dotnetcore kestrel 服务器未通过反向代理接收请求
dotnetcore kestrel server not receiving request through reverse proxy
情况是我在 Debian stretch 上使用两台服务器,一个是用于托管 Blazor 服务器端应用程序的 kestrel 服务器,另一个是用于将请求转发到 kestrel 服务器的 Apache 2.4。
我尝试托管的网站是一个强制使用 HTTPS 的 .app 域。我使用 certbot 安装了 Let's Encrypt 的证书。
kestrel 服务器在端口 5001 上侦听 127.0.0.1。Apache 服务器有一个使用反向代理的虚拟配置集,它将所有传入请求转发到 127.0.0.1:5001。
但是,请求没有传递到 kestrel 服务器。查看 Apache 的日志时,我发现以下内容:
[Mon Dec 16 20:18:16.576931 2019] [proxy:debug] [pid 28760:tid 139662812688448] proxy_util.c(1776): AH00925: initializing worker https://127.0.0.1:5001 shared
[Mon Dec 16 20:18:16.576956 2019] [proxy:debug] [pid 28760:tid 139662812688448] proxy_util.c(1818): AH00927: initializing worker https://127.0.0.1:5001 local
[Mon Dec 16 20:18:16.576971 2019] [proxy:debug] [pid 28760:tid 139662812688448] proxy_util.c(1853): AH00930: initialized pool in child 28760 for (127.0.0.1) min=0 max=25 smax=25
[Mon Dec 16 20:18:16.577334 2019] [proxy:debug] [pid 28759:tid 139662812688448] proxy_util.c(1776): AH00925: initializing worker https://127.0.0.1:5001 shared
[Mon Dec 16 20:18:16.577357 2019] [proxy:debug] [pid 28759:tid 139662812688448] proxy_util.c(1818): AH00927: initializing worker https://127.0.0.1:5001 local
[Mon Dec 16 20:18:16.577370 2019] [proxy:debug] [pid 28759:tid 139662812688448] proxy_util.c(1853): AH00930: initialized pool in child 28759 for (127.0.0.1) min=0 max=25 smax=25
这让我相信反向代理应该有效。但是,在访问该站点时,我收到 This site can’t provide a secure connection.
虚拟主机配置如下:
<VirtualHost *:*>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RewriteEngine on
RewriteCond %{SERVER_NAME} =privateinfo.app [OR]
RewriteCond %{SERVER_NAME} =https://privateinfo.app
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:*>
ServerAdmin admin@privateinfo.app
ServerName https://privateinfo.app
ServerAlias https://privateinfo.app
SSLProxyEngine On
ProxyPreserveHost On
ProxyPass /privateinfo.app https://127.0.0.1:5001
ProxyPassReverse /privateinfo.app https://127.0.0.1:5001
LogLevel info ssl:warn warn debug
ErrorLog ${APACHE_LOG_DIR}/privateinfo.app/error.log
CustomLog ${APACHE_LOG_DIR}/privateinfo.app/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias privateinfo.app
SSLCertificateFile /etc/letsencrypt/live/privateinfo.app/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/privateinfo.app/privkey.pem
</VirtualHost>
kestrel 服务的日志提供了以下信息:
Dec 16 19:41:18 website-app dotnet[27435]: info: Microsoft.Hosting.Lifetime[0]
Dec 16 19:41:18 website-app dotnet[27435]: Now listening on: https://127.0.0.1:5001
Dec 16 19:41:18 website-app dotnet[27435]: info: Microsoft.Hosting.Lifetime[0]
Dec 16 19:41:18 website-app dotnet[27435]: Application started. Press Ctrl+C to shut down.
Dec 16 19:41:18 website-app dotnet[27435]: info: Microsoft.Hosting.Lifetime[0]
Dec 16 19:41:18 website-app dotnet[27435]: Hosting environment: Production
Dec 16 19:41:18 website-app dotnet[27435]: info: Microsoft.Hosting.Lifetime[0]
我是不是忽略了什么,为什么 Apache 服务器不将请求转发给 kestrel 服务器?
发现配置有问题。
该应用程序是从 apache www 目录中的一个文件夹提供的。
为其指定以下文件夹结构 /www/privateinfo.app.
我发现的第二个问题是 运行 来自错误文件夹的 app.dll。
这需要在 /www/privatinfo.app/publish 目录中完成。
我使用带反向代理的 Apache2 的配置:
<VirtualHost *:*>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RewriteEngine on
RewriteCond %{SERVER_NAME} =privateinfo.app [OR]
RewriteCond %{SERVER_NAME} =https://privateinfo.app
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:*>
ServerAdmin admin@privateinfo.app
ServerName https://privateinfo.app
ServerAlias https://privateinfo.app
SSLProxyEngine On
ProxyPreserveHost On
ProxyPass / https://127.0.0.1:5001
ProxyPassReverse / https://127.0.0.1:5001
LogLevel info ssl:warn warn debug
ErrorLog ${APACHE_LOG_DIR}/privateinfo.app/error.log
CustomLog ${APACHE_LOG_DIR}/privateinfo.app/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias privateinfo.app
SSLCertificateFile /etc/letsencrypt/live/privateinfo.app/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/privateinfo.app/privkey.pem
</VirtualHost>
情况是我在 Debian stretch 上使用两台服务器,一个是用于托管 Blazor 服务器端应用程序的 kestrel 服务器,另一个是用于将请求转发到 kestrel 服务器的 Apache 2.4。
我尝试托管的网站是一个强制使用 HTTPS 的 .app 域。我使用 certbot 安装了 Let's Encrypt 的证书。
kestrel 服务器在端口 5001 上侦听 127.0.0.1。Apache 服务器有一个使用反向代理的虚拟配置集,它将所有传入请求转发到 127.0.0.1:5001。
但是,请求没有传递到 kestrel 服务器。查看 Apache 的日志时,我发现以下内容:
[Mon Dec 16 20:18:16.576931 2019] [proxy:debug] [pid 28760:tid 139662812688448] proxy_util.c(1776): AH00925: initializing worker https://127.0.0.1:5001 shared
[Mon Dec 16 20:18:16.576956 2019] [proxy:debug] [pid 28760:tid 139662812688448] proxy_util.c(1818): AH00927: initializing worker https://127.0.0.1:5001 local
[Mon Dec 16 20:18:16.576971 2019] [proxy:debug] [pid 28760:tid 139662812688448] proxy_util.c(1853): AH00930: initialized pool in child 28760 for (127.0.0.1) min=0 max=25 smax=25
[Mon Dec 16 20:18:16.577334 2019] [proxy:debug] [pid 28759:tid 139662812688448] proxy_util.c(1776): AH00925: initializing worker https://127.0.0.1:5001 shared
[Mon Dec 16 20:18:16.577357 2019] [proxy:debug] [pid 28759:tid 139662812688448] proxy_util.c(1818): AH00927: initializing worker https://127.0.0.1:5001 local
[Mon Dec 16 20:18:16.577370 2019] [proxy:debug] [pid 28759:tid 139662812688448] proxy_util.c(1853): AH00930: initialized pool in child 28759 for (127.0.0.1) min=0 max=25 smax=25
这让我相信反向代理应该有效。但是,在访问该站点时,我收到 This site can’t provide a secure connection.
虚拟主机配置如下:
<VirtualHost *:*>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RewriteEngine on
RewriteCond %{SERVER_NAME} =privateinfo.app [OR]
RewriteCond %{SERVER_NAME} =https://privateinfo.app
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:*>
ServerAdmin admin@privateinfo.app
ServerName https://privateinfo.app
ServerAlias https://privateinfo.app
SSLProxyEngine On
ProxyPreserveHost On
ProxyPass /privateinfo.app https://127.0.0.1:5001
ProxyPassReverse /privateinfo.app https://127.0.0.1:5001
LogLevel info ssl:warn warn debug
ErrorLog ${APACHE_LOG_DIR}/privateinfo.app/error.log
CustomLog ${APACHE_LOG_DIR}/privateinfo.app/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias privateinfo.app
SSLCertificateFile /etc/letsencrypt/live/privateinfo.app/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/privateinfo.app/privkey.pem
</VirtualHost>
kestrel 服务的日志提供了以下信息:
Dec 16 19:41:18 website-app dotnet[27435]: info: Microsoft.Hosting.Lifetime[0]
Dec 16 19:41:18 website-app dotnet[27435]: Now listening on: https://127.0.0.1:5001
Dec 16 19:41:18 website-app dotnet[27435]: info: Microsoft.Hosting.Lifetime[0]
Dec 16 19:41:18 website-app dotnet[27435]: Application started. Press Ctrl+C to shut down.
Dec 16 19:41:18 website-app dotnet[27435]: info: Microsoft.Hosting.Lifetime[0]
Dec 16 19:41:18 website-app dotnet[27435]: Hosting environment: Production
Dec 16 19:41:18 website-app dotnet[27435]: info: Microsoft.Hosting.Lifetime[0]
我是不是忽略了什么,为什么 Apache 服务器不将请求转发给 kestrel 服务器?
发现配置有问题。 该应用程序是从 apache www 目录中的一个文件夹提供的。
为其指定以下文件夹结构 /www/privateinfo.app.
我发现的第二个问题是 运行 来自错误文件夹的 app.dll。 这需要在 /www/privatinfo.app/publish 目录中完成。
我使用带反向代理的 Apache2 的配置:
<VirtualHost *:*>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RewriteEngine on
RewriteCond %{SERVER_NAME} =privateinfo.app [OR]
RewriteCond %{SERVER_NAME} =https://privateinfo.app
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:*>
ServerAdmin admin@privateinfo.app
ServerName https://privateinfo.app
ServerAlias https://privateinfo.app
SSLProxyEngine On
ProxyPreserveHost On
ProxyPass / https://127.0.0.1:5001
ProxyPassReverse / https://127.0.0.1:5001
LogLevel info ssl:warn warn debug
ErrorLog ${APACHE_LOG_DIR}/privateinfo.app/error.log
CustomLog ${APACHE_LOG_DIR}/privateinfo.app/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias privateinfo.app
SSLCertificateFile /etc/letsencrypt/live/privateinfo.app/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/privateinfo.app/privkey.pem
</VirtualHost>