Apache 反向代理背后的 Apache Zeppelin
Apache Zeppelin behind Apache reverse proxy
我 运行 我的 Apache Zeppelin 实例位于 Apache 网络服务器后面,网络服务器仅用作保留代理。
如果我正在浏览 reverse-proxy 站点 https://my-domain.com/zeppelin/,我会得到一个包含资产和按钮以及所有内容的网站,但 Zeppelin 的 websocket 无法连接。 Browser-Dev-Tools 对 URL https://my-domain.com/zeppelin/ws 说 405 HTTP method GET is not supported by this URL。
如果我直接进入 Zeppelin-Website (f.e. http://priv.my-domain.com/zeppelin),一切正常。所以它似乎不是 Zeppelin-Code 中的错误,而是 reverse-proxy-config.
中的问题
我的 Apache reverse-proxy 配置如下:
<VirtualHost *:443>
ServerName my-domain.com
# don't loose time with IP address lookups
HostnameLookups Off
ProxyRequests Off
ProxyPreserveHost Off
SSLEngine On
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
...
ssl cert stuff
...
<Location /zeppelin/ws>
ProxyPass ws://priv.my-domain.com:8080/zeppelin/ws
ProxyPassReverse ws://priv.my-domain.com:8080/zeppelin/ws
Order deny,allow
Deny from all
Allow from <my-ip>
</Location>
<Location /zeppelin/>
ProxyPass http://priv.my-domain.com:8080/zeppelin/
ProxyPassReverse http://priv.my-domain.com:8080/zeppelin/
Order deny,allow
Deny from all
Allow from <my-ip>
</Location>
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
如果我从配置中删除第一个 ws-location 没有任何区别。
你有什么想法吗?
编辑解决方案:在得到以下答案后,我修改了我的 conf-file,现在可以使用了!真的非常感谢!
我的工作会议:
<VirtualHost *:443>
ServerName my-domain.com
# don't loose time with IP address lookups
HostnameLookups Off
ProxyRequests Off
ProxyPreserveHost Off
SSLEngine On
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
...
ssl cert stuff
...
<Location /zeppelin/>
ProxyPass http://priv.my-domain.com:8080/zeppelin/
ProxyPassReverse http://priv.my-domain.com:8080/zeppelin/
Order deny,allow
Deny from all
Allow from <my-ip>
</Location>
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =WebSocket [NC,NV]
RewriteRule ^/(.*) ws://priv.my-domain.com:8080/ [P]
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
这是我正在使用的配置文件,其中有一些不一定适用于您的需求的指定:
- 在 mesos 集群前发现服务
- 每个用户一个实例,并根据凭据
路由用户
<VirtualHost *:3128>
<Location "/">
AuthUserFile /.............../users
AuthName "xxxxxxxxxxxxx"
AuthGroupFile /dev/null
AuthType Basic
Require valid-user
</Location>
ServerName xxxxxxxxxxxxxxxxxxxxxxxxxxx
# SSLEngine on
# SSLCertificateFile "/.............../xxxxx.crt"
# SSLCertificateKeyFile "/.............../xxxxx.key"
#RewriteRules for datalab with user
RewriteCond %{HTTP:Upgrade} =WebSocket [NC,NV]
RewriteCond %{LA-U:REMOTE_USER} (aaaa)
RewriteRule ^/(.*) ws://azerty01:31321/ [P]
RewriteCond %{LA-U:REMOTE_USER} (aaaa)
RewriteRule ^/(.*) http://azerty01:31321/ [P,QSA,L]
ProxyPassReverse / http://azerty01:31321
#RewriteRules for datalab with user
RewriteCond %{HTTP:Upgrade} =WebSocket [NC,NV]
RewriteCond %{LA-U:REMOTE_USER} (bbbb)
RewriteRule ^/(.*) ws://azerty02:31901/ [P]
RewriteCond %{LA-U:REMOTE_USER} (bbbb)
RewriteRule ^/(.*) http://azerty02:31901/ [P,QSA,L]
ProxyPassReverse / http://azerty02:31901
</VirtualHost>
这是我想反向代理时创建的包含文件
齐柏林服务器。如果愿意,您可以或多或少地将其剪切并粘贴到 vhosts conf 文件中。
#
# Apache Reverse Proxy settings for Zeppelin server.
# note:
# Change ZEPPELING_IP_OR_HOST and ZEPPELIN_PORT as appropriate.
#
# FreeBSD put into /usr/local/etc/apache24/Includes directory,
# Linux may vary.
# This is for your-host.your-domain.com/zeppelin
# if you want zeppelin.your-host.your-domain.com
# Put this into a vhosts file.
RequestHeader set X_FORWARDED_PROTO 'https'
ProxyPreserveHost On
RequestHeader set X-Forwarded-Port "443"
ProxyRequests Off
ProxyVia Off
AllowEncodedSlashes NoDecode
<Location /zeppelin/ws>
ProxyPass ws://ZEPPELIN_IP_OR_HOST:ZEPPELIN_PORT/zeppelin/ws
ProxyPassReverse ws://ZEPPELIN_IP_OR_HOST:ZEPPELIN_PORT/zeppenlin/ws
</Location>
ProxyPass /zeppelin http://ZEPPELIN_IP_OR_HOST:ZEPPELIN_PORT/zeppelin
ProxyPassReverse /zeppelin http://ZEPPELIN_IP_OR_HOST:ZEPPELIN_PORT/zeppelin
补充一下,我能够使用 Apache2 和下面的配置来重新路由到我的 zeppelin 实例。重要的部分是 websocket 连接。
确保添加
sudo a2enmod proxy_wstunnel
到模组。然后我 运行 以下内容:
sudo a2dissite 000-default
sudo nano /etc/apache2/sites-available/proxy-host.conf
# Insert the following into the proxy-host.conf file
<VirtualHost *:80>
ServerName '<Zeppelin Public IP>:8080'
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://<Zeppelin Public IP>:8080/ [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://<Zeppelin Public IP>:8080/ [P,L]
ProxyPassReverse / http://<Zeppelin Public IP>:8080/
</VirtualHost>
# / text insert
sudo a2ensite proxy-host
sudo nano /etc/apache2/ports.conf
#Add this to the ports.conf file and cntrl+X to save & exit
Listen 8080
sudo /etc/init.d/apache2 restart
然后当您转到 http://reverseproxypublicIP/ 时,它会重新路由到您的 Zeppelin 实例。希望这对某人有所帮助!
我发现位置指令的顺序很重要。如果您首先定义齐柏林飞艇然后 zeppelin/ws 如下所示,那么一切正常。但是,相反的顺序不起作用。
<Location /zeppelin/>
ProxyPass http://priv.my-domain.com:8080/zeppelin/
ProxyPassReverse http://priv.my-domain.com:8080/zeppelin/
</Location>
<Location /zeppelin/ws>
ProxyPass ws://priv.my-domain.com:8080/zeppelin/ws
ProxyPassReverse ws://priv.my-domain.com:8080/zeppelin/ws
</Location>
我 运行 我的 Apache Zeppelin 实例位于 Apache 网络服务器后面,网络服务器仅用作保留代理。
如果我正在浏览 reverse-proxy 站点 https://my-domain.com/zeppelin/,我会得到一个包含资产和按钮以及所有内容的网站,但 Zeppelin 的 websocket 无法连接。 Browser-Dev-Tools 对 URL https://my-domain.com/zeppelin/ws 说 405 HTTP method GET is not supported by this URL。
如果我直接进入 Zeppelin-Website (f.e. http://priv.my-domain.com/zeppelin),一切正常。所以它似乎不是 Zeppelin-Code 中的错误,而是 reverse-proxy-config.
我的 Apache reverse-proxy 配置如下:
<VirtualHost *:443>
ServerName my-domain.com
# don't loose time with IP address lookups
HostnameLookups Off
ProxyRequests Off
ProxyPreserveHost Off
SSLEngine On
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
...
ssl cert stuff
...
<Location /zeppelin/ws>
ProxyPass ws://priv.my-domain.com:8080/zeppelin/ws
ProxyPassReverse ws://priv.my-domain.com:8080/zeppelin/ws
Order deny,allow
Deny from all
Allow from <my-ip>
</Location>
<Location /zeppelin/>
ProxyPass http://priv.my-domain.com:8080/zeppelin/
ProxyPassReverse http://priv.my-domain.com:8080/zeppelin/
Order deny,allow
Deny from all
Allow from <my-ip>
</Location>
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
如果我从配置中删除第一个 ws-location 没有任何区别。 你有什么想法吗?
编辑解决方案:在得到以下答案后,我修改了我的 conf-file,现在可以使用了!真的非常感谢!
我的工作会议:
<VirtualHost *:443>
ServerName my-domain.com
# don't loose time with IP address lookups
HostnameLookups Off
ProxyRequests Off
ProxyPreserveHost Off
SSLEngine On
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
...
ssl cert stuff
...
<Location /zeppelin/>
ProxyPass http://priv.my-domain.com:8080/zeppelin/
ProxyPassReverse http://priv.my-domain.com:8080/zeppelin/
Order deny,allow
Deny from all
Allow from <my-ip>
</Location>
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =WebSocket [NC,NV]
RewriteRule ^/(.*) ws://priv.my-domain.com:8080/ [P]
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
这是我正在使用的配置文件,其中有一些不一定适用于您的需求的指定:
- 在 mesos 集群前发现服务
- 每个用户一个实例,并根据凭据
<VirtualHost *:3128>
<Location "/">
AuthUserFile /.............../users
AuthName "xxxxxxxxxxxxx"
AuthGroupFile /dev/null
AuthType Basic
Require valid-user
</Location>
ServerName xxxxxxxxxxxxxxxxxxxxxxxxxxx
# SSLEngine on
# SSLCertificateFile "/.............../xxxxx.crt"
# SSLCertificateKeyFile "/.............../xxxxx.key"
#RewriteRules for datalab with user
RewriteCond %{HTTP:Upgrade} =WebSocket [NC,NV]
RewriteCond %{LA-U:REMOTE_USER} (aaaa)
RewriteRule ^/(.*) ws://azerty01:31321/ [P]
RewriteCond %{LA-U:REMOTE_USER} (aaaa)
RewriteRule ^/(.*) http://azerty01:31321/ [P,QSA,L]
ProxyPassReverse / http://azerty01:31321
#RewriteRules for datalab with user
RewriteCond %{HTTP:Upgrade} =WebSocket [NC,NV]
RewriteCond %{LA-U:REMOTE_USER} (bbbb)
RewriteRule ^/(.*) ws://azerty02:31901/ [P]
RewriteCond %{LA-U:REMOTE_USER} (bbbb)
RewriteRule ^/(.*) http://azerty02:31901/ [P,QSA,L]
ProxyPassReverse / http://azerty02:31901
</VirtualHost>
这是我想反向代理时创建的包含文件 齐柏林服务器。如果愿意,您可以或多或少地将其剪切并粘贴到 vhosts conf 文件中。
#
# Apache Reverse Proxy settings for Zeppelin server.
# note:
# Change ZEPPELING_IP_OR_HOST and ZEPPELIN_PORT as appropriate.
#
# FreeBSD put into /usr/local/etc/apache24/Includes directory,
# Linux may vary.
# This is for your-host.your-domain.com/zeppelin
# if you want zeppelin.your-host.your-domain.com
# Put this into a vhosts file.
RequestHeader set X_FORWARDED_PROTO 'https'
ProxyPreserveHost On
RequestHeader set X-Forwarded-Port "443"
ProxyRequests Off
ProxyVia Off
AllowEncodedSlashes NoDecode
<Location /zeppelin/ws>
ProxyPass ws://ZEPPELIN_IP_OR_HOST:ZEPPELIN_PORT/zeppelin/ws
ProxyPassReverse ws://ZEPPELIN_IP_OR_HOST:ZEPPELIN_PORT/zeppenlin/ws
</Location>
ProxyPass /zeppelin http://ZEPPELIN_IP_OR_HOST:ZEPPELIN_PORT/zeppelin
ProxyPassReverse /zeppelin http://ZEPPELIN_IP_OR_HOST:ZEPPELIN_PORT/zeppelin
补充一下,我能够使用 Apache2 和下面的配置来重新路由到我的 zeppelin 实例。重要的部分是 websocket 连接。
确保添加
sudo a2enmod proxy_wstunnel
到模组。然后我 运行 以下内容:
sudo a2dissite 000-default
sudo nano /etc/apache2/sites-available/proxy-host.conf
# Insert the following into the proxy-host.conf file
<VirtualHost *:80>
ServerName '<Zeppelin Public IP>:8080'
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://<Zeppelin Public IP>:8080/ [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://<Zeppelin Public IP>:8080/ [P,L]
ProxyPassReverse / http://<Zeppelin Public IP>:8080/
</VirtualHost>
# / text insert
sudo a2ensite proxy-host
sudo nano /etc/apache2/ports.conf
#Add this to the ports.conf file and cntrl+X to save & exit
Listen 8080
sudo /etc/init.d/apache2 restart
然后当您转到 http://reverseproxypublicIP/ 时,它会重新路由到您的 Zeppelin 实例。希望这对某人有所帮助!
我发现位置指令的顺序很重要。如果您首先定义齐柏林飞艇然后 zeppelin/ws 如下所示,那么一切正常。但是,相反的顺序不起作用。
<Location /zeppelin/>
ProxyPass http://priv.my-domain.com:8080/zeppelin/
ProxyPassReverse http://priv.my-domain.com:8080/zeppelin/
</Location>
<Location /zeppelin/ws>
ProxyPass ws://priv.my-domain.com:8080/zeppelin/ws
ProxyPassReverse ws://priv.my-domain.com:8080/zeppelin/ws
</Location>