Apache 从SSLVerifyClient请求中排除路径
我让Apache2.4.18(Ubuntu)作为反向代理运行。为了保护我的个人环境,我添加了一个Apache 从SSLVerifyClient请求中排除路径,apache,ssl-certificate,jira,ca,Apache,Ssl Certificate,Jira,Ca,我让Apache2.4.18(Ubuntu)作为反向代理运行。为了保护我的个人环境,我添加了一个SSLVERYCLIENT require,到目前为止没有问题 但是,Jira希望访问自己以加载某些语言字符串。根据Jira的日志记录,它是https://{DOMAIN\u URL}/rest/gadgets/1.0/g/messagebundle/nl\u nl/gadget.common%2Cgadget.project其中gadget.common%2Cgadget.project可以不同,这
SSLVERYCLIENT require
,到目前为止没有问题
但是,Jira希望访问自己以加载某些语言字符串。根据Jira的日志记录,它是https://{DOMAIN\u URL}/rest/gadgets/1.0/g/messagebundle/nl\u nl/gadget.common%2Cgadget.project其中gadget.common%2Cgadget.project
可以不同,这取决于它需要一些翻译字符串的模块
好的。所以为了解决这个问题,我想让Jira可以使用这个URL,因此只跳过这个特定URL的SSLVerifyClient
我的当前配置:
<VirtualHost *:80>
ServerName {DOMAIN}
Redirect permanent / https://{DOMAIN}
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin info@{DOMAIN}
ServerName {DOMAIN}
<Location / >
Options FollowSymLinks
AllowOverride None
</Location>
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
SSLEngine on
SSLCompression Off
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLCertificateFile {SSL}/fullchain.pem
SSLCertificateKeyFile {SSL}/privkey.pem
SSLCACertificateFile {PATH}/ca.crt
SSLVerifyClient require
SSLStrictSNIVHostCheck on
SSLVerifyDepth 1
ProxyPreserveHost On
ProxyRequests off
ProxyPass / http://localhost/
ProxyPassReverse / http://localhost/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>
及
SSLVERIFYCLENT无
不过,我确实检查了(客户端身份验证和访问控制),但两者都不起作用。我不太确定,但我可能在位置
和目录
中指定的路径不正确。我想让它具有通用性,只需检查URL的第一部分是否包含/rest/gadgets
我希望我的问题有点清楚。这似乎是对我问题的回答:
<VirtualHost *:80>
ServerName {DOMAIN}
Redirect permanent / https://{DOMAIN}
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin info@{DOMAIN}
ServerName {DOMAIN}
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
SSLEngine on
SSLCompression Off
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLCertificateFile {SSL}/fullchain.pem
SSLCertificateKeyFile {SSL}/privkey.pem
SSLCACertificateFile {PATH}/ca.crt
SSLStrictSNIVHostCheck on
<Location / >
SSLVerifyClient require
SSLVerifyDepth 1
Options FollowSymLinks
AllowOverride None
</Location>
<Location /rest/gadgets>
SSLVerifyClient none
</Location>
ProxyPreserveHost On
ProxyRequests off
ProxyPass / http://localhost/
ProxyPassReverse / http://localhost/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>
服务器名{DOMAIN}
重定向永久/https://{DOMAIN}
服务器管理信息@{DOMAIN}
服务器名{DOMAIN}
标头始终设置严格的传输安全性“最大年龄=63072000;包括子域
斯伦金安
SSL压缩关闭
SSLProtocol ALL-SSLv2-SSLv3
SSLHonorCipherOrder开启
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLCertificateFile{SSL}/fullchain.pem
SSLCertificateKeyFile{SSL}/privkey.pem
SSLCACertificateFile{PATH}/ca.crt
SSLStrictSNIVHostCheck on
SSLVerifyClient要求
SSLVerifyDepth 1
选项如下符号链接
不允许超限
SSLVERIFYCLENT无
代理主机
代理请求关闭
ProxyPass/http://localhost/
ProxyPassReverse/http://localhost/
ErrorLog${APACHE_LOG_DIR}/error.LOG
CustomLog${APACHE\u LOG\u DIR}/access.LOG组合
#vim:syntax=apachets=4sw=4sts=4srnoet
诀窍是扩展当前的位置
并移动SSLVerifyClient
。然后添加一个额外的Location
-指令,其中包含排除的路径,在本例中为rest/gadgets
<Location /rest/gadgets>
SSLVerifyClient none
</Location>
<VirtualHost *:80>
ServerName {DOMAIN}
Redirect permanent / https://{DOMAIN}
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin info@{DOMAIN}
ServerName {DOMAIN}
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
SSLEngine on
SSLCompression Off
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLCertificateFile {SSL}/fullchain.pem
SSLCertificateKeyFile {SSL}/privkey.pem
SSLCACertificateFile {PATH}/ca.crt
SSLStrictSNIVHostCheck on
<Location / >
SSLVerifyClient require
SSLVerifyDepth 1
Options FollowSymLinks
AllowOverride None
</Location>
<Location /rest/gadgets>
SSLVerifyClient none
</Location>
ProxyPreserveHost On
ProxyRequests off
ProxyPass / http://localhost/
ProxyPassReverse / http://localhost/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>