我一直在像这样的 http IP 上使用 solr 搜索
http://xxx.xxx.xxx.xxx:8983/solr/#/
但现在出于安全原因,我需要一个域名 + https like
https://example.com:8983/solr/#/
或(?)
https://example.com/solr/#/
无论哪种方式,我都不知道如何配置我的 apache conf vhost 文件...
有什么想法吗?
附言。我已经为我的域https://example.com/启用了https
【问题讨论】:
您可以让 solr 仅侦听 localhost,并将 Apache 或 Nginx 安装为反向代理,在 HTTPS 端口 443 上侦听您的公共 IP,并将请求转发到端口 8983 上的 localhost。
使用 NginX,您可以在 Virtualhost 文件中使用类似这样的内容:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
location / {
try_files $uri @proxy;
}
location @proxy {
include cors_support;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header HTTPS "on";
proxy_pass_header Server;
proxy_pass http://127.0.0.1:8983;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
tcp_nodelay on;
}
access_log /var/log/nginx/access-example.log;
error_log /var/log/nginx/error-example.log;
include snippets/ssl-params.conf;
include snippets/ssl-example.com.conf;
}
对于启用了模块代理和 proxy_http 的 Apache:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin support@example.com
ServerName example.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8983/
ProxyPassReverse / http://127.0.0.1:8983/
<Location />
Require all granted
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLProxyEngine On
SSLCertificateFile /etc/apache2/ssl/cert.pem
SSLCertificateKeyFile /etc/apache2/ssl/privkey.pem
Include /etc/apache2/ssl/options-ssl-apache.conf
SSLCertificateChainFile /etc/apache2/ssl/chain.pem
</VirtualHost>
</IfModule>
【讨论】: