我有两个域,(更改名称说)alpha.com和beta.com。 主域名alpha.com包含支付集成,核心平台域。 相反,beta.com是最终客户的UI模板所在的第三方域。
所以用户首先去beta.com,当它想要购买东西的时候,在内部,alpha.com被从该网页内部调用。
以下是httpd.conf的一部分
DocumentRoot "/var/www/html" Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT" Header always set Access-Control-Max-Age "1000" Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, Authorization, accept, client-security-token, AKEY, APWD, LoginToken, MPWD, TimeStamp, device, version" # Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request. RewriteEngine On RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L] <VirtualHost *:80> ServerName alpha.com Redirect permanent / https://www.alpha.com/ </VirtualHost> <VirtualHost *:80> # real server configuration ServerName www.alpha.com RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} </VirtualHost> <VirtualHost *:80> ServerName beta.com Redirect permanent / https://www.beta.com/ </VirtualHost> <VirtualHost *:80> # real server configuration ServerName www.beta.com RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} </VirtualHost> 以上确保angularJS前端UI的CORS请求通过并回复200。
我创build了一个自签名证书,并将相同的自签名证书应用于这两个域。 正如您可能已经猜到的,这是为了我们的内部testing,显然生产已经购买了CAvalidation的证书。
现在去alpha.com或beta.com工程(在证书错误添加exception之后)。 但是,beta.com调用alpha.com的stream程会导致CORS请求,并返回404。
我只是粘贴我的ssl.conf,以防万一你有兴趣。
Listen 443 https SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog SSLSessionCache shmcb:/run/httpd/sslcache(512000) SSLSessionCacheTimeout 300 SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin NameVirtualHost *:443 <VirtualHost *:443> ServerName www.alpha.com:443 ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b %T/%{ms}T \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b %T/%{ms}T" common <IfModule logio_module> LogFormat "%h %l %u %t \"%r\" %>s %b %T/%{ms}T \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "logs/ssl_access_log" combined </IfModule> SSLEngine on SSLProtocol all -SSLv2 SSLCertificateFile /etc/pki/tls/certs/421d10cb370c04ca.crt SSLCertificateKeyFile /etc/pki/tls/private/privatekey.pem SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle-g2-g1.crt <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> <VirtualHost *:443> ServerName www.beta.com:443 ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b %T/%{ms}T \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b %T/%{ms}T" common <IfModule logio_module> LogFormat "%h %l %u %t \"%r\" %>s %b %T/%{ms}T \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "logs/ssl_access_log" combined </IfModule> SSLEngine on SSLProtocol all -SSLv2 SSLCertificateFile /etc/pki/tls/certs/421d10cb370c04ca.crt SSLCertificateKeyFile /etc/pki/tls/private/privatekey.pem SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle-g2-g1.crt <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>