0

在使用 Apache 的代理模块时,我在尝试发布到 HTTPS 端点时遇到了一些问题。发布到 HTTP 端点工作正常。我对 Apache 配置很陌生,所以我希望你们中的一个人可能对我做错了什么有所了解。谷歌在这个特定问题上没有给我太多帮助。我已经阅读过的一个线程示例是(我没有足够的声誉来发布更多链接):

  • SOAP 错误代码 env:Client
    • 我已经验证了一个soap请求是通过SoapUI工作的,所以我试图访问的服务似乎没有任何问题。

服务器网站的示例端点托管在代理上:http ://websiteAndProxyServer.com

要发布到的示例端点:https ://secureServer.com/AccessManagerSOAP

这是我正在尝试做的事情的总体思路:

HTTP -> 代理 -> HTTPS

代理允许我解决跨域请求问题。

阿帕奇版本:2.2.21

jQuery 发布请求:

var url = "http://websiteAndProxyServer.com/idm/AccessManagerSOAP";
        $.ajax({
                url:url,
                type:'POST',
                data: loginRequest,
                success: createUserAndAuthenticateSuccess,
                error: createUserAndAuthenticateError
       });

httpd.conf 中相关的 Apache 配置:

#=============mod-proxy==================
#       UnComment the proxy_module, proxy_balancer_module & proxy_ajp_module below to
#       use ModProxy for enabling different JSessionID cookie names to be provided.

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

SSLProxyEngine On

ProxyPass /remote/ http://nonRelatedServer.net:8082/
ProxyPass /idm/ https://secureServer.com/

httpd-ssl.conf 中的相关 Apache 配置

##
## SSL Virtual Host Context
##
NameVirtualHost *:443

<VirtualHost _default_:443>
   DocumentRoot "/usr/local/apache2/htdocs"
#  ServerName websiteAndProxyServer.com
#   ServerAlias www.dummy-host.example.com
   ErrorLog "|/usr/local/apache2/bin/rotatelogs /usr/local/apache2/logs/localhost/error_log.%Y-%m-%d 86400"
   CustomLog "|/usr/local/apache2/bin/rotatelogs /usr/local/apache2/logs/localhost/access_log.%Y-%m-%d 86400" vcombined2
   RewriteEngine on
   RewriteOptions inherit

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
#SSLEnable  #I get an error if this is un-commented
SSLEngine on
SSLProxyEngine on

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite DEFAULT:!ADH::RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:+eNULL

#   Server Certificate:
#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that a kill -HUP will prompt again.  Keep
#   in mind that if you have both an RSA and a DSA certificate you
#   can configure both in parallel (to also allow the use of DSA
#   ciphers, etc.)
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
#SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server-dsa.crt

SSLProxyCACertificateFile /usr/local/apache2/conf/ssl.crt/iam.crt
#SSLProxyCACertificateFile /usr/local/apache2/conf/ssl.crt/server.crt

我已经尝试从目标 URL 获取证书并通过上面的 iam.crt 引用来引用它们。这似乎没有什么不同。

通过上述配置,我得到以下信息:

<?xml version='1.0' ?>
<env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
<env:Body>
<env:Fault>
<faultcode>env:Client</faultcode>
<faultstring>Internal Error</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>

请注意,我返回的 HTTP 代码是 200。当我通过 SoapUI 向上述端点发送类似的请求时,我得到了成功,所以它必须与我的配置或权限有关。我还缺少其他配置吗?

任何建议表示赞赏。

4

1 回答 1

0

事实证明,我的配置根本没有问题。相反,我的肥皂请求格式不正确。我没有将请求包含在肥皂信封中。进行此更改后,请求恢复正常。

旧要求:

<?xmlversion="1.0"encoding="UTF-8"standalone="yes"?>
<accountCreateRequestxmlns="http://schemaSite.com/schema/">
       <namespaceId>50000003</namespaceId>
       <emailAddress>7e837231-7a3d-495a@g88.net</emailAddress>
       <password>infdafs</password>
       <generateLoginName>false</generateLoginName>
       <loginName>7e837231-7a3d-495a@g88.net</loginName>
       <securityQuestion></securityQuestion>
       <securityAnswer></securityAnswer>
       <securityLevel>LOW</securityLevel>
</accountCreateRequest>

新要求:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mes="http://schemaSite.com/messages/">
   <soapenv:Header/>
   <soapenv:Body>
      <mes:accountCreateRequest>
         <mes:namespaceId>50000003</mes:namespaceId>
         <mes:emailAddress>7e837231-7a3d-495a@g88.net</mes:emailAddress>
         <mes:password>!fdsuit01</mes:password>
         <mes:generateLoginName>false</mes:generateLoginName>
         <mes:loginName>7e837231-7a3d-495a@g88.net</mes:loginName>
         <mes:securityQuestion></mes:securityQuestion>
         <mes:securityAnswer></mes:securityAnswer>
         <mes:securityLevel>LOW</mes:securityLevel>
      </mes:accountCreateRequest>
   </soapenv:Body>
</soapenv:Envelope>
于 2013-06-19T02:25:37.547 回答