来自Apache SSL重定向Wildfly [英] SSL redirection from Apache to Wildfly
问题描述
我有Wildfly-8上运行两个项目,我对他们每个人,一个IP两个SSL证书。
我想通了,我应该有一个SSL证书一个IP。
但我需要使用这两个SSL一个IP。我无法找到一种方法与Wildfly做,但有一个办法与Apache服务器来做到这一点。所以,我安装了Apache服务器最多Wildfly。
我听HTTPS在Apache端口(443),重定向到Wildfly的 HTTP 端口(我用8080)。它的工作原理没有任何问题。
我纳闷的是,
1。就是Apache解密请求,并重定向它Wildfly?
2.是否做到这一点,或我是偶然做了正确的方法?
3.请问这个方法创建一个安全漏洞?
我GOOGLE了一些,但我无法找到满意的答案。
感谢您的答复。
有关这个答案,我假设的重定向你的意思是代理:阿帕奇接收请求,代理它Wildfly,从接收到的答案Wildfly,发送应答给客户端。
如果你的意思是别的东西,那么简单的答案是:这是错误的。
- 就是Apache解密请求,并重定向它Wildfly?
是的。 Apache将接收和安全的数据从客户机发送到/。与Wildfly沟通会明文。
<醇开始=2>
它是做正确的方式,或我是偶然做了?
这就是它的平时成绩,是的。换句话说,负载平衡器和/或Wildfly前(阿帕奇你的情况)的代理。 Wildfly本身没有被公共互联网直接到达。
<醇开始=3>
请问这个方法创建一个安全漏洞?
它做,就像一切是一个安全的妥协。在这种情况下,你相信你的内部网络,在一个更实际的/可管理架构的名称。如果你不信任你的内部网络,你应该寻找另一种解决方案。在一般情况下,付出的代价似乎可以公平地我,你只开放你的Apache和您的Wildfly之间的人在这方面的中间人。所以,如果你信任你的内部网络,你应该相信,不会有任何中间人那里。
I have two projects running on Wildfly-8 and I have two SSL certificates for each of them and one IP.
I figured out that I should have one IP for one SSL certificate.
But I needed to use these two SSL for one IP. I couldn't find a way to do it with Wildfly but there was a way to do it with Apache Server. So,I installed Apache Server up to Wildfly.
I listen https port(443) on Apache and redirect it to Wildfly's http port(I used 8080). It works without any problem.
What I wonder is;
1. Is Apache decrypt request and redirect it to Wildfly? 2. Is it correct way to do it or I have done it by chance? 3. Does this method create a security hole?I googled some, but I could not find satisfied answers.
Thanks for replies.
解决方案For this answer, I'm supposing that by "redirecting" you mean "proxying": Apache receives the request, proxies it to Wildfly, receives an answer from Wildfly, sends the answer to the client.
If you mean something else, then the simple answer is: it is wrong.
- Is Apache decrypt request and redirect it to Wildfly?
Yes. Apache will receive and send secure data to/from the client. Its communication with Wildfly will be plaintext.
- Is it correct way to do it or I have done it by chance?
That's how it's usually done, yes. In other words: a load balancer and/or a proxy in front of Wildfly (Apache in your case). Wildfly itself is not reached directly by the public internet.
- Does this method create a security hole?
It does, just like everything else is a security "compromise". In this case, you are trusting your internal network, in the name of a more practical/manageable architecture. If you do not trust your internal network, you should look for another solution. In the general case, the price to pay seems fair to me, as you'll "only" be open to a man-in-the-middle between your Apache and your Wildfly. So, if you trust your internal network, you should trust that there won't be any MITM there.
这篇关于来自Apache SSL重定向Wildfly的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
