Virtualhost
帶有虛擬主機和 TLS 證書的 apache2.4:提供了錯誤虛擬主機的證書
我使用 apache2.4 操作託管多個虛擬主機的伺服器。
新託管的域 (
https://www.yachtenwelt.de
) 正在正確使用相應的 TLS 證書。此外,我必須確保使用者通過任何給定的組合被重定向到這個域,所以我必須涵蓋:
http://yachtenwelt.de
http://www.yachtenwelt.de
https://yachtenwelt.de
來自非 https 版本 1 和 2 的重定向有效。但是當我使用 #3 時,我收到一個證書警告,指出 TLS 證書中存在名稱不匹配,原因是瀏覽器顯示了我的伺服器上執行的另一個虛擬主機的 TLS 證書(
https://www.4-happy-paws.de
)。您可以通過https://www.ssllabs.com/ssltest/analyze.html?d=yachtenwelt.de&hideResults=on進行檢查奇怪的是,如果我仍然繼續,我的瀏覽器 (Chrome) 之後會說 TLS 證書是為兩個域 Yachtenwelt.de 以及www.yachtenwelt.de頒發的正確證書。
遊艇世界的 vhost 配置文件:
<VirtualHost *:80> ServerName yachtenwelt.de ServerAlias www.yachtenwelt.de Redirect / https://www.yachtenwelt.de/ </VirtualHost> <VirtualHost *:443> ServerName yachtenwelt.de Redirect / https://www.yachtenwelt.de/ </VirtualHost> <VirtualHost *:443> ServerName www.yachtenwelt.de DocumentRoot /var/www/vhosts/yachtenwelt.de/html <Directory "/var/www/vhosts/yachtenwelt.de/html"> Options +FollowSymLinks AllowOverride All </Directory> ServerAdmin webmaster@hopf-its.de ErrorLog /var/www/vhosts/yachtenwelt.de/log/apache2/error.log LogLevel emerg TransferLog /var/www/vhosts/yachtenwelt.de/log/apache2/access.log Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/yachtenwelt.de/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/yachtenwelt.de/privkey.pem </VirtualHost>
4-happy-paws 的 vhost 配置文件:
<VirtualHost *:80> ServerName www.4-happy-paws.de ServerAlias 4-happy-paws.de Redirect / https://www.4-happy-paws.de/ </VirtualHost> <VirtualHost *:443> DocumentRoot /var/www/vhosts/4-happy-paws.de/html ServerName www.4-happy-paws.de ServerAlias 4-happy-paws.de Alias /.well-known/acme-challenge/ /var/www/vhosts/4-happy-paws.de/html/.well-known/acme-challenge/ <Directory "/var/www/vhosts/4-happy-paws.de/html"> Options +FollowSymLinks AllowOverride All </Directory> <Directory "/var/www/vhosts/4-happy-paws.de/html/.well-known/acme-challenge/"> Options +FollowSymLinks AllowOverride All </Directory> ServerAdmin webmaster@hopf-its.de ErrorLog /var/www/vhosts/4-happy-paws.de/log/apache2/error.log LogLevel emerg TransferLog /var/www/vhosts/4-happy-paws.de/log/apache2/access.log Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/www.4-happy-paws.de/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/www.4-happy-paws.de/privkey.pem </VirtualHost>
apache2ctl -S: 我裁剪了輸出,刪除了我託管的其他域
VirtualHost configuration: *:443 is a NameVirtualHost default server www.4-happy-paws.de (/etc/apache2/sites-enabled/4-happy-paws.de.conf:7) port 443 namevhost www.4-happy-paws.de (/etc/apache2/sites-enabled/4-happy-paws.de.conf:7) alias 4-happy-paws.de port 443 namevhost yachtenwelt.de (/etc/apache2/sites-enabled/yachtenwelt.de.conf:7) port 443 namevhost www.yachtenwelt.de (/etc/apache2/sites-enabled/yachtenwelt.de.conf:12) *:80 is a NameVirtualHost default server www.4-happy-paws.de (/etc/apache2/sites-enabled/4-happy-paws.de.conf:1) port 80 namevhost www.4-happy-paws.de (/etc/apache2/sites-enabled/4-happy-paws.de.conf:1) alias 4-happy-paws.de port 80 namevhost yachtenwelt.de (/etc/apache2/sites-enabled/yachtenwelt.de.conf:1) alias www.yachtenwelt.de ServerRoot: "/etc/apache2" Main DocumentRoot: "/var/www/html" Main ErrorLog: "/var/log/apache2/error.log" Mutex ssl-cache: using_defaults Mutex default: dir="/var/run/apache2/" mechanism=default Mutex mpm-accept: using_defaults Mutex watchdog-callback: using_defaults Mutex rewrite-map: using_defaults Mutex ssl-stapling-refresh: using_defaults Mutex ssl-stapling: using_defaults PidFile: "/var/run/apache2/apache2.pid" Define: DUMP_VHOSTS Define: DUMP_RUN_CFG User: name="www-data" id=33 Group: name="www-data" id=33
apache2ctl -t:
Syntax OK
不幸的是,如果沒有有效的證書,您將無法重定向客戶端。由於 TLS 握手發生在重定向之前。
由於您似乎在使用 Letsencrypt,因此最好的解決方案是獲取具有兩個名稱的證書。如果您使用的是certbot ,則可以
-d
多次添加 Domain 標誌。
certbot -d yachtenwelt.de -d www.yachtenwelt.de [...]
之後確保在兩個VirtualHost 指令中都包含證書。
<VirtualHost *:443> ServerName yachtenwelt.de Redirect / https://www.yachtenwelt.de/ Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/yachtenwelt.de/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/yachtenwelt.de/privkey.pem </VirtualHost>