Apache-2.2
使用 ssl 為 apache 中的多個站點配置
我需要在 apache 中保護兩個不同的站點。其中一個只能是在埠 8069 上執行的不同伺服器的代理。
現在一個(它本身包含在 apache 中)使用 SSL 執行:
<VirtualHost *:443> ServerName 192.168.1.20 SSLEngine on SSLCertificateFile /etc/ssl/erp/oeserver.crt SSLCertificateKeyFile /etc/ssl/erp/oeserver.key DocumentRoot /var/www/cloud ServerPath /cloud/ #CustomLog /var/www/logs/ssl-access_log combined #ErrorLog /var/www/logs/ssl-error_log </VirtualHost>
另一個沒有執行,甚至沒有註冊。當我嘗試訪問它時,我得到一個異常(ssl_error_rx_record_too_long):
<VirtualHost *:443> ServerName 192.168.1.20 ServerPath /erp/ SSLEngine on SSLCertificateFile /etc/ssl/erp/oeserver.crt SSLCertificateKeyFile /etc/ssl/erp/oeserver.key ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> ProxyVia On ProxyPass / http://127.0.0.1:8069/ ProxyPassReverse / http://127.0.0.1:8069 RewriteEngine on RewriteRule ^/(.*) http://127.0.0.1:8069/$1 [P] RequestHeader set "X-Forwarded-Proto" "https" SetEnv proxy-nokeepalive 1 </VirtualHost>
我的願望是以下配置:
192.168.1.20 ->> unsecured local path to website 192.168.1.20/cloud/ ->> secured local documentpath from cloud 192.168.1.20/erp/ ->> secured proxy on port 80 for http://192.168.1.20:8069
這怎麼可能?這甚至可能嗎?也許 cloud.192.168.1.20 和 erp.192.168.1.20 更好?!
謝謝============ 編輯========================== apache2ctl -S -M: *:443是 NameVirtualHost 預設伺服器 myserver (/etc/apache2/conf.d/cloud.conf:1) 埠 443 namevhost myserver (/etc/apache2/conf.d/cloud.conf:1) *:80 是 NameVirtualHost 預設伺服器myserver (/etc/apache2/sites-enabled/default:1) 埠 80 namevhost myserver (/etc/apache2/sites-enabled/default:1)
預設:
<VirtualHost *:80> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
修改(目前)cloud.conf:
<VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/ssl/openerp/oeserver.crt SSLCertificateKeyFile /etc/ssl/openerp/oeserver.key DocumentRoot /var/www/ RewriteCond {REQUEST_URI} ^/cloud$ RewriteEngine on RewriteRule /(.*) http://127.0.0.1:8069/$1 [P] RequestHeader set "X-Forwarded-Proto" "https" SetEnv proxy-nokeepalive 1 </VirtualHost>
你不能擁有
<VirtualHost *:443> ServerName 192.168.1.20 SSLEngine on
2 次,因為 apache 只會綁定到一個虛擬主機。
為什麼不將兩個 /locations/ 都包含在一個配置中?
<VirtualHost *:443> ServerName 192.168.1.20 SSLEngine on SSLCertificateFile /etc/ssl/erp/oeserver.crt SSLCertificateKeyFile /etc/ssl/erp/oeserver.key DocumentRoot /var/www/cloud <Directory /var/www/cloud> blah </Directory> # erp-config # ... proxy_config .... ProxyPass /erp http://127.0.0.1:8069/ proxyPassReverse /erp http://127.0.0.1:8069/ </VirtualHost>
編輯2
另一種方式是 2 個單獨
<VirtualHosts>
的配置,基於名稱(一個 IP,SNI 必須可用)或基於 IP(每個主機一個 IP,通常始終有效)