Apache-2.2

使用 ssl 為 apache 中的多個站點配置

  • November 5, 2013

我需要在 apache 中保護兩個不同的站點。其中一個只能是在埠 8069 上執行的不同伺服器的代理。

現在一個(它本身包含在 apache 中)使用 SSL 執行:

<VirtualHost *:443>
     ServerName 192.168.1.20
     SSLEngine on
     SSLCertificateFile /etc/ssl/erp/oeserver.crt
     SSLCertificateKeyFile /etc/ssl/erp/oeserver.key
     DocumentRoot /var/www/cloud
     ServerPath /cloud/
     #CustomLog /var/www/logs/ssl-access_log combined
     #ErrorLog /var/www/logs/ssl-error_log
</VirtualHost>

另一個沒有執行,甚至沒有註冊。當我嘗試訪問它時,我得到一個異常(ssl_error_rx_record_too_long):

<VirtualHost *:443>

ServerName 192.168.1.20
ServerPath /erp/

SSLEngine on
SSLCertificateFile /etc/ssl/erp/oeserver.crt
SSLCertificateKeyFile /etc/ssl/erp/oeserver.key

ProxyRequests Off
ProxyPreserveHost On

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyVia On
ProxyPass / http://127.0.0.1:8069/
ProxyPassReverse / http://127.0.0.1:8069
RewriteEngine on
RewriteRule ^/(.*) http://127.0.0.1:8069/$1 [P]


RequestHeader set "X-Forwarded-Proto" "https"

SetEnv proxy-nokeepalive 1
</VirtualHost>

我的願望是以下配置:

192.168.1.20        ->> unsecured local path to website
192.168.1.20/cloud/ ->> secured local documentpath from cloud
192.168.1.20/erp/   ->> secured proxy on port 80 for http://192.168.1.20:8069

這怎麼可能?這甚至可能嗎?也許 cloud.192.168.1.20 和 erp.192.168.1.20 更好?!

謝謝============ 編輯========================== apache2ctl -S -M: *:443是 NameVirtualHost 預設伺服器 myserver (/etc/apache2/conf.d/cloud.conf:1) 埠 443 namevhost myserver (/etc/apache2/conf.d/cloud.conf:1) *:80 是 NameVirtualHost 預設伺服器myserver (/etc/apache2/sites-enabled/default:1) 埠 80 namevhost myserver (/etc/apache2/sites-enabled/default:1)

預設:

<VirtualHost *:80>
 RewriteEngine On
 RewriteCond %{HTTPS} off
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

   ServerAdmin webmaster@localhost

   DocumentRoot /var/www
   <Directory />
       Options FollowSymLinks
       AllowOverride None
   </Directory>
   <Directory /var/www/>
       Options Indexes FollowSymLinks MultiViews
       AllowOverride None
       Order allow,deny
       allow from all
   </Directory>

   ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
   <Directory "/usr/lib/cgi-bin">
       AllowOverride None
       Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
       Order allow,deny
       Allow from all
   </Directory>

   ErrorLog ${APACHE_LOG_DIR}/error.log

   # Possible values include: debug, info, notice, warn, error, crit,
   # alert, emerg.
   LogLevel warn

   CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

修改(目前)cloud.conf:

<VirtualHost *:443>
   SSLEngine on
   SSLCertificateFile /etc/ssl/openerp/oeserver.crt
   SSLCertificateKeyFile /etc/ssl/openerp/oeserver.key
   DocumentRoot /var/www/
   RewriteCond {REQUEST_URI} ^/cloud$
   RewriteEngine on
   RewriteRule /(.*) http://127.0.0.1:8069/$1 [P]
   RequestHeader set "X-Forwarded-Proto" "https"
   SetEnv proxy-nokeepalive 1
</VirtualHost>

你不能擁有

<VirtualHost *:443>
     ServerName 192.168.1.20
     SSLEngine on

2 次,因為 apache 只會綁定到一個虛擬主機。

為什麼不將兩個 /locations/ 都包含在一個配置中?

<VirtualHost *:443>
     ServerName 192.168.1.20
     SSLEngine on
     SSLCertificateFile /etc/ssl/erp/oeserver.crt
     SSLCertificateKeyFile /etc/ssl/erp/oeserver.key
     DocumentRoot /var/www/cloud
     <Directory /var/www/cloud>
         blah
     </Directory>

     # erp-config
     # ... proxy_config ....
     ProxyPass /erp http://127.0.0.1:8069/
     proxyPassReverse /erp http://127.0.0.1:8069/

</VirtualHost>

編輯2

另一種方式是 2 個單獨<VirtualHosts>的配置,基於名稱(一個 IP,SNI 必須可用)或基於 IP(每個主機一個 IP,通常始終有效)

引用自:https://serverfault.com/questions/550429