Apache에서 ProxyPass를 통해 서버 정보에 액세스하는 방법은 무엇입니까?

tag-icon tag-icon apache-httpd reverse-proxy
Apache에서 ProxyPass를 통해 서버 정보에 액세스하는 방법은 무엇입니까?

뒤에는 3개의 웹 서버(a, b, c)가 있고 모두 Apache와 RHEL 8을 실행하는 로드 밸런서가 있습니다. 내가 하고 싶은 일은 상대적으로 간단합니다. http://loadbalancer/a/server-status, http://loadbalancer/b/server-status를 통해 로드 밸런서 뒤에 있는 상자의 Apache 서버 상태를 가져오고 싶습니다. 등.

http://ipofbox:8000/server-status를 사용하여 상자에 직접 액세스하면 서버 상태가 제대로 작동합니다.

로드 밸런서의 httpd.conf에는 다음 줄이 있습니다.

<VirtualHost *:80>

ProxyRequests off

#Start Proxy balancer block and define cluster
<Proxy balancer://thecluster>

    BalancerMember http://172.31.19.205:8080
    BalancerMember http://172.31.28.85:8080 loadfactor=3
    BalancerMember http://172.31.28.49:8080
    #weighted traffic byte count balancing
    ProxySet lbmethod=bytraffic nofailover=off

</Proxy>

ProxyPass /worksa http://172.31.19.205:8080
ProxyPass /worksb http://172.31.28.85:8080
ProxyPass /worksc http://172.31.28.49:8080

ProxyPass /a http://172.31.19.205:8000
ProxyPass /b http://172.31.28.85:8000
ProxyPass /c http://172.31.28.49:8000

#pass through any other proxy requests
ProxyPass / balancer://thecluster/

#route traffic back through the cluster and act as a load balancer, ensure headers generated from any workers are modified to point to the load balancer, masking the backend web servers
#ProxyPassReverse / balancer://thecluster/

#balancer-manager GUI via port 80
<Location /balancer-manager>
    SetHandler balancer-manager
</Location>

#don't pass requests to the BM through to the cluster
ProxyPass /balancer-manager !

<Location "/~Alice">
    AuthType Digest
    AuthName "private"
    AuthDigestDomain "/~Alice"
    AuthDigestProvider file
    AuthUserFile "/etc/httpd-auth/digest_passwords_file2"
    Require valid-user
</Location>

<Location "/~Bob">
    AuthType Digest
    AuthName "private"
    AuthDigestDomain "/~Bob"
    AuthDigestProvider file
    AuthUserFile "/etc/httpd-auth/digest_passwords_file2"
    Require valid-user
</Location>

</VirtualHost>

<VirtualHost *:8000>
ProxyRequests off

#server-info GUI via port 8000
<Location /server-info>
    SetHandler server-info
</Location>

#server-status GUI via port 8000
<Location /server-status>
    SetHandler server-status
</Location>

<Location "/server-info">
    AuthType Digest
    AuthName "realm"
    AuthDigestDomain "/server-info"
    AuthDigestProvider file
    AuthUserFile /etc/httpd-auth/digest_passwords_file
    Require valid-user
</Location>

<Location "/server-status">
    AuthType Digest
    AuthName "realm"
    AuthDigestDomain "/server-status"
    AuthDigestProvider file
    AuthUserFile /etc/httpd-auth/digest_passwords_file
    Require valid-user
</Location>

</VirtualHost>

편집하다:지금은 지나간 것 같은데 이번에는 400불량요청을 받았습니다. 요청을 처리하는 백엔드 서버의 오류 로그에는 다음이 표시됩니다.

[auth_digest:error] [pid 9105:tid 139830629422848] [client ***.***.***.***:50720] AH01786: uri mismatch - </a/server-info/> does not match request-uri </server-info/>

다이제스트 인증이 활성화된 경우 로드 밸런서에서 액세스할 때 액세스가 실패하는 것 같습니다. Worksa에는 다음이 있습니다.

Worksa에는 다음이 있습니다.

<VirtualHost *:8000>

#balancer-manager GUI via port 8000
<Location /balancer-manager>
    SetHandler balancer-manager
</Location>

#Req 4.b
<Location "/server-info">
    SetHandler server-info
    AuthType Digest
    AuthName "realm"
    AuthDigestDomain "/server-info"
    AuthDigestProvider file
    AuthUserFile /etc/httpd-auth/digest_passwords_file
    Require valid-user
</Location>

# Req 4.a, Req 4.b
<Location "/server-status">
    SetHandler server-status
    AuthType Digest
    AuthName "realm"
    AuthDigestDomain "/server-status"
    AuthDigestProvider file
    AuthUserFile /etc/httpd-auth/digest_passwords_file
    Require valid-user
</Location>

</VirtualHost>

둘째, http://loadbalancer/worksa/index.html에 액세스하려고 하면 403 Forbidden이 표시되고 worksa에 대한 액세스 로그는 다음과 같습니다.

(13)Permission denied: file permissions deny server access: /var/www/html/index.html.

index.html에서 chmod 0644를 사용했지만 도움이 되지 않는 것 같습니다.

요약하면, http://loadbalancer/a/server-info는 자격 증명을 요청하고 400 Bad Request를 반환하는 반면, http://loadbalancer/a/index.html은 403 Forbidden을 반환합니다.

매우 감사합니다.

답변1

ProxyPass밸런서 앞에 특정 지침을 이동하면 ProxyPass밸런서가 다른 모든 것과 일치합니다 /. 후행 슬래시를 제거하십시오.

이것은 첫 번째 가상 호스트입니다.

<VirtualHost *:80>
    ProxyRequests off

    #Start Proxy balancer block and define cluster
    <Proxy balancer://thecluster>
        BalancerMember http://172.31.27.155:8080
        BalancerMember http://172.31.21.185:8080 loadfactor=3
        BalancerMember http://172.31.28.201:8080

        #weighted traffic byte count balancing
        ProxySet lbmethod=bytraffic nofailover=off
    </Proxy>

    ProxyPass /worksa http://172.31.27.155:8080
    ProxyPass /worksb http://172.31.21.185:8080
    ProxyPass /worksc http://172.31.28.201:8080

    # pass through balancer member
    ProxyPass /a http://172.31.27.155:8000
    ProxyPass /b http://172.31.21.185:8000
    ProxyPass /c http://172.31.28.201:8000

    # pass through any other proxy requests
    ProxyPass / balancer://thecluster/

    #route traffic back through the cluster and act as a load balancer, ensure headers generated from$
    #ProxyPassReverse / balancer://thecluster/
</VirtualHost>

"403 Forbidden"을 방지하려면 백엔드에서 액세스 제어를 조정해야 할 수도 있습니다.

<Location /server-status>
    SetHandler server-status
    # limit to ip addresses, hosts or whatever you need
    Require ip 172.31
</Location>

관련 정보