Apache 没有向 TomCat 代理 HTTPS 请求，只显示本地 index.html

Question

Centos 7、Apache 2.4、TomCat 7.0.52、Java 1.7

我正在尝试将 Apache 配置为使用 HTTPS 代理 tomcat 服务器（运行 Jira / Confluence）：

(HTTPS:443) -> ApacheServer -> (HTTP:8090 或 HTTPS:8091) TomCat

目前 HTTP 代理工作完美，但我想让 HTTPS 工作。我不介意 Apache 和 Tomcat 之间的连接是否是 SSL（在同一台服务器上）。

当我访问 https://confluence.company.co.uk/ 时，我得到的是 /var/www/html/index.html 而不是代理。

这是来自 tomcat 的 Server.xml：

<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
           maxThreads="200" minSpareThreads="10"
           enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" />

<Connector port="8091" proxyPort="443" proxyName="confluence.company.co.uk"   acceptCount="100"
           connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
           maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" protocol="HTTP/1.1"
           redirectPort="8443" useBodyEncodingForURI="true" scheme="https" secure="true" />

从 Apache 的默认 /etc/httpd/conf.d/ssl.conf 更改的行：

ServerName confluence.company.co.uk:443
SSLCertificateFile /etc/pki/tls/certs/company.pem
SSLCertificateKeyFile /etc/pki/tls/private/company.key

Apache VHost 配置（在 /etc/httpd/conf.d/proxy_vhost.conf 中）：

<VirtualHost *:80>
    ServerName  confluence.company.co.uk
    ProxyRequests Off
    <Proxy *>
    Order deny,allow
    Deny from all
    Allow from all
    </Proxy>
    <Location />
            AuthType Basic
            AuthName "Proxy Auth"
            AuthUserFile /var/www/company-auth/CONFLUENCE/.htpasswd
            Require user ukuser
            Satisfy any
            Deny from all
            Allow from 192.168.0.0/21
    </Location>
    ProxyPreserveHost On
    ProxyPass / http://confluence.company.co.uk:8090/
    ProxyPassReverse / http://confluence.company.co.uk:8090/
</VirtualHost>
<VirtualHost *:443>
    SSLProxyEngine On
    ProxyRequests Off
    <Proxy *>
    Order deny,allow
    Deny from all
    Allow from all
    </Proxy>
    ProxyPreserveHost On
    ProxyPass / https://confluence.company.co.uk:8091/
    ProxyPassReverse / https://confluence.company.co.uk:8091/
</VirtualHost>

更新

httpd.conf：http://pastebin.com/4bzwKLac ssl.conf：http://pastebin.com/M5FpJTMz

当我在 HTTPS 虚拟主机中包含 ServerName 时，httpd 无法启动，并且出现以下错误：

systemctl status httpd
   httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
   Active: failed (Result: exit-code) since Wed 2015-07-22 13:00:22 BST; 7s ago
   Process: 25953 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
   Process: 15243 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
   Process: 25951 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
   Main PID: 25951 (code=exited, status=1/FAILURE)

   Jul 22 13:00:21 confluence.syzygy.co.uk systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
   Jul 22 13:00:22 confluence.syzygy.co.uk kill[25953]: kill: cannot find process ""
   Jul 22 13:00:22 confluence.syzygy.co.uk systemd[1]: httpd.service: control process exited, code=exited status=1
   Jul 22 13:00:22 confluence.syzygy.co.uk systemd[1]: Failed to start The Apache HTTP Server.
   Jul 22 13:00:22 confluence.syzygy.co.uk systemd[1]: Unit httpd.service entered failed state.

日志中似乎没有任何相关内容，除了：

[ssl:warn] [pid 25447] AH01916: Init: (confluence.company.co.uk:443) You configured HTTP(80) on the standard HTTPS(443) port! 

这与 HTTPd 未启动分开发生

更新 2

所以我通过将以下内容移入 ssl.conf 中的虚拟主机来解决这个问题：

    SSLProxyEngine On
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://confluence.company.co.uk:8091/
    ProxyPassReverse / http://confluence.company.co.uk:8091/

为什么我可以在单独的虚拟主机中使用它？

Answer 1

您忘记将 ServerName confluence.company.co.uk 添加到您的 433 虚拟主机。这可能会导致 httpd 默认使用不同的 TLS 虚拟主机。