如何在 Apache 中使用 SSL 配置多个子域?
Posted
技术标签:
【中文标题】如何在 Apache 中使用 SSL 配置多个子域?【英文标题】:How to configure multiple subdomain with SSL in Apache? 【发布时间】:2016-11-25 00:32:11 【问题描述】:配置:
Debian Apache2 通配符 SSL:*.example.com 子域:a.example.com、b.example.com。 1 台专用服务器 网站使用 NodeJS (ProxyPass...)现在,我可以让 a.example.com 正常工作。 但是我怎样才能让 a.example.com 和 b.example.com 在同一台服务器上工作呢?
/etc/apache2/site-enable/a.example.com.conf
<VirtualHost *:80>
ServerName a.example.com
Redirect permanent / https://a.example.com
</VirtualHost>
<VirtualHost *:80>
ServerName www.a.example.com
Redirect permanent / https://a.example.com
</VirtualHost>
Listen 443
<VirtualHost *:443>
ServerName a.example.com
ServerAlias www.a.example.com
ProxyRequests off
LimitRequestLine 150000
LimitRequestFieldSize 150000
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
ProxyPass http://localhost:4949/
ProxyPassReverse http://localhost:4949/
</Location>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL
SSLCertificateFile /etc/ssl/2__.example.fr.crt
SSLCertificateKeyFile /root/XXXXXX.key
SSLCertificateChainFile /etc/ssl/1_root_bundle.crt
</VirtualHost>
更新 --- 如果我试试这个:
/etc/apache2/site-enable/b.example.com.conf
<VirtualHost *:80>
ServerName b.example.com
Redirect permanent / https://b.example.com
</VirtualHost>
<VirtualHost *:80>
ServerName www.b.example.com
Redirect permanent / https://b.example.com
/VirtualHost>
Listen 443
<VirtualHost *:443>
ServerName b.example.com
ServerAlias www.b.example.com
ProxyRequests off
LimitRequestLine 150000
LimitRequestFieldSize 150000
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
ProxyPass http://localhost:6949/
ProxyPassReverse http://localhost:6949/
</Location>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL
SSLCertificateFile /etc/ssl/2__.example.fr.crt
SSLCertificateKeyFile /root/XXXXXX.key
SSLCertificateChainFile /etc/ssl/1_root_bundle.crt
</VirtualHost>
我收到了
[....] Restarting web server: apache2[Thu Jul 21 14:58:01 2016] [warn] module passenger_module is already loaded, skipping
[Thu Jul 21 14:58:01 2016] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Thu Jul 21 14:58:01 2016] [warn] NameVirtualHost *:80 has no VirtualHosts
... waiting [Thu Jul 21 14:58:02 2016] [warn] module passenger_module is already loaded, skipping
[Thu Jul 21 14:58:02 2016] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Thu Jul 21 14:58:02 2016] [warn] NameVirtualHost *:80 has no VirtualHosts
(98)Address already in use: make_sock: could not bind to address [::]:443
---更新
我删除了 b.exemple.com.conf 上的 Listen 443
但是现在,我有这个:
a.example.com ---> b.example.com
b.example.com ---> b.example.com
问题是当我尝试访问 a 时,我被重定向到 b
我做错了什么?
/etc/apache2/site-enable/b.example.com.conf
<VirtualHost *:80>
ServerName b.example.com
Redirect permanent / https://b.example.com
</VirtualHost>
<VirtualHost *:80>
ServerName www.b.example.com
Redirect permanent / https://b.example.com
/VirtualHost>
<VirtualHost *:443>
ServerName b.example.com
ServerAlias www.b.example.com
ProxyRequests off
LimitRequestLine 150000
LimitRequestFieldSize 150000
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
ProxyPass http://localhost:6949/
ProxyPassReverse http://localhost:6949/
</Location>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL
SSLCertificateFile /etc/ssl/2__.example.fr.crt
SSLCertificateKeyFile /root/XXXXXX.key
SSLCertificateChainFile /etc/ssl/1_root_bundle.crt
</VirtualHost>
-- 更新找到了解决方案:)
我终于找到了解决我的问题的方法,谢谢你的帮助!
<IfModule mod_ssl.c>
Listen 443
NameVirtualHost *:443
</IfModule>
<VirtualHost *:443>
ServerName www.example.fr
DocumentRoot "/var/www/html/404"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL
SSLCertificateFile /etc/ssl/2__.example.fr.crt
SSLCertificateKeyFile /root/XXXXX.key
SSLCertificateChainFile /etc/ssl/1_root_bundle.crt
</VirtualHost>
<VirtualHost *:80>
ServerName www.example.fr
Redirect permanent / https://a.example.fr
</VirtualHost>
<VirtualHost *:80>
ServerName a.example.fr
Redirect permanent / https://a.example.fr
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin@admin.fr
ServerName a.example.fr
ProxyRequests off
LimitRequestLine 150000
LimitRequestFieldSize 150000
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
ProxyPass http://localhost:4949/
ProxyPassReverse http://localhost:4949/
</Location>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL
SSLCertificateFile /etc/ssl/2__.example.fr.crt
SSLCertificateKeyFile /root/serveurA.key
SSLCertificateChainFile /etc/ssl/1_root_bundle.crt
</VirtualHost>
<VirtualHost *:80>
ServerName b.example.fr
Redirect permanent / https://b.example.fr
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin@admin.fr
ServerName b.example.fr
ProxyRequests off
LimitRequestLine 150000
LimitRequestFieldSize 150000
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
ProxyPass http://localhost:6949/
ProxyPassReverse http://localhost:6949/
</Location>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL
SSLCertificateFile /etc/ssl/2__.example.fr.crt
SSLCertificateKeyFile /root/serveurA.key
SSLCertificateChainFile /etc/ssl/1_root_bundle.crt
</VirtualHost>
【问题讨论】:
好吧,您只需添加第二个 ssl 主机并配置要使用的相同证书文件。 请看我的更新:) 看起来您使用命令Listen 443 两次,每个文件一次?
是的!它更好。但是我现在有另一个问题,请查看我的更新。
这可能是由于您的设置可能将 b.example.com 视为“默认主机”这一事实造成的。这是包含配置的顺序问题。
【参考方案1】:
为所有子域更改通配符 (*.example.com) 的虚拟主机代码,要实现此功能,您的 SSL 证书应该是支持多个子域的通配符
在 apache httpd.conf 或 ssl.conf 文件的<virtualhost> 代码中更改/添加两行
ServerName www.example.com
ServerAlias *.example.com
例子:
a.example.com
b.example.com
WHATEVER_SUB-DOMAIN_TEXT.example.com
【讨论】:
ServerAlias 应该可以工作。等待OP的回复。我不知道这篇文章有多老了!哈哈以上是关于如何在 Apache 中使用 SSL 配置多个子域?的主要内容,如果未能解决你的问题,请参考以下文章