Apache 反向代理Apche2.4如何启用google身份验证

我正在尝试在CentOS7上安装的Apache 2.4反向代理上启用google身份验证。 我安装了mod\u auth\u openidc 我在GSUITE控制台上创建了OAuth 2.0客户端ID

这是我的/etc/httpd/conf/http.conf：

<VirtualHost mtest.mydomain.com:80>    
  ServerName mtest.mydomain.com
  OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration    
  OIDCClientID xxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
  OIDCClientSecret xxxxxxxxxxxxxxxxxxxxxxxx
  OIDCRedirectURI https://mtest.mydomain.com/    
  OIDCScope "profile openid"    
  OIDCCryptoPassphrase example@3003    
  OIDCCookiePath /    
  OIDCAuthNHeader X-Forwarded-User    
  OIDCRemoteUserClaim sub    
  OIDCClaimPrefix example_

<Location />
  AuthType openid-connect
  Require valid-user    
</Location>

 Redirect / https://mtest.mydomain.com/  

</VirtualHost> <VirtualHost mtest.mydomain.com:443>   
  ServerName mtest.mydomain.com   
  SSLEngine on   
  SSLCertificateFile /etc/httpd/ssl/mydomain.com.crt   
  SSLCertificateKeyFile /etc/httpd/ssl/mydomain.com.key   
  SSLCACertificateFile /etc/httpd/ssl/gd_bundle-g2-g1.crt   
</VirtualHost>

ServerName mtest.mydomain.com
OIDCProviderMetadataURLhttps://accounts.google.com/.well-known/openid-configuration    
OIDCClientID XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.apps.googleusercontent.com
OIDClientCret xxxxxxxxxxxxxxxxxxxxxxxx
白蚁https://mtest.mydomain.com/    
OIDCcope“profile openid”
密码短语example@3003    
OIDCookiepath/
OidCauthHeader X-Forwarded-User
Oidcremote用户索赔分包
OIDCClaimPrefix示例_
AuthType openid连接
需要有效用户
重定向/https://mtest.mydomain.com/  
ServerName mtest.mydomain.com
斯伦金安
SSLCertificateFile/etc/httpd/ssl/mydomain.com.crt
SSLCertificateKeyFile/etc/httpd/ssl/mydomain.com.key
SSLCACertificateFile/etc/httpd/ssl/gd_bundle-g2-g1.crt

但当我对url进行编号时：我没有重新登录到谷歌认证页面

我的错误在哪里？

我是这样解决的：

ProxyRequests off

<Proxy *>
        Order deny,allow
        Deny from all
        Allow from all 
</Proxy> ProxyTimeout 300

<VirtualHost test.mydomain.com:80>    
   ServerName test.mydomain.com    
   Redirect / https://test.mydomain.com/ 
</VirtualHost>

<VirtualHost test.mydomain.com:443>
        ServerName test.mydomain.com
        SSLEngine on
        SSLCertificateFile /etc/httpd/ssl/mydomain.crt
        SSLCertificateKeyFile /etc/httpd/ssl/mydomain.key
        SSLCACertificateFile /etc/httpd/ssl/gd_bundle-g2-g1.crt


OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration
OIDCClientID xxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com   
OIDCClientSecret xxxxxxxxxxxxxxxxxxxxx   
OIDCRedirectURI https://test.mydomain.com/home.html   
OIDCScope "profile openid"   
OIDCCryptoPassphrase example@3003   
OIDCCookiePath /   
OIDCAuthNHeader X-Forwarded-User   
OIDCRemoteUserClaim sub   
OIDCClaimPrefix example_
<Location />   
    AuthType openid-connect   
    Require valid-user </Location>

    ProxyPreserveHost On
    ProxyPass / http://192.168.1.1/
    ProxyPassReverse / http://192.168.1.1/ 
</VirtualHost>

ProxyRequests关闭
命令拒绝，允许
全盘否定
通融
代理超时300
ServerName test.mydomain.com
重定向/https://test.mydomain.com/ 
ServerName test.mydomain.com
斯伦金安
SSLCertificateFile/etc/httpd/ssl/mydomain.crt
SSLCertificateKeyFile/etc/httpd/ssl/mydomain.key
SSLCACertificateFile/etc/httpd/ssl/gd_bundle-g2-g1.crt
OIDCProviderMetadataURLhttps://accounts.google.com/.well-known/openid-configuration
OIDCClientID xxxxxxxxxxxx-xxxxxxxxxxxxxxxxx.apps.googleusercontent.com
OIDClientCret XXXXXXXXXXXXXXXXXX
白蚁https://test.mydomain.com/home.html   
OIDCcope“profile openid”
密码短语example@3003   
OIDCookiepath/
OidCauthHeader X-Forwarded-User
Oidcremote用户索赔分包
OIDCClaimPrefix示例_
AuthType openid连接
需要有效用户
代理主机
ProxyPass/http://192.168.1.1/
ProxyPassReverse/http://192.168.1.1/