为代理配置Apache客户端证书认证

编程入门 行业动态 更新时间:2024-10-06 06:42:09
本文介绍了为代理配置Apache客户端证书认证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述

我有3个后端API服务器(HTTPS),API服务器根据用户证书对不同用户具有不同的授权权限,我正在配置apache来实现3个后端服务器的负载平衡,如下所示

I have 3 Backend API servers(HTTPS), API servers have different authorization permissions for different users based on user certificate, I am configuring apache to load balance the 3 backend servers, like below

<VirtualHost *:zzzz> SSLEngine on SSLCertificateFile /path/to/server.crt SSLCertificateKeyFile /path/to/server.key SSLCACertificateFile /path/to/ca.crt SSLProxyEngine on SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off <Proxy balancer://api_server> BalancerMember xx.xx.xx.xx:yyyy BalancerMember xx.xx.xx.xx:yyyy </Proxy> ProxyPass / balancer://api_server/ </VirtualHost>

问题是,当带有证书的客户端请求apache时,只有请求转到了API服务器,而不是证书,并且API服务器响应了未经授权的用户,我尝试使用SSLProxyMachineCertificateFile,但是它仅接受一个一组证书,并且每次都通过相同的证书,但是在这种情况下,授权仅基于证书进行.

The problem is that when a client request apache, with certificates, only the request goes to the API server, not the certificates, and API server responses unauthorized user, I tried using SSLProxyMachineCertificateFile, but it only accepts one set of certificate, and every time passes the same certificate, but in this case, the authorization happens only based on certificates.

有没有一种方法可以将HTTPS请求盲目转发到API?或其他任何建议都受到热烈欢迎.

Is there a way to blindly forward HTTPS request to API? or any other suggestions is warmly welcomed.

推荐答案

由于注释解决了OP的问题,因此将其转换为答案.

Transforming the comment into an answer since it solved the OP's question.

用户与Apache对话,然后Apache与平衡机对话.这就是代理的要点,它可以确保客户端不直接与服务器通信.因此,从平衡服务器的角度来看,Apache是​​客户端.

The user talks to Apache, then Apache talks to the balanced machines. That's the point of a proxy, it ensures clients do not talk to servers directly. So from the balanced server perspective, Apache is the client.

我只能看到这样做的方法是使用不进行SSL卸载的第4层网络负载平衡器.即不是Apache

Only way I can see doing that is to use a layer 4 network load balancer which does not do SSL offloading. i.e. not Apache

更多推荐

为代理配置Apache客户端证书认证

本文发布于:2023-11-26 09:37:03,感谢您对本站的认可!
本文链接:https://www.elefans.com/category/jswz/34/1633589.html
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。
本文标签:客户端   证书   Apache

发布评论

评论列表 (有 0 条评论)
草根站长

>www.elefans.com

编程频道|电子爱好者 - 技术资讯及电子产品介绍!