服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Apache SSL虚拟主机共享相同的DocumentRoot
Intereting Posts
SSH隧道和Rsync通过两个代理/防火墙 用nginx提供静态文件 HTTP,TCP,UDP和无连接 如何仅显示与CACTI营业时间的图表? 应用操作系统 – 错误0x80004005后,SCCM任务序列失败 运行apt-get更新和升级时发生Ubuntu 12.04服务器错误 所有的SAS驱动器都可以热插拔吗? 文件夹访问多个域 在“读取初始通信数据包”时丢失与MySQL服务器的连接 有没有办法在某个时间点形成一个单一的音量? Ubuntulogin页面:在哪里指定显示的用户列表 如何将一棵树中的所有文件复制到另一棵树,除了匹配模式? UFW – 我可以添加一个域名吗? 免费的基于networking的团队协作/文档软件 如何连接此Windows故障转移群集和MongoDB副本集? (里面的图)

Apache SSL虚拟主机共享相同的DocumentRoot

我有一个Web服务器,有两个域指向同一个文档根目录。 我有两个域的SSL证书。 我希望(几乎)所有进入站点的东西在SSL下运行。 所有的作品,但configuration我似乎过度和重复,我想知道我是否可以简化它?

我检查了这些答案: 在Apache , Apache中 设置SSL虚拟主机 :多个虚拟主机w / SSL证书? , https://www.howtoforge.com/hosting-multiple-ssl-web-sites-on-one-ip-address-with-apache-2.2-and-gnutls-debian-lenny虽然有用,但他们没有似乎相当处理这种情况。

我想知道是否有办法将configuration分解成可包含的文件?

我的ports.conf: 

NameVirtualHost *:80 NameVirtualHost *:443 Listen 80 <IfModule mod_ssl.c> # If you add NameVirtualHost *:443 here, you will also have to change # the VirtualHost statement in /etc/apache2/sites-available/default-ssl # to <VirtualHost *:443> # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule>

网站可用默认: 

 <VirtualHost *:80> ServerAdmin [email protected] ServerName yy.com DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> # everything to run under ssl RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] Options -Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /geoserver http://localhost:8080/geoserver ProxyPreserveHost On ProxyStatus On

默认的SSL: 

 <IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin [email protected] ServerName yy.com:443 DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options -Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLCertificateFile /etc/apache2/ssl/yy.com.crt SSLCertificateKeyFile /etc/apache2/ssl/yy.com.key # Server Certificate Chain: SSLCertificateChainFile /etc/apache2/ssl/intermediate.crt # Certificate Authority (CA): <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> # SSL Protocol Adjustments: BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule>

第二个站点的ssl.conf: 

 <IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin [email protected] ServerName zz.com ServerAlias www.zz.com DocumentRoot /var/www # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLCertificateFile /etc/apache2/ssl/zz.com.crt SSLCertificateKeyFile /etc/apache2/ssl/zz.com.key # Server Certificate Chain: SSLCertificateChainFile /etc/apache2/ssl/zz.com/intermediate.crt ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule>

任何帮助赞赏。

微型

就像我发布,我认为必须有一个'包括'function:)所以我查了它( https://httpd.apache.org/docs/2.4/mod/core.html#include ),现在已经创build几个单独的'.conf'文件,我可以包括在适当的。 所以第二个站点的ssl.conf现在看起来像这样: 

 <IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin [email protected] ServerName zz.com ServerAlias www.zz.com DocumentRoot /var/www Include conf/cgi.conf Include conf/proxy.conf Include conf/ssl.conf # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLCertificateFile /etc/apache2/ssl/zz.com.crt SSLCertificateKeyFile /etc/apache2/ssl/zz.com.key # Server Certificate Chain: SSLCertificateChainFile /etc/apache2/ssl/zz.com/intermediate.crt </VirtualHost> </IfModule>

现在更好,更容易

微型