Apache 代理的哪些更改可能会导致 Domoticz API 401 错误?
What does an Apache Proxy change that could be causing Domoticz API 401 errors?
所以我将我的 Domoticz(RPi 上的家庭自动化软件)置于代理之后,因此可以从外部 HTTPS 地址访问它。这对于它自己的网络界面来说工作正常,但是对于它提供的API,出了点问题。
如果我在我的浏览器中输入以下 URL,它工作正常:
http://localDomoticzIP:port/json.htm?username=MkE=&password=OVM=&type=command¶m=getversion
但是,如果我使用 HTTPS 版本,我会收到 401 错误:
https://myExternalURL.com/domoticz/json.htm?username=MkE=&password=OVM=&type=command¶m=getversion
如您所见,变化不大,但一个有效,一个无效。
从 myExternalURL.com/domoticz/ 到 localDomoticzIP:port 的转换发生在 Apache 中,其配置文件如下所示:
<VirtualHost *:443>
ServerName myExternalURL.com
ErrorLog ${APACHE_LOG_DIR}/port_443_error.log
CustomLog ${APACHE_LOG_DIR}/port_443_access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/myExternalURL.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myExternalURL.com/privkey.pem
SSLProxyEngine on
ProxyPreserveHost On
ProxyRequests Off
RewriteEngine on
# I don't THINK the 3 lines below are important, since it's there for a
different web page, but I'll leave it in, in case it may mess with
something me knowing
# When Upgrade:websocket header is present, redirect to ws
# Using NC flag (case-insensitive) as some browsers will pass Websocket
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule .* ws://127.0.0.1:8000/socket.io%{REQUEST_URI} [P]
RewriteRule ^/domoticz$ /domoticz/ [R=307]
# The two lines below are for another web page
RewriteRule ^/sprinklers/node$ /sprinklers/node/ [R=307]
RewriteRule ^/sprinklers$ /sprinklers/ [R=307]
ProxyPassMatch /domoticz\/?(.*) https://127.0.0.1:444/
ProxyPassReverse /domoticz\/?(.*) https://127.0.0.1:444/
# The four lines below are for another web page
ProxyPassMatch /sprinklers/node(\/?)(.*) http://127.0.0.1:8000/
ProxyPassReverse /sprinklers/node(\/?)(.*) http://127.0.0.1:8000/
ProxyPassMatch /sprinklers(\/?)(.*) http://127.0.0.1:8091/
ProxyPassReverse /sprinklers(\/?)(.*) http://127.0.0.1:8091/
</VirtualHost>
就像我说的,在浏览器中转到 myExternalURL.com/domoticz/ 工作正常,但如果我添加一个 API 调用,它总是 returns 一个 401。
我也试过从 HTML 页面设置授权 header,但结果是一样的:401.
有没有人知道正在更改并导致这些 401 错误的可能是什么?
原来不是当前授权的问题,而是以前的授权问题。每当您注销时,我的浏览器都不会删除 sessionID cookie,这会导致之后尝试进行身份验证时出现各种问题。
所以我将我的 Domoticz(RPi 上的家庭自动化软件)置于代理之后,因此可以从外部 HTTPS 地址访问它。这对于它自己的网络界面来说工作正常,但是对于它提供的API,出了点问题。
如果我在我的浏览器中输入以下 URL,它工作正常:
http://localDomoticzIP:port/json.htm?username=MkE=&password=OVM=&type=command¶m=getversion
但是,如果我使用 HTTPS 版本,我会收到 401 错误:
https://myExternalURL.com/domoticz/json.htm?username=MkE=&password=OVM=&type=command¶m=getversion
如您所见,变化不大,但一个有效,一个无效。
从 myExternalURL.com/domoticz/ 到 localDomoticzIP:port 的转换发生在 Apache 中,其配置文件如下所示:
<VirtualHost *:443>
ServerName myExternalURL.com
ErrorLog ${APACHE_LOG_DIR}/port_443_error.log
CustomLog ${APACHE_LOG_DIR}/port_443_access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/myExternalURL.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myExternalURL.com/privkey.pem
SSLProxyEngine on
ProxyPreserveHost On
ProxyRequests Off
RewriteEngine on
# I don't THINK the 3 lines below are important, since it's there for a
different web page, but I'll leave it in, in case it may mess with
something me knowing
# When Upgrade:websocket header is present, redirect to ws
# Using NC flag (case-insensitive) as some browsers will pass Websocket
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule .* ws://127.0.0.1:8000/socket.io%{REQUEST_URI} [P]
RewriteRule ^/domoticz$ /domoticz/ [R=307]
# The two lines below are for another web page
RewriteRule ^/sprinklers/node$ /sprinklers/node/ [R=307]
RewriteRule ^/sprinklers$ /sprinklers/ [R=307]
ProxyPassMatch /domoticz\/?(.*) https://127.0.0.1:444/
ProxyPassReverse /domoticz\/?(.*) https://127.0.0.1:444/
# The four lines below are for another web page
ProxyPassMatch /sprinklers/node(\/?)(.*) http://127.0.0.1:8000/
ProxyPassReverse /sprinklers/node(\/?)(.*) http://127.0.0.1:8000/
ProxyPassMatch /sprinklers(\/?)(.*) http://127.0.0.1:8091/
ProxyPassReverse /sprinklers(\/?)(.*) http://127.0.0.1:8091/
</VirtualHost>
就像我说的,在浏览器中转到 myExternalURL.com/domoticz/ 工作正常,但如果我添加一个 API 调用,它总是 returns 一个 401。
我也试过从 HTML 页面设置授权 header,但结果是一样的:401.
有没有人知道正在更改并导致这些 401 错误的可能是什么?
原来不是当前授权的问题,而是以前的授权问题。每当您注销时,我的浏览器都不会删除 sessionID cookie,这会导致之后尝试进行身份验证时出现各种问题。