如标题所示,我尝试让 Jira 在 Apache SSL 代理后面运行。
我能够在没有 SSL 的情况下使它工作,但现在我在 502 上苦苦挣扎。当我尝试访问 https://localhost/localhost:8080(这在我在 jira 中设置代理之前没有加密工作)https://127.0.0.1 和其他一些。
这是 Jira 连接器配置。
<Connector port="8080"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
scheme="https"
proxyName="localhost"
proxyPort="443"
/>
<!--
现在 Apache VHost 配置很抱歉新配置
ProxyRequests On
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
SSLProxyEngine on
ServerName localhost
ServerAlias jira.ecoledelexcellence.ca
ServerAlias 192.168.0.116
ProxyRequests Off
ProxyPreserveHost On
# <Proxy *>
# Order deny,allow
# Allow from all
# </Proxy>
ProxyPass / https://127.0.0.1:8080/ retry=0
ProxyPassReverse / https://127.0.0.1:8080/ retry=0
<Location />
Order allow,deny
Allow from all
</Location>
#HTTP => HTTPS rewrite
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
感谢任何提示
最佳答案
进入 Tomcat,您应该在连接器配置中添加它是一个安全通道:
secure="true"
这告诉 Tomcat 即使 SSL 引擎没有在这个连接器上初始化,传入的连接也被认为是“安全的”。
proxyName 应该是机器的外部可见名称,如果 webapp 使用 scheme、proxyName 和 proxyPort 变量来构造一个网址,见:Tomcat Proxy Support
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html
Set this attribute to true if you wish to have calls to request.isSecure() to return true for requests received by this Connector. You would want this on an SSL Connector or a non SSL connector that is receiving data from a SSL accelerator, like a crypto card, a SSL appliance or even a webserver.
(也适用于 AJP 连接器)
HTTP:
对于 ProxyPass*,您不需要 https 中的“s”。
此外,您最后不需要重写,它会强制所有传入连接为纯 http。
关于apache - CentOS 上 Apache SSL 代理背后的 Jira,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20926592/