apache做雙向認證反向代理
阿新 • • 發佈:2019-01-18
1.原始碼安裝apache
下載apr-1.5.2.tar.gz、 apr-util-1.5.4.tar.gz、 httpd-2.4.17.tar.gz、 pcre-8.37.tar.gz
將以上原始碼包上傳伺服器隨意路徑
解壓:
tar zxvf apr-1.5.2.tar.gz
tar zxvf apr-util-1.5.4.tar.gz
tar zxvf httpd-2.4.17.tar.gz
tar zxvf pcre-8.37.tar.gz
安裝:(編譯器安前安裝gcc-c++:yum -y install gcc-c++)
cd pcre-8.37
./configure ;make ;make install
cd apr-1.5.2
./configure ;make ;make install
cd apr-util-1.5.4
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
make
make install
cd httpd-2.4.17
./configure --prefix=/usr/local/apache --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-shared=max --enable-module=rewirte --enable-module=so --enable-mods-shared=all
make
make install
2.配置雙向認證
將所需全部證書上傳到/usr/local/apache/ssl
cd /usr/local/apache/conf
vim httpd.conf
取消 LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
前面的註釋(刪除#)
:wq
cd /usr/local/apache/conf/extra
vim httpd-ssl.conf
將SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)" 註釋
SSLCertificateFile "/usr/local/apache/ssl/mykey.crt" 配置服務端crt證書
SSLCertificateKeyFile "/usr/local/apache/ssl/mykey.key" 配置服務端key
SSLCertificateChainFile "/usr/local/apache/ssl/serverca.crt" 配置服務點證書鏈
SSLCACertificatePath "/usr/local/apache/ssl/" 客戶端證書路徑
SSLCACertificateFile "/usr/local/apache/ssl/ca.crt" 配置客戶端證書
取消SSLVerifyClient require
SSLVerifyDepth 10
此兩行前的註釋。
:wq
3.配置反向代理
cd /usr/local/apache/conf
vim httpd.conf
取消 LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
前的註釋
cd /usr/local/apache/conf/extra
vim httpd-ssl.conf
在結尾</VirtualHost>前新增如下內容(例如將本機https://127.0.0.1/ 代理騰訊主頁)
ProxyPass / http://www.qq.com/
ProxyPassReverse / http://www.qq.com/
ProxyPassReverseCookieDomain www.qq.com 127.0.0.1
:wq
下載apr-1.5.2.tar.gz、 apr-util-1.5.4.tar.gz、 httpd-2.4.17.tar.gz、 pcre-8.37.tar.gz
將以上原始碼包上傳伺服器隨意路徑
解壓:
tar zxvf apr-1.5.2.tar.gz
tar zxvf apr-util-1.5.4.tar.gz
tar zxvf httpd-2.4.17.tar.gz
tar zxvf pcre-8.37.tar.gz
安裝:(編譯器安前安裝gcc-c++:yum -y install gcc-c++)
cd pcre-8.37
./configure ;make ;make install
cd apr-1.5.2
./configure ;make ;make install
cd apr-util-1.5.4
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
make
make install
cd httpd-2.4.17
./configure --prefix=/usr/local/apache --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-shared=max --enable-module=rewirte --enable-module=so --enable-mods-shared=all
make
make install
2.配置雙向認證
將所需全部證書上傳到/usr/local/apache/ssl
cd /usr/local/apache/conf
vim httpd.conf
取消 LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
前面的註釋(刪除#)
:wq
cd /usr/local/apache/conf/extra
vim httpd-ssl.conf
將SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)" 註釋
SSLCertificateFile "/usr/local/apache/ssl/mykey.crt" 配置服務端crt證書
SSLCertificateKeyFile "/usr/local/apache/ssl/mykey.key" 配置服務端key
SSLCertificateChainFile "/usr/local/apache/ssl/serverca.crt" 配置服務點證書鏈
SSLCACertificatePath "/usr/local/apache/ssl/" 客戶端證書路徑
SSLCACertificateFile "/usr/local/apache/ssl/ca.crt" 配置客戶端證書
取消SSLVerifyClient require
SSLVerifyDepth 10
此兩行前的註釋。
:wq
3.配置反向代理
cd /usr/local/apache/conf
vim httpd.conf
取消 LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
前的註釋
cd /usr/local/apache/conf/extra
vim httpd-ssl.conf
在結尾</VirtualHost>前新增如下內容(例如將本機https://127.0.0.1/ 代理騰訊主頁)
ProxyPass / http://www.qq.com/
ProxyPassReverse / http://www.qq.com/
ProxyPassReverseCookieDomain www.qq.com 127.0.0.1
:wq