我正在對使用 SSL 用戶端憑證驗證的舊版 Web 服務進行容器化。我有一個 apache 2.4 容器和一個 PHP 7.4 FPM 容器。
我的 apache 虛擬主機配置看起來像
...
<VirtualHost *:8443>
DocumentRoot /var/www/html/myapp
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://php:9000/var/www/html/myapp/$1
SSLEngine on
....
SSLCACertificateFile <PATH TO CA>
SSLVerifyClient optional
SSLVerifyDepth 2
...
<Files ~ "\.(cgi|shtml||phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/html/myapp">
SSLOptions +StdEnvVars +ExportCertData
Require all granted
DirectoryIndex index.php
</Directory>
...
</VirtualHost>
....
索引.php
<?
print_r($_SERVER);
?>
<html>
....
<a href=go.php><img name=go src=="go.png" alt="GO!"></a>
....
</html>
Go.php
<?php
print_r($_SERVER);
... DO Authoriztion stuff with SSL_CLIENT_CERT ...
?>
docker-compose.yml
version: 3.4"
services:
apache:\
image: myappApache
depends_on: php
networks:
- frontend
- backend
ports:
- "80:8080"
- "443:8443"
volumes:
- ./myapp/:/var/www/html/myapp:rw
php:
image: myappPHP
networks:
- backend
volumes:
- ./myapp/:/var/www/html/myapp:to
networks:
frontend:
backend:
當我導航到 index.php 並列印出_SERVERwith的值時print_r($_SERVER) ,我可以看到[SSL_CLIENT_CERT] => -----BEGIN CERTIFICARTE----- ... -----END CERTIFICATE-----.但是,當我單擊該頁面上的連結將我帶到網站的第二頁時,該連結SSL_CLIENT_CERT缺失了_SERVER。其他與 SSL 相關的項目也遺失了
- SSL_SESSION_RESUMED
- SSL_SESSION_ID
- SSL_SERVER_A_SIG
- SSL_SERVER_A_KEY
- SSL_SERVER_I_DN
如何防止_SERVER配置設定在頁面之間消失?
答案1
不知道為什麼這有效。但我把事情移到了小組SSLOptions +StdEvnVars +ExportCertData之外Directory,這似乎解決了問題。