我们已经更新了我们的Apache部署configuration,以允许非www请求到我们的服务器( https://example.com )。 对于https连接,我们需要这样做,因为名称与证书不匹配。 这很好,最近我们注意到我们的本地部署安全环境( https://chris.example.com )也指向这个新的部署。 我们评论了新的部署,以确认这是造成它的变化。 我们推测这是来自我们设置的servername设置。 这是我们的初始设置:
NameVirtualHost example.com:443 <VirtualHost example.com:443> ServerAdmin [email protected] DocumentRoot /var/www/html/www.example.com ServerName example.com SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP SSLProtocol all SSLCertificateFile /usr/local/ssl/crt/example2017.cert SSLCertificateKeyFile /usr/local/ssl/private/ssl2017.key SSLCACertificateFile /usr/local/ssl/crt/example2017intermediate.pem DirectoryIndex index.html DirectoryIndex index.php LogLevel notice ErrorLog /var/log/httpd/www.example.com/error.log LogFormat "%{%Y-%m-%d %H:%M:%S}t %a %u %A %p %m %U %q %>s \"%{User-agent}i\"" w3c_extended CustomLog /var/log/httpd/www.example.com/access.log w3c_extended </VirtualHost>
在注释结束后,我们认为它是ServerName是一个松散的匹配,我们在Apache网站上阅读以下内容:
有时,服务器运行在处理SSL的设备后面,例如反向代理,负载均衡器或SSL卸载设备。 在这种情况下,请指定https://scheme和客户端在ServerName指令中连接的端口号,以确保服务器生成正确的自引用URL。
– http://httpd.apache.org/docs/2.2/mod/core.html#servername
所以我们更新了servername的条目:
ServerName https://example.com:443
这允许主页( https://example.com )仍然加载和redirect,但开发环境( https://chris.example.com )再次被加载。 我最初正在考虑尝试一个明确的起始规则:
ServerName ^example.com
但我找不到任何地方说servername接受正则expression式。 有没有办法做到这一点,还是我自己走错了路,问题在别处?
这里是httpd -S输出:
VirtualHost configuration: 192.168.0.0:443 is a NameVirtualHost default server example.com (/etc/httpd/conf/httpd.conf:1065) port 443 namevhost example.com (/etc/httpd/conf/httpd.conf:1065) wildcard NameVirtualHosts and _default_ servers: *:443 is a NameVirtualHost default server *.example.com (/etc/httpd/conf.d/ssl.conf:74) port 443 namevhost *.example.com (/etc/httpd/conf.d/ssl.conf:74) port 443 namevhost www.example.com (/etc/httpd/conf/httpd.conf:1046) port 443 namevhost chris.example.com (/etc/httpd/conf/httpd.conf:1096) port 443 namevhost dan.example.com (/etc/httpd/conf/httpd.conf:1129) port 443 namevhost rich.example.com (/etc/httpd/conf/httpd.conf:1159) port 443 namevhost rich2.example.com (/etc/httpd/conf/httpd.conf:1189) port 443 namevhost danny12.example.com (/etc/httpd/conf/httpd.conf:1219) port 443 namevhost nick.example.com (/etc/httpd/conf/httpd.conf:1249) port 443 namevhost cdn.example.com (/etc/httpd/conf/httpd.conf:1300) port 443 namevhost origin_server.example.com (/etc/httpd/conf/httpd.conf:1316) *:80 is a NameVirtualHost default server www.example.com (/etc/httpd/conf/httpd.conf:1034) port 80 namevhost www.example.com (/etc/httpd/conf/httpd.conf:1034) port 80 namevhost dfw.example.com (/etc/httpd/conf/httpd.conf:1084) port 80 namevhost chris.example.com (/etc/httpd/conf/httpd.conf:1114) port 80 namevhost dan.example.com (/etc/httpd/conf/httpd.conf:1147) port 80 namevhost rich.example.com (/etc/httpd/conf/httpd.conf:1177) port 80 namevhost rich2.example.com (/etc/httpd/conf/httpd.conf:1207) port 80 namevhost danny12.example.com (/etc/httpd/conf/httpd.conf:1237) port 80 namevhost nick.example.com (/etc/httpd/conf/httpd.conf:1267) port 80 namevhost origin_server.example.com (/etc/httpd/conf/httpd.conf:1279) port 80 namevhost cdn.example.com (/etc/httpd/conf/httpd.conf:1290) Syntax OK
新部署从1064行开始,到1081结束。
在聊天中进行了更彻底的调查之后,出现了两个 NameBasedVirtualHost语句,一个用于*:443 ,另一个用于example.com:443 ,前者具有所有子域VirtualHost声明,而后者仅具有一个用于example.com自身。
使其与一个NameBasedVirtualHost *:443声明统一起来,并且引用它的所有子域和主域都解决了这个问题。