如何在 Apache 中使用 SSL 配置多个子域?

Posted

技术标签:

【中文标题】如何在 Apache 中使用 SSL 配置多个子域?【英文标题】:How to configure multiple subdomain with SSL in Apache? 【发布时间】:2016-11-25 00:32:11 【问题描述】:

配置:

Debian Apache2 通配符 SSL:*.example.com 子域:a.example.com、b.example.com。 1 台专用服务器 网站使用 NodeJS (ProxyPass...)

现在,我可以让 a.example.com 正常工作。 但是我怎样才能让 a.example.com 和 b.example.com 在同一台服务器上工作呢?

/etc/apache2/site-enable/a.example.com.conf
<VirtualHost  *:80>
  ServerName a.example.com
  Redirect permanent / https://a.example.com
</VirtualHost>
<VirtualHost  *:80>
  ServerName www.a.example.com
  Redirect permanent / https://a.example.com
</VirtualHost>
Listen 443

<VirtualHost *:443>
 ServerName a.example.com
 ServerAlias www.a.example.com

 ProxyRequests off
 LimitRequestLine  150000
 LimitRequestFieldSize 150000
 <Proxy *>
  Order deny,allow
  Allow from all
 </Proxy>

 <Location />
  ProxyPass http://localhost:4949/
  ProxyPassReverse http://localhost:4949/
 </Location>

 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3
 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

 SSLCertificateFile   /etc/ssl/2__.example.fr.crt
 SSLCertificateKeyFile  /root/XXXXXX.key
 SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 
</VirtualHost>

更新 --- 如果我试试这个:

/etc/apache2/site-enable/b.example.com.conf
<VirtualHost  *:80>
ServerName b.example.com
Redirect permanent / https://b.example.com
</VirtualHost>
<VirtualHost  *:80>
ServerName www.b.example.com
Redirect permanent / https://b.example.com
/VirtualHost>

Listen 443

<VirtualHost *:443>
 ServerName b.example.com
 ServerAlias www.b.example.com

 ProxyRequests off
 LimitRequestLine  150000
 LimitRequestFieldSize 150000
 <Proxy *>
  Order deny,allow
  Allow from all
 </Proxy>

 <Location />
  ProxyPass http://localhost:6949/
  ProxyPassReverse http://localhost:6949/
 </Location>

 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3
 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

 SSLCertificateFile   /etc/ssl/2__.example.fr.crt
 SSLCertificateKeyFile  /root/XXXXXX.key
 SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 
</VirtualHost>

我收到了

[....] Restarting web server: apache2[Thu Jul 21 14:58:01 2016] [warn] module passenger_module is already loaded, skipping
[Thu Jul 21 14:58:01 2016] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Thu Jul 21 14:58:01 2016] [warn] NameVirtualHost *:80 has no VirtualHosts
 ... waiting [Thu Jul 21 14:58:02 2016] [warn] module passenger_module is already loaded, skipping
[Thu Jul 21 14:58:02 2016] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Thu Jul 21 14:58:02 2016] [warn] NameVirtualHost *:80 has no VirtualHosts
(98)Address already in use: make_sock: could not bind to address [::]:443

---更新

我删除了 b.exemple.com.conf 上的 Listen 443

但是现在,我有这个:

a.example.com ---> b.example.com
b.example.com ---> b.example.com

问题是当我尝试访问 a 时,我被重定向到 b

我做错了什么?

/etc/apache2/site-enable/b.example.com.conf
<VirtualHost  *:80>
ServerName b.example.com
Redirect permanent / https://b.example.com
</VirtualHost>
<VirtualHost  *:80>
ServerName www.b.example.com
Redirect permanent / https://b.example.com
/VirtualHost>

<VirtualHost *:443>
 ServerName b.example.com
 ServerAlias www.b.example.com

 ProxyRequests off
 LimitRequestLine  150000
 LimitRequestFieldSize 150000
 <Proxy *>
  Order deny,allow
  Allow from all
 </Proxy>

 <Location />
  ProxyPass http://localhost:6949/
  ProxyPassReverse http://localhost:6949/
 </Location>

 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3
 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

 SSLCertificateFile   /etc/ssl/2__.example.fr.crt
 SSLCertificateKeyFile  /root/XXXXXX.key
 SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 
</VirtualHost>

-- 更新找到了解决方案:)

我终于找到了解决我的问题的方法,谢谢你的帮助!

<IfModule mod_ssl.c>
    Listen 443
    NameVirtualHost *:443    
</IfModule>
<VirtualHost *:443>
  ServerName www.example.fr
  DocumentRoot "/var/www/html/404"

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

  SSLCertificateFile   /etc/ssl/2__.example.fr.crt
  SSLCertificateKeyFile  /root/XXXXX.key
  SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 
</VirtualHost>
<VirtualHost  *:80>
    ServerName www.example.fr
    Redirect permanent / https://a.example.fr
</VirtualHost>


<VirtualHost  *:80>
    ServerName a.example.fr
    Redirect permanent / https://a.example.fr
</VirtualHost>
<VirtualHost *:443>
  ServerAdmin admin@admin.fr
  ServerName a.example.fr

  ProxyRequests off
  LimitRequestLine  150000
  LimitRequestFieldSize 150000
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>

  <Location />
    ProxyPass http://localhost:4949/
    ProxyPassReverse http://localhost:4949/
  </Location>

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

  SSLCertificateFile   /etc/ssl/2__.example.fr.crt
  SSLCertificateKeyFile  /root/serveurA.key
  SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 

</VirtualHost>





<VirtualHost  *:80>
    ServerName b.example.fr
    Redirect permanent / https://b.example.fr
</VirtualHost>
<VirtualHost *:443>
  ServerAdmin admin@admin.fr
  ServerName b.example.fr

  ProxyRequests off
  LimitRequestLine  150000
  LimitRequestFieldSize 150000
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>

  <Location />
    ProxyPass http://localhost:6949/
    ProxyPassReverse http://localhost:6949/
  </Location>

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

  SSLCertificateFile   /etc/ssl/2__.example.fr.crt
  SSLCertificateKeyFile  /root/serveurA.key
  SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 

</VirtualHost>

【问题讨论】:

好吧,您只需添加第二个 ssl 主机并配置要使用的相同证书文件。 请看我的更新:) 看起来您使用命令Listen 443 两次,每个文件一次? 是的!它更好。但是我现在有另一个问题,请查看我的更新。 这可能是由于您的设置可能将 b.example.com 视为“默认主机”这一事实造成的。这是包含配置的顺序问题。 【参考方案1】:

为所有子域更改通配符 (*.example.com) 的虚拟主机代码,要实现此功能,您的 SSL 证书应该是支持多个子域的通配符

在 apache httpd.confssl.conf 文件的&lt;virtualhost&gt; 代码中更改/添加两行

 ServerName www.example.com
 ServerAlias *.example.com

例子:

a.example.com
b.example.com
WHATEVER_SUB-DOMAIN_TEXT.example.com

【讨论】:

ServerAlias 应该可以工作。等待OP的回复。我不知道这篇文章有多老了!哈哈

以上是关于如何在 Apache 中使用 SSL 配置多个子域?的主要内容,如果未能解决你的问题,请参考以下文章

带有通配符子域的 Apache SSL 重写

apache vhosts https/ssl 子域始终重定向到非 https 主页面

通过 Apache 将子域指向另一个 IP

如何在 Ubuntu 上为 Apache2 配置子域?

IIS下具有SSL的多个子域[关闭]

为使用 Elastic Beanstalk 和 LightSail 的子域配置 SSL