Ubuntu
帶有 ssl 證書的網頁通過 http 443 服務
我有一台帶有 ubuntu xenial、apache 和幾個虛擬主機的機器,每個虛擬主機都有它的 domain.conf 和 domain-ssl.conf。每個 domain.conf 使用 ssl 證書重定向到 domain-ssl.conf,但問題是它在 chrome 中拋出 ERR_SSL_PROTOCOL_ERROR 錯誤,因為它試圖通過埠 443 提供加密的 web,即 apache 正在嘗試服務 ssl web通過http。
有趣的是,如果我訪問http://example.com:443顯示網路正常,但沒有 https。順便說一句,我在 apache 中啟用了 ssl 模組,我也嘗試了這個條件,它保持不變。
例子.conf
<VirtualHost *:80> ServerName example.com ServerAdmin development@example.com VirtualDocumentRoot /var/www/html/example SetEnv ENV stage ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined <Directory "/var/www/html/example"> AllowOverride None Require all granted <IfModule mod_rewrite.c> Options -MultiViews RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://example.com/$1 [R,L] </IfModule> </Directory>
範例-ssl.conf
<VirtualHost _default_:443> ServerName example.com ServerAdmin development@example.com VirtualDocumentRoot /var/www/html/example SetEnv ENV stage LogLevel warn ErrorLog /var/www/html/example/var/logs/apache-ssl.log CustomLog /var/www/html/example/var/logs/access.log combined SSLEngine on SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf <Directory "/var/www/html/example"> AllowOverride None Require all granted Options -MultiViews RewriteEngine On RewriteRule ^(.*)/$ /$1 [L,R=301] RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] </Directory>...
退出 apachectl -S:
user@myserver:~$ sudo apachectl -S AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message VirtualHost configuration: *:443 is a NameVirtualHost default server example.com (/etc/apache2/sites-enabled/010-example-ssl.conf:1) port 443 namevhost example.com (/etc/apache2/sites-enabled/010-example-ssl.conf:1) *:80 is a NameVirtualHost default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1) port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1) port 80 namevhost example.com (/etc/apache2/sites-enabled/015-example.conf:1) ServerRoot: "/etc/apache2" Main DocumentRoot: "/var/www/html" Main ErrorLog: "/var/log/apache2/error.log" Mutex ssl-stapling: using_defaults Mutex ssl-cache: using_defaults Mutex default: dir="/var/lock/apache2" mechanism=fcntl Mutex mpm-accept: using_defaults Mutex watchdog-callback: using_defaults Mutex rewrite-map: using_defaults Mutex ssl-stapling-refresh: using_defaults PidFile: "/var/run/apache2/apache2.pid" Define: DUMP_VHOSTS Define: DUMP_RUN_CFG User: name="www-data" id=33 Group: name="www-data" id=33
選項-ssl-apache.conf
# Intermediate configuration, tweak to your needs SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLHonorCipherOrder on SSLCompression off SSLOptions +StrictRequire # Add vhost name to log entries: LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
最後,我創建了
default-ssl.conf
失去的文件,並使用sudo a2ensite default-ssl
. 修復了問題!