[英]Set up an apache reverse proxy with SSL certs and multiple domains
I need help configuring Apache to act as a reverse proxy with https and multiple domains, such that www.myfirstdomain.com
and www.myseconddomain.com
both point to xxxx
and than the server will selectively forward to, let's say, xxxx:2400
( myfirstdomain.com
, http), xxxx:2401
( myfirstdomain.com
, https), xxxx
:2600 ( myseconddomain.com
, http) and xxxx:2601
( mysecondomain.com
, https).我需要帮助将 Apache 配置为具有 https 和多个域的反向代理,这样www.myfirstdomain.com
和www.myseconddomain.com
都指向xxxx
,而服务器将选择性地转发到,比如说, xxxx:2400
( myfirstdomain.com
, http), xxxx:2401
( myfirstdomain.com
, https), xxxx
:2600 ( myseconddomain.com
, http) 和xxxx:2601
( mysecondomain.com
, https)。
I tried many options but in the end I got stuck because I issued more than 5 certs (renews) per week and also I couldn't make it work.我尝试了很多选择,但最终我被卡住了,因为我每周颁发超过 5 个证书(更新),而且我无法让它工作。
myfirstdomain.com
and www.myfirstdomain.com
(http and https) were configured as follows: myfirstdomain.com
和www.myfirstdomain.com
(http 和 https)配置如下:
/etc/apache2/sites-available/000-default.conf
: /etc/apache2/sites-available/000-default.conf
:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:2400/
ProxyPassReverse / http://127.0.0.1:2400/
</VirtualHost>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:2401/
ProxyPassReverse / http://127.0.0.1:2401/
</VirtualHost>
<VirtualHost *:2400>
ServerName myfirstdomain.com
ServerAlias www.myfirstdomain.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/myfirstdomain/public
<Directory /var/www/html/myfirstdomain/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =myfirstdomain.com
RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteCond %{SERVER_NAME} =www.myfirstdomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:2401>
ServerName myfirstdomain.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/myfirstdomain/public
<Directory /var/www/html/myfirstdomain/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =myfirstdomain.com
RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Then I generated the certs with certbot --apache
for both www and non-www and I had this file:然后我用certbot --apache
为 www 和非 www 生成了证书,我有这个文件:
/etc/apache2/sites-available/000-default-le-ssl.conf
: /etc/apache2/sites-available/000-default-le-ssl.conf
:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:2401/
ProxyPassReverse / http://127.0.0.1:2401/
</VirtualHost>
<VirtualHost *:2401>
ServerName myfirstdomain.com
ServerAlias www.myfirstdomain.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/myfirstdomain/public
<Directory /var/www/html/myfirstdomain/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =myfirstdomain.com
# RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
# RewriteCond %{SERVER_NAME} =www.myfirstdomain.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/www.myfirstdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.myfirstdomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
I also tried to regenerate the HTTPS certificates but it won't work.我也尝试重新生成 HTTPS 证书,但它不起作用。 How do I do it?我该怎么做?
First of all, remember that Apache listens on a range of ports, for instance 80 and 443.首先,请记住 Apache 侦听一系列端口,例如 80 和 443。
Virtualhosts use the same ports (80 and 443) and Apache selects the correct folder using the domain name you use.虚拟主机使用相同的端口(80 和 443),Apache 使用您使用的域名选择正确的文件夹。
For example, myfirstdomain.com could display /var/www/html/myfirstdomain/public, but if apache listens on port 80, it never match the rule for *:2400.例如, myfirstdomain.com可以显示 /var/www/html/myfirstdomain/public,但是如果 apache 侦听端口 80,它永远不会匹配 *:2400 的规则。
I haven't tryed this, but you could put ProxyPass and ProxyPassReverse in each virtual hosts and leave the port to :80 or :443.我还没有尝试过,但是您可以将 ProxyPass 和 ProxyPassReverse 放在每个虚拟主机中,并将端口保留为 :80 或 :443。
When you call myfirstdomain.com:80 , the rule on apache match and it executing proxing to another server.当您调用myfirstdomain.com:80 时,apache 上的规则匹配并且它执行代理到另一台服务器。
See this answer .看到这个答案。
LetsEncrypt create an ACME challenge (a file with a random string) that could be reachable from the internet. LetsEncrypt 创建一个可以从 Internet 访问的 ACME 质询(带有随机字符串的文件)。 The Certification Server search this file, if exists the certificate is released;认证服务器搜索该文件,如果存在则发布证书; if not, it throw an error.如果没有,它会抛出一个错误。
I don't remember the correct pathof the file, but you must verify:我不记得文件的正确路径,但您必须验证:
On some Plesk installations acme files cannot be reacheable because Plesk adds some automatic rules.在某些 Plesk 安装中,无法访问 acme 文件,因为 Plesk 添加了一些自动规则。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.