主页 / user-78721

Marco's questions

Martin Hope
Marco
Asked: 2020-06-15 06:42:39 +0800 CST
  • 0

我正在配置一个 Apache SSL 反向代理,用于从中间件调用后端服务器,我有客户端证书和密钥。不久:

               http               https
middleware -----------> proxy -------------> backend

中间件甚至不知道后端服务器,这是反向代理的技巧。

我(认为我)能够操作代理,因为我收到了

AH02268:代理客户端证书回调:(localhost:80)下游服务器想要客户端证书,但没有配置所以我不明白代理正在尝试调用后端,但最后一个抱怨代理没有通过他也证书。

所以我想念正确配置证书。AFAIK 我必须编译conf.d/modes-enabled/ssl.conf. 我试过这种方式

SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLEngine off
SSLProxyEngine on
SSLProtocol all

# proxy
SSLProxyMachineCertificateFile /usr/local/etc/apache2/ssl.crt/certificate.pem
SSLProxyMachineCertificateChainFile /usr/local/etc/apache2/ssl.crt/chain.pem
SSLProxyCACertificateFile /usr/local/etc/apache2/ssl.crt/ca.pem

# certificate
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
SSLCertificateFile /usr/local/etc/apache2/ssl.crt/all.pem
SSLCertificateChainFile /usr/local/etc/apache2/ssl.crt/certificate.pem

# key
SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server.key
SSLPassPhraseDialog  exec:/usr/local/etc/apache2/pwf.sh

几点注意事项:

  • certificate.pem是服务器证书。
  • chain.pem是证书的中间链,不包括边界。
  • ca.pem是根 CA 证书。
  • server.key是 RSA 私钥

我用 pwf.sh 脚本替换了用于输入密码的正常对话模式但是我什至无法启动 apache,因为我有这个消息

AH02252:为 SSL 代理配置的客户端证书不完整(丢失或加密的私钥?) [ssl:emerg] [pid 12484]
AH02312:初始化 mod_ssl 时出现致命错误,正在退出。AH00016: 配置失败

现在我(遗憾地)读到没有办法克服这个问题,因为正如 apache.org 网站所说,在所有 SSLProxyMachine* 指令下:

(目前不支持加密私钥)

我迷路了吗?

configuration ssl apache2 proxy
Martin Hope
Marco
Asked: 2016-01-30 07:56:43 +0800 CST
  • 0

我在论坛上看到过很多这样的问题,但没有人报告这种具体行为。

  • 我下载了iso文件ubuntu-15.1-desktop-amd64.iso我检查了文件的md5sum并且没问题(ece816e12f97018fa3d4974b5fd27337)

  • 我使用 unetbootin-windows-613.exe 进行了 USB pendrive 工作,并且密钥已正确创建(我使用 UNetbootin 菜单提示中的实用程序“检查磁盘是否有缺陷”进行了检查)。

  • 接下来,我使用 USB 插槽中的 pendrive 重新启动计算机,BIOS 首先访问 USB 端口以启动安装。

  • 我看到菜单提示 Unetbootin 并选择了安装 Ubuntu

  • 像往常一样,第一次飞溅,带有移动点的ubuntu,出现了点闪烁了一会儿

  • 接下来我看到列出的前两个启动操作:

    [ OK ] 启动灯光显示管理器。

    [ OK ] 启动 ACPI 事件守护进程。

没有更多的活动,系统在这里冻结。尝试“尝试 Ubuntu 而不安装它”的行为相同

我的新 PC HP ProBook 440 安装了 I7-6500U 处理器、8 GB RAM 和 218 GB SSD。我还应要求添加了显卡:Intel HD Graphics 520

提前感谢大家分享一些提示。

boot
Martin Hope
Marco
Asked: 2014-12-30 10:36:37 +0800 CST
  • 2

我不会复制任何线程,但这里的内容相当晦涩。我不是一个聪明的 linux 用户,即使我使用它已经很多年了,但在用户级别,而不是专家级别。

我使用的最后一个没有(重要)问题的发行版是 13.10。

今年圣诞节前几天,我决定升级到 14.10,首先按照正常的升级程序升级到 14.04,这时我的 PC 开始在启动时出现异常。

主要行为是:启动 -> 登录屏幕,整个过程冻结。无法使用键盘、鼠标或触控板。或者(替代行为)成功登录,然后新登录页面(我尝试输入错误的密码并且登录行为正确,说密码不正确)

我能够进行完整备份,然后我决定尝试从 CD 从头开始​​安装 Ubuntu 14.04(这并不容易,因为安装顺序挂起的时间越来越长)现在我有一个 14.04 只在恢复模式下工作.

我附上了一个系统日志文件,其中包含 3 次启动的历史记录,每一次都有不同的警告/错误,希望这足以了解问题出在哪里。我可以根据需要添加信息。

关于我的硬件的详细信息:

Linux jsbach 3.13.0-32-generic #57-Ubuntu SMP 2014 年 7 月 15 日星期二 03:51:08 UTC x86_64 x86_64 x86_64 GNU/Linux

product: Vostro 3700 (To be filled by O.E.M.)
   product: 07VWR8
      product: Intel(R) Core(TM) i5 CPU       M 460  @ 2.53GHz
         product: 8JSF25664HZ-1G4D1
         product: 8JSF25664HZ-1G4D1
      product: Core Processor DRAM Controller
         product: Core Processor PCI Express x16 Root Port
            product: GT216M [GeForce GT 330M]
            product: GT216 HDMI Audio Controller
         product: Core Processor Integrated Graphics Controller
         product: 5 Series/3400 Series Chipset HECI Controller
         product: 5 Series/3400 Series Chipset USB2 Enhanced Host Controller
         product: 5 Series/3400 Series Chipset High Definition Audio
         product: 5 Series/3400 Series Chipset PCI Express Root Port 1
         product: 5 Series/3400 Series Chipset PCI Express Root Port 2
            product: BCM4313 802.11bgn Wireless Network Adapter
         product: 5 Series/3400 Series Chipset PCI Express Root Port 3
            product: RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
         product: 5 Series/3400 Series Chipset PCI Express Root Port 4
            product: MMC/SD Host Controller
            product: R5U2xx (R5U230 / R5U231 / R5U241) [Memory Stick Host Controller]
            product: R5C832 PCIe IEEE 1394 Controller
         product: 5 Series/3400 Series Chipset PCI Express Root Port 5
         product: 5 Series/3400 Series Chipset USB2 Enhanced Host Controller
         product: 82801 Mobile PCI Bridge
         product: Mobile 5 Series Chipset LPC Interface Controller
         product: 5 Series/3400 Series Chipset 6 port SATA AHCI Controller
         product: 5 Series/3400 Series Chipset SMBus Controller
         product: 5 Series/3400 Series Chipset Thermal Subsystem
      product: Core Processor QuickPath Architecture Generic Non-core Registers
      product: Core Processor QuickPath Architecture System Address Decoder
      product: Core Processor QPI Link 0
      product: Core Processor QPI Physical 0
      product: Core Processor Reserved
      product: Core Processor Reserved
         product: ST9320423AS
         product: DVD+-RW AD-7585H
   product: DELL TY3P40B


  *-network               
   description: Wireless interface
   product: BCM4313 802.11bgn Wireless Network Adapter
   vendor: Broadcom Corporation
   physical id: 0
   bus info: pci@0000:12:00.0
   logical name: wlan0
   version: 01
   serial: c0:cb:38:7f:86:8c
   width: 64 bits
   clock: 33MHz
   capabilities: pm msi pciexpress bus_master cap_list ethernet physical wireless
   configuration: broadcast=yes driver=wl0 driverversion=6.30.223.141 (r415941) ip=192.168.1.38 latency=0 multicast=yes wireless=IEEE 802.11abg
   resources: irq:17 memory:fb400000-fb403fff

*-network
   description: Ethernet interface
   product: RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
   vendor: Realtek Semiconductor Co., Ltd.
   physical id: 0
   bus info: pci@0000:13:00.0
   logical name: eth0
   version: 03
   serial: f0:4d:a2:a3:4f:ef
   size: 10Mbit/s
   capacity: 1Gbit/s
   width: 64 bits
   clock: 33MHz
   capabilities: pm msi pciexpress msix vpd bus_master cap_list rom ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt 1000bt-fd autonegotiation
   configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=2.3LK-NAPI duplex=half firmware=rtl_nic/rtl8168d-2.fw latency=0 link=no multicast=yes port=MII speed=10Mbit/s
   resources: irq:46 ioport:d000(size=256) memory:d2c04000-d2c04fff memory:d2c00000-d2c03fff memory:fb300000-fb31ffff

00:00.0 Host bridge: Intel Corporation Core Processor DRAM Controller (rev 18)
00:01.0 PCI bridge: Intel Corporation Core Processor PCI Express x16 Root Port (rev 18)
00:02.0 VGA compatible controller: Intel Corporation Core Processor Integrated Graphics Controller (rev 18)
00:16.0 Communication controller: Intel Corporation 5 Series/3400 Series Chipset HECI Controller (rev 06)
00:1a.0 USB controller: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller (rev 06)
00:1b.0 Audio device: Intel Corporation 5 Series/3400 Series Chipset High Definition Audio (rev 06)
00:1c.0 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 1 (rev 06)
00:1c.1 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 2 (rev 06)
00:1c.2 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 3 (rev 06)
00:1c.3 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 4 (rev 06)
00:1c.4 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 5 (rev 06)
00:1d.0 USB controller: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller (rev 06)
00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev a6)
00:1f.0 ISA bridge: Intel Corporation Mobile 5 Series Chipset LPC Interface Controller (rev 06)
00:1f.2 SATA controller: Intel Corporation 5 Series/3400 Series Chipset 6 port SATA AHCI Controller (rev 06)
00:1f.3 SMBus: Intel Corporation 5 Series/3400 Series Chipset SMBus Controller (rev 06)
00:1f.6 Signal processing controller: Intel Corporation 5 Series/3400 Series Chipset Thermal Subsystem (rev 06)
01:00.0 VGA compatible controller: NVIDIA Corporation GT216M [GeForce GT 330M] (rev a2)
01:00.1 Audio device: NVIDIA Corporation GT216 HDMI Audio Controller (rev a1)
12:00.0 Network controller: Broadcom Corporation BCM4313 802.11bgn Wireless Network Adapter (rev 01)
13:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 03)
14:00.0 SD Host controller: Ricoh Co Ltd MMC/SD Host Controller (rev 01)
14:00.1 System peripheral: Ricoh Co Ltd R5U2xx (R5U230 / R5U231 / R5U241) [Memory Stick Host Controller] (rev 01)
14:00.3 FireWire (IEEE 1394): Ricoh Co Ltd R5C832 PCIe IEEE 1394 Controller (rev 01)
ff:00.0 Host bridge: Intel Corporation Core Processor QuickPath Architecture Generic Non-core Registers (rev 05)
ff:00.1 Host bridge: Intel Corporation Core Processor QuickPath Architecture System Address Decoder (rev 05)
ff:02.0 Host bridge: Intel Corporation Core Processor QPI Link 0 (rev 05)
ff:02.1 Host bridge: Intel Corporation Core Processor QPI Physical 0 (rev 05)
ff:02.2 Host bridge: Intel Corporation Core Processor Reserved (rev 05)
ff:02.3 Host bridge: Intel Corporation Core Processor Reserved (rev 05)

我不知道该怎么办了,我希望能从你那里找到一些启发性的提示。先感谢您。

14.04