Apache2,虚拟主机和SSL
[英]Apache2, vhosts and SSL
问题描述
My setup: 
我的设置:
site1.com | site1.com | Port 80 港口80
site2.com | site2.com | Port 80 港口80
panel.site1.com | panel.site1.com | Rewrites port 80 traffic to 443 将端口80流量重写为443
This works until someone tries https:// site[x].com and the server redirects them to my panel. 在有人尝试使用https:// site [x] .com并将服务器将其重定向到我的面板之前,此方法一直有效。 I need this panel to be open to the ~100 people who will use it, but I don't want the wrong people stumbling across it. 我需要向大约100个将要使用它的人开放此面板,但我不希望错误的人绊脚石。
I've tried adding: 我尝试添加:
<VirtualHost *:443>
ServerAdmin me@email
ServerName site1.com
ServerAlias www.site1.com
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
to the vhost of site1.com, but it still returns the control panel. 到site1.com的虚拟主机,但仍返回控制面板。 I believe this is because the certs are checked before Apache vhost rules are applied, but I'm not really sure. 我相信这是因为在应用Apache vhost规则之前已对证书进行了检查,但我不确定。 Is there a fix for this or is it simply the limitations of Apache2+SSL? 是否有此修复程序,还是仅仅是Apache2 + SSL的局限性?
1 个解决方案
解决方案1
2 2015-01-26 08:25:29
Apache document states that . Apache文档指出 。
If no matching ServerName or ServerAlias is found in the set of virtual hosts containing the most specific matching IP address and port combination, then the first listed virtual host that matches that will be used.
And so looks like you have kept the <VirtualHost> section of panel.site1.com on top of all other virtual host section. 如此看来,您将panel.site1.com的<VirtualHost>部分保持在所有其他虚拟主机部分的顶部。 Because of this, requests for https://site[x].com will land in it, and so the issue is not related to SSL . 因此,对https://site[x].com请求将落入其中,因此该问题与SSL无关。
Update: 更新:
You can try below configuration and it should work. 您可以尝试以下配置,它应该可以工作。
<VirtualHost *:80>
ServerName www.site1.com
ServerAlias site1.com
DocumentRoot /var/www/site1
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^panel.site1.com
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
</VirtualHost>
<VirtualHost *:80>
ServerName www.site2.com
ServerAlias site2.com
DocumentRoot /var/www/site2
</VirtualHost>
<VirtualHost *:443>
ServerName panel.site1.com
DocumentRoot /var/www/panel
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /opt/apache1/conf/server.crt
SSLCertificateKeyFile /opt/apache1/conf/server.key
</VirtualHost>
How this works 如何运作
- When request are for
http://site1.comthe firstVirtualHostsection will be selected.当请求http://site1.com,将选择第一个VirtualHost部分。 - When request are for
http://site2.comthe secondVirtualHostsection will be selected.当请求http://site2.com,将选择第二个VirtualHost部分。 - If a request arrives for
http://site[x].comthen firstVirtualHostsection will be selected.如果到达http://site[x].com的请求,则将选择第一个VirtualHost部分。 - If a request arrives for
http://panel.site1.comthe request will be redirected tohttps://panel.site1.comand the thirdVirtualHostsection will be selected.如果对http://panel.site1.com的请求到达,该请求将被重定向到https://panel.site1.com并且将选择第三个VirtualHost部分。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.