在Apache服务器上安装了SSL,页面无响应
[英]Installed SSL on Apache server, page not responding
问题描述
My question is about SSL installation. 
我的问题是关于SSL安装的。 I purchased a new SSL for a website that's hosted on a Ubuntu 16.04 box with Apache 2.4.29. 我为在Apache 2.4.29的Ubuntu 16.04机器上托管的网站购买了新的SSL。 I was able to get this installed and I'm not getting any errors but my page is not redirecting. 我能够安装此程序,但没有出现任何错误,但我的页面未重定向。 I've followed some guides (DigitalOcean) but feel as I'm missing something. 我遵循了一些指南(DigitalOcean),但感觉好像缺少一些东西。
I have checked the sites-available files (000-default.conf, default-ssl.conf & example.com.conf) and I'm not seeing anything that's catching my eye, but I feel I migtht be missing something. 我已经检查了站点可用的文件(000-default.conf,default-ssl.conf和example.com.conf),但没有发现任何吸引我的东西,但是我感觉自己丢失了一些东西。 I've checked the status of Apache and I'm not getting any errors and I've restarted the services several times to no avail. 我检查了Apache的状态,没有收到任何错误,并且已经多次重启服务,但无济于事。
Here's a general breakdown of what I have. 这是我所拥有的大致分类。 Am I missing something? 我想念什么吗? Is additional information required for setting this up? 设置是否需要其他信息?
000-default.conf 000-default.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
Redirect "/" "https://example.com/"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
default-ssl.conf 默认的ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
SSLCertificateFile /root/example.com.crt
SSLCertificateKeyFile /root/www.example.com.key
SSLCACertificateFile /root/intermediate.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>4
mydomain.com.conf mydomain.com.conf
<VirtualHost *:443>
ServerAdmin admin@somedomain.com
ServerName mydomain.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/html
Redirect permanent / https://example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
1 个解决方案
解决方案1
0 已采纳 2018-10-08 01:23:14
Here is my attempt at a combined configuration. 这是我尝试组合配置的尝试。 Note that I do not have your setup to test it, but I have used similar configurations on production servers. 请注意,我没有用于测试的设置,但是在生产服务器上使用了类似的配置。
First define your port 80 VirtualHost (000-default.conf in your setup): 首先定义您的端口80 VirtualHost(在您的设置中为000-default.conf):
Listen 80
<VirtualHost *:80>
Redirect "/" "https://example.com/"
LogLevel debug
ErrorLog "${APACHE_LOG_DIR}/80_error.log"
CustomLog "${APACHE_LOG_DIR}/80_access.log" combined
</VirtualHost>
No need for a DocumentRoot since you redirect everything. 因为您重定向了所有内容,所以不需要DocumentRoot 。
Then comment out default-ssl.conf . 然后注释掉default-ssl.conf 。 This file is an example of what you could do to setup an SSL enabled VirtualHost. 该文件是您可以设置启用SSL的VirtualHost的示例。 If you use that file AND another VirtualHost on port 443, this one will always be used, since Apache uses the first VirtualHost it finds that matches the client's request (here port 443). 如果您使用该文件和端口443上的另一个VirtualHost,则将始终使用该文件,因为Apache使用的第一个VirtualHost会找到与客户端请求匹配的虚拟主机(此处为端口443)。
Another point, VirtualHost are not "added" to one another. 还有一点,VirtualHost不会彼此“添加”。 Each is independent of the others and must contain a complete configuration. 每个独立于其他,并且必须包含完整的配置。 This means you cannot put some configuration in on VirtualHost on port 443, and some in another and expect it to work. 这意味着您不能将某些配置放在端口443上的VirtualHost上,而不能将某些配置放在端口上并且期望它能正常工作。
Then create your example.com.conf file: 然后创建您的example.com.conf文件:
Listen 443
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
ServerAdmin admin@example.com
SSLCertificateFile "/root/example.com.crt"
SSLCertificateKeyFile "/root/example.com.key"
SSLCACertificateFile "/root/intermediate.crt"
LogLevel debug
ErrorLog "logs/443_error_log"
CustomLog "logs/443_access_log" combined
DocumentRoot "/var/www/example.com/html"
DirectoryIndex index.html
<Directory "/var/www/example.com/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
Some notes: 一些注意事项:
- I put the
LogLevelat debug, so you can troubleshoot, but once it is working, change it to error.我将LogLevel置于调试状态,因此可以进行故障排除,但是一旦运行,就将其更改为错误。 Otherwise you will have huge log files quickly!否则,您将很快拥有巨大的日志文件! - For the same reason, I split the logs for port 80 and port 443. Each VirtualHost should have its own logs. 出于相同的原因,我将端口80和端口443的日志分开。每个VirtualHost都应具有自己的日志。
- The certificate files must match the domain name. 证书文件必须与域名匹配。 Not the filename (although it makes it easier to match), but the certificate itself. 不是文件名(尽管它使匹配更容易),而是证书本身。
- If you want your certificate to cover example.com and www.example.com, both names must be added to the alternate names in the certificate. 如果希望证书覆盖example.com 和 www.example.com,则必须将两个名称都添加到证书的备用名称中。
- I do not understand why you have
Redirect permanent / https://example.comin your configuration.我不明白为什么您的配置中包含Redirect permanent / https://example.com。 You are already in thehttps, port 443 VirtualHost.您已经位于https端口443 VirtualHost中。 - The options based on
<FilesMatch>directives in the default ssl configuration can be added if you want.如果需要,可以在默认的ssl配置中添加基于<FilesMatch>指令的选项。
This setup will ensure that all http requests will be redirected to https://example.com . 此设置将确保所有http请求都将重定向到https://example.com 。 Then it will use the :443 VirtualHost, use the proper certificate for that domain and serve the content from the DocumentRoot directory. 然后它将使用:443 VirtualHost,为该域使用适当的证书,并提供DocumentRoot目录中的内容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.