Apache模块"mod_jk“为特定url/上下文使用https的安装重写条件

Question

我确实有一个“简单”的问题，您可能会在几秒钟内回答这个问题;)我设置了一个(v2.2)，这个apache服务器充当平衡器，启用了"mod_jk“。两个不同的应用程序托管在这个服务器上，称为“低”和“高”。我使用的tomcat服务器是V6.0x服务器。

下面是apache httpd.conf (摘要)：

# Load mod_jk module
LoadModule    jk_module  modules/mod_jk-1.2.30-httpd-2.2.3.so
# Where to find workers.properties
JkWorkersFile conf/workers.properties
# loadbalancer contains the first application that may be clustered (runs on more tomcat instances/servers)
JkMount  /high/* loadbalancer
# webworker contains the second application that runs in a single tomcat instance
JkMount  /low/* webworker

如您所见，有两个已定义的映射。第一个“高”指向负载平衡器(2个应用服务器"worker1“和"worker2"，参见下面的worker.properties )。第二个解析为"low“，然后转到webworker (这个服务器上的另一个tomcat实例)。

Worker.properties来了：

# Define worker list
worker.list=worker1,worker2,loadbalancer,webworker

# Set properties for worker1 (ajp13, http=8080, https=8443)
# Note: worker1 runs on the same machine as the serving apache webserver
worker.worker1.type=ajp13
worker.worker1.host=appserver1.example.com
worker.worker1.port=8009
worker.worker1.lbfactor=1

# Set properties for worker2 (ajp13, http=8080, https=8443)
# Note: worker2 runs on a different machine
worker.worker2.type=ajp13
worker.worker2.host=appserver2.example.com
worker.worker2.port=8010
worker.worker2.lbfactor=2

# Set properties for webworker (ajp13, http=9090, https=9443)
# Note: webworker runs on the same machine as the serving apache webserver
worker.webworker.type=ajp13
worker.webworker.host=appserver1.example.com
worker.webworker.port=8010

# Set properties for load balancer
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=worker1, worker2

所以，我的问题是：

：

如何设置映射"low“的所有请求都应该重写为"https"？第二个应用程序"low“应该完全安全地运行。

也就是说，调用"http://www.myapplication.com/low“会导致apache服务器将其重写为"https://www.myapplication.com/low”。

这与"mod_rewrite“是可能的吗？我要把证书文件放在哪里？证书是否配置在tomcat-config (server.xml)或apache-config (或者可能在两个配置文件中)？

(谢谢你的帮助:)

找到了一个解决方案：

Bruno帮助我解决了问题，所以这是我的工作配置(将配置放在名为httpd-vhosts.conf的附加文件中)：

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@example.com
        ServerName appserver1.example.com:443
        SSLEngine       on
        SSLCertificateFile     "conf/ssl.crt/server.crt"
        SSLCertificateKeyFile  "conf/ssl.key/server.key"
        JkMount  /low/* webworker
</VirtualHost>
</IfModule>

<VirtualHost *:80>
        ServerAdmin webmaster@example.com
        ServerName appserver1.example.com
        JkMount /high/* loadbalancer
        <IfModule mod_rewrite.c>
            RewriteEngine On
            RewriteCond %{HTTPS} !=on
            RewriteRule ^/low(.*) https://appserver1.example.com/low$1 [R,L]
        </IfModule>
</VirtualHost>

Answer 1

您是否尝试过这样的方法(假设您已经加载了mod_rewrite)？

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/low(.*) https://%{SERVER_NAME}/low$1 [R,L]

如果您使用Apache作为前端，则需要配置SSL (请参阅国防部的文件_ssl模块)。

通常情况下，这将如下所示：

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@host.name.example
        ServerName host.name.example

        SSLEngine       on
        SSLCertificateFile      /etc/ssl/certs/host.pem
        SSLCertificateKeyFile   /etc/ssl/private/host.key

        # ...
        # (the config file with your distribution will probably have
        #  a sensible set of options for SSL as well.)

        JkMount  /high/* loadbalancer
        JkMount  /low/* webworker
</VirtualHost>
</IfModule>

<VirtualHost *:80>
        ServerAdmin webmaster@host.name.example
        ServerName host.name.example


        # You can put the rewrite rules here for example.

        JkMount  /high/* loadbalancer
        # Don't put this one if you don't want it over plain HTTP
        # JkMount  /low/* webworker
</VirtualHost>