senfmensch
19-10-2008, 14:07
Hi zusammen,
habe mich gestern gestern halb totgegoogelt und habe einfach keine Lösung gefunden.
Ich habe ein apache als Balancer laufen:
Listen 443
LoadModule file_cache_module lib/httpd/modules/mod_file_cache.so
LoadModule cache_module lib/httpd/modules/mod_cache.so
LoadModule disk_cache_module lib/httpd/modules/mod_disk_cache.so
LoadModule mem_cache_module lib/httpd/modules/mod_mem_cache.so
LoadModule dbd_module lib/httpd/modules/mod_dbd.so
LoadModule dumpio_module lib/httpd/modules/mod_dumpio.so
LoadModule ext_filter_module lib/httpd/modules/mod_ext_filter.so
LoadModule include_module lib/httpd/modules/mod_include.so
LoadModule filter_module lib/httpd/modules/mod_filter.so
LoadModule substitute_module lib/httpd/modules/mod_substitute.so
LoadModule deflate_module lib/httpd/modules/mod_deflate.so
LoadModule env_module lib/httpd/modules/mod_env.so
LoadModule mime_magic_module lib/httpd/modules/mod_mime_magic.so
LoadModule cern_meta_module lib/httpd/modules/mod_cern_meta.so
LoadModule expires_module lib/httpd/modules/mod_expires.so
LoadModule headers_module lib/httpd/modules/mod_headers.so
LoadModule ident_module lib/httpd/modules/mod_ident.so
LoadModule usertrack_module lib/httpd/modules/mod_usertrack.so
LoadModule unique_id_module lib/httpd/modules/mod_unique_id.so
LoadModule setenvif_module lib/httpd/modules/mod_setenvif.so
LoadModule mime_module lib/httpd/modules/mod_mime.so
#LoadModule dav_module lib/httpd/modules/mod_dav.so
ServerRoot /usr
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User apache
Group apache
</IfModule>
</IfModule>
ServerName 192.168.2.210
UseCanonicalName On
ServerAdmin me@me.de
PidFile "/var/run/httpd/balancer.pid"
LoadModule status_module lib/httpd/modules/mod_status.so
LoadModule proxy_module lib/httpd/modules/mod_proxy.so
LoadModule proxy_connect_module lib/httpd/modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module lib/httpd/modules/mod_proxy_ftp.so
LoadModule proxy_http_module lib/httpd/modules/mod_proxy_http.so
#LoadModule proxy_ajp_module lib/httpd/modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module lib/httpd/modules/mod_proxy_balancer.so
LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so
<IfModule mod_proxy_balancer.c>
ProxyRequests Off
ProxyVia On
ProxyPreserveHost On
ProxyPassInterpolateEnv On
#SSLProxyEngine On
#RequestHeader set Front-End-Https "On"
#ProxyVia On
<Proxy balancer://test>
BalancerMember http://localhost:81 route=web1_81
</Proxy>
ProxyPass /myBalancer !
<Location /myBalancer>
SetHandler balancer-manager
</Location>
</IfModule>
# Logging
LoadModule log_config_module lib/httpd/modules/mod_log_config.so
LoadModule log_forensic_module lib/httpd/modules/mod_log_forensic.so
LoadModule logio_module lib/httpd/modules/mod_logio.so
ErrorLog "/var/log/httpd/balancer_error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "/var/log/httpd/balancer_access_log" combinedio
</IfModule>
# SSL
LoadModule ssl_module lib/httpd/modules/mod_ssl.so
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Listen 0.0.0.0:443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
NameVirtualHost *:443
<VirtualHost *:443>
Servername web1.cluster.lan
#SSLProxyEngine On
SSLEngine On
SSLProxyEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNUL
SSLCertificateFile /main/config/apache/certs/web1.crt
SSLCertificateKeyFile /main/config/apache/certs/web1.key
RequestHeader set X_Original_Proto "https"
ProxyPass / balancer://test/
ProxyPassReverse / balancer://test/
</VirtualHost>
Der Balancer läuft also nur auf Port 443 und sendet alle Request zum balancer://test, welcher auf Port 81 lauscht. Hier die Config dazu:
Listen 81
ServerRoot "/usr"
LoadModule authn_file_module lib/httpd/modules/mod_authn_file.so
LoadModule authn_dbm_module lib/httpd/modules/mod_authn_dbm.so
LoadModule authn_anon_module lib/httpd/modules/mod_authn_anon.so
LoadModule authn_dbd_module lib/httpd/modules/mod_authn_dbd.so
LoadModule authn_default_module lib/httpd/modules/mod_authn_default.so
LoadModule authn_alias_module lib/httpd/modules/mod_authn_alias.so
LoadModule authz_host_module lib/httpd/modules/mod_authz_host.so
LoadModule authz_groupfile_module lib/httpd/modules/mod_authz_groupfile.so
LoadModule authz_user_module lib/httpd/modules/mod_authz_user.so
LoadModule authz_dbm_module lib/httpd/modules/mod_authz_dbm.so
LoadModule authz_owner_module lib/httpd/modules/mod_authz_owner.so
LoadModule authnz_ldap_module lib/httpd/modules/mod_authnz_ldap.so
LoadModule authz_default_module lib/httpd/modules/mod_authz_default.so
LoadModule auth_basic_module lib/httpd/modules/mod_auth_basic.so
LoadModule auth_digest_module lib/httpd/modules/mod_auth_digest.so
LoadModule file_cache_module lib/httpd/modules/mod_file_cache.so
LoadModule cache_module lib/httpd/modules/mod_cache.so
LoadModule disk_cache_module lib/httpd/modules/mod_disk_cache.so
LoadModule mem_cache_module lib/httpd/modules/mod_mem_cache.so
LoadModule dbd_module lib/httpd/modules/mod_dbd.so
LoadModule dumpio_module lib/httpd/modules/mod_dumpio.so
LoadModule ext_filter_module lib/httpd/modules/mod_ext_filter.so
LoadModule include_module lib/httpd/modules/mod_include.so
LoadModule filter_module lib/httpd/modules/mod_filter.so
LoadModule substitute_module lib/httpd/modules/mod_substitute.so
LoadModule deflate_module lib/httpd/modules/mod_deflate.so
LoadModule ldap_module lib/httpd/modules/mod_ldap.so
LoadModule log_config_module lib/httpd/modules/mod_log_config.so
LoadModule log_forensic_module lib/httpd/modules/mod_log_forensic.so
LoadModule logio_module lib/httpd/modules/mod_logio.so
LoadModule env_module lib/httpd/modules/mod_env.so
LoadModule mime_magic_module lib/httpd/modules/mod_mime_magic.so
LoadModule cern_meta_module lib/httpd/modules/mod_cern_meta.so
LoadModule expires_module lib/httpd/modules/mod_expires.so
LoadModule headers_module lib/httpd/modules/mod_headers.so
LoadModule ident_module lib/httpd/modules/mod_ident.so
LoadModule usertrack_module lib/httpd/modules/mod_usertrack.so
LoadModule unique_id_module lib/httpd/modules/mod_unique_id.so
LoadModule setenvif_module lib/httpd/modules/mod_setenvif.so
LoadModule version_module lib/httpd/modules/mod_version.so
LoadModule proxy_module lib/httpd/modules/mod_proxy.so
LoadModule proxy_connect_module lib/httpd/modules/mod_proxy_connect.so
LoadModule proxy_ftp_module lib/httpd/modules/mod_proxy_ftp.so
LoadModule proxy_http_module lib/httpd/modules/mod_proxy_http.so
LoadModule proxy_ajp_module lib/httpd/modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module lib/httpd/modules/mod_proxy_balancer.so
LoadModule ssl_module lib/httpd/modules/mod_ssl.so
LoadModule mime_module lib/httpd/modules/mod_mime.so
LoadModule dav_module lib/httpd/modules/mod_dav.so
LoadModule status_module lib/httpd/modules/mod_status.so
LoadModule autoindex_module lib/httpd/modules/mod_autoindex.so
LoadModule asis_module lib/httpd/modules/mod_asis.so
LoadModule info_module lib/httpd/modules/mod_info.so
LoadModule cgi_module lib/httpd/modules/mod_cgi.so
LoadModule dav_fs_module lib/httpd/modules/mod_dav_fs.so
LoadModule vhost_alias_module lib/httpd/modules/mod_vhost_alias.so
LoadModule negotiation_module lib/httpd/modules/mod_negotiation.so
LoadModule dir_module lib/httpd/modules/mod_dir.so
LoadModule imagemap_module lib/httpd/modules/mod_imagemap.so
LoadModule actions_module lib/httpd/modules/mod_actions.so
LoadModule userdir_module lib/httpd/modules/mod_userdir.so
LoadModule alias_module lib/httpd/modules/mod_alias.so
LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User apache
Group apache
</IfModule>
</IfModule>
ServerAdmin you@example.com
ServerName 192.168.2.210:81
UseCanonicalName On
PidFile "/var/run/httpd/cluster_81.pid"
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
ErrorLog "/var/log/httpd/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "/var/log/httpd/access_log" combinedio
</IfModule>
DefaultType text/plain
<IfModule mime_module>
TypesConfig /etc/httpd/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddOutputFilterByType DEFLATE text/html text/plain text/xml
</IfModule>
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
<IfModule !cgi_module>
LoadModule cgi_module lib/httpd/modules/mod_cgi.so
</IfModule>
<IfModule !fcgid_module>
LoadModule fcgid_module lib/httpd/modules/mod_fcgid.so
SocketPath /var/run/httpd/fcgid/sock
SharememPath /var/run/httpd/fcgid/sharemem
IPCCommTimeout 60
</IfModule>
DirectoryIndex index.html index.php
RewriteEngine On
RewriteCond %{HTTP:X_Original_Proto} https
RewriteRule (.*) - [E=HTTPS:on,E=REMOTE_ADDR:%{HTTP:X_Forwarded_For},E =SERVER_PORT:443,E=SCRIPT_URI:https://%{HTTP:HOST}$1,L]
NameVirtualHost *
<VirtualHost *>
Servername web1.cluster.lan
DocumentRoot /var/www/webuser/main/htdocs
RewriteEngine On
RewriteOptions Inherit
<Directory /var/www/webuser/main/htdocs>
Order deny,allow
Allow from All
AddHandler fcgid-script .php
FCGIWrapper "/usr/bin/php-cgi -ddisable_functions=" .php
Options +ExecCgi
</Directory>
</VirtualHost>Das blöde dabei ist, dass der SERVER_PORT in $_SERVER bei php über fcgi jetzt immer 80 ist??? auf meinem rechner läuft garkein Dienst der auf Port 80 läuft?? Hat dafür jemand eine Erklärung?
Wo kommt diese information her???
Dump $_SERVER:
<?php $_SERVER= array (
'FCGI_ROLE' => 'RESPONDER',
'UNIQUE_ID' => 'SPtKtn8AAAEAADZibrgAAAAD',
'SCRIPT_URL' => '/index.php',
'SCRIPT_URI' => 'https://web1.dacher.lan/index.php',
'HTTPS' => 'on',
'REMOTE_ADDR' => '127.0.0.1',
'SERVER_PORT' => '80',
'HTTP_HOST' => 'web1.dacher.lan',
'HTTP_USER_AGENT' => 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008101315 Ubuntu/8.10 (intrepid) Firefox/3.0.3',
'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'HTTP_ACCEPT_LANGUAGE' => 'en-us,en;q=0.5',
'HTTP_ACCEPT_ENCODING' => 'gzip,deflate',
'HTTP_ACCEPT_CHARSET' => 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
'HTTP_COOKIE' => 'PHPSESSID=hom520c19fqrphrh4t3deupt25',
'HTTP_PRAGMA' => 'no-cache',
'HTTP_CACHE_CONTROL' => 'no-cache',
'HTTP_X_ORIGINAL_PROTO' => 'https',
'HTTP_VIA' => '1.1 web1.dacher.lan',
'HTTP_X_FORWARDED_FOR' => '192.168.2.200',
'HTTP_X_FORWARDED_HOST' => 'web1.dacher.lan',
'HTTP_X_FORWARDED_SERVER' => 'web1.dacher.lan',
'HTTP_CONNECTION' => 'Keep-Alive',
'PATH' => '/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/games:/usr/lib/qt/bin',
'SERVER_SIGNATURE' => '',
'SERVER_SOFTWARE' => 'Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8h DAV/2',
'SERVER_NAME' => 'web1.dacher.lan',
'SERVER_ADDR' => '127.0.0.1',
'DOCUMENT_ROOT' => '/var/www/webuser/main/htdocs',
'SERVER_ADMIN' => 'you@example.com',
'SCRIPT_FILENAME' => '/var/www/webuser/main/htdocs/index.php',
'REMOTE_PORT' => '56412',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'SERVER_PROTOCOL' => 'HTTP/1.1',
'REQUEST_METHOD' => 'GET',
'QUERY_STRING' => '',
'REQUEST_URI' => '/index.php',
'SCRIPT_NAME' => '/index.php',
'PHP_SELF' => '/index.php',
'REQUEST_TIME' => 1224428214,
);
$ lsof | egrep ':(80|http)'
httpd 13801 root 3u IPv6 48867 TCP *:https (LISTEN)
httpd 13897 apache 3u IPv6 48867 TCP *:https (LISTEN)
httpd 13898 apache 3u IPv6 48867 TCP *:https (LISTEN)
httpd 13899 apache 3u IPv6 48867 TCP *:https (LISTEN)
httpd 13900 apache 3u IPv6 48867 TCP *:https (LISTEN)
httpd 13901 apache 3u IPv6 48867 TCP *:https (LISTEN)
httpd 13914 apache 3u IPv6 48867 TCP *:https (LISTEN)
Jedenfalls ist das ganze sehr doof, weil einige Anwendungen (wie z.B. phpMyAdmin) Ihre Urls selber zusammenbauen, dann kommen so tolle urls wie https://web1.cluster.lan:80/ dabei raus...
Das HTTPS konnte ich per RewriteRule auf On setzen und die SCRIPT_URI auch:
RewriteEngine On
# X_Original_Proto wird in der balancer.conf mittels RequestHeader gesetzt
RewriteCond %{HTTP:X_Original_Proto} https
RewriteRule (.*) - [E=HTTPS:on,E=REMOTE_ADDR:%{HTTP:X_Forwarded_For},E =SERVER_PORT:443,E=SCRIPT_URI:https://%{HTTP:HOST}$1,L]
jedoch den SERVER_PORT und die REMOTE_ADDR lassen sich einfach nicht beeinflussen! wie könnte ich das hinbekommen?
Die REMOTE_ADDR ist nicht so wichtig. aber der SERVER_PORT verwirrt mich :)
Also vielen Dank schonmal
Bin für alle Vorschläge offen
Gruss
senfmensch
habe mich gestern gestern halb totgegoogelt und habe einfach keine Lösung gefunden.
Ich habe ein apache als Balancer laufen:
Listen 443
LoadModule file_cache_module lib/httpd/modules/mod_file_cache.so
LoadModule cache_module lib/httpd/modules/mod_cache.so
LoadModule disk_cache_module lib/httpd/modules/mod_disk_cache.so
LoadModule mem_cache_module lib/httpd/modules/mod_mem_cache.so
LoadModule dbd_module lib/httpd/modules/mod_dbd.so
LoadModule dumpio_module lib/httpd/modules/mod_dumpio.so
LoadModule ext_filter_module lib/httpd/modules/mod_ext_filter.so
LoadModule include_module lib/httpd/modules/mod_include.so
LoadModule filter_module lib/httpd/modules/mod_filter.so
LoadModule substitute_module lib/httpd/modules/mod_substitute.so
LoadModule deflate_module lib/httpd/modules/mod_deflate.so
LoadModule env_module lib/httpd/modules/mod_env.so
LoadModule mime_magic_module lib/httpd/modules/mod_mime_magic.so
LoadModule cern_meta_module lib/httpd/modules/mod_cern_meta.so
LoadModule expires_module lib/httpd/modules/mod_expires.so
LoadModule headers_module lib/httpd/modules/mod_headers.so
LoadModule ident_module lib/httpd/modules/mod_ident.so
LoadModule usertrack_module lib/httpd/modules/mod_usertrack.so
LoadModule unique_id_module lib/httpd/modules/mod_unique_id.so
LoadModule setenvif_module lib/httpd/modules/mod_setenvif.so
LoadModule mime_module lib/httpd/modules/mod_mime.so
#LoadModule dav_module lib/httpd/modules/mod_dav.so
ServerRoot /usr
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User apache
Group apache
</IfModule>
</IfModule>
ServerName 192.168.2.210
UseCanonicalName On
ServerAdmin me@me.de
PidFile "/var/run/httpd/balancer.pid"
LoadModule status_module lib/httpd/modules/mod_status.so
LoadModule proxy_module lib/httpd/modules/mod_proxy.so
LoadModule proxy_connect_module lib/httpd/modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module lib/httpd/modules/mod_proxy_ftp.so
LoadModule proxy_http_module lib/httpd/modules/mod_proxy_http.so
#LoadModule proxy_ajp_module lib/httpd/modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module lib/httpd/modules/mod_proxy_balancer.so
LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so
<IfModule mod_proxy_balancer.c>
ProxyRequests Off
ProxyVia On
ProxyPreserveHost On
ProxyPassInterpolateEnv On
#SSLProxyEngine On
#RequestHeader set Front-End-Https "On"
#ProxyVia On
<Proxy balancer://test>
BalancerMember http://localhost:81 route=web1_81
</Proxy>
ProxyPass /myBalancer !
<Location /myBalancer>
SetHandler balancer-manager
</Location>
</IfModule>
# Logging
LoadModule log_config_module lib/httpd/modules/mod_log_config.so
LoadModule log_forensic_module lib/httpd/modules/mod_log_forensic.so
LoadModule logio_module lib/httpd/modules/mod_logio.so
ErrorLog "/var/log/httpd/balancer_error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "/var/log/httpd/balancer_access_log" combinedio
</IfModule>
# SSL
LoadModule ssl_module lib/httpd/modules/mod_ssl.so
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Listen 0.0.0.0:443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
NameVirtualHost *:443
<VirtualHost *:443>
Servername web1.cluster.lan
#SSLProxyEngine On
SSLEngine On
SSLProxyEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNUL
SSLCertificateFile /main/config/apache/certs/web1.crt
SSLCertificateKeyFile /main/config/apache/certs/web1.key
RequestHeader set X_Original_Proto "https"
ProxyPass / balancer://test/
ProxyPassReverse / balancer://test/
</VirtualHost>
Der Balancer läuft also nur auf Port 443 und sendet alle Request zum balancer://test, welcher auf Port 81 lauscht. Hier die Config dazu:
Listen 81
ServerRoot "/usr"
LoadModule authn_file_module lib/httpd/modules/mod_authn_file.so
LoadModule authn_dbm_module lib/httpd/modules/mod_authn_dbm.so
LoadModule authn_anon_module lib/httpd/modules/mod_authn_anon.so
LoadModule authn_dbd_module lib/httpd/modules/mod_authn_dbd.so
LoadModule authn_default_module lib/httpd/modules/mod_authn_default.so
LoadModule authn_alias_module lib/httpd/modules/mod_authn_alias.so
LoadModule authz_host_module lib/httpd/modules/mod_authz_host.so
LoadModule authz_groupfile_module lib/httpd/modules/mod_authz_groupfile.so
LoadModule authz_user_module lib/httpd/modules/mod_authz_user.so
LoadModule authz_dbm_module lib/httpd/modules/mod_authz_dbm.so
LoadModule authz_owner_module lib/httpd/modules/mod_authz_owner.so
LoadModule authnz_ldap_module lib/httpd/modules/mod_authnz_ldap.so
LoadModule authz_default_module lib/httpd/modules/mod_authz_default.so
LoadModule auth_basic_module lib/httpd/modules/mod_auth_basic.so
LoadModule auth_digest_module lib/httpd/modules/mod_auth_digest.so
LoadModule file_cache_module lib/httpd/modules/mod_file_cache.so
LoadModule cache_module lib/httpd/modules/mod_cache.so
LoadModule disk_cache_module lib/httpd/modules/mod_disk_cache.so
LoadModule mem_cache_module lib/httpd/modules/mod_mem_cache.so
LoadModule dbd_module lib/httpd/modules/mod_dbd.so
LoadModule dumpio_module lib/httpd/modules/mod_dumpio.so
LoadModule ext_filter_module lib/httpd/modules/mod_ext_filter.so
LoadModule include_module lib/httpd/modules/mod_include.so
LoadModule filter_module lib/httpd/modules/mod_filter.so
LoadModule substitute_module lib/httpd/modules/mod_substitute.so
LoadModule deflate_module lib/httpd/modules/mod_deflate.so
LoadModule ldap_module lib/httpd/modules/mod_ldap.so
LoadModule log_config_module lib/httpd/modules/mod_log_config.so
LoadModule log_forensic_module lib/httpd/modules/mod_log_forensic.so
LoadModule logio_module lib/httpd/modules/mod_logio.so
LoadModule env_module lib/httpd/modules/mod_env.so
LoadModule mime_magic_module lib/httpd/modules/mod_mime_magic.so
LoadModule cern_meta_module lib/httpd/modules/mod_cern_meta.so
LoadModule expires_module lib/httpd/modules/mod_expires.so
LoadModule headers_module lib/httpd/modules/mod_headers.so
LoadModule ident_module lib/httpd/modules/mod_ident.so
LoadModule usertrack_module lib/httpd/modules/mod_usertrack.so
LoadModule unique_id_module lib/httpd/modules/mod_unique_id.so
LoadModule setenvif_module lib/httpd/modules/mod_setenvif.so
LoadModule version_module lib/httpd/modules/mod_version.so
LoadModule proxy_module lib/httpd/modules/mod_proxy.so
LoadModule proxy_connect_module lib/httpd/modules/mod_proxy_connect.so
LoadModule proxy_ftp_module lib/httpd/modules/mod_proxy_ftp.so
LoadModule proxy_http_module lib/httpd/modules/mod_proxy_http.so
LoadModule proxy_ajp_module lib/httpd/modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module lib/httpd/modules/mod_proxy_balancer.so
LoadModule ssl_module lib/httpd/modules/mod_ssl.so
LoadModule mime_module lib/httpd/modules/mod_mime.so
LoadModule dav_module lib/httpd/modules/mod_dav.so
LoadModule status_module lib/httpd/modules/mod_status.so
LoadModule autoindex_module lib/httpd/modules/mod_autoindex.so
LoadModule asis_module lib/httpd/modules/mod_asis.so
LoadModule info_module lib/httpd/modules/mod_info.so
LoadModule cgi_module lib/httpd/modules/mod_cgi.so
LoadModule dav_fs_module lib/httpd/modules/mod_dav_fs.so
LoadModule vhost_alias_module lib/httpd/modules/mod_vhost_alias.so
LoadModule negotiation_module lib/httpd/modules/mod_negotiation.so
LoadModule dir_module lib/httpd/modules/mod_dir.so
LoadModule imagemap_module lib/httpd/modules/mod_imagemap.so
LoadModule actions_module lib/httpd/modules/mod_actions.so
LoadModule userdir_module lib/httpd/modules/mod_userdir.so
LoadModule alias_module lib/httpd/modules/mod_alias.so
LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User apache
Group apache
</IfModule>
</IfModule>
ServerAdmin you@example.com
ServerName 192.168.2.210:81
UseCanonicalName On
PidFile "/var/run/httpd/cluster_81.pid"
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
ErrorLog "/var/log/httpd/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "/var/log/httpd/access_log" combinedio
</IfModule>
DefaultType text/plain
<IfModule mime_module>
TypesConfig /etc/httpd/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddOutputFilterByType DEFLATE text/html text/plain text/xml
</IfModule>
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
<IfModule !cgi_module>
LoadModule cgi_module lib/httpd/modules/mod_cgi.so
</IfModule>
<IfModule !fcgid_module>
LoadModule fcgid_module lib/httpd/modules/mod_fcgid.so
SocketPath /var/run/httpd/fcgid/sock
SharememPath /var/run/httpd/fcgid/sharemem
IPCCommTimeout 60
</IfModule>
DirectoryIndex index.html index.php
RewriteEngine On
RewriteCond %{HTTP:X_Original_Proto} https
RewriteRule (.*) - [E=HTTPS:on,E=REMOTE_ADDR:%{HTTP:X_Forwarded_For},E =SERVER_PORT:443,E=SCRIPT_URI:https://%{HTTP:HOST}$1,L]
NameVirtualHost *
<VirtualHost *>
Servername web1.cluster.lan
DocumentRoot /var/www/webuser/main/htdocs
RewriteEngine On
RewriteOptions Inherit
<Directory /var/www/webuser/main/htdocs>
Order deny,allow
Allow from All
AddHandler fcgid-script .php
FCGIWrapper "/usr/bin/php-cgi -ddisable_functions=" .php
Options +ExecCgi
</Directory>
</VirtualHost>Das blöde dabei ist, dass der SERVER_PORT in $_SERVER bei php über fcgi jetzt immer 80 ist??? auf meinem rechner läuft garkein Dienst der auf Port 80 läuft?? Hat dafür jemand eine Erklärung?
Wo kommt diese information her???
Dump $_SERVER:
<?php $_SERVER= array (
'FCGI_ROLE' => 'RESPONDER',
'UNIQUE_ID' => 'SPtKtn8AAAEAADZibrgAAAAD',
'SCRIPT_URL' => '/index.php',
'SCRIPT_URI' => 'https://web1.dacher.lan/index.php',
'HTTPS' => 'on',
'REMOTE_ADDR' => '127.0.0.1',
'SERVER_PORT' => '80',
'HTTP_HOST' => 'web1.dacher.lan',
'HTTP_USER_AGENT' => 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008101315 Ubuntu/8.10 (intrepid) Firefox/3.0.3',
'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'HTTP_ACCEPT_LANGUAGE' => 'en-us,en;q=0.5',
'HTTP_ACCEPT_ENCODING' => 'gzip,deflate',
'HTTP_ACCEPT_CHARSET' => 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
'HTTP_COOKIE' => 'PHPSESSID=hom520c19fqrphrh4t3deupt25',
'HTTP_PRAGMA' => 'no-cache',
'HTTP_CACHE_CONTROL' => 'no-cache',
'HTTP_X_ORIGINAL_PROTO' => 'https',
'HTTP_VIA' => '1.1 web1.dacher.lan',
'HTTP_X_FORWARDED_FOR' => '192.168.2.200',
'HTTP_X_FORWARDED_HOST' => 'web1.dacher.lan',
'HTTP_X_FORWARDED_SERVER' => 'web1.dacher.lan',
'HTTP_CONNECTION' => 'Keep-Alive',
'PATH' => '/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/games:/usr/lib/qt/bin',
'SERVER_SIGNATURE' => '',
'SERVER_SOFTWARE' => 'Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8h DAV/2',
'SERVER_NAME' => 'web1.dacher.lan',
'SERVER_ADDR' => '127.0.0.1',
'DOCUMENT_ROOT' => '/var/www/webuser/main/htdocs',
'SERVER_ADMIN' => 'you@example.com',
'SCRIPT_FILENAME' => '/var/www/webuser/main/htdocs/index.php',
'REMOTE_PORT' => '56412',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'SERVER_PROTOCOL' => 'HTTP/1.1',
'REQUEST_METHOD' => 'GET',
'QUERY_STRING' => '',
'REQUEST_URI' => '/index.php',
'SCRIPT_NAME' => '/index.php',
'PHP_SELF' => '/index.php',
'REQUEST_TIME' => 1224428214,
);
$ lsof | egrep ':(80|http)'
httpd 13801 root 3u IPv6 48867 TCP *:https (LISTEN)
httpd 13897 apache 3u IPv6 48867 TCP *:https (LISTEN)
httpd 13898 apache 3u IPv6 48867 TCP *:https (LISTEN)
httpd 13899 apache 3u IPv6 48867 TCP *:https (LISTEN)
httpd 13900 apache 3u IPv6 48867 TCP *:https (LISTEN)
httpd 13901 apache 3u IPv6 48867 TCP *:https (LISTEN)
httpd 13914 apache 3u IPv6 48867 TCP *:https (LISTEN)
Jedenfalls ist das ganze sehr doof, weil einige Anwendungen (wie z.B. phpMyAdmin) Ihre Urls selber zusammenbauen, dann kommen so tolle urls wie https://web1.cluster.lan:80/ dabei raus...
Das HTTPS konnte ich per RewriteRule auf On setzen und die SCRIPT_URI auch:
RewriteEngine On
# X_Original_Proto wird in der balancer.conf mittels RequestHeader gesetzt
RewriteCond %{HTTP:X_Original_Proto} https
RewriteRule (.*) - [E=HTTPS:on,E=REMOTE_ADDR:%{HTTP:X_Forwarded_For},E =SERVER_PORT:443,E=SCRIPT_URI:https://%{HTTP:HOST}$1,L]
jedoch den SERVER_PORT und die REMOTE_ADDR lassen sich einfach nicht beeinflussen! wie könnte ich das hinbekommen?
Die REMOTE_ADDR ist nicht so wichtig. aber der SERVER_PORT verwirrt mich :)
Also vielen Dank schonmal
Bin für alle Vorschläge offen
Gruss
senfmensch