服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 无论SNI设置如何,apache始终服务于第一个命名的虚拟主机
Intereting Posts
Zimbra MTA设置 组策略 – 驱动器映射首选项 – 即使只使用计算机configuration端,login也会很慢 从两个不同的接口调用telnet 如何在Ansible config(YAML / Jinja2)中循环遍历项目1? GitHub页面和DNSlogging Ubuntu上的EC2 – sudo su命令后无法访问 在Linux中创build一个专用的vpn客户端端点 作为其成员的一个AD集团已经是一个成员(循环引用)的后果是什么? mod_dav_svn – 同一个存储库的两个虚拟主机 SonicWall VPN或Windows VPN? configurationBIND与数据库后端和DLZ支持 可以使用配合Office 2013使用Office 2010pipe理模板文件configuration的组策略吗? 有条件301redirect取决于服务器(本地主机vs生产) 多个服务器,12小时内发生多个驱动器故障? 活动目录domain.local损坏

无论SNI设置如何,apache始终服务于第一个命名的虚拟主机

无论SNI设置如何,Apache始终提供第一个命名的虚拟主机。 我不确定是什么原因造成的。 我不再收到消息 

Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)

但我今天下午2点。 我记得唯一改变的是添加最后的虚拟主机声明: 

 LoadModule ssl_module modules/mod_ssl.so #LoadModule ssl_module /usr/lib64/libgnutls.so NameVirtualHost 10.10.150.166:443 <IfModule mod_ssl.c> #If you add NameVirtualHost *:443 here, you will also have to change #the VirtualHost statement in /etc/apache2/sites-available/default-ssl #to #Server Name Indication for SSL named virtual hosts is currently not #supported by MSIE on Windows XP. Listen 443 </IfModule> SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLMutex default SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin <VirtualHost mail.napalpha.net:443> SSLStrictSNIVHostCheck on ServerName mail.napalpha.net ServerAlias mail.napalpha.net DocumentRoot /var/www/roundcubemail # Use separate log files for the SSL virtual host; note that LogLevel # is not inherited from httpd.conf. ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/CA/certs/mail_napalpha_net.crt SSLCertificateKeyFile /etc/pki/CA/private/mail.napalpha.net.key SSLCertificateChainFile /etc/pki/CA/IntermediateCAs/GeoTrust_Intermediate.crt SSLCACertificateFile /etc/pki/CA/CABundle/GeoTrust_CA_Bundle.crt <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" Alias /cluebringer "/usr/share/cluebringer/webui/" Alias /iredadmin/static "/var/www/iredadmin/static/" WSGIScriptAlias /iredadmin "/var/www/iredadmin/iredadmin.py/" Alias /awstats/icon "/usr/share/awstats/wwwroot/icon/" Alias /awstatsicon "/usr/share/awstats/wwwroot/icon/" ScriptAlias /awstats "/usr/share/awstats/wwwroot/cgi-bin/" Alias /mail "/var/www/roundcubemail/" Alias /phppgadmin "/var/www/phppgadmin/" Alias /groupoffice "/var/www/groupoffice/" </VirtualHost> <VirtualHost www.procyon-alpha.com:443> ServerName www.procyon-alpha.com ServerAlias www.procyon-alpha.com DocumentRoot /var/www/ProcyonAlpha # SSLEngine On SSLStrictSNIVHostCheck on ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLCertificateFile /etc/pki/CA/certs/SSL_www_procyon-alpha_com.crt SSLCertificateKeyFile /etc/pki/CA/private/procyon-alpha.key SSLCertificateChainFile /etc/pki/CA/IntermediateCAs/GeoTrust_Intermediate.crt SSLCACertificateFile /etc/pki/CA/CABundle/GeoTrust_CA_Bundle.crt CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> <VirtualHost owncloud.procyon-alpha.com:443> ServerName owncloud.procyon-alpha.com ServerAlias owncloud.procyon-alpha.com DocumentRoot /var/www/owncloud SSLStrictSNIVHostCheck on # SSLEngine On <Directory /var/www/owncloud/install> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLCertificateFile /etc/pki/CA/certs/SSL_owncloud_procyon-alpha_com.crt SSLCertificateKeyFile /etc/pki/CA/private/owncloud.procyon-alpha.com.key SSLCertificateChainFile /etc/pki/CA/IntermediateCAs/GeoTrust_Intermediate.crt SSLCACertificateFile /etc/pki/CA/CABundle/GeoTrust_CA_Bundle.crt CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>

httpd -S输出: 

 VirtualHost configuration: 10.10.150.166:443 is a NameVirtualHost default server mail.napalpha.net (/etc/httpd/conf.d/sslcombined.conf:30) port 443 namevhost mail.napalpha.net (/etc/httpd/conf.d/sslcombined.conf:30) alias mail.napalpha.net port 443 namevhost www.procyon-alpha.com (/etc/httpd/conf.d/sslcombined.conf:79) alias www.procyon-alpha.com port 443 namevhost owncloud.procyon-alpha.com (/etc/httpd/conf.d/sslcombined.conf:98) alias owncloud.procyon-alpha.com Syntax OK

如果您忽视证书警告,则会提供正确的内容。 我在这里不知所措

我假定10.10.150.166是运行Apache的服务器的IP地址,以及将请求路由到的服务器的IP地址。 (服务器是否位于某种防火墙的后面,并且有NAT?只要询问是否为非公有IP地址)如果不是,则需要更新NameVirtualHost指令以指向正确的IP地址。

您还需要确保所有三个主机名,即mail.napalpha.netwww.procyon-alpha.comowncloud.procyon-alpha.comparsing为服务器上的NameVirtualHost指令中给出的IP地址。 如果这与公开可见的IP地址不同,则可以在/etc/hosts文件中具有适当的条目。

另一种方法是让每个VirtualHost定义具有如下的IP地址和端口。 ( 不推荐在VirtualHost定义中使用主机名) 

 <VirtualHost <IP address>:443> .... .... </VirtualHost>

对于最后两个虚拟主机, SSLEngine On指令也需要取消注释。