问题:Rocket.Chat服务器完全通过HTTP运行,但不幸的是我无法使用HTTPS和Apache2反向代理…
Apache-Config sub.example.com(Rocket.Chat):
> <VirtualHost IP:443> > > ServerAdmin [email protected] > ServerName sub.example.com > ServerAlias www.sub.example.com > ErrorLog /var/log/chat.sub.example.com_error.log > TransferLog /var/log/chat.sub.example.com_access.log > LogLevel info > SSLEngine On > SSLCertificateFile /etc/letsencrypt/live/sub.example.com/fullchain.pem > SSLCertificateKeyFile /etc/letsencrypt/live/sub.example.com/privkey.pem > > <Location /> > Order allow,deny > Allow from all > </Location> > > RewriteEngine On > RewriteCond %{HTTP:Upgrade} =websocket [NC] > RewriteRule /(.*) ws://localhost:3000/$1 [P,L] > RewriteCond %{HTTP:Upgrade} !=websocket [NC] > RewriteRule /(.*) http://localhost:3000/$1 [P,L] > > ProxyPassReverse / http://localhost:3000/ > </VirtualHost> 在顶部运行的example.com也通过https服务其他内容:
<VirtualHost *:443> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com ServerAdmin [email protected] ServerName example.com ServerAlias www.example.com DocumentRoot /var/www/example.com/public_html # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, eg #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf RewriteEngine on RewriteCond %{SERVER_NAME} =www.example.com [OR] RewriteCond %{SERVER_NAME} =example.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
球童文件看起来像这样:
> https://sub.example.com > proxy / localhost:3000 { > websocket > transparent > }
球童状态(每次我编辑默认球童文件的服务上面的设置似乎失败):
https://cloud.githubusercontent.com/assets/26794734/24507484/def39ce6-1560-11e7-8233-265c5a833b39.png
摘要(/./ – >链接删除):
[网站] HTTPS https:/./ example.com – >工作
[Rocket.Chat] HTTP http:/./sub.example.com:3000->正常工作
[Rocket.Chat] HTTPS https:/./ sub.example.com:3000 – > NOT WORKING(ERR_CONNECTION_CLOSED)
有人能给我一个提示吗? 我认为这是一个顶级域名和VirtualHosts的问题…非常感谢!
我得到了与centos7和apache相同的麻烦,通过安装中间证书解决! 似乎移动API需要它。 使用https://www.ssllabs.com/ssltest/index.htmltesting您的服务器SSL。 如果证书testing中出现“链不完整”错误,请使用https://certificatechain.io/来解决。
在最后一个网站上粘贴您的实际SSL证书,并将结果用于您的中间证书。 重新启动httpd,ssllabs中的另一个testing必须在证书链中看起来OK,移动应用程序听起来不错。