Apache-2.2

正確配置虛擬主機 SSL

  • December 20, 2012

我在我的 Ubuntu EC2 實例上安裝了 SSL 證書,我需要在此實例上託管的網站之一可以通過 https 訪問。

我有幾個網站都通過虛擬主機託管在同一個 IP 上。但是,我只需要一個可以通過 https 訪問的網站。

我確信以下幾點:

  • SSL 證書已正確安裝
  • EC2 上的 443 埠是開放的

我很確定這些,因為當我在 /etc/apache2/sites-enabled/mysslsite 中嘗試以下虛擬主機配置時,我可以通過 https 訪問該站點。問題是所有其他網站都關閉了,因為它們也只需要通過 https 訪問。以下是虛擬主機配置文件:

<VirtualHost *>

   ServerAdmin support@example.com

       DocumentRoot    /var/www/mysslwebsite
       ServerName  www.mysslwebsite.com
       ServerAlias     mysslwebsite.com
       <Directory  /var/www/mysslwebsite>
           Options Indexes FollowSymLinks MultiViews
           AllowOverride all
           Order allow,deny
           allow from all
       </Directory>

       <Directory />
           Options FollowSymLinks
           AllowOverride all
       </Directory>

   SSLEngine on
   SSLCertificateFile    /etc/ssl/apache2/mycertificate.com.crt
   SSLCertificateKeyFile /etc/ssl/apache2/mycertificate.key

   ErrorLog /var/log/apache2/error.log
   LogLevel warn

   CustomLog /var/log/apache2/access.log combined
   ServerSignature On

</VirtualHost>

使用此配置,雖然它位於這個特定的 mysslwebsite 虛擬主機配置中,但所有其他網站都不會通過標準 http 載入,並在通過 http 訪問時顯示以下消息:

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Hint: https://www.myothersite.com/

任何人都知道我該如何解決這個問題?

謝謝

      • -編輯 - - - -

我嘗試了以下虛擬主機:

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>

   ServerAdmin support@email.com

       DocumentRoot    /var/www/mysslsite
       ServerName  www.mysslsiste.com
       ServerAlias     mysslsite.com
       <Directory  /var/www/mysslsite>

           Options Indexes FollowSymLinks MultiViews
           AllowOverride all
           Order allow,deny
           allow from all
       </Directory>

       <Directory />
           Options FollowSymLinks
           AllowOverride all
       </Directory>

   ErrorLog /var/log/apache2/error.log
   LogLevel warn

   CustomLog /var/log/apache2/access.log combined
   ServerSignature On

</VirtualHost>

<VirtualHost *:443>
       ServerAdmin support@email.com

       DocumentRoot    /var/www/mysslsist
       ServerName  www.mysslsist.com
       ServerAlias     mysslsist.com
       <Directory  /var/www/mysslsist>

           Options Indexes FollowSymLinks MultiViews
           AllowOverride all
           Order allow,deny
           allow from all
       </Directory>

       <Directory />
           Options FollowSymLinks
           AllowOverride all
       </Directory>

   ErrorLog /var/log/apache2/error.log
   LogLevel warn

   CustomLog /var/log/apache2/access.log combined
   ServerSignature On

   SSLEngine on
   SSLCertificateFile    /etc/ssl/apache2/certificate.com.crt
   SSLCertificateKeyFile /etc/ssl/apache2/certificate.key

</VirtualHost>

#Another virtual host with another site
<VirtualHost *>

   ServerAdmin support@email.com

       DocumentRoot    /var/www/myothersite
       ServerName  www.myothersite.com
       ServerAlias     myothersite.com
       <Directory  /var/www/myothersite>
           Options Indexes FollowSymLinks MultiViews
           AllowOverride all
           Order allow,deny
           allow from all
       </Directory>

       <Directory />
           Options FollowSymLinks
           AllowOverride all
       </Directory>

   ErrorLog /var/log/apache2/error.log
   LogLevel warn

   CustomLog /var/log/apache2/access.log combined
   ServerSignature On

</VirtualHost>

但是,我無法通過 SSL 訪問該網站。我可以通過http訪問它。

Apache 在重新啟動時顯示以下警告:

NameVirtualHost *:443 沒有 VirtualHosts NameVirtualHost *:80 沒有 VirtualHosts

這令人困惑,因為埠 80 有大約 10 個虛擬主機。

在我看來,您沒有為虛擬主機指定 443 埠或 80 埠。所以一切都朝著為 SSL 配置的虛擬主機前進。所以 http 流量不被接受,因為它被配置為只接受 SSL。試試這個

NameVirtualHost *:80

<VirtualHost *:80>
  ServerName blah
  DocumentRoot /var/www/html/

</VirtualHost>


<VirtualHost *:443>

...
- your config here -
...

</VirtualHost>

您甚至可以對執行在埠 80 上的虛擬主機進行重定向。可能是這樣的:

Redirect permanent / https://<URL>

引用自:https://serverfault.com/questions/459644