个人中心
gpt4 book ai didi

apache - 从 Gitlab 重定向后,HTTPS 方案在 Apache 代理场景中丢失

转载 作者:行者123 更新时间:2023-12-04 00:40:50 24 4
gpt4 key购买 nike

我设法在我的服务器上设置了带有 Apache 前端的 Gitlab。由于默认 SSL 端口已被占用,我添加了一个 

Listen 444

到 Apache 端口和类似的 VirtualHost

<VirtualHost *:444>

  ServerSignature Off

  SSLEngine on
  SSLCipherSuite ALL:!ADH:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:-MEDIUM:!LOW:-SSLv2
  SSLCertificateFile /etc/apache2/ssl/server.crt
  SSLCertificateKeyFile /etc/apache2/ssl/server.key

  RewriteEngine on
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
  RewriteRule ^/(.*)$ balancer://unicornservers%{REQUEST_URI} [P,QSA,L]

  ProxyPreserveHost On
  ProxyPass /uploads !
  ProxyPass /error !

  <Proxy balancer://unicornservers>
    BalancerMember http://127.0.0.1:8081 
    ProxyPassReverse https://my.server.de:444/
  </Proxy>

  # needed for downloading attachments
  DocumentRoot /home/git/gitlab/public

  <Location />
    Order deny,allow
    Allow from all
  </Location>

  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
  ErrorLog  /var/log/apache2/gitlab.error.log
  CustomLog /var/log/apache2/gitlab.forwarded.log common_forwarded
  CustomLog /var/log/apache2/gitlab.access.log combined env=!dontlog
  CustomLog /var/log/apache2/gitlab.log combined

</VirtualHost>

目标是转发到本地 unicorn (这是使用Gitlab的标准场景)。

打电话时

https:/my.server.de:444

我得到一个重定向到/users/sign_in(如预期的那样),但在 HTTP header 位置设置了“http”方案。我可以成功得到

https:/my.server.de:444/users/sign_in

手动,但在每个帖子上,重定向位置都会再次错过正确的方案。知道发生了什么吗? ProxyPassReverse 不应该处理这个吗?

最佳答案

这里有一个示例配置,它是几天前更新的: https://github.com/gitlabhq/gitlab-recipes/blob/master/web-server/apache/gitlab-ssl.conf

但它对我来说并没有真正起作用,我不得不补充:

RequestHeader set X-Forwarded-Proto "https"

在配置中:

<VirtualHost *:8081>
  SSLEngine on
  #strong encryption ciphers only
  #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
  SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
  SSLCertificateFile /etc/apache2/ssl/cert.pem
  SSLCertificateKeyFile /etc/apache2/ssl/cert.key

  #SSLCACertificateFile  /etc/httpd/ssl.crt/your-ca.crt

  ServerName gitlab.xy
  ServerSignature Off

  ProxyPreserveHost On
  RequestHeader set X-Forwarded-Proto "https"

  <Location />
    Order deny,allow
    Allow from all

    ProxyPass http://127.0.0.1:8080
    ProxyPassReverse http://127.0.0.1:8080

  </Location>

  #apache equivalent of nginx try files
  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
  # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
  RewriteEngine on
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
  RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA]

  # needed for downloading attachments
  DocumentRoot /home/git/gitlab/public

  #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
  ErrorDocument 404 /404.html
  ErrorDocument 422 /422.html
  ErrorDocument 500 /500.html
  ErrorDocument 503 /deploy.html

  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
  ErrorLog  /var/log/apache2/logs/gitlab-ssl_error.log
  CustomLog /var/log/apache2/logs/gitlab-ssl_forwarded.log common_forwarded
  CustomLog /var/log/apache2/logs/gitlab-ssl_access.log combined env=!dontlog
  CustomLog /var/log/apache2/logs/gitlab-ssl.log combined

</VirtualHost>

关于apache - 从 Gitlab 重定向后,HTTPS 方案在 Apache 代理场景中丢失,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18935448/

24 4 0
文章推荐: .net - 如何在设置为只读的 .NET TextBox 中选择(突出显示)文本?
文章推荐: amazon-web-services - Route 53 Amazon DNS 查找失败
文章推荐: python - django 在模板中获取 kwargs 值
文章推荐: r - r 中的星显着性水平
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com