0

我使用 ubuntu 18.04 linux VM 作为反向代理,将 https 子域转发到实习生目标 fe guacamole.mydomain.com 和 jitsi.mydomain.com。每个系统都是一个单独的 linux VM。

公共 ip --> 网络反向代理 192.168.2.10 --> guacamole.mydomain.com 192.168.2.20 和 jitsi.mydomain.com 192.168.2.30

鳄梨酱按预期工作,但我在将 https 转发到 jitsi.mydomain.com 时遇到了一些问题。所有其他端口直接转发到 jitsi,无需代理。

我在/etc/apache2/sites-enabled中创建了两个 conf 文件,一个用于 jitsi,一个用于 guacamole,并生成了一个让我们使用certbot --apache加密证书。

当我尝试从外部打开 jits.mydomain.com 时,出现以下错误:ERR_TOO_MANY_REDIRECTS。

在网络内 jitsi 可以通过 https 访问,所以我错过了什么?

不幸的是,我对代理和 apache 不是很熟悉。

提前谢谢你们。

jitsi.conf

<VirtualHost *:80>
 ServerName jitsi.mydomain.com
 ProxyPreserveHost On
 DocumentRoot /var/www/html
 ProxyPass /.well-known !
 ProxyPass / http://192.168.2.30:80/
 ProxyPassReverse / http://192.168.2.30:80/
RewriteEngine on
RewriteCond %{SERVER_NAME} =jitsi.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

jitsi-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
 ServerName jitsi.mydomain.com
 ProxyPreserveHost On
 DocumentRoot /var/www/html
 ProxyPass /.well-known !
 ProxyPass / http://192.168.2.30:80/
 ProxyPassReverse / http://192.168.2.30:80/
SSLCertificateFile /etc/letsencrypt/live/jitsi.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/jitsi.mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

guacamole.conf

<VirtualHost *:80>
 ServerName guacamole.mydomain.com
 ProxyPreserveHost On
 DocumentRoot /var/www/html
 ProxyPass /.well-known !
 <Location />
     Order allow,deny
     Allow from all
     ProxyPass http://192.168.2.20:8080/guacamole/ flushpackets=on
     ProxyPassReverse http://192.168.2.20:8080/guacamole/
     ProxyPassReverseCookiePath /guacamole /
 </Location>
 <Location /websocket-tunnel>
     Order allow,deny
     Allow from all
     ProxyPass ws://192.168.2.20:8080/guacamole/websocket-tunnel
     ProxyPassReverse ws://192.168.2.20:8080/guacamole/websocket-tunnel
 </Location>
 SetEnvIf Request_URI "^/tunnel" dontlog
 CustomLog  /var/log/apache2/guac.log common env=!dontlog
RewriteEngine on
RewriteCond %{SERVER_NAME} =guacamole.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

鳄梨色拉酱-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
 ServerName guacamole.mydomain.com
 ProxyPreserveHost On
 DocumentRoot /var/www/html
 ProxyPass /.well-known !
 <Location />
     Order allow,deny
     Allow from all
     ProxyPass http://192.168.2.20:8080/guacamole/ flushpackets=on
     ProxyPassReverse http://192.168.2.20:8080/guacamole/
     ProxyPassReverseCookiePath /guacamole /
 </Location>
 <Location /websocket-tunnel>
     Order allow,deny
     Allow from all
     ProxyPass ws://192.168.2.20:8080/guacamole/websocket-tunnel
     ProxyPassReverse ws://192.168.2.20:8080/guacamole/websocket-tunnel
 </Location>
 SetEnvIf Request_URI "^/tunnel" dontlog
 CustomLog  /var/log/apache2/guac.log common env=!dontlog

SSLCertificateFile /etc/letsencrypt/live/guacamole.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/guacamole.mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
4

1 回答 1

0

在寻找 Jitsi 上不同问题的解决方案时偶然发现了您的问题,但我认为您会在此页面中找到有用的解决方案: https ://debamax.com/blog/2020/03/18/installing-jitsi-背后的反向代理/

这不是我的解决方案。我只是想帮忙。

干杯

于 2021-01-05T14:48:09.583 回答