mod_proxy + mod_reqrite导致错误502或502

Question

我使用httpd配置(反向代理)将请求转发给代理：

Listen 443 https


    ServerName  public-dns.example.org
    ServerAlias internal-hostname.internal

    ProxyPreserveHost On

    RewriteEngine On

    #check & block some URLs in target service
    RewriteCond %{REQUEST_URI} ^/service
    RewriteRule /service(/(api(/(([a-zA-Z_-]+)(/|/.*swagger.*)?(\.\.)?)?)?)?)?$ - [F,L]

    
      ProxyPreserveHost Off
      ProxyErrorOverride Off
    

    ProxyPass /service/api/ https://services.apps.cloud.example.internal/

    ProxyErrorOverride On

    SSLProxyEngine On
#START - avoid unnecessary checks in internal network - development environment
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off
#END - avoid unnecessary checks in internal network - development environment

#START - not relevant part of config (for this question)
    SSLEngine On
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
    SSLProtocol All -SSLv2 +TLSv1.2
    SSLCipherSuite HIGH:!aNULL:!MD5
    SSLHonorCipherOrder On

    SSLCompression off
    SSLSessionTickets Off
    SSLCertificateFile      /etc/ssl/certs/apache-selfsigned.crt
    SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
#END - not relevant part of config (for this question)

我想丰富对上游服务器的请求--添加一个查询字符串参数，但即使应用rewriteRule并将其转发给代理也有问题。

由于服务使用另一个查询字符串参数，我发现mod_rewrite标志QSA应该处理?/&正确.

当我添加这组重写规则时，所有的rewriteRules尝试都会失败，出现相同的502代理错误。

根据error_log的说法，mod_proxy似乎没有根据上面定义的ProxyPass指令转发它。

    #test - adding query parameter to proxy request

    RewriteCond %{REQUEST_URI} ^/service
# attempt 1 failed - match all under the rewriteCond "^/service", add "queryStringParam" and apply flags QSA & P (proxy)
#    RewriteRule ^(.*)$ $1?queryStringParam=example [QSA,P]
# attempt 2 failed - try the same without QSA
#    RewriteRule ^(.*)$ $1 [P]
# attempt 3/4 failed - try absolute url in target url 
#    RewriteRule ^(.*)$ %{REQUEST_SCHEME}://%{HTTP_HOST}$1?queryStringParam=example [QSA,P]
#    RewriteRule ^(.*)$ %{REQUEST_SCHEME}://%{HTTP_HOST}$1 [P]

所有尝试都失败，代理错误(http 502)：

The proxy server received an invalid response from an upstream server. 
The proxy server could not handle the request "GET /services/api/example-service/list/".

你能给我指出正确的方向吗？谢谢

Answer 1

我发现标志P没有使用ProxyPass指令，而是立即转发到代理。所以目标url需要是上游的url ..。ProxyPass指令可以从原始配置中丢弃。