 for (*) 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 6665 for worker http://localhost:8080/ 
[Wed Sep 29 17:22:17 2010] [debug] prefork.c(1013): AcceptMutex: sysvsem (default: sysvsem) 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker http://localhost:8080/ already initialized 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 6665 for (localhost) 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 6666 for worker proxy:reverse 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 6666 for (*) 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 6666 for worker http://localhost:8080/ 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 1 in child 6667 for worker proxy:reverse 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker http://localhost:8080/ already initialized 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 1 in child 6667 for (*) 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 6666 for (localhost) 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 6667 for worker http://localhost:8080/ 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1837): proxy: worker http://localhost:8080/ already initialized 
[Wed Sep 29 17:22:17 2010] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 6667 for (localhost)

Source

2010-09-29 Dustin

Répondre

1

Si votre première partie de ce fichier est commenté, Apache n'a pas de config dire à écouter sur le port 80 (http).

Vous avez besoin des deux sites en cours d'exécution afin que les deux vous donnera une réponse (même si la réponse HTTP est juste « aller à HTTPS »)

Source

2010-09-29 23:01:38 Gareth

+0

Désolé, je vois que vous avez délibérément commenté le code ci-dessus. Que se passe-t-il lorsque les deux sections VirtualHost ne sont pas commentées? La requête HTTP échoue-t-elle ou redirige-t-elle vers la page HTTPS, qui échoue? – Gareth

+0

Lorsque les deux sections VirtualHost ne sont pas commentées HTTPS se résout correctement; l'adresse HTTP renvoie 'Firefox ne peut pas établir de connexion avec le serveur'. Au-dessus de ces sections, j'ai 'NameVirtualHost *: 80' et ' NameVirtualHost *: 443'. – Dustin

+0

Y at-il un journal que je peux vérifier pour voir si la requête a été reçue par Apache et si la réécriture a eu lieu? Je ne vois cela dans aucun des fichiers du répertoire httpd/logs. – Dustin

 Questions connexes

  • Aucun problème connexe^_^