Openssl

Ubuntu 20.04 LAMP 和 WP 多站點的 OpenSSL 配置

  • January 8, 2021

問題: 如何將 1 個 OpenSSL 證書應用於 html 目錄中的所有網站? **問題:**訪問時https://localhost.site1.comhttps://localhost.site2.com只顯示index.html位於/var/www/html/index.html因為default-ssl.conf文件根目錄是/var/www/html/

我有 2 個 wordpress 多站點(和其他站點)位於/var/www/html/

/var/www/html/site1.com

/var/www/html/site2.com

在我的default-ssl.conf我有:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
   ServerAdmin info@dummy.com
   ServerName localhost
   ServerAlias localhost

   DocumentRoot /var/www/html/
   
   ErrorLog ${APACHE_LOG_DIR}/localhost.error.log
   CustomLog ${APACHE_LOG_DIR}/localhost.access.log combined

           SSLEngine on
   SSLCertificateFile  /etc/ssl/certs/ssl-cert-snakeoil.pem
   SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
   
   #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
   <FilesMatch "\.(cgi|shtml|phtml|php)$">
           SSLOptions +StdEnvVars
   </FilesMatch>
   <Directory /usr/lib/cgi-bin>
           SSLOptions +StdEnvVars
           DirectoryIndex index.php
           AllowOverride All
           Order allow,deny
           Allow from all
           Require all granted
   </Directory>

   #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
   #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
   #   "force-response-1.0" for this.
     BrowserMatch "MSIE [2-6]" \
           nokeepalive ssl-unclean-shutdown \
           downgrade-1.0 force-response-1.0

</VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

在我的/etc/hosts文件中,我有:

127.0.1.1   excalibur
127.0.0.1   localhost 
127.0.0.1   localhost.site1.com *.localhost.site1.com   # mainsite url
127.0.0.1   subsite-a.localhost.site1.com   
127.0.0.1   subsite-b.localhost.site1.com
127.0.0.1   subsite-c.localhost.site1.com

127.0.0.1   localhost.site2.com *.localhost.site2.com   # mainsite url

site1.com 的虛擬主機包含:

   <VirtualHost *:80>

   ServerName localhost.site1.com 
   ServerAlias www.localhost.site1.com
   
   # If this is the default configuration file we can use: 'ServerName localhost' or also 'ServerAlias localhost'.

   ServerAdmin info@dummy.com

   ErrorLog ${APACHE_LOG_DIR}/localhost.site1.com.error.log
   CustomLog ${APACHE_LOG_DIR}/localhost.site1.com.access.log combined

   DocumentRoot /var/www/html/site1.com
   
   <Directory /var/www/html/site1.com>
       Options None FollowSymLinks
       # Enable .htaccess Overrides:
       AllowOverride All
       DirectoryIndex index.php
       Order allow,deny
       Allow from all
       Require all granted
   </Directory>

   <Directory /var/www/html/site1.com/wp-content>
       Options FollowSymLinks
       Order allow,deny
       Allow from all
   </Directory>
   
   
  SSLEngine on
  SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
  SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key

</VirtualHost>

site2.com 的虛擬主機包含:

   <VirtualHost *:80>

   ServerName localhost.site2.com
   ServerAlias www.localhost.site2.com
   
   # If this is the default configuration file we can use: 'ServerName localhost' or also 'ServerAlias localhost'.

   ServerAdmin info@dummy.com

   ErrorLog ${APACHE_LOG_DIR}/localhost.site2.com.error.log
   CustomLog ${APACHE_LOG_DIR}/localhost.site2.com.access.log combined

   DocumentRoot /var/www/html/site2.com
   
   <Directory /var/www/html/site2.com>
       Options None FollowSymLinks
       # Enable .htaccess Overrides:
       AllowOverride All
       DirectoryIndex index.php
       Order allow,deny
       Allow from all
       Require all granted
   </Directory>

   <Directory /var/www/html/site2.com/wp-content>
       Options FollowSymLinks
       Order allow,deny
       Allow from all
   </Directory>
   
  SSLEngine on
  SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
  SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
  
</VirtualHost>

有小費嗎?

您的虛擬主機正在偵聽埠 80,而 HTTPS 連接使用埠 443。為此,您將獲得預設 SSL 配置中的內容,因為這是埠 443 的唯一配置。

VirtualHost將您的定義更改為<VirtualHost *:443>可能會解決問題。

引用自:https://serverfault.com/questions/1049027