apache2 的https配置和代理https后端nodejs配置

先进入  /usr/local/apache2/conf  目录

修改 vim httpd.conf  把下面的去掉注释

LoadModule proxy_module modules/mod_proxy.so

LoadModule proxy_http_module modules/mod_proxy_http.so

LoadModule ssl_module modules/mod_ssl.so

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

Include conf/extra/httpd-ssl.conf

然后进入/usr/local/apache2/conf/extra

编辑vim httpd-ssl.conf

把原来的 <VirtualHost 删除

加入如下配置

<VirtualHost *:443>
ServerName www.hp_nova2.com
ServerAlias www.hp_nova2.com
SSLEngine on
SSLProxyEngine On
SSLProxyVerify none
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
# SSLCertificateFile "Path1"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
# SSLCertificateKeyFile "Path2"
# SSLCertificateChainFile "Path3"
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost On
ProxyRequests Off
<Location />
ProxyPass https://15.31.213.137:443/
ProxyPassReverse https://15.31.213.137:443/
</Location>
</VirtualHost>

然后在/usr/local/apache2/conf/拷贝进去server.crt和server.key

（具体server.crt和server.key生成方式请参考我前面的文章使用openssl生成的证书，需要保证apache配置的证书和nodejs还有springboot配置的证书一样）

然后重启apache 执行 bin/apachectl start

问题：启动apache后访问发现报错500

查看apache的日志error.log发现

[Tue Apr 30 13:38:55.077682 2019] [proxy_http:error] [pid 12090] [client 15.38.244.222:63285] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 (), referer: https://15.31.213.106/
[Tue Apr 30 13:38:55.244096 2019] [proxy:error] [pid 12089] (502)Unknown error 502: [client 15.38.244.222:63287] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137)
[Tue Apr 30 13:38:55.244214 2019] [proxy:error] [pid 12089] [client 15.38.244.222:63287] AH00898: Error during SSL Handshake with remote server returned by /
[Tue Apr 30 13:38:55.244225 2019] [proxy_http:error] [pid 12089] [client 15.38.244.222:63287] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 ()
[Tue Apr 30 13:38:55.277609 2019] [proxy:error] [pid 12093] (502)Unknown error 502: [client 15.38.244.222:63288] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137), referer: https://15.31.213.106/
[Tue Apr 30 13:38:55.277707 2019] [proxy:error] [pid 12093] [client 15.38.244.222:63288] AH00898: Error during SSL Handshake with remote server returned by /favicon.ico, referer: https://15.31.213.106/
[Tue Apr 30 13:38:55.277718 2019] [proxy_http:error] [pid 12093] [client 15.38.244.222:63288] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 (), referer: https://15.31.213.106/
[Tue Apr 30 13:38:55.441908 2019] [proxy:error] [pid 12092] (502)Unknown error 502: [client 15.38.244.222:63290] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137)
[Tue Apr 30 13:38:55.441979 2019] [proxy:error] [pid 12092] [client 15.38.244.222:63290] AH00898: Error during SSL Handshake with remote server returned by /
[Tue Apr 30 13:38:55.441990 2019] [proxy_http:error] [pid 12092] [client 15.38.244.222:63290] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 ()
[Tue Apr 30 13:38:55.472712 2019] [proxy:error] [pid 12091] (502)Unknown error 502: [client 15.38.244.222:63289] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137), referer: https://15.31.213.106/
[Tue Apr 30 13:38:55.472811 2019] [proxy:error] [pid 12091] [client 15.38.244.222:63289] AH00898: Error during SSL Handshake with remote server returned by /favicon.ico, referer: https://15.31.213.106/
[Tue Apr 30 13:38:55.472822 2019] [proxy_http:error] [pid 12091] [client 15.38.244.222:63289] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 (), referer: https://15.31.213.106/
[Tue Apr 30 13:38:58.009281 2019] [proxy:error] [pid 12090] (502)Unknown error 502: [client 15.38.244.222:63291] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137)
[Tue Apr 30 13:38:58.009379 2019] [proxy:error] [pid 12090] [client 15.38.244.222:63291] AH00898: Error during SSL Handshake with remote server returned by /
[Tue Apr 30 13:38:58.009390 2019] [proxy_http:error] [pid 12090] [client 15.38.244.222:63291] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 ()
[Tue Apr 30 13:38:58.038419 2019] [proxy:error] [pid 12089] (502)Unknown error 502: [client 15.38.244.222:63292] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137), referer: https://15.31.213.106/
[Tue Apr 30 13:38:58.038519 2019] [proxy:error] [pid 12089] [client 15.38.244.222:63292] AH00898: Error during SSL Handshake with remote server returned by /favicon.ico, referer: https://15.31.213.106/
[Tue Apr 30 13:38:58.038530 2019] [proxy_http:error] [pid 12089] [client 15.38.244.222:63292] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 (), referer: https://15.31.213.106/
[Tue Apr 30 13:39:14.614789 2019] [proxy:error] [pid 12092] (502)Unknown error 502: [client 15.38.244.222:63293] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137)
[Tue Apr 30 13:39:14.614914 2019] [proxy:error] [pid 12092] [client 15.38.244.222:63293] AH00898: Error during SSL Handshake with remote server returned by /
[Tue Apr 30 13:39:14.614958 2019] [proxy_http:error] [pid 12092] [client 15.38.244.222:63293] AH01097: pass request body failed to 15.31.213.137:443 (15.31.213.137) from 15.38.244.222 ()
[Tue Apr 30 13:39:14.646786 2019] [proxy:error] [pid 12093] (502)Unknown error 502: [client 15.38.244.222:63294] AH01084: pass request body failed to 15.31.213.137:443 (15.31.213.137), referer: https://15.31.213.106/

最后网上查了下在httpd-ssl.conf中的VirtualHost加入如下配置，重启apache解决

SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off

原文地址：https://www.cnblogs.com/xiaohanlin/p/10795465.html