mod_proxy_balancer, mod_fcgid SERVER_PORT Problem
Hi zusammen,
habe mich gestern gestern halb totgegoogelt und habe einfach keine Lösung gefunden.
Ich habe ein apache als Balancer laufen:
Der Balancer läuft also nur auf Port 443 und sendet alle Request zum balancer://test, welcher auf Port 81 lauscht. Hier die Config dazu:HTML-Code:Listen 443 LoadModule file_cache_module lib/httpd/modules/mod_file_cache.so LoadModule cache_module lib/httpd/modules/mod_cache.so LoadModule disk_cache_module lib/httpd/modules/mod_disk_cache.so LoadModule mem_cache_module lib/httpd/modules/mod_mem_cache.so LoadModule dbd_module lib/httpd/modules/mod_dbd.so LoadModule dumpio_module lib/httpd/modules/mod_dumpio.so LoadModule ext_filter_module lib/httpd/modules/mod_ext_filter.so LoadModule include_module lib/httpd/modules/mod_include.so LoadModule filter_module lib/httpd/modules/mod_filter.so LoadModule substitute_module lib/httpd/modules/mod_substitute.so LoadModule deflate_module lib/httpd/modules/mod_deflate.so LoadModule env_module lib/httpd/modules/mod_env.so LoadModule mime_magic_module lib/httpd/modules/mod_mime_magic.so LoadModule cern_meta_module lib/httpd/modules/mod_cern_meta.so LoadModule expires_module lib/httpd/modules/mod_expires.so LoadModule headers_module lib/httpd/modules/mod_headers.so LoadModule ident_module lib/httpd/modules/mod_ident.so LoadModule usertrack_module lib/httpd/modules/mod_usertrack.so LoadModule unique_id_module lib/httpd/modules/mod_unique_id.so LoadModule setenvif_module lib/httpd/modules/mod_setenvif.so LoadModule mime_module lib/httpd/modules/mod_mime.so #LoadModule dav_module lib/httpd/modules/mod_dav.so ServerRoot /usr <IfModule !mpm_netware_module> <IfModule !mpm_winnt_module> User apache Group apache </IfModule> </IfModule> ServerName 192.168.2.210 UseCanonicalName On ServerAdmin me@me.de PidFile "/var/run/httpd/balancer.pid" LoadModule status_module lib/httpd/modules/mod_status.so LoadModule proxy_module lib/httpd/modules/mod_proxy.so LoadModule proxy_connect_module lib/httpd/modules/mod_proxy_connect.so #LoadModule proxy_ftp_module lib/httpd/modules/mod_proxy_ftp.so LoadModule proxy_http_module lib/httpd/modules/mod_proxy_http.so #LoadModule proxy_ajp_module lib/httpd/modules/mod_proxy_ajp.so LoadModule proxy_balancer_module lib/httpd/modules/mod_proxy_balancer.so LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so <IfModule mod_proxy_balancer.c> ProxyRequests Off ProxyVia On ProxyPreserveHost On ProxyPassInterpolateEnv On #SSLProxyEngine On #RequestHeader set Front-End-Https "On" #ProxyVia On <Proxy balancer://test> BalancerMember http://localhost:81 route=web1_81 </Proxy> ProxyPass /myBalancer ! <Location /myBalancer> SetHandler balancer-manager </Location> </IfModule> # Logging LoadModule log_config_module lib/httpd/modules/mod_log_config.so LoadModule log_forensic_module lib/httpd/modules/mod_log_forensic.so LoadModule logio_module lib/httpd/modules/mod_logio.so ErrorLog "/var/log/httpd/balancer_error_log" LogLevel warn <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "/var/log/httpd/balancer_access_log" combinedio </IfModule> # SSL LoadModule ssl_module lib/httpd/modules/mod_ssl.so SSLRandomSeed startup builtin SSLRandomSeed connect builtin Listen 0.0.0.0:443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache dbm:/var/run/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/var/run/ssl_mutex NameVirtualHost *:443 <VirtualHost *:443> Servername web1.cluster.lan #SSLProxyEngine On SSLEngine On SSLProxyEngine On SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNUL SSLCertificateFile /main/config/apache/certs/web1.crt SSLCertificateKeyFile /main/config/apache/certs/web1.key RequestHeader set X_Original_Proto "https" ProxyPass / balancer://test/ ProxyPassReverse / balancer://test/ </VirtualHost>Das blöde dabei ist, dass der SERVER_PORT in $_SERVER bei php über fcgi jetzt immer 80 ist??? auf meinem rechner läuft garkein Dienst der auf Port 80 läuft?? Hat dafür jemand eine Erklärung?HTML-Code:Listen 81 ServerRoot "/usr" LoadModule authn_file_module lib/httpd/modules/mod_authn_file.so LoadModule authn_dbm_module lib/httpd/modules/mod_authn_dbm.so LoadModule authn_anon_module lib/httpd/modules/mod_authn_anon.so LoadModule authn_dbd_module lib/httpd/modules/mod_authn_dbd.so LoadModule authn_default_module lib/httpd/modules/mod_authn_default.so LoadModule authn_alias_module lib/httpd/modules/mod_authn_alias.so LoadModule authz_host_module lib/httpd/modules/mod_authz_host.so LoadModule authz_groupfile_module lib/httpd/modules/mod_authz_groupfile.so LoadModule authz_user_module lib/httpd/modules/mod_authz_user.so LoadModule authz_dbm_module lib/httpd/modules/mod_authz_dbm.so LoadModule authz_owner_module lib/httpd/modules/mod_authz_owner.so LoadModule authnz_ldap_module lib/httpd/modules/mod_authnz_ldap.so LoadModule authz_default_module lib/httpd/modules/mod_authz_default.so LoadModule auth_basic_module lib/httpd/modules/mod_auth_basic.so LoadModule auth_digest_module lib/httpd/modules/mod_auth_digest.so LoadModule file_cache_module lib/httpd/modules/mod_file_cache.so LoadModule cache_module lib/httpd/modules/mod_cache.so LoadModule disk_cache_module lib/httpd/modules/mod_disk_cache.so LoadModule mem_cache_module lib/httpd/modules/mod_mem_cache.so LoadModule dbd_module lib/httpd/modules/mod_dbd.so LoadModule dumpio_module lib/httpd/modules/mod_dumpio.so LoadModule ext_filter_module lib/httpd/modules/mod_ext_filter.so LoadModule include_module lib/httpd/modules/mod_include.so LoadModule filter_module lib/httpd/modules/mod_filter.so LoadModule substitute_module lib/httpd/modules/mod_substitute.so LoadModule deflate_module lib/httpd/modules/mod_deflate.so LoadModule ldap_module lib/httpd/modules/mod_ldap.so LoadModule log_config_module lib/httpd/modules/mod_log_config.so LoadModule log_forensic_module lib/httpd/modules/mod_log_forensic.so LoadModule logio_module lib/httpd/modules/mod_logio.so LoadModule env_module lib/httpd/modules/mod_env.so LoadModule mime_magic_module lib/httpd/modules/mod_mime_magic.so LoadModule cern_meta_module lib/httpd/modules/mod_cern_meta.so LoadModule expires_module lib/httpd/modules/mod_expires.so LoadModule headers_module lib/httpd/modules/mod_headers.so LoadModule ident_module lib/httpd/modules/mod_ident.so LoadModule usertrack_module lib/httpd/modules/mod_usertrack.so LoadModule unique_id_module lib/httpd/modules/mod_unique_id.so LoadModule setenvif_module lib/httpd/modules/mod_setenvif.so LoadModule version_module lib/httpd/modules/mod_version.so LoadModule proxy_module lib/httpd/modules/mod_proxy.so LoadModule proxy_connect_module lib/httpd/modules/mod_proxy_connect.so LoadModule proxy_ftp_module lib/httpd/modules/mod_proxy_ftp.so LoadModule proxy_http_module lib/httpd/modules/mod_proxy_http.so LoadModule proxy_ajp_module lib/httpd/modules/mod_proxy_ajp.so LoadModule proxy_balancer_module lib/httpd/modules/mod_proxy_balancer.so LoadModule ssl_module lib/httpd/modules/mod_ssl.so LoadModule mime_module lib/httpd/modules/mod_mime.so LoadModule dav_module lib/httpd/modules/mod_dav.so LoadModule status_module lib/httpd/modules/mod_status.so LoadModule autoindex_module lib/httpd/modules/mod_autoindex.so LoadModule asis_module lib/httpd/modules/mod_asis.so LoadModule info_module lib/httpd/modules/mod_info.so LoadModule cgi_module lib/httpd/modules/mod_cgi.so LoadModule dav_fs_module lib/httpd/modules/mod_dav_fs.so LoadModule vhost_alias_module lib/httpd/modules/mod_vhost_alias.so LoadModule negotiation_module lib/httpd/modules/mod_negotiation.so LoadModule dir_module lib/httpd/modules/mod_dir.so LoadModule imagemap_module lib/httpd/modules/mod_imagemap.so LoadModule actions_module lib/httpd/modules/mod_actions.so LoadModule userdir_module lib/httpd/modules/mod_userdir.so LoadModule alias_module lib/httpd/modules/mod_alias.so LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so <IfModule !mpm_netware_module> <IfModule !mpm_winnt_module> User apache Group apache </IfModule> </IfModule> ServerAdmin you@example.com ServerName 192.168.2.210:81 UseCanonicalName On PidFile "/var/run/httpd/cluster_81.pid" <IfModule dir_module> DirectoryIndex index.html </IfModule> <FilesMatch "^\.ht"> Order allow,deny Deny from all Satisfy All </FilesMatch> ErrorLog "/var/log/httpd/error_log" LogLevel warn <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "/var/log/httpd/access_log" combinedio </IfModule> DefaultType text/plain <IfModule mime_module> TypesConfig /etc/httpd/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddOutputFilterByType DEFLATE text/html text/plain text/xml </IfModule> <IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule> <IfModule !cgi_module> LoadModule cgi_module lib/httpd/modules/mod_cgi.so </IfModule> <IfModule !fcgid_module> LoadModule fcgid_module lib/httpd/modules/mod_fcgid.so SocketPath /var/run/httpd/fcgid/sock SharememPath /var/run/httpd/fcgid/sharemem IPCCommTimeout 60 </IfModule> DirectoryIndex index.html index.php RewriteEngine On RewriteCond %{HTTP:X_Original_Proto} https RewriteRule (.*) - [E=HTTPS:on,E=REMOTE_ADDR:%{HTTP:X_Forwarded_For},E=SERVER_PORT:443,E=SCRIPT_URI:https://%{HTTP:HOST}$1,L] NameVirtualHost * <VirtualHost *> Servername web1.cluster.lan DocumentRoot /var/www/webuser/main/htdocs RewriteEngine On RewriteOptions Inherit <Directory /var/www/webuser/main/htdocs> Order deny,allow Allow from All AddHandler fcgid-script .php FCGIWrapper "/usr/bin/php-cgi -ddisable_functions=" .php Options +ExecCgi </Directory> </VirtualHost>
Wo kommt diese information her???
Dump $_SERVER:PHP-Code:<?php $_SERVER= array (
'FCGI_ROLE' => 'RESPONDER',
'UNIQUE_ID' => 'SPtKtn8AAAEAADZibrgAAAAD',
'SCRIPT_URL' => '/index.php',
'SCRIPT_URI' => 'https://web1.dacher.lan/index.php',
'HTTPS' => 'on',
'REMOTE_ADDR' => '127.0.0.1',
'SERVER_PORT' => '80',
'HTTP_HOST' => 'web1.dacher.lan',
'HTTP_USER_AGENT' => 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008101315 Ubuntu/8.10 (intrepid) Firefox/3.0.3',
'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'HTTP_ACCEPT_LANGUAGE' => 'en-us,en;q=0.5',
'HTTP_ACCEPT_ENCODING' => 'gzip,deflate',
'HTTP_ACCEPT_CHARSET' => 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
'HTTP_COOKIE' => 'PHPSESSID=hom520c19fqrphrh4t3deupt25',
'HTTP_PRAGMA' => 'no-cache',
'HTTP_CACHE_CONTROL' => 'no-cache',
'HTTP_X_ORIGINAL_PROTO' => 'https',
'HTTP_VIA' => '1.1 web1.dacher.lan',
'HTTP_X_FORWARDED_FOR' => '192.168.2.200',
'HTTP_X_FORWARDED_HOST' => 'web1.dacher.lan',
'HTTP_X_FORWARDED_SERVER' => 'web1.dacher.lan',
'HTTP_CONNECTION' => 'Keep-Alive',
'PATH' => '/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/games:/usr/lib/qt/bin',
'SERVER_SIGNATURE' => '',
'SERVER_SOFTWARE' => 'Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8h DAV/2',
'SERVER_NAME' => 'web1.dacher.lan',
'SERVER_ADDR' => '127.0.0.1',
'DOCUMENT_ROOT' => '/var/www/webuser/main/htdocs',
'SERVER_ADMIN' => 'you@example.com',
'SCRIPT_FILENAME' => '/var/www/webuser/main/htdocs/index.php',
'REMOTE_PORT' => '56412',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'SERVER_PROTOCOL' => 'HTTP/1.1',
'REQUEST_METHOD' => 'GET',
'QUERY_STRING' => '',
'REQUEST_URI' => '/index.php',
'SCRIPT_NAME' => '/index.php',
'PHP_SELF' => '/index.php',
'REQUEST_TIME' => 1224428214,
);Jedenfalls ist das ganze sehr doof, weil einige Anwendungen (wie z.B. phpMyAdmin) Ihre Urls selber zusammenbauen, dann kommen so tolle urls wie https://web1.cluster.lan:80/ dabei raus...Code:$ lsof | egrep ':(80|http)' httpd 13801 root 3u IPv6 48867 TCP *:https (LISTEN) httpd 13897 apache 3u IPv6 48867 TCP *:https (LISTEN) httpd 13898 apache 3u IPv6 48867 TCP *:https (LISTEN) httpd 13899 apache 3u IPv6 48867 TCP *:https (LISTEN) httpd 13900 apache 3u IPv6 48867 TCP *:https (LISTEN) httpd 13901 apache 3u IPv6 48867 TCP *:https (LISTEN) httpd 13914 apache 3u IPv6 48867 TCP *:https (LISTEN)
Das HTTPS konnte ich per RewriteRule auf On setzen und die SCRIPT_URI auch:
jedoch den SERVER_PORT und die REMOTE_ADDR lassen sich einfach nicht beeinflussen! wie könnte ich das hinbekommen?Code:RewriteEngine On # X_Original_Proto wird in der balancer.conf mittels RequestHeader gesetzt RewriteCond %{HTTP:X_Original_Proto} https RewriteRule (.*) - [E=HTTPS:on,E=REMOTE_ADDR:%{HTTP:X_Forwarded_For},E=SERVER_PORT:443,E=SCRIPT_URI:https://%{HTTP:HOST}$1,L]
Die REMOTE_ADDR ist nicht so wichtig. aber der SERVER_PORT verwirrt mich
Also vielen Dank schonmal
Bin für alle Vorschläge offen
Gruss
senfmensch
Zitieren
Lesezeichen