方法一
X-Forwarded-For
方法二
Proxy Protocol
Apache2 配置模块
Proxy Protocol对应mod_remoteip技术,在请求头里面添加X-Real-IP,其中的值是其IP
X-Forwarded-For对应mod_rpaf技术,在请求头里面添加X-Forwarded-For,其中的值对应的是其IP
查看模块加载
apache2ctl -M
启用模块
a2enmod remoteip
a2enmod rpaf
配置对应的配置文件
卸载
a2dismod remoteip
a2dismod rpaf
root@Hinlink:/etc/apache2/sites-available# apache2 -t
[Thu Nov 07 11:59:49.900171 2024] [core:warn] [pid 70118] AH00111: Config variable ${APACHE_RUN_DIR} is not defined
apache2: Syntax error on line 80 of /etc/apache2/apache2.conf: DefaultRuntimeDir must be a valid directory, absolute or relative to ServerRoot
关键问题 line 80 of /etc/apache2/apache2.conf的${APACHE_RUN_DIR} 出现问题,最后查询出来是因为apache 配置文件变化,没有导入新的apache 环境变量。
修改如下配置
http配置
/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
#DocumentRoot /var/www/html
#RewriteEngine On
#RewriteCond %{HTTP_HOST} ^(([-_a-zA-Z0-9])+)\.\w+\.\w+$ [NC]
#RewriteRule ^(.*)$ /%1/$1 [L]
#ErrorLog ${APACHE_LOG_DIR}/error.log
#CustomLog ${APACHE_LOG_DIR}/access.log combined
#ErrorDocument 404 "404 Not Found"
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$1 [L,R]
</VirtualHost>
https配置
/etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
#文档路径
DocumentRoot /var/www/html
#域名地址重写匹配
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(([-_a-zA-Z0-9])+)\.\w+\.\w+$ [NC]
RewriteRule ^(.*)$ /%1/$1 [L]
# 错误页面提示
ErrorDocument 404 "404 Not Found!!!"
#日志
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# SSL 证书配置
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/fullchain.crt
SSLCertificateKeyFile /etc/apache2/ssl/private.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
实现
xxx.domain.com
yyy.domain.com
分别对应
/var/www/html/xxx
/var/www/html/xxx
背景意义,自签证书访问需要额外点击访问
证书>申请证书>填写证书>勾选泛域名支持>选择合适的验证方式>坐等验证通过
下载证书,部署
nano /etc/apache2/sites-available/default-ssl.conf
SSLCertificateFile /path/fullchain.crt
fullchain.crt: 证书和证书链
SSLCertificateKeyFile /path/private.pem
private.pem: 密钥(请妥善保存)
例如
root@Hinlink:/etc/apache2/sites-available# cat default-ssl.conf
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/fullchain.crt
SSLCertificateKeyFile /etc/apache2/ssl/private.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
重启服务
service apache2 restart