Apache-2.2

Apache SSL 配置不生效

  • December 2, 2014

我在我的伺服器上配置了一個通過 SSL 提供服務的站點,但它根本不可用。

$ nmap localhost
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http

我的防火牆允許埠 443 進入並且 apache2 服務正在執行。

似乎存在一個普遍的問題,即雖然包含在 中apache2.conf,但該文件/etc/apache2/sites-enabled/default-ssl.conf並未被考慮在內。

$ apache2ctl -S
VirtualHost configuration:
1.23.45.67:80         is a NameVirtualHost
        default server 12345.yourvserver.net (/etc/apache2/sites-enabled/000-default.conf:1)
        port 80 namevhost 12345.yourvserver.net (/etc/apache2/sites-enabled/000-default.conf:1)
        port 80 namevhost my.doma.in (/etc/apache2/sites-enabled/000-default.conf:31)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex rewrite-map: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl 
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=99
Group: name="www-data" id=99

ports.conf 聲明如下:

Listen 80

<IfModule ssl_module>
       Listen 443
</IfModule>

<IfModule mod_ssl.c>
       Listen 443
</IfModule>

<IfModule mod_gnutls.c>
       Listen 443
</IfModule>

排除註釋行,apache2.conf 如下所示:

ServerName localhost
Mutex file:${APACHE_LOCK_DIR} default
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
Include ports.conf
<Directory />
       Options FollowSymLinks
       AllowOverride None
       Require all denied
</Directory>

<Directory /usr/share>
       AllowOverride None
       Require all granted
</Directory>

<Directory /var/www/>
       Options Indexes FollowSymLinks
       AllowOverride None
       Require all granted
</Directory>

AccessFileName .htaccess

<FilesMatch "^\.ht">
       Require all denied
</FilesMatch>

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

IncludeOptional conf-enabled/*.conf

IncludeOptional sites-enabled/*.conf

也有一個錯誤,但我無法按照這個執行緒中最流行的答案解決它(而且我不明白為什麼 envvars 應該與公共文件所在的目錄有任何關係。)

$ apache2 -V
[Tue Dec 02 16:31:03.757529 2014] [core:warn] [pid 26148] AH00111: Config variable ${APACHE_LOCK_DIR} is not defined
[Tue Dec 02 16:31:03.757949 2014] [core:warn] [pid 26148] AH00111: Config variable ${APACHE_PID_FILE} is not defined
[Tue Dec 02 16:31:03.758019 2014] [core:warn] [pid 26148] AH00111: Config variable ${APACHE_RUN_USER} is not defined
[Tue Dec 02 16:31:03.758148 2014] [core:warn] [pid 26148] AH00111: Config variable ${APACHE_RUN_GROUP} is not defined
[Tue Dec 02 16:31:03.758305 2014] [core:warn] [pid 26148] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[Tue Dec 02 16:31:03.769627 2014] [core:warn] [pid 26148] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[Tue Dec 02 16:31:03.770168 2014] [core:warn] [pid 26148] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[Tue Dec 02 16:31:03.770236 2014] [core:warn] [pid 26148] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[Tue Dec 02 16:31:03.770376 2014] [core:warn] [pid 26148] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[Tue Dec 02 16:31:03.770433 2014] [core:warn] [pid 26148] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
AH00526: Syntax error on line 74 of /etc/apache2/apache2.conf:
Invalid Mutex directory in argument file:${APACHE_LOCK_DIR}

好吧,這有點尷尬。我忘了跑a2enmod ssl

引用自:https://serverfault.com/questions/648565