apache2_nginx_反向代理設置_https_不驗證后端證書_只允許訪問首頁
轉載注明來源: 本文鏈接 來自osnosn的博客,寫於 2020-06-06.
apache2.4
- apache 缺省就有 x-forwarded-for
<VirtualHost _default_:80>
ProxyPreserveHost On
<Location "/abc">
ProxyPass http://10.22.33.44/abc
ProxyPassReverse http://10.22.33.44/abc
</Location>
</VirtualHost>
#-----------------------------------
<VirtualHost _default_:443>
....(設置證書 server.key ,server.crt)
SSLProxyEngine On
ProxyPreserveHost On
SSLProxyVerify none
# 不驗證后端服務器的證書
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
<Location "/abc">
ProxyPass https://10.22.33.44/abc
ProxyPassReverse https://10.22.33.44/abc
</Location>
</VirtualHost>
nginx
- 反向代理設置中,要寫上 x-forwarded-for 的配置
location /abc/ {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass https://10.22.33.44;
#proxy_pass http://10.22.33.44; #或者
}
apache2.4 只允許訪問首頁
- 僅首頁訪問不受限制,其他頁面限制賬號訪問,或IP段訪問。
- 如果你的缺省首頁是 index.html
DocumentRoot "/xxxx/www"
<Directory "/xxxx/www/">
Require local
Require ip 192.168.0.0/16
<Files "index.html"> #只允許訪問首頁
Require all granted
</Files>
</Directory>
<LocationMatch "^/$"> #只允許訪問首頁
Require all granted
</LocationMatch>
nginx 只允許訪問首頁
- 僅首頁訪問不受限制,其他頁面限制賬號訪問,或IP段訪問。
- 如果你的缺省首頁是 index.html
location = / { #只允許訪問首頁
allow all;
}
location = /index.html { #只允許訪問首頁
allow all;
}
location / {
allow 192.168.1.0/24;
deny all;
#auth_basic "Authorized Users Only";
#auth_basic_user_file /var/www/passwd.basic_file ;
#satisfy any;
}