阿里云的SLB配置https流程

环境：

ESC A 172.18.67.212(centos 6.5 apache2.2 mysql5.1 redis 主 rsync同步php5.6)

ESC B 172.18.67.213(centos 6.5 apache2.2 mysql5.1 redis 主 rsync同步 php5.6)

先配置 Apache  （项目路径为 /usr/local/apache/htdocs/ 默认的）

开启 两个监听端口  80 和 81 如下

大概在 httpd.conf 的 40行

ServerName localhost 80  #监听80

Listen 81 #监听81

再修改Directory 里边的配置 在 httpd.conf 138行

<Directory "/usr/local/apache2/htdocs">
139 #
140 # Possible values for the Options directive are "None", "All",
141 # or any combination of:
142 # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
143 #
144 # Note that "MultiViews" must be named *explicitly* --- "Options All"
145 # doesn't give it to you.
146 #
147 # The Options directive is both complicated and important. Please see
148 # http://httpd.apache.org/docs/2.2/mod/core.html#options
149 # for more information.
150 #
151 # Options Indexes FollowSymLinks
152 Options FollowSymLinks
153
154 #
155 # AllowOverride controls what directives may be placed in .htaccess files.
156 # It can be "All", "None", or any combination of the keywords:
157 # Options FileInfo AuthConfig Limit
158 #
159 AllowOverride All
160
161 #
162 # Controls who can get stuff from this server.
163 #
164 Order allow,deny
165 Allow from all
166 # Require all granted #这句很重要 如果你的Apache是2.4以上的 则需要添加这个 2.2则注释掉
167 RewriteEngine on
168 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS) #禁用不安全的HTTP方法如trace、delete、head、options  这里还缺少 delete和head
169 RewriteRule .* - [F]
170 RewriteCond %{SERVER_PORT} 81
171 RewriteRule ^(.*)$ https://www.xxx.com/$1 [R=301,L] #这句其实有些路径是不支持的有待完善
172 </Directory>

两台或多台一样配置

最后在阿里云控制台配置SLB的监听 如下

至此可以了

测试一波 正常

附 telnet 测试 安全TRACE 是否开启

telnet www.xxx.com 80
Trying 120.78.24.89...
Connected to www.xxx.com.
Escape character is '^]'.
TRACE / HTTP/1.0
X-Test:abc
Host:www.xxx.com

HTTP/1.1 200 OK
Date: Tue, 17 Oct 2017 06:45:25 GMT
Server: Apache/2.2.9 (Unix) PHP/5.5.38
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
X-Test: abc
Host: www.xxx.com

Connection closed by foreign host.

以上没有防护的正常返回信息下边的是开启了防护返回的信息

HTTP/1.1 405 Method Not Allowed
Date: Tue, 17 Oct 2017 06:48:52 GMT
Content-Type: text/html
Content-Length: 238
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>405 Method Not Allowed</title></head>
<body bgcolor="white">
<h1>405 Method Not Allowed</h1>
<p>The requested method is not allowed for the URL.</body>
</html>
Connection closed by foreign host.

由此可见配置成功

附网络拓扑图

神秘剑派--大师兄   转载请注明