避免来自 Apache 的 400 for RewriteRule
Avoid 400 from Apache for RewriteRule
情况
用于开发 我想使用 Apache VHost 从我的机器传送前端文件,但是 API 调用(通过 JS fetch:POST, PUT, DELETE) 被重定向到远离家乡的服务器。
虚拟主机
配置如下:
<VirtualHost *:443>
ServerName test-co2avatar.localhost
DocumentRoot /home/myname/work/sdp/test-frontends
Header always set X-XSS-Protection "1; mode=block"
# https://content-security-policy.com/style-src/
Header always set Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'"
RewriteEngine On
RewriteCond %{HTTP_HOST} ^test-co2avatar\.localhost$
RewriteRule co2avatar-app/sdp-api$ https://test.co2avatar.org/co2avatar-app/sdp-api [L,PT]
RewriteCond %{HTTP_HOST} ^test-co2avatar\.localhost$
RewriteRule co2avatar-app/sdp-api/(.*)$ https://test.co2avatar.org/co2avatar-app/sdp-api/ [L,PT]
# for avoiding 403 from
<Directory "/home/myname/work/sdp/test-frontends">
Require all granted
RewriteEngine On
# now: https://gkedge.gitbooks.io/react-router-in-the-real/content/apache.html
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule co2avatar-app/(.*)/(js|style|resources)/(.+)\.(.+)$ co2avatar-app//. [END]
# RewriteCond %{HTTP_HOST} ^test-co2avatar\.localhost$
# RewriteRule co2avatar-app/sdp-api$ https://test.co2avatar.org/co2avatar-app/sdp-api [L,PT]
# RewriteCond %{HTTP_HOST} ^test-co2avatar\.localhost$
# RewriteRule co2avatar-app/sdp-api/(.*)$ https://test.co2avatar.org/co2avatar-app/sdp-api/ [L,PT]
# anything else to index.html
RewriteCond %{HTTP_HOST} ^test-co2avatar\.localhost$
RewriteRule co2avatar-app/(.+) co2avatar-app/index.html [L]
</Directory>
# LogLevel debug
# SSL
# self signed cert for development
SSLEngine on
SSLCertificateFile "/usr/share/apache2/cert/co2compass-local.crt"
SSLCertificateKeyFile "/usr/share/apache2/cert/co2compass-local.key"
</VirtualHost>
结果
前端文件
交付非常好(JS、CSS、图像、字体等)
重写服务器以完成数据传输失败
来自 Apache error.log
[Wed Sep 01 16:34:10.654207 2021] [ssl:info] [pid 46526:tid 140357610219264] [client ::1:34698] AH01964: Connection to child 9 established (server co2avatar.localhost:443)
[Wed Sep 01 16:34:10.654375 2021] [ssl:debug] [pid 46526:tid 140357610219264] ssl_engine_kernel.c(2372): [client ::1:34698] AH02043: SSL virtual host for servername test-co2avatar.localhost found
[Wed Sep 01 16:34:10.654390 2021] [core:debug] [pid 46526:tid 140357610219264] protocol.c(2313): [client ::1:34698] AH03155: select protocol from , choices=h2,http/1.1 for server test-co2avatar.localhost
[Wed Sep 01 16:34:10.657156 2021] [ssl:info] [pid 46526:tid 140357610219264] [client ::1:34698] AH02008: SSL library error 1 in handshake (server co2avatar.localhost:443)
[Wed Sep 01 16:34:10.657197 2021] [ssl:info] [pid 46526:tid 140357610219264] SSL Library Error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (SSL alert number 46)
[Wed Sep 01 16:34:10.657207 2021] [ssl:info] [pid 46526:tid 140357610219264] [client ::1:34698] AH01998: Connection closed to child 9 with abortive shutdown (server test-co2avatar.localhost:443)
[Wed Sep 01 16:34:10.662640 2021] [ssl:info] [pid 46527:tid 140357728802560] [client ::1:34700] AH01964: Connection to child 67 established (server co2avatar.localhost:443)
[Wed Sep 01 16:34:10.663077 2021] [ssl:debug] [pid 46527:tid 140357728802560] ssl_engine_kernel.c(2372): [client ::1:34700] AH02043: SSL virtual host for servername test-co2avatar.localhost found
[Wed Sep 01 16:34:10.663114 2021] [core:debug] [pid 46527:tid 140357728802560] protocol.c(2313): [client ::1:34700] AH03155: select protocol from , choices=h2,http/1.1 for server test-co2avatar.localhost
[Wed Sep 01 16:34:10.664964 2021] [ssl:debug] [pid 46527:tid 140357728802560] ssl_engine_kernel.c(2254): [client ::1:34700] AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_128_GCM_SHA256 (128/128 bits)
[Wed Sep 01 16:34:10.665204 2021] [ssl:debug] [pid 46527:tid 140357728802560] ssl_engine_kernel.c(415): [client ::1:34700] AH02034: Initial (No.1) HTTPS request received for child 67 (server test-co2avatar.localhost:443), referer: https://test-co2avatar.localhost/co2avatar-app/input/ghg-domain/housing/values
[Wed Sep 01 16:34:10.665247 2021] [rewrite:trace2] [pid 46527:tid 140357728802560] mod_rewrite.c(483): [client ::1:34700] ::1 - - [test-co2avatar.localhost/sid#7fa796c635f0][rid#7fa79778b0a0/initial] init rewrite engine with requested uri /co2avatar-app/sdp-api/login, referer: https://test-co2avatar.localhost/co2avatar-app/input/ghg-domain/housing/values
[Wed Sep 01 16:34:10.665254 2021] [rewrite:trace3] [pid 46527:tid 140357728802560] mod_rewrite.c(483): [client ::1:34700] ::1 - - [test-co2avatar.localhost/sid#7fa796c635f0][rid#7fa79778b0a0/initial] applying pattern 'co2avatar-app/sdp-api$' to uri '/co2avatar-app/sdp-api/login', referer: https://test-co2avatar.localhost/co2avatar-app/input/ghg-domain/housing/values
[Wed Sep 01 16:34:10.665267 2021] [rewrite:trace3] [pid 46527:tid 140357728802560] mod_rewrite.c(483): [client ::1:34700] ::1 - - [test-co2avatar.localhost/sid#7fa796c635f0][rid#7fa79778b0a0/initial] applying pattern 'co2avatar-app/sdp-api/(.*)$' to uri '/co2avatar-app/sdp-api/login', referer: https://test-co2avatar.localhost/co2avatar-app/input/ghg-domain/housing/values
[Wed Sep 01 16:34:10.665278 2021] [rewrite:trace4] [pid 46527:tid 140357728802560] mod_rewrite.c(483): [client ::1:34700] ::1 - - [test-co2avatar.localhost/sid#7fa796c635f0][rid#7fa79778b0a0/initial] RewriteCond: input='test-co2avatar.localhost' pattern='^test-co2avatar\.localhost$' => matched, referer: https://test-co2avatar.localhost/co2avatar-app/input/ghg-domain/housing/values
[Wed Sep 01 16:34:10.665283 2021] [rewrite:trace2] [pid 46527:tid 140357728802560] mod_rewrite.c(483): [client ::1:34700] ::1 - - [test-co2avatar.localhost/sid#7fa796c635f0][rid#7fa79778b0a0/initial] rewrite '/co2avatar-app/sdp-api/login' -> 'https://test.co2avatar.org/co2avatar-app/sdp-api/login', referer: https://test-co2avatar.localhost/co2avatar-app/input/ghg-domain/housing/values
[Wed Sep 01 16:34:10.665299 2021] [rewrite:trace2] [pid 46527:tid 140357728802560] mod_rewrite.c(483): [client ::1:34700] ::1 - - [test-co2avatar.localhost/sid#7fa796c635f0][rid#7fa79778b0a0/initial] implicitly forcing redirect (rc=302) with https://test.co2avatar.org/co2avatar-app/sdp-api/login, referer: https://test-co2avatar.localhost/co2avatar-app/input/ghg-domain/housing/values
[Wed Sep 01 16:34:10.665304 2021] [rewrite:trace2] [pid 46527:tid 140357728802560] mod_rewrite.c(483): [client ::1:34700] ::1 - - [test-co2avatar.localhost/sid#7fa796c635f0][rid#7fa79778b0a0/initial] forcing '{PROT}test.co2avatar.org/co2avatar-app/sdp-api/login' to get passed through to next API URI-to-filename handler, referer: https://test-co2avatar.localhost/co2avatar-app/input/ghg-domain/housing/values
[Wed Sep 01 16:34:10.665546 2021] [headers:debug] [pid 46527:tid 140357728802560] mod_headers.c(899): AH01503: headers: ap_headers_error_filter()
[Wed Sep 01 16:34:10.665652 2021] [ssl:debug] [pid 46527:tid 140357728802560] ssl_engine_io.c(1102): [client ::1:34700] AH02001: Connection closed to child 67 with standard shutdown (server test-co2avatar.localhost:443)
问题
SSL
不太明白错误:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (SSL alert number 46).
但我认为第二个关机在这里更重要:
循环?
错误强制“{PROT}test.co2avatar.org/co2avatar-app/sdp-api/login”传递给下一个API URI-to-filename 处理程序 似乎可以说有无穷无尽的 redirect/rewrite 正在发生。
但是我已经不知道了
解决方案
Adding a RewriteCond 对于我的本地 VHost 不起作用。我也尝试将 RewriteRule 移到 <Directory> 之外,但这并没有改变任何东西
我需要在这里使用代理吗?我还能如何重写对另一个 server/domain 的调用?
我的解决方案使用 proxy_module 而不是重写。
# because we use https for localhost, too
SSLProxyEngine on
# SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
ProxyPreserveHost On
ProxyPass "/co2avatar-app/sdp-api" "https://test.co2avatar.org/co2avatar-app/sdp-api"
ProxyPassReverse "/co2avatar-app/sdp-api" "https://test.co2avatar.org/co2avatar-app/sdp-api"
有使用更灵活的选项 rewrite module, for example with RedirectMatch or just [P]。
但是我的配置中有很多重写规则,我无法让它工作(顺序、条件、(结束)标志)。所以我使用简单的代理/反向代理模式。
情况
用于开发 我想使用 Apache VHost 从我的机器传送前端文件,但是 API 调用(通过 JS fetch:POST, PUT, DELETE) 被重定向到远离家乡的服务器。
虚拟主机
配置如下:
<VirtualHost *:443>
ServerName test-co2avatar.localhost
DocumentRoot /home/myname/work/sdp/test-frontends
Header always set X-XSS-Protection "1; mode=block"
# https://content-security-policy.com/style-src/
Header always set Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'"
RewriteEngine On
RewriteCond %{HTTP_HOST} ^test-co2avatar\.localhost$
RewriteRule co2avatar-app/sdp-api$ https://test.co2avatar.org/co2avatar-app/sdp-api [L,PT]
RewriteCond %{HTTP_HOST} ^test-co2avatar\.localhost$
RewriteRule co2avatar-app/sdp-api/(.*)$ https://test.co2avatar.org/co2avatar-app/sdp-api/ [L,PT]
# for avoiding 403 from
<Directory "/home/myname/work/sdp/test-frontends">
Require all granted
RewriteEngine On
# now: https://gkedge.gitbooks.io/react-router-in-the-real/content/apache.html
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule co2avatar-app/(.*)/(js|style|resources)/(.+)\.(.+)$ co2avatar-app//. [END]
# RewriteCond %{HTTP_HOST} ^test-co2avatar\.localhost$
# RewriteRule co2avatar-app/sdp-api$ https://test.co2avatar.org/co2avatar-app/sdp-api [L,PT]
# RewriteCond %{HTTP_HOST} ^test-co2avatar\.localhost$
# RewriteRule co2avatar-app/sdp-api/(.*)$ https://test.co2avatar.org/co2avatar-app/sdp-api/ [L,PT]
# anything else to index.html
RewriteCond %{HTTP_HOST} ^test-co2avatar\.localhost$
RewriteRule co2avatar-app/(.+) co2avatar-app/index.html [L]
</Directory>
# LogLevel debug
# SSL
# self signed cert for development
SSLEngine on
SSLCertificateFile "/usr/share/apache2/cert/co2compass-local.crt"
SSLCertificateKeyFile "/usr/share/apache2/cert/co2compass-local.key"
</VirtualHost>
结果
前端文件
交付非常好(JS、CSS、图像、字体等)
重写服务器以完成数据传输失败
来自 Apache error.log
[Wed Sep 01 16:34:10.654207 2021] [ssl:info] [pid 46526:tid 140357610219264] [client ::1:34698] AH01964: Connection to child 9 established (server co2avatar.localhost:443)
[Wed Sep 01 16:34:10.654375 2021] [ssl:debug] [pid 46526:tid 140357610219264] ssl_engine_kernel.c(2372): [client ::1:34698] AH02043: SSL virtual host for servername test-co2avatar.localhost found
[Wed Sep 01 16:34:10.654390 2021] [core:debug] [pid 46526:tid 140357610219264] protocol.c(2313): [client ::1:34698] AH03155: select protocol from , choices=h2,http/1.1 for server test-co2avatar.localhost
[Wed Sep 01 16:34:10.657156 2021] [ssl:info] [pid 46526:tid 140357610219264] [client ::1:34698] AH02008: SSL library error 1 in handshake (server co2avatar.localhost:443)
[Wed Sep 01 16:34:10.657197 2021] [ssl:info] [pid 46526:tid 140357610219264] SSL Library Error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (SSL alert number 46)
[Wed Sep 01 16:34:10.657207 2021] [ssl:info] [pid 46526:tid 140357610219264] [client ::1:34698] AH01998: Connection closed to child 9 with abortive shutdown (server test-co2avatar.localhost:443)
[Wed Sep 01 16:34:10.662640 2021] [ssl:info] [pid 46527:tid 140357728802560] [client ::1:34700] AH01964: Connection to child 67 established (server co2avatar.localhost:443)
[Wed Sep 01 16:34:10.663077 2021] [ssl:debug] [pid 46527:tid 140357728802560] ssl_engine_kernel.c(2372): [client ::1:34700] AH02043: SSL virtual host for servername test-co2avatar.localhost found
[Wed Sep 01 16:34:10.663114 2021] [core:debug] [pid 46527:tid 140357728802560] protocol.c(2313): [client ::1:34700] AH03155: select protocol from , choices=h2,http/1.1 for server test-co2avatar.localhost
[Wed Sep 01 16:34:10.664964 2021] [ssl:debug] [pid 46527:tid 140357728802560] ssl_engine_kernel.c(2254): [client ::1:34700] AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_128_GCM_SHA256 (128/128 bits)
[Wed Sep 01 16:34:10.665204 2021] [ssl:debug] [pid 46527:tid 140357728802560] ssl_engine_kernel.c(415): [client ::1:34700] AH02034: Initial (No.1) HTTPS request received for child 67 (server test-co2avatar.localhost:443), referer: https://test-co2avatar.localhost/co2avatar-app/input/ghg-domain/housing/values
[Wed Sep 01 16:34:10.665247 2021] [rewrite:trace2] [pid 46527:tid 140357728802560] mod_rewrite.c(483): [client ::1:34700] ::1 - - [test-co2avatar.localhost/sid#7fa796c635f0][rid#7fa79778b0a0/initial] init rewrite engine with requested uri /co2avatar-app/sdp-api/login, referer: https://test-co2avatar.localhost/co2avatar-app/input/ghg-domain/housing/values
[Wed Sep 01 16:34:10.665254 2021] [rewrite:trace3] [pid 46527:tid 140357728802560] mod_rewrite.c(483): [client ::1:34700] ::1 - - [test-co2avatar.localhost/sid#7fa796c635f0][rid#7fa79778b0a0/initial] applying pattern 'co2avatar-app/sdp-api$' to uri '/co2avatar-app/sdp-api/login', referer: https://test-co2avatar.localhost/co2avatar-app/input/ghg-domain/housing/values
[Wed Sep 01 16:34:10.665267 2021] [rewrite:trace3] [pid 46527:tid 140357728802560] mod_rewrite.c(483): [client ::1:34700] ::1 - - [test-co2avatar.localhost/sid#7fa796c635f0][rid#7fa79778b0a0/initial] applying pattern 'co2avatar-app/sdp-api/(.*)$' to uri '/co2avatar-app/sdp-api/login', referer: https://test-co2avatar.localhost/co2avatar-app/input/ghg-domain/housing/values
[Wed Sep 01 16:34:10.665278 2021] [rewrite:trace4] [pid 46527:tid 140357728802560] mod_rewrite.c(483): [client ::1:34700] ::1 - - [test-co2avatar.localhost/sid#7fa796c635f0][rid#7fa79778b0a0/initial] RewriteCond: input='test-co2avatar.localhost' pattern='^test-co2avatar\.localhost$' => matched, referer: https://test-co2avatar.localhost/co2avatar-app/input/ghg-domain/housing/values
[Wed Sep 01 16:34:10.665283 2021] [rewrite:trace2] [pid 46527:tid 140357728802560] mod_rewrite.c(483): [client ::1:34700] ::1 - - [test-co2avatar.localhost/sid#7fa796c635f0][rid#7fa79778b0a0/initial] rewrite '/co2avatar-app/sdp-api/login' -> 'https://test.co2avatar.org/co2avatar-app/sdp-api/login', referer: https://test-co2avatar.localhost/co2avatar-app/input/ghg-domain/housing/values
[Wed Sep 01 16:34:10.665299 2021] [rewrite:trace2] [pid 46527:tid 140357728802560] mod_rewrite.c(483): [client ::1:34700] ::1 - - [test-co2avatar.localhost/sid#7fa796c635f0][rid#7fa79778b0a0/initial] implicitly forcing redirect (rc=302) with https://test.co2avatar.org/co2avatar-app/sdp-api/login, referer: https://test-co2avatar.localhost/co2avatar-app/input/ghg-domain/housing/values
[Wed Sep 01 16:34:10.665304 2021] [rewrite:trace2] [pid 46527:tid 140357728802560] mod_rewrite.c(483): [client ::1:34700] ::1 - - [test-co2avatar.localhost/sid#7fa796c635f0][rid#7fa79778b0a0/initial] forcing '{PROT}test.co2avatar.org/co2avatar-app/sdp-api/login' to get passed through to next API URI-to-filename handler, referer: https://test-co2avatar.localhost/co2avatar-app/input/ghg-domain/housing/values
[Wed Sep 01 16:34:10.665546 2021] [headers:debug] [pid 46527:tid 140357728802560] mod_headers.c(899): AH01503: headers: ap_headers_error_filter()
[Wed Sep 01 16:34:10.665652 2021] [ssl:debug] [pid 46527:tid 140357728802560] ssl_engine_io.c(1102): [client ::1:34700] AH02001: Connection closed to child 67 with standard shutdown (server test-co2avatar.localhost:443)
问题
SSL
不太明白错误:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (SSL alert number 46).
但我认为第二个关机在这里更重要:
循环?
错误强制“{PROT}test.co2avatar.org/co2avatar-app/sdp-api/login”传递给下一个API URI-to-filename 处理程序 似乎可以说有无穷无尽的 redirect/rewrite 正在发生。
但是我已经不知道了
解决方案
Adding a RewriteCond 对于我的本地 VHost 不起作用。我也尝试将 RewriteRule 移到 <Directory> 之外,但这并没有改变任何东西
我需要在这里使用代理吗?我还能如何重写对另一个 server/domain 的调用?
我的解决方案使用 proxy_module 而不是重写。
# because we use https for localhost, too
SSLProxyEngine on
# SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
ProxyPreserveHost On
ProxyPass "/co2avatar-app/sdp-api" "https://test.co2avatar.org/co2avatar-app/sdp-api"
ProxyPassReverse "/co2avatar-app/sdp-api" "https://test.co2avatar.org/co2avatar-app/sdp-api"
有使用更灵活的选项 rewrite module, for example with RedirectMatch or just [P]。
但是我的配置中有很多重写规则,我无法让它工作(顺序、条件、(结束)标志)。所以我使用简单的代理/反向代理模式。