使用Apache代理向HTTPS端点投递时出错

Question

在使用Apache的代理模块时，我遇到了一些问题，试图将其发布到HTTPS端点。发送到HTTP端点可以正常工作。我对Apache配置非常陌生，所以我希望你们中的一位能对我做错什么有一些了解。谷歌在这个问题上对我帮助不大。我已经读过的一个帖子的例子是(我没有足够的声誉来发布更多的链接)：

• SOAP faultcode env:Client
  • 我已经验证了soap请求通过SoapUI工作，所以我试图访问的服务似乎没有什么问题。

​

服务器网站的端点托管在上面，代理也是：http://websiteAndProxyServer.com。

要将端点发送到：https://secureServer.com/AccessManagerSOAP的示例端点

以下是我想要做的事情的大致思路：

HTTP ->代理-> HTTPS

代理允许我绕过跨域请求问题。

Apache版本: 2.2.21

jQuery请求：

var url = "http://websiteAndProxyServer.com/idm/AccessManagerSOAP";
        $.ajax({
                url:url,
                type:'POST',
                data: loginRequest,
                success: createUserAndAuthenticateSuccess,
                error: createUserAndAuthenticateError
       });

Httpd.conf中的相关Apache配置：

#=============mod-proxy==================
#       UnComment the proxy_module, proxy_balancer_module & proxy_ajp_module below to
#       use ModProxy for enabling different JSessionID cookie names to be provided.

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

SSLProxyEngine On

ProxyPass /remote/ http://nonRelatedServer.net:8082/
ProxyPass /idm/ https://secureServer.com/

httpd-ssl.conf中的相关Apache配置

##
## SSL Virtual Host Context
##
NameVirtualHost *:443

<VirtualHost _default_:443>
   DocumentRoot "/usr/local/apache2/htdocs"
#  ServerName websiteAndProxyServer.com
#   ServerAlias www.dummy-host.example.com
   ErrorLog "|/usr/local/apache2/bin/rotatelogs /usr/local/apache2/logs/localhost/error_log.%Y-%m-%d 86400"
   CustomLog "|/usr/local/apache2/bin/rotatelogs /usr/local/apache2/logs/localhost/access_log.%Y-%m-%d 86400" vcombined2
   RewriteEngine on
   RewriteOptions inherit

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
#SSLEnable  #I get an error if this is un-commented
SSLEngine on
SSLProxyEngine on

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite DEFAULT:!ADH::RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:+eNULL

#   Server Certificate:
#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that a kill -HUP will prompt again.  Keep
#   in mind that if you have both an RSA and a DSA certificate you
#   can configure both in parallel (to also allow the use of DSA
#   ciphers, etc.)
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
#SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server-dsa.crt

SSLProxyCACertificateFile /usr/local/apache2/conf/ssl.crt/iam.crt
#SSLProxyCACertificateFile /usr/local/apache2/conf/ssl.crt/server.crt

我尝试从目标URL中获取证书，并通过上面的iam.crt引用引用它们。这似乎没什么区别。

使用上面的配置，我得到以下内容：

<?xml version='1.0' ?>
<env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
<env:Body>
<env:Fault>
<faultcode>env:Client</faultcode>
<faultstring>Internal Error</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>

注意，我得到的HTTP代码是200。当我通过SoapUI向上面的端点发送类似的请求时，我会获得成功，因此它必须与我的配置或权限有关。我所缺少的配置中还有别的东西吗？

如有任何建议请见谅。

Answer 1

结果发现，我的配置完全没有问题。相反，我的soap请求格式错误。我没有将请求包含在soap信封中。在做了这个修改后，请求就恢复正常了。

旧要求：

<?xmlversion="1.0"encoding="UTF-8"standalone="yes"?>
<accountCreateRequestxmlns="http://schemaSite.com/schema/">
       <namespaceId>50000003</namespaceId>
       <emailAddress>7e837231-7a3d-495a@g88.net</emailAddress>
       <password>infdafs</password>
       <generateLoginName>false</generateLoginName>
       <loginName>7e837231-7a3d-495a@g88.net</loginName>
       <securityQuestion></securityQuestion>
       <securityAnswer></securityAnswer>
       <securityLevel>LOW</securityLevel>
</accountCreateRequest>

新请求：

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mes="http://schemaSite.com/messages/">
   <soapenv:Header/>
   <soapenv:Body>
      <mes:accountCreateRequest>
         <mes:namespaceId>50000003</mes:namespaceId>
         <mes:emailAddress>7e837231-7a3d-495a@g88.net</mes:emailAddress>
         <mes:password>!fdsuit01</mes:password>
         <mes:generateLoginName>false</mes:generateLoginName>
         <mes:loginName>7e837231-7a3d-495a@g88.net</mes:loginName>
         <mes:securityQuestion></mes:securityQuestion>
         <mes:securityAnswer></mes:securityAnswer>
         <mes:securityLevel>LOW</mes:securityLevel>
      </mes:accountCreateRequest>
   </soapenv:Body>
</soapenv:Envelope>