Moodle 3.7 & Apache & 反向代理结果 ERR_TOO_MANY_REDIRECTS
Moodle 3.7 & Apache & reverse proxy results ERR_TOO_MANY_REDIRECTS
具有反向代理结果的 Moodle 3.7 Apache ERR_TOO_MANY_REDIRECTS。
我有一个带有以下虚拟主机文件的 SSL 站点:
<VirtualHost *:80>
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName moodle.site.com:443
SSLEngine on
SecAuditEngine On
RewriteEngine On
ProxyPreserveHost On
ProxyPass / http://101.102.103.104:80/
ProxyPassReverse / http://101.102.103.104:80/
</VirtualHost>
</IfModule>
我还将所有 80 端口请求重定向到 SSL 端口。
命令
curl -I https://moodle.site.com/
结果:
HTTP/1.1 303 See Other
Date: Fri, 09 Aug 2019 19:13:33 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=15768000; includeSubDomains
Location: https://moodle.site.com
Content-Language: en
Content-Type: text/html; charset=UTF-8
在 Moodle 中 config.php 我有:
$CFG->wwwroot = 'https://moodle.site.com';
$CFG->reverseproxy = true;
$CFG->sslproxy = 1;
知道为什么当我尝试打开 https://moodle.site.com URL 时 Google Chrome 中出现 "ERR_TOO_MANY_REDIRECTS" 错误吗?
我有 4 个问题,所以我必须修复它们(命令行命令应以 root 身份执行或使用 sudo):
1) mod_ssl Apache 模块未激活。 在命令行中测试,如果 mod_ssl 处于活动状态:
apache2ctl -M | grep ssl
应该显示这个(如果激活):
ssl_module (shared)
FIX(在命令行中启用mod_ssl):
a2enmod ssl
# Considering dependency setenvif for ssl:
# Module setenvif already enabled
# Considering dependency mime for ssl:
# Module mime already enabled
# Considering dependency socache_shmcb for ssl:
# Enabling module socache_shmcb.
# Enabling module ssl.
# See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
# To activate the new configuration, you need to run:
# systemctl restart apache2
2) 我在 Apache SSL conf 文件中使用 Header 指令,如下所示:
# Guarantee HTTPS for 180 days including sub domains
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
由于需要此 mod_headers Apache 模块,因此未激活。在命令行中测试,如果 mod_headers 处于活动状态:
apache2ctl -M | grep headers
应该显示这个(如果激活):
headers_module (shared)
FIX(在命令行中启用mod_headers):
a2enmod headers
3) 我不得不在 Apache vhost conf 文件中使用 https ProxyPass URL 而不是 http :
错误:
ProxyPass / http://101.102.103.104:80/
ProxyPassReverse / http://101.102.103.104:80/
好:
ProxyPass / https://101.102.103.104/
ProxyPassReverse / https://101.102.103.104/
4) 必须打开 SSLProxyEngine 指令才能在 Apache vhost conf 文件中的 ProxyPass 中使用 SSL。
修复:
在 /etc/apache2/sites-available/myvhost.conf
中添加了 SSLProxyEngine
SSLProxyEngine on
具有反向代理结果的 Moodle 3.7 Apache ERR_TOO_MANY_REDIRECTS。
我有一个带有以下虚拟主机文件的 SSL 站点:
<VirtualHost *:80>
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName moodle.site.com:443
SSLEngine on
SecAuditEngine On
RewriteEngine On
ProxyPreserveHost On
ProxyPass / http://101.102.103.104:80/
ProxyPassReverse / http://101.102.103.104:80/
</VirtualHost>
</IfModule>
我还将所有 80 端口请求重定向到 SSL 端口。
命令
curl -I https://moodle.site.com/
结果:
HTTP/1.1 303 See Other
Date: Fri, 09 Aug 2019 19:13:33 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=15768000; includeSubDomains
Location: https://moodle.site.com
Content-Language: en
Content-Type: text/html; charset=UTF-8
在 Moodle 中 config.php 我有:
$CFG->wwwroot = 'https://moodle.site.com';
$CFG->reverseproxy = true;
$CFG->sslproxy = 1;
知道为什么当我尝试打开 https://moodle.site.com URL 时 Google Chrome 中出现 "ERR_TOO_MANY_REDIRECTS" 错误吗?
我有 4 个问题,所以我必须修复它们(命令行命令应以 root 身份执行或使用 sudo):
1) mod_ssl Apache 模块未激活。 在命令行中测试,如果 mod_ssl 处于活动状态:
apache2ctl -M | grep ssl
应该显示这个(如果激活):
ssl_module (shared)
FIX(在命令行中启用mod_ssl):
a2enmod ssl
# Considering dependency setenvif for ssl:
# Module setenvif already enabled
# Considering dependency mime for ssl:
# Module mime already enabled
# Considering dependency socache_shmcb for ssl:
# Enabling module socache_shmcb.
# Enabling module ssl.
# See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
# To activate the new configuration, you need to run:
# systemctl restart apache2
2) 我在 Apache SSL conf 文件中使用 Header 指令,如下所示:
# Guarantee HTTPS for 180 days including sub domains
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
由于需要此 mod_headers Apache 模块,因此未激活。在命令行中测试,如果 mod_headers 处于活动状态:
apache2ctl -M | grep headers
应该显示这个(如果激活):
headers_module (shared)
FIX(在命令行中启用mod_headers):
a2enmod headers
3) 我不得不在 Apache vhost conf 文件中使用 https ProxyPass URL 而不是 http :
错误:
ProxyPass / http://101.102.103.104:80/
ProxyPassReverse / http://101.102.103.104:80/
好:
ProxyPass / https://101.102.103.104/
ProxyPassReverse / https://101.102.103.104/
4) 必须打开 SSLProxyEngine 指令才能在 Apache vhost conf 文件中的 ProxyPass 中使用 SSL。
修复: 在 /etc/apache2/sites-available/myvhost.conf
中添加了 SSLProxyEngineSSLProxyEngine on