admin 发布的文章

方法一
X-Forwarded-For
方法二
Proxy Protocol

Apache2 配置模块
Proxy Protocol对应mod_remoteip技术,在请求头里面添加X-Real-IP,其中的值是其IP
X-Forwarded-For对应mod_rpaf技术,在请求头里面添加X-Forwarded-For,其中的值对应的是其IP

查看模块加载
apache2ctl -M
启用模块
a2enmod remoteip
a2enmod rpaf
配置对应的配置文件

卸载
a2dismod remoteip
a2dismod rpaf

root@Hinlink:/etc/apache2/sites-available# apache2 -t
[Thu Nov 07 11:59:49.900171 2024] [core:warn] [pid 70118] AH00111: Config variable ${APACHE_RUN_DIR} is not defined
apache2: Syntax error on line 80 of /etc/apache2/apache2.conf: DefaultRuntimeDir must be a valid directory, absolute or relative to ServerRoot

关键问题 line 80 of /etc/apache2/apache2.conf的${APACHE_RUN_DIR} 出现问题,最后查询出来是因为apache 配置文件变化,没有导入新的apache 环境变量。

- 阅读剩余部分 -

修改如下配置
http配置
/etc/apache2/sites-available/000-default.conf

<VirtualHost *:80>

    #DocumentRoot /var/www/html

    #RewriteEngine On

    #RewriteCond %{HTTP_HOST} ^(([-_a-zA-Z0-9])+)\.\w+\.\w+$ [NC]
    #RewriteRule ^(.*)$ /%1/$1 [L]

    #ErrorLog ${APACHE_LOG_DIR}/error.log
    #CustomLog ${APACHE_LOG_DIR}/access.log combined

    #ErrorDocument 404 "404 Not Found"

    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$1 [L,R]

</VirtualHost>

https配置
/etc/apache2/sites-available/default-ssl.conf

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
            #文档路径
            DocumentRoot /var/www/html
            #域名地址重写匹配
            RewriteEngine On
            RewriteCond %{HTTP_HOST} ^(([-_a-zA-Z0-9])+)\.\w+\.\w+$ [NC]
            RewriteRule ^(.*)$ /%1/$1 [L]
            # 错误页面提示
            ErrorDocument 404 "404 Not Found!!!"

            #日志
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
            # SSL 证书配置
            SSLEngine on
            SSLCertificateFile      /etc/apache2/ssl/fullchain.crt
            SSLCertificateKeyFile /etc/apache2/ssl/private.pem

            <FilesMatch "\.(cgi|shtml|phtml|php)$">
                            SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory /usr/lib/cgi-bin>
                            SSLOptions +StdEnvVars
            </Directory>
    </VirtualHost>
</IfModule>

背景意义,自签证书访问需要额外点击访问

来加密

证书>申请证书>填写证书>勾选泛域名支持>选择合适的验证方式>坐等验证通过

下载证书,部署
nano /etc/apache2/sites-available/default-ssl.conf
SSLCertificateFile /path/fullchain.crt
fullchain.crt: 证书和证书链
SSLCertificateKeyFile /path/private.pem
private.pem: 密钥(请妥善保存)

例如
root@Hinlink:/etc/apache2/sites-available# cat default-ssl.conf

    <VirtualHost _default_:443>
            ServerAdmin webmaster@localhost

            DocumentRoot /var/www/html

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined

            SSLEngine on
            SSLCertificateFile      /etc/apache2/ssl/fullchain.crt
            SSLCertificateKeyFile /etc/apache2/ssl/private.pem

            <FilesMatch "\.(cgi|shtml|phtml|php)$">
                            SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory /usr/lib/cgi-bin>
                            SSLOptions +StdEnvVars
            </Directory>
    </VirtualHost>


重启服务

    service apache2 restart


NULL