appache2.4配置https的反向代理

1、使用yum源安裝一些基礎包

         #  yum install gcc gcc-c++ openssl-devel

2、安裝apr-1.5.1

         #  tar zxvf apr-1.5.1.tar.gz

         #  cd apr-1.5.1

         #  ./configure --prefix=/usr/local/etc/apr

         #  make

         #  make install

3、安裝apr-util-1.5.3

         #  tar zxvf apr-util-1.5.3.tar.gz

         #  cd apr-util-1.5.3

         #  ./configure --prefix=/usr/local/etc/apr-util --with-apr=/usr/local/etc/apr/bin/apr-1-config

         #  make

         #  make install

4、安裝pcre-8.35

          #  unzip pcre-8.35.zip

          #  cd pcre-8.35

          # ./configure --prefix=/usr/local/etc/pcre

          #  make

          #  make install

5、安裝apache

           #  tar zxvf httpd-2.4.10.tar.gz

           #  cd  httpd-2.4.10

           #  ./configure --prefix=/usr/local/apache --enable-ssl --with-ssl=/usr/local/ssl \

                --enable-mods-shared=all --with-pcre=/usr/local/etc/pcre  \

                --with-apr=/usr/local/etc/apr --with-apr-util=/usr/local/etc/apr-util/

           #  make

           #  make install

6、配置ssl證書

1）生成私鑰文件

     執行命令：openssl genrsa 1024>server.key

     說明：這是用128位rsa算法生成密鑰，得到server.key文件。 > 是輸出文件的標識符

2）生成證書請求文件

     執行命令：openssl req -new -key server.key > server.csr

     說明：這是用步驟3的密鑰生成證書請求文件server.csr, 這一步會有很多參數，需要一一輸入。

     按提示輸入一系列的參數：
           Country Name (2 letter code) [AU]:    #ISO國家代碼（只支持兩位字符） 

           State or Province Name (full name) [Some-State]:     # 所在省份 

           Locality Name (eg, city) []:      # 所在城市

           Organization Name (eg, company):      # 公司名稱

           Organizational Unit Name (eg, section) []:    #  組織名稱

           Common Name (eg, YOUR name) []:      # 申請證書的域名 

           Email Address []:       #管理員郵箱

           Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:      #交換密鑰 

3）簽署服務器證書文件

      執行命令：openssl req -x509 -days 365 -key server.key -in server.csr > server.crt

      說明：這是用步驟3,4的的密鑰和證書請求生成證書server.crt，-days參數指明證書有效期，單位爲天，x509表示生成的爲X.509證書。

7、配置httpd.conf

      打開httpd.conf文件，移除註釋的行：

          LoadModule proxy_module modules/mod_proxy.so
          LoadModule proxy_connect_module modules/mod_proxy_connect.so
          LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
          LoadModule proxy_http_module modules/mod_proxy_http.so

          LoadModule ssl_module modules/mod_ssl.so

          Include conf/extra/httpd-ssl.conf

8、配置http-ssl.conf

          Listen 1443
          <VirtualHost *:1443>

                  ServerName 192.168.0.10:1443

 

                  ErrorLog "/usr/local/apache/logs/error_log"
                  TransferLog "/usr/local/apache/logs/access_log"

                  SSLEngine on
                  SSLProxyEngine on
                  SSLProxyVerify none
                  SSLProxyCheckPeerCN off
                  SSLProxyCheckPeerName off

                  SSLCertificateFile "/usr/local/apache/key/server.crt"

                  SSLCertificateKeyFile "/usr/local/apache/key/server.key"

                 

                   ProxyPass / https://192.168.0.13:2443/
                   ProxyPa***everse / https://192.168.0.13:2443/

                   <Proxy *>

                        AllowOverride None
                        Order Deny,Allow
                        Allow from all
                   </Proxy>

          </VirtualHost>

9、啓動apache服務

       /usr/local/apache/bin/apachestl start

10、訪問測試

       https://192.168.0.10:1443