Apache-2.2
正確配置虛擬主機 SSL
我在我的 Ubuntu EC2 實例上安裝了 SSL 證書,我需要在此實例上託管的網站之一可以通過 https 訪問。
我有幾個網站都通過虛擬主機託管在同一個 IP 上。但是,我只需要一個可以通過 https 訪問的網站。
我確信以下幾點:
- SSL 證書已正確安裝
- EC2 上的 443 埠是開放的
我很確定這些,因為當我在 /etc/apache2/sites-enabled/mysslsite 中嘗試以下虛擬主機配置時,我可以通過 https 訪問該站點。問題是所有其他網站都關閉了,因為它們也只需要通過 https 訪問。以下是虛擬主機配置文件:
<VirtualHost *> ServerAdmin support@example.com DocumentRoot /var/www/mysslwebsite ServerName www.mysslwebsite.com ServerAlias mysslwebsite.com <Directory /var/www/mysslwebsite> Options Indexes FollowSymLinks MultiViews AllowOverride all Order allow,deny allow from all </Directory> <Directory /> Options FollowSymLinks AllowOverride all </Directory> SSLEngine on SSLCertificateFile /etc/ssl/apache2/mycertificate.com.crt SSLCertificateKeyFile /etc/ssl/apache2/mycertificate.key ErrorLog /var/log/apache2/error.log LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On </VirtualHost>
使用此配置,雖然它位於這個特定的 mysslwebsite 虛擬主機配置中,但所有其他網站都不會通過標準 http 載入,並在通過 http 訪問時顯示以下消息:
Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. Hint: https://www.myothersite.com/
任何人都知道我該如何解決這個問題?
謝謝
- -編輯 - - - -
我嘗試了以下虛擬主機:
NameVirtualHost *:80 NameVirtualHost *:443 <VirtualHost *:80> ServerAdmin support@email.com DocumentRoot /var/www/mysslsite ServerName www.mysslsiste.com ServerAlias mysslsite.com <Directory /var/www/mysslsite> Options Indexes FollowSymLinks MultiViews AllowOverride all Order allow,deny allow from all </Directory> <Directory /> Options FollowSymLinks AllowOverride all </Directory> ErrorLog /var/log/apache2/error.log LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On </VirtualHost> <VirtualHost *:443> ServerAdmin support@email.com DocumentRoot /var/www/mysslsist ServerName www.mysslsist.com ServerAlias mysslsist.com <Directory /var/www/mysslsist> Options Indexes FollowSymLinks MultiViews AllowOverride all Order allow,deny allow from all </Directory> <Directory /> Options FollowSymLinks AllowOverride all </Directory> ErrorLog /var/log/apache2/error.log LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On SSLEngine on SSLCertificateFile /etc/ssl/apache2/certificate.com.crt SSLCertificateKeyFile /etc/ssl/apache2/certificate.key </VirtualHost> #Another virtual host with another site <VirtualHost *> ServerAdmin support@email.com DocumentRoot /var/www/myothersite ServerName www.myothersite.com ServerAlias myothersite.com <Directory /var/www/myothersite> Options Indexes FollowSymLinks MultiViews AllowOverride all Order allow,deny allow from all </Directory> <Directory /> Options FollowSymLinks AllowOverride all </Directory> ErrorLog /var/log/apache2/error.log LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On </VirtualHost>
但是,我無法通過 SSL 訪問該網站。我可以通過http訪問它。
Apache 在重新啟動時顯示以下警告:
NameVirtualHost *:443 沒有 VirtualHosts NameVirtualHost *:80 沒有 VirtualHosts
這令人困惑,因為埠 80 有大約 10 個虛擬主機。
在我看來,您沒有為虛擬主機指定 443 埠或 80 埠。所以一切都朝著為 SSL 配置的虛擬主機前進。所以 http 流量不被接受,因為它被配置為只接受 SSL。試試這個
NameVirtualHost *:80 <VirtualHost *:80> ServerName blah DocumentRoot /var/www/html/ </VirtualHost> <VirtualHost *:443> ... - your config here - ... </VirtualHost>
您甚至可以對執行在埠 80 上的虛擬主機進行重定向。可能是這樣的:
Redirect permanent / https://<URL>