gpt4 book ai didi

apache - Magento + Varnish/ReverseProxy + Apache + DirectAdmin 导致 NET::ERR_CERT_AUTHORITY_INVALID 或 ERR_TOO_MANY_REDIRECTS

转载 作者:行者123 更新时间:2023-12-04 19:41:30 27 4
gpt4 key购买 nike

我正在尝试使用反向代理(在 Apache 上)为 Magento 设置 Varnish 缓存以获取 https 缓存。我无法让它工作。到目前为止,我在设置反向代理时得到了 ERR_TOO_MANY_REDIRECTS 和 NET::ERR_CERT_AUTHORITY_INVALID(在尝试设置 Varnish 缓存以直接在 http/80 上响应时得到 503)。

技术栈如下:

  • 专用服务器(疯狂规范)
  • Centos
  • Apache
  • 直接管理员(是的,我知道)
  • Magento

  • 我对 Varnish Cache 的理解如下:
  • HTTP:用户->Varnish[:80]->Apache[:8080]
  • HTTPS:用户->Apache[:443]->Varnish[:80]->Apache[:8080](反向代理)。

  • Magento 设置如下:
    web/seo/use_rewrites - 1
    web/unsecure/base_url - https://www.{domain}.com/ //Previously it didn't work when I set this up with http. That's why it's https. Tested with http and no difference now.
    web/unsecure/base_link_url - {{unsecure_base_url}}
    web/unsecure/base_static_url -
    web/unsecure/base_media_url -
    web/secure/base_url - https://www.{domain}.com/
    web/secure/use_in_frontend - 1 //tested 0, no difference
    web/secure/use_in_adminhtml - 1 //tested 0, no difference
    web/secure/base_link_url - {{secure_base_url}}
    web/secure/base_static_url -
    web/secure/base_media_url -
    web/secure/offloader_header - SSL_OFFLOADED
    web/url/use_store - 0
    web/url/redirect_to_base - 1 //tested 0, infinite loading
    web/default/front - cms
    web/default/cms_home_page - home
    web/default/no_route - cms/noroute/index
    web/default/cms_no_route - no-route
    web/default/cms_no_cookies - enable-cookies
    web/default/show_cms_breadcrumbs - 1
    web/cookie/cookie_lifetime - 3600
    web/cookie/cookie_path -
    web/cookie/cookie_domain -
    web/cookie/cookie_httponly - 0
    web/cookie/cookie_restriction - 0
    web/session/use_remote_addr - 0
    web/session/use_http_via - 0
    web/session/use_http_x_forwarded_for - 0
    web/session/use_http_user_agent - 0
    web/session/use_frontend_sid - 1
    web/browser_capabilities/cookies - 1
    web/browser_capabilities/javascript - 1
    web/browser_capabilities/local_storage - 0
    web/default_layouts/default_product_layout -
    web/default_layouts/default_category_layout -
    web/default_layouts/default_cms_layout - 1column

    httpd.conf:
        ServerRoot "/etc/httpd"
    Listen 8080
    <IfModule unixd_module>
    User apache
    Group apache
    </IfModule>
    LoadModule php7_module /usr/lib/apache/libphp7.so
    Include /etc/httpd/conf/extra/httpd-phpmodules.conf
    DocumentRoot "/home/admin/domains/{domain}.com/public_html"
    <IfModule dir_module>
    Include /etc/httpd/conf/extra/httpd-directoryindex.conf
    </IfModule>
    <Files ".ht*">
    Require all denied
    </Files>
    <Files ".user.ini">
    Require all denied
    </Files>
    LogLevel warn

    <IfModule log_config_module>
    #replace %b with %O for more accurate logging
    <IfModule mod_logio.c>
    LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%a %l %u %t \"%r\" %>s %O" common
    LogFormat "%O %I" bytes

    LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog /var/log/httpd/access_log common
    </IfModule>

    <IfModule alias_module>
    # Include some DirectAdmin alias
    Include conf/extra/httpd-alias.conf
    </IfModule>
    <IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-gzip .tgz
    AddEncoding x-compress .Z
    AddEncoding x-gzip .gz .tgz
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddHandler cgi-script .cgi
    AddHandler type-map var
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
    AddType video/x-ms-asf .avi
    AddType video/mpeg .mpg
    AddType video/mpeg .mpeg
    AddType video/quicktime .mov
    AddType video/x-ms-wmv .wmv
    </IfModule>

    incldes x20
    Include conf/extra/directadmin-vhosts.conf
    <IfModule ssl_module>
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin
    </IfModule>


    !!!-----------------------------And here comes DirectAdmin httpd.conf:----------------------------!!!



    [root@ ~]# cat /usr/local/directadmin/data/users/admin/httpd.conf
    <Directory "/home/admin/public_html">
    <IfModule mod_ruid2.c>
    RMode config
    RUidGid admin admin
    #RGroups apache access
    RGroups @none
    </IfModule>
    <IfModule mod_fcgid.c>
    SuexecUserGroup admin admin
    </IfModule>
    php_admin_flag engine ON
    php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f admin@{domain}.com'
    php_admin_value mail.log /home/admin/.php/php-mail.log
    php_admin_value open_basedir /home/admin/:/tmp:/var/tmp:/opt/alt/php72/usr/share/pear/:/dev/urandom:/usr/local/lib/php/:/usr/local/php72/lib/php/
    </Directory>

    <VirtualHost {ip}:8080 >
    ServerName www.{domain}.com
    # ServerAlias www.{domain}.com {domain}.com //tested "on" - see errors
    ServerAdmin webmaster@{domain}.com
    DocumentRoot /home/admin/domains/{domain}.com/public_html
    # UseCanonicalName OFF //tested uncommenting - see errors
    <IfModule !mod_ruid2.c>
    SuexecUserGroup admin admin
    </IfModule>
    <IfModule mod_ruid2.c>
    RMode config
    RUidGid admin admin
    #RGroups apache access
    RGroups @none
    </IfModule>
    CustomLog /var/log/httpd/domains/{domain}.com.bytes bytes
    CustomLog /var/log/httpd/domains/{domain}.com.log combined
    ErrorLog /var/log/httpd/domains/{domain}.com.error.log
    <Directory /home/admin/domains/{domain}.com/public_html>
    AllowOverride AuthConfig FileInfo Indexes Limit Options=Indexes,IncludesNOEXEC,MultiViews,SymLinksIfOwnerMatch,FollowSymLinks,None
    Options -ExecCGI -Includes +IncludesNOEXEC
    php_admin_flag engine ON
    php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f admin@{domain}.com'
    php_admin_value mail.log /home/admin/.php/php-mail.log
    php_admin_value open_basedir /home/admin/:/tmp:/var/tmp:/opt/alt/php72/usr/share/pear/:/dev/urandom:/usr/local/lib/php/:/usr/local/php72/lib/php/
    </Directory>
    </VirtualHost>

    <VirtualHost {ip}:443 >
    SSLEngine on
    SSLCertificateFile /usr/local/directadmin/data/users/admin/domains/{domain}.com.cert.combined
    SSLCertificateKeyFile /usr/local/directadmin/data/users/admin/domains/{domain}.com.key
    SSLCACertificateFile /usr/local/directadmin/data/users/admin/domains/{domain}.com.cacert
    ServerName www.{domain}.com


    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:80/
    ProxyPassReverse / http://127.0.0.1:80/

    RequestHeader set X-Forwarded-Port "443"
    RequestHeader set X-Forwarded-Proto "https"

    ServerAlias www.{domain}.com {domain}.com
    # ServerAdmin webmaster@{domain}.com
    DocumentRoot /home/admin/domains/{domain}.com/private_html
    # UseCanonicalName OFF
    # <IfModule !mod_ruid2.c>
    # SuexecUserGroup admin admin
    # </IfModule>
    # <IfModule mod_ruid2.c>
    # RMode config
    # RUidGid admin admin
    # #RGroups apache access
    # RGroups @none
    # </IfModule>
    CustomLog /var/log/httpd/domains/{domain}.com.bytes bytes
    CustomLog /var/log/httpd/domains/{domain}.com.log combined
    ErrorLog /var/log/httpd/domains/{domain}.com.error.log
    # <Directory /home/admin/domains/{domain}.com/private_html>
    # AllowOverride AuthConfig FileInfo Indexes Limit Options=Indexes,IncludesNOEXEC,MultiViews,SymLinksIfOwnerMatch,FollowSymLinks,None
    # Options -ExecCGI -Includes +IncludesNOEXEC
    # php_admin_flag engine ON
    # php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f admin@{domain}.com'
    # php_admin_value mail.log /home/admin/.php/php-mail.log
    # php_admin_value open_basedir /home/admin/:/tmp:/var/tmp:/opt/alt/php72/usr/share/pear/:/dev/urandom:/usr/local/lib/php/:/usr/local/php72/lib/php/
    # </Directory>
    </VirtualHost>

    请注意:我只是想让它工作,我会将所有更改转移到一个不会被 DA 覆盖的单独文件中。

    网络统计:
    [root@  ~]# netstat -tulpn
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 3037/named
    tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2203/exim
    tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 2208/dovecot
    tcp 0 0 127.0.0.1:6082 0.0.0.0:* LISTEN 19248/varnishd
    tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 2208/dovecot
    tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 2203/exim
    tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 2208/dovecot
    tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 2208/dovecot
    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
    ***tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 19248/varnishd
    tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 2203/exim
    tcp 0 0 {ip}:53 0.0.0.0:* LISTEN 3037/named
    tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 3037/named
    tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2226/pure-ftpd
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2201/sshd
    tcp6 0 0 ::1:953 :::* LISTEN 3037/named
    ***tcp6 0 0 :::443 :::* LISTEN 19143/httpd
    tcp6 0 0 :::3306 :::* LISTEN 2860/mysqld
    tcp6 0 0 :::2222 :::* LISTEN 19694/directadmin
    tcp6 0 0 :::111 :::* LISTEN 1/systemd
    ***tcp6 0 0 :::80 :::* LISTEN 19248/varnishd
    ***tcp6 0 0 :::8080 :::* LISTEN 19143/httpd
    tcp6 0 0 :::53 :::* LISTEN 3037/named
    tcp6 0 0 :::21 :::* LISTEN 2226/pure-ftpd
    tcp6 0 0 :::22 :::* LISTEN 2201/sshd
    udp 0 0 {ip}:53 0.0.0.0:* 3037/named
    udp 0 0 127.0.0.1:53 0.0.0.0:* 3037/named
    udp 0 0 0.0.0.0:111 0.0.0.0:* 1/systemd
    udp 0 0 127.0.0.1:323 0.0.0.0:* 1341/chronyd
    udp 0 0 0.0.0.0:659 0.0.0.0:* 1356/rpcbind
    udp6 0 0 :::53 :::* 3037/named
    udp6 0 0 :::111 :::* 1/systemd
    udp6 0 0 ::1:323 :::* 1341/chronyd
    udp6 0 0 :::659 :::* 1356/rpcbind


    现在的问题(使用上述设置):
  • https://{domain}.com/导致 NET::ERR_CERT_AUTHORITY_INVALID
  • https://www .{domain}.com/导致 ERR_TOO_MANY_REDIRECTS
  • https://{domain}.com/test.php 导致 NET::ERR_CERT_AUTHORITY_INVALID
  • https://www .{domain}.com/test.php 工作正常(尽管 Varnish 没有提供服务)

  • 使用服务器别名:
  • https://{domain}.com/无限加载
  • https://www .{domain}.com/无限加载
  • https://{domain}.com/test.php 工作正常(虽然 Varnish 不提供服务)
  • https://www .{domain}.com/test.php 工作正常(尽管 Varnish 没有提供服务)

  • 我认为粘贴设置和错误的每一个组合是没有意义的,因此我想问你是否可以看到问题可能出在哪里(除了使用 DA)。

    因为我认为它是在它到达 varnish.params 和 varnish.vcl 之前,所以我没有粘贴这些文件。我有点怀疑 .htaccess 但你会告诉我应该粘贴哪些其他文件。

    最佳答案

    我注意到你确实设置了 RequestHeader set X-Forwarded-Proto "https"在端口 443 vhost 中的 Apache 配置中。

    这应该向您的后端宣布,尽管连接是在纯 HTTP 中完成的,但它最初是作为 HTTPS 连接终止的。

    目前您的 Magento 配置使用 SSL_OFFLOADED作为卸载 header ,但是您的 Apache 配置使用 X-Forwarded-Proto .

    您可以尝试如下更新您的 Magento 配置吗?
    web/secure/offloader_header - X-FORWARDED-PROTO
    这应该有助于 Magento 寻找正确的 header 并意识到它不需要重定向回 HTTPS,因为该页面已经终止为 HTTPS。

    关于apache - Magento + Varnish/ReverseProxy + Apache + DirectAdmin 导致 NET::ERR_CERT_AUTHORITY_INVALID 或 ERR_TOO_MANY_REDIRECTS,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60006979/

    27 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com