堆栈内存溢出
  简体   繁体   English

Apache SSL配置中断HTTP

[英]Apache SSL config breaks HTTP

 原文  2015-11-24 11:40:31       apache/ ssl

问题描述

I have installed an SSL certificate today, and it works perfectly, pages sought through https:// work fine. 我今天已经安装了SSL证书,并且效果很好,通过https://搜索的页面工作正常。

I have put a redirect in my website.conf to redirect port 80 to https, but it is not working. 我在我的website.conf中放置了一个重定向,以将端口80重定向到https,但是它不起作用。

Also if I go to http://www.example.org (the root), it gets stuck in a redirect loop. 另外,如果我转到http://www.example.org (根目录),则会陷入重定向循环。 going to http://www.example.org/test.htm goes to the same url minus the last /. 转到http://www.example.org/test.htm转到相同的网址减去最后一个/。 eg http://www.example.orgtest.htm/ (slash moves to end) 例如http://www.example.orgtest.htm/ (斜杠结束)

This is really busting my balls, i really hope you guys have some clues. 这真的使我不寒而栗,我真的希望你们有一些线索。

here is my .conf file 这是我的.conf文件 

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName example.org
   Redirect permanent / https://www.example.org
</VirtualHost>


<VirtualHost _default_:443>

  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin richard@example.org
  ServerName  example.org
  ServerAlias www.example.org

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.org
  DocumentRoot /var/www/example.org/html

  # SSL settings
  SSLEngine on
  SSLCertificateFile /etc/ssl/certs/www_example_org.crt
  SSLCertificateKeyFile /etc/ssl/digicert/example.key
  SSLCACertificateFile /etc/ssl/certs/DigiCertCA.crt

  # Log file locations
  LogLevel warn
  ErrorLog  /var/www/example.org/log/error.log
  CustomLog /var/www/example.org/log/access.log combined
</VirtualHost>

2 个解决方案

解决方案1
 1  2015-11-24 12:53:45

Your config looks fine for me. 您的配置对我来说很好。 Maybe, you should append a / like this: Redirect permanent / https://www.example.org/ 也许,您应该添加一个/例如: Redirect permanent / https://www.example.org/

Instead of using Redirect permanent , you could also use mod_rewrite : 除了使用Redirect permanent ,还可以使用mod_rewrite 

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

For this to work, you must have installed the mod_rewrite module. 为此,必须安装mod_rewrite模块。

If you would like for force https, another approach is so set the HSTS-Header in your Apache config. 如果您想强制使用https,则另一种方法是在Apache配置中设置HSTS-Header Then, a browser knows that your website is available with https and will automatically redirect all traffic to your https-address. 然后,浏览器知道您的网站可以使用https,并将所有流量自动重定向到您的https-地址。 You can set this header with the following command: 您可以使用以下命令设置此标头: 

Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

In general, I would recommend reviewing your SSL-config with SSLLabs . 通常,我建议您使用SSLLabs查看您的SSL配置。 If your config is fine, you should get an A+-Rating. 如果配置正确,则应获得A +等级。 I hope this helps. 我希望这有帮助。

解决方案2
 0 已采纳  2015-11-24 13:19:35

well i worked it out after much tears, i was missing ServerAlias www.example.org 好吧,我在流泪之后就解决了,我想念ServerAlias www.example.org

for port 80, Thanks to Ben for the HSTS header though, i will def use that. 对于端口80,尽管感谢Ben提供的HSTS标头,但我将默认使用它。 cheers 干杯

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Apache 2.4 SSL Config-服务器使用HTTP 400拒绝请求 - Apache 2.4 SSL Config - Server rejects requests with HTTP 400 Apache Config代理SSL - Apache Config proxy SSL Apache 2.4 SSL配置 - Apache 2.4 SSL Config Apache HTTP服务器上的SSL - SSL on Apache HTTP Server 为Eclipse配置Apache HTTP Server - Config Apache HTTP Server for Eclipse 强制域在SSL下的不同UID Apache中断下运行 - Forcing domain to run under different UID apache breaks under SSL Apache Http Client 4.0.1 SSL代理 - Apache Http Client 4.0.1 SSL Proxy Apache HTTP Server的间歇性SSL握手错误 - Intermittent SSL handshake error with Apache HTTP Server 在tomcat和Apache HTTP服务器之间配置SSL - Configure SSL between tomcat and apache http server SSL加密,Apache HTTP或Webapp放在哪里 - Where to put SSL encryption, Apache HTTP or Webapp
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM