apache - 使用 Apache 和 Raspberry Pi 设置安全代理

Question

我正在尝试设置我自己的安全代理以供我编写的 Django Python 脚本使用，该脚本依赖于安全代理来正确返回 https 请求。这是因为脚本是从美国主机服务器运行的，而我希望响应来自英国。

为了实现这一目标并学习新知识，我正在尝试配置在我的 Raspberry Pi 上运行的 Apache 服务器。 (我没想到会有大量流量!)

我已成功创建 SSL 证书并拥有正确的文件 .pem、.csr(和 .csr)

我相信我已经将它们分别复制到正确的位置:/etc/ssl/private 和/etc/ssl/certs。我认为我现在遇到的唯一问题是 Apache 配置。

目前我正在尝试配置 sites-enabled/default-ssl.conf 文件如下:

    <IfModule mod_ssl.c>
    <VirtualHost _default_:443>
            ServerAdmin webmaster@localhost

            DocumentRoot /var/www/html

            # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
            # error, crit, alert, emerg.
            # It is also possible to configure the loglevel for particular
            # modules, e.g.
            #LogLevel info ssl:warn

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined

            # For most configuration files from conf-available/, which are
            # enabled or disabled at a global level, it is possible to
            # include a line for only one particular virtual host. For example the
            # following line enables the CGI configuration for this host only
            # after it has been globally disabled with "a2disconf".
            #Include conf-available/serve-cgi-bin.conf

            #   SSL Engine Switch:
            #   Enable/Disable SSL for this virtual host.
            SSLEngine on

            #   A self-signed (snakeoil) certificate can be created by installing
            #   the ssl-cert package. See
            #   /usr/share/doc/apache2/README.Debian.gz for more info.
            #   If both key and certificate are stored in the same file, only the
            #   SSLCertificateFile directive is needed.
            #SSLCertificateFile     /etc/ssl/certs/ssl-cert-snakeoil.pem
            #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
            SSLCertificateFile /etc/ssl/certs/aa5758835031e4a3.crt
            SSLCertificateKeyFile /etc/ssl/private/<domainname>.key

我对服务器设置还很陌生，花了很多时间在网上搜索并尝试了许多不同的建议方法。我确信这是我忽略的非常简单的事情，但经验不足；我无法凭直觉解决这个问题。

感谢帮助和指点...

更新:

您好，感谢您的回复。

响应http:是

   * Rebuilt URL to: http://*.*.*/
    *   Trying 184.168.221.1...
    * TCP_NODELAY set
    * Connected to *.*.* port 80 (#0)
    > GET / HTTP/1.1
    > Host : *.*.*
    > User-Agent: curl/7.52.1
    > Accept: */*
    >
    < HTTP/1.1 302 Found
    < Connection: close
    < Pragma: no-cache
    < cache-control: no-cache
    < Location: /VZaKp/
    <
    * Curl_http_done: called premature == 0
    * Closing connection 0 

而 https 是:

    * Rebuilt URL to: https://*.*.*/
    *   Trying 50.63.202.18...
    * TCP_NODELAY set
    * connect to 50.63.202.18 port 443 failed: Connection timed out
    * Failed to connect to *.*.* port 443: Connection timed out
    * Closing connection 0
    curl: (7) Failed to connect to *.*.* port 443: Connection timed out

2018 年 4 月 23 日更新:

谢谢。我相信我已经解决了听力问题，但现在遇到了一个新问题!

尝试重启 apache2 服务时出现以下错误:

     Apr 23 12:31:30 matthew-raspberry systemd[1]: Starting The Apache HTTP Server...
     Apr 23 12:31:31 matthew-raspberry apachectl[8341]: Action 'start' failed.
     Apr 23 12:31:31 matthew-raspberry apachectl[8341]: The Apache error log may have more information.
    Apr 23 12:31:31 matthew-raspberry systemd[1]: apache2.service: Control process exited, code=exited status=1
    Apr 23 12:31:31 matthew-raspberry systemd[1]: Failed to start The Apache HTTP Server.
    Apr 23 12:31:31 matthew-raspberry systemd[1]: apache2.service: Unit entered failed state.
    Apr 23 12:31:31 matthew-raspberry systemd[1]: apache2.service: Failed with result 'exit-code'.

我怀疑这可能与我的 fqdn 设置和/或证书有关。自从将 ServerName localhost 添加为全局名称后，我收到了此错误。我添加这个是因为之前的错误消息是关于确定我的 fqdn 名称，这建议将 ServerName 添加为全局变量？

Answer 1

端口 443 即使在基本的 TCP 级别也无法访问。确保在 Apache 配置中包含某处:

Listen 443 https

配置更改后重新加载 httpd。检查您的 firewall-cmd --list-all-zones 或 iptables -S 以查看您是否允许连接到您的端口 443。