appache2.4配置https的反向代理

1、使用yum源安装一些基础包

         #  yum install gcc gcc-c++ openssl-devel

2、安装apr-1.5.1

         #  tar zxvf apr-1.5.1.tar.gz

         #  cd apr-1.5.1

         #  ./configure --prefix=/usr/local/etc/apr

         #  make

         #  make install

3、安装apr-util-1.5.3

         #  tar zxvf apr-util-1.5.3.tar.gz

         #  cd apr-util-1.5.3

         #  ./configure --prefix=/usr/local/etc/apr-util --with-apr=/usr/local/etc/apr/bin/apr-1-config

         #  make

         #  make install

4、安装pcre-8.35

          #  unzip pcre-8.35.zip

          #  cd pcre-8.35

          # ./configure --prefix=/usr/local/etc/pcre

          #  make

          #  make install

5、安装apache

           #  tar zxvf httpd-2.4.10.tar.gz

           #  cd  httpd-2.4.10

           #  ./configure --prefix=/usr/local/apache --enable-ssl --with-ssl=/usr/local/ssl \

                --enable-mods-shared=all --with-pcre=/usr/local/etc/pcre  \

                --with-apr=/usr/local/etc/apr --with-apr-util=/usr/local/etc/apr-util/

           #  make

           #  make install

6、配置ssl证书

1）生成私钥文件

     执行命令：openssl genrsa 1024>server.key

     说明：这是用128位rsa算法生成密钥，得到server.key文件。 > 是输出文件的标识符

2）生成证书请求文件

     执行命令：openssl req -new -key server.key > server.csr

     说明：这是用步骤3的密钥生成证书请求文件server.csr, 这一步会有很多参数，需要一一输入。

     按提示输入一系列的参数：
           Country Name (2 letter code) [AU]:    #ISO国家代码（只支持两位字符） 

           State or Province Name (full name) [Some-State]:     # 所在省份 

           Locality Name (eg, city) []:      # 所在城市

           Organization Name (eg, company):      # 公司名称

           Organizational Unit Name (eg, section) []:    #  组织名称

           Common Name (eg, YOUR name) []:      # 申请证书的域名 

           Email Address []:       #管理员邮箱

           Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:      #交换密钥 

3）签署服务器证书文件

      执行命令：openssl req -x509 -days 365 -key server.key -in server.csr > server.crt

      说明：这是用步骤3,4的的密钥和证书请求生成证书server.crt，-days参数指明证书有效期，单位为天，x509表示生成的为X.509证书。

7、配置httpd.conf

      打开httpd.conf文件，移除注释的行：

          LoadModule proxy_module modules/mod_proxy.so
          LoadModule proxy_connect_module modules/mod_proxy_connect.so
          LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
          LoadModule proxy_http_module modules/mod_proxy_http.so

          LoadModule ssl_module modules/mod_ssl.so

          Include conf/extra/httpd-ssl.conf

8、配置http-ssl.conf

          Listen 1443
          <VirtualHost *:1443>

                  ServerName 192.168.0.10:1443

 

                  ErrorLog "/usr/local/apache/logs/error_log"
                  TransferLog "/usr/local/apache/logs/access_log"

                  SSLEngine on
                  SSLProxyEngine on
                  SSLProxyVerify none
                  SSLProxyCheckPeerCN off
                  SSLProxyCheckPeerName off

                  SSLCertificateFile "/usr/local/apache/key/server.crt"

                  SSLCertificateKeyFile "/usr/local/apache/key/server.key"

                 

                   ProxyPass / https://192.168.0.13:2443/
                   ProxyPassReverse / https://192.168.0.13:2443/

                   <Proxy *>

                        AllowOverride None
                        Order Deny,Allow
                        Allow from all
                   </Proxy>

          </VirtualHost>

9、启动apache服务

       /usr/local/apache/bin/apachestl start

10、访问测试

       https://192.168.0.10:1443