在Apache环境下配置Playframework的双向HTTPS验证

httpd-ssl.conf

Listen 443

<VirtualHost _default_:443>

#   设置Apache转发与https相关的 header

#  这样在Play中就可以中国request().secure()获取是否当前为https链接

RequestHeader set X-Forwarded-Proto “https”

ProxyPreserveHost On

DocumentRoot “/xxx/server/httpd/htdocs”

ServerName www.abcd.com:443

TransferLog “/xxx/server/httpd/logs/access_log”

ProxyPass  /excluded !

ProxyPass / http://localhost:8009/

ProxyPassReverse / http://localhost:8009/

ErrorLog “/xxx/log/httpd/homesite/homesite.log”

#   SSL Engine Switch:

#   Enable/Disable SSL for this virtual host.

SSLEngine on

#   Server Certificate:

#  服务器的public key证书

SSLCertificateFile “/xxx/server/httpd/conf/server.crt”

#需要包含从server.crt的issuer开始,一直到root,的整个证书链

SSLCertificateChainFile “/xxx/server/httpd/conf/server-ca.crt”

#   Certificate Authority (CA):

#  用来验证客户端证书,这里保存所有合法客户端证书的issuer到root的整个证书链

SSLCACertificateFile “/xxx/server/httpd/conf/client-signer.crt”

#   Certificate Revocation Lists (CRL):

#  暂时不用,用来吊销证书的.

#SSLCARevocationPath “/xxx/server/httpd/conf/ssl.crl”

#SSLCARevocationFile “/xxx/server/httpd/conf/ssl.crl/ca-bundle.crl”

#SSLCARevocationCheck chain

#   Client Authentication (Type):

#  开启客户端证书验证.

SSLVerifyClient require

SSLVerifyDepth  10

</VirtualHost>

KK笔记:kknotes.com
本文链接地址: 在Apache环境下配置Playframework的双向HTTPS验证

转载须以超链接形式标明文章原始出处和作者信息及版权声明

未经允许不得转载:KK笔记 » 在Apache环境下配置Playframework的双向HTTPS验证

赞 (0)

评论 0

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址