问题
I would like to redirect a virtual host on my server to another domain, which is running on HTTPS. I also would like to only show the original url, hence using the P flag for proxy. Here is the current configuration :
RewriteEngine on
SSLProxyEngine on
RewriteCond %{HTTP_HOST} ^subdomain1\.domain1\.ext1$ [NC]
RewriteRule ^(.*) https://subdomain2.domain2.ext2$1 [L,R,P]
Should I generate a certificate on domain1 with certbot? What webroot should I associate? Should I include the one from domain2?
Currently, I have this in the error.log:
[Wed Jun 27 09:13:42.011549 2018] [ssl:error] [pid 19805] [remote IP2:443] AH01961: SSL Proxy requested for domain1.ext1:80 but not enabled [Hint: SSLProxyEngine]
[Wed Jun 27 09:13:42.011734 2018] [proxy:error] [pid 19805] AH00961: HTTPS: failed to enable ssl support for IP2:443 (subdomain2.domain2.ext2)
However SSLProxyEngine is set.
回答1:
since you did not show your VirtualHost setup, here is how I would do it from scratch.
First setup a VirtualHost for port 443 on your first Apache server:
Listen *:443
<VirtualHost *:443>
ServerName www.domain1.com
ServerAlias domain1.com
SSLEngine On
[... all our SSL directives, like certs ...]
SSLProxyEngine on
RewriteEngine On
RewriteRule ^(.*) https://subdomain2.domain2.ext2/$1 [R=301,P]
</VirtualHost>
- For your RewriteRule, L is not necessary when you use the P flag, it is implicit.
- Your RewriteCond is not strictly required since if you are in this VirtualHost, you did ask for https://www.domain1.com or https://domain1.com. But if it is the top most VirtualHost for port 443 it could be used as the default VirtualHost for requests on port 443 as a whole, so it is not wrong either.
Then setup another VirtualHost for domain2, again on port 443, on another server:
Listen *:443
<VirtualHost *:443>
ServerName www.domain2.com
ServerAlias domain2.com
SSLEngine On
[... all our SSL directives, like certs ...]
DirectoryIndex ...
[ ... other configurations to publish your pages ...]
</VirtualHost>
- The error you get says SSL is not turned on with port 80, which makes sense. If you ask for
http://www.domain1.comthis will sent to the matching VirtualHost on port 80, which is HTTP, hence no SSL. You should ask forhttps://www.domain1.com.
If you want to put both on 1 system, you will have a slight problem. You cannot have two VirtualHost with different domain names on the same IP and same port (443) for SSL. This is because Apache does not know which domain you want until after the certificates are negotiate. So the way to solve this is:
- two servers, one per HTTPS domain.
- One IP per HTTPS domain. You would do
Listen IP1:443andListen IP2:443and setup your VirtualHost using these as well. - One port per HTTPS domain. Your domain1 VirtualHost could use port 443 (the default for https://... requets). Your domain2 VirtualHost could use any other port since it will only be known to you and hidden from the clients. Your RewriteRule would use
https://subdomain2.domain2.ext2:<THE PORT>/$1
But this is a long subject and you would need to do some research into running many HTTPS sites on the same server for all the details.
回答2:
Finally, the best solution was to use mod_proxy instead of mod-rewrite.
The http version (redirecting to https)
<VirtualHost *:80>
ServerName domain1.ext1
ServerAlias subdomain1.domain1.ext1
SSLProxyEngine on
ProxyPass / https://subdomain2.domain2.ext2/
ProxyPassReverse / https://subdomain2.domain2.ext2/
ProxyPreserveHost Off
RewriteEngine on
RewriteCond %{SERVER_NAME} =subdomain1.domain1.ext1
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
The https version
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName domain1.ext1
ServerAlias subdomain1.domain1.ext1
SSLProxyEngine on
ProxyPass / https://subdomain2.domain2.ext2/
ProxyPassReverse / https://subdomain2.domain2.ext2/
ProxyPreserveHost Off
SSLCertificateFile /etc/letsencrypt/live/subdomain1.domain1.ext1/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subdomain1.domain1.ext1/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
来源:https://stackoverflow.com/questions/51057867/https-with-redirection-to-other-domain-with-apache-virtual-host