使用 SSL 证书和多个域设置 apache 反向代理
[英]Set up an apache reverse proxy with SSL certs and multiple domains
问题描述
I need help configuring Apache to act as a reverse proxy with https and multiple domains, such that www.myfirstdomain.com and www.myseconddomain.com both point to xxxx and than the server will selectively forward to, let's say, xxxx:2400 ( myfirstdomain.com , http), xxxx:2401 ( myfirstdomain.com , https), xxxx :2600 ( myseconddomain.com , http) and xxxx:2601 ( mysecondomain.com , https).
我需要帮助将 Apache 配置为具有 https 和多个域的反向代理,这样www.myfirstdomain.com和www.myseconddomain.com都指向xxxx ,而服务器将选择性地转发到,比如说, xxxx:2400 ( myfirstdomain.com , http), xxxx:2401 ( myfirstdomain.com , https), xxxx :2600 ( myseconddomain.com , http) 和xxxx:2601 ( mysecondomain.com , https)。
I tried many options but in the end I got stuck because I issued more than 5 certs (renews) per week and also I couldn't make it work.我尝试了很多选择,但最终我被卡住了,因为我每周颁发超过 5 个证书(更新),而且我无法让它工作。
myfirstdomain.com and www.myfirstdomain.com (http and https) were configured as follows: myfirstdomain.com和www.myfirstdomain.com (http 和 https)配置如下:
/etc/apache2/sites-available/000-default.conf : /etc/apache2/sites-available/000-default.conf :
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:2400/
ProxyPassReverse / http://127.0.0.1:2400/
</VirtualHost>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:2401/
ProxyPassReverse / http://127.0.0.1:2401/
</VirtualHost>
<VirtualHost *:2400>
ServerName myfirstdomain.com
ServerAlias www.myfirstdomain.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/myfirstdomain/public
<Directory /var/www/html/myfirstdomain/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =myfirstdomain.com
RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteCond %{SERVER_NAME} =www.myfirstdomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:2401>
ServerName myfirstdomain.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/myfirstdomain/public
<Directory /var/www/html/myfirstdomain/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =myfirstdomain.com
RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Then I generated the certs with certbot --apache for both www and non-www and I had this file:然后我用certbot --apache为 www 和非 www 生成了证书,我有这个文件:
/etc/apache2/sites-available/000-default-le-ssl.conf : /etc/apache2/sites-available/000-default-le-ssl.conf :
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:2401/
ProxyPassReverse / http://127.0.0.1:2401/
</VirtualHost>
<VirtualHost *:2401>
ServerName myfirstdomain.com
ServerAlias www.myfirstdomain.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/myfirstdomain/public
<Directory /var/www/html/myfirstdomain/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =myfirstdomain.com
# RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
# RewriteCond %{SERVER_NAME} =www.myfirstdomain.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/www.myfirstdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.myfirstdomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
I also tried to regenerate the HTTPS certificates but it won't work.我也尝试重新生成 HTTPS 证书,但它不起作用。 How do I do it?我该怎么做?
1 个解决方案
解决方案1
0 2020-11-23 09:06:57
First of all, remember that Apache listens on a range of ports, for instance 80 and 443.首先,请记住 Apache 侦听一系列端口,例如 80 和 443。
Virtualhosts use the same ports (80 and 443) and Apache selects the correct folder using the domain name you use.虚拟主机使用相同的端口(80 和 443),Apache 使用您使用的域名选择正确的文件夹。
For example, myfirstdomain.com could display /var/www/html/myfirstdomain/public, but if apache listens on port 80, it never match the rule for *:2400.例如, myfirstdomain.com可以显示 /var/www/html/myfirstdomain/public,但是如果 apache 侦听端口 80,它永远不会匹配 *:2400 的规则。
I haven't tryed this, but you could put ProxyPass and ProxyPassReverse in each virtual hosts and leave the port to :80 or :443.我还没有尝试过,但是您可以将 ProxyPass 和 ProxyPassReverse 放在每个虚拟主机中,并将端口保留为 :80 或 :443。
When you call myfirstdomain.com:80 , the rule on apache match and it executing proxing to another server.当您调用myfirstdomain.com:80 时,apache 上的规则匹配并且它执行代理到另一台服务器。
See this answer .看到这个答案。
LetsEncrypt create an ACME challenge (a file with a random string) that could be reachable from the internet. LetsEncrypt 创建一个可以从 Internet 访问的 ACME 质询(带有随机字符串的文件)。 The Certification Server search this file, if exists the certificate is released;认证服务器搜索该文件,如果存在则发布证书; if not, it throw an error.如果没有,它会抛出一个错误。
I don't remember the correct pathof the file, but you must verify:我不记得文件的正确路径,但您必须验证:
- can you reach "myfistdomain.com" from the internet?你能从互联网上访问“myfistdomain.com”吗?
- an external server can reach "myfistdomain.com" ?外部服务器可以访问“myfistdomain.com”吗? (check dns name and port forwarding of your router (检查路由器的 dns 名称和端口转发
- can you open the ACME challenge file?你能打开 ACME 挑战文件吗?
- can the server open the ACME challenge file?服务器可以打开 ACME 挑战文件吗?
On some Plesk installations acme files cannot be reacheable because Plesk adds some automatic rules.在某些 Plesk 安装中,无法访问 acme 文件,因为 Plesk 添加了一些自动规则。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.