Apache 虚拟主机 https 有效,但 http 仅采用默认虚拟主机
Apache virtual hosts https works but http takes to default virtual host only
我正在使用亚马逊 linux 和 apache (Apache/2.4.25 (Amazon))。我有几个域和几个子域。我使用 letsencrypt/cerbot 作为 ssl 证书。这行得通。我可以毫无问题地访问 https。但是,我无法访问我的任何非默认 http 虚拟主机。他们都重新路由到默认的虚拟主机。我只发现了一些其他类似的帖子没有解决,这似乎很难搜索。 Letsencrypt 抱怨说我需要为虚拟主机单独的文件,所以这就是我为 http 和 https 所做的。我最终将所有的 http 都移到了 httpd.conf 中,但这也不起作用。我的域和子域也有 "A" 记录。我错过了什么?
###Begin httpd.conf###
ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User nona_yo_biz
Group nona_yo_biz
ServerAdmin support@example.com
<Directory />
AllowOverride none
Require all denied
</Directory>
<Directory "/var/www">
AllowOverride All
# Allow open access:
Require all granted
</Directory>
<Directory "/var/www/html">
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
# Load config files in the "/etc/httpd/conf.d" directory, if any.
# This is where my ssl files are stored
IncludeOptional conf.d/*.conf
#Some other module crap etc
#Some other AWS settings
<Directory "/var/www/html">
Options FollowSymLinks
AllowOverride All
DirectoryIndex index.html index.php
Require all granted
</Directory>
<VirtualHost *:80>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/basesite"
ServerName basesite.com
</VirtualHost>
<VirtualHost *:80>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/sub1example"
ServerName sub1.example.com
</VirtualHost>
<VirtualHost *:80>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/sub2example"
ServerName sub2.example.com
</VirtualHost>
<VirtualHost *:80>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/example"
ServerName example.com
</VirtualHost>
###End httpd.conf###
###BEGIN ssl.conf###
Listen 443 https
#Some other stuff
<VirtualHost *:443>
DocumentRoot "/var/www/html/basesite"
ServerName basesite.com:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLHonorCipherOrder on
#Some other stuff
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ServerAdmin support@example.com
SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem
</VirtualHost>
###END ssl.conf
###Separate conf file for vhost###
<VirtualHost *:443>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/sub1example"
ServerName sub1.example.com:443
SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem
</VirtualHost>
###Separate conf file for vhost###
<VirtualHost *:443>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/sub2example"
ServerName sub2.example.com:443
SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem
</VirtualHost>
###Separate conf file for vhost###
<VirtualHost *:443>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/example"
ServerName example.com:443
SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem
</VirtualHost>
编辑 apachectl -S 输出
sudo apachectl -S
VirtualHost configuration:
*:443 is a NameVirtualHost
default server basesite.com (/etc/httpd/conf.d/ssl.conf:57)
port 443 namevhost basesite.com (/etc/httpd/conf.d/ssl.conf:57)
port 443 namevhost sub1.example.com (/etc/httpd/conf.d/ssl_sub1_exa.conf:1)
port 443 namevhost example.com (/etc/httpd/conf.d/ssl_exa.conf:1)
port 443 namevhost sub2.example.com (/etc/httpd/conf.d/ssl_sub2_exa.conf:1)
*:80 is a NameVirtualHost
default server basesite.com (/etc/httpd/conf/httpd.conf:392)
port 80 namevhost basesite.com (/etc/httpd/conf/httpd.conf:392)
port 80 namevhost sub1.example.com (/etc/httpd/conf/httpd.conf:400)
alias sub1.example.com:80
port 80 namevhost example.com (/etc/httpd/conf/httpd.conf:407)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html/"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex default: dir="/var/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "/var/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="nona_yo_biz" id=404
Group: name="nona_yo_biz" id=505
我没有看到 NameVirtualHost *:80 的条目,对于基于名称的虚拟主机,这是您在配置文件中需要的条目。试试看吧。
我有两个想法:
(查看虚拟主机)
1. httpd -S
和
2. SSLCertificateKeyFile must have *.key extension
你没有规则的虚拟主机指令(index.php,启用.htaccess 和其他),你可以试试这个:
<VirtualHost *:80>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/basesite"
ServerName basesite.com
<Directory "/var/www/html/basesite/">
Options Indexes FollowSymLinks
AllowOverride All
DirectoryIndex index.php index.html
Require all granted
</Directory>
</VirtualHost>
您需要将 "NS" 记录添加到域管理面板。
所以我已经解决了这个问题,不幸的是它是尝试多种不同方法的组合。所以我没有一个简单的答案可以提供,但我可以提供一些在整个过程中对我有帮助的东西。
- 感谢 Vasya Zhuryk,我使用 sudo apachectl -S 确定 where/how 我的虚拟主机实际上正在加载。在 Amazon Linux apache 默认设置中,当您的 ssl 文件以“.conf”结尾时,它们会从 conf.d 动态加载。它们通过 IncludeOptional conf.d/*.conf 从主 httpd.conf 文件加载。正如我之前意识到的那样,不要将您的备份留在 conf.d 中并带有“.conf”,否则您最终会遇到问题。但是,这不会发生在 conf 文件夹中。因此,这些需要包含在 Include /path to file/file.conf 中。
- 我发现在 chrome (ctrl+shift+N) 中进行隐身浏览时,非 ssl 站点工作正常。因此清除自动填充表单数据(以及可能缓存的图像和文件),因为 "the beginning of time" 清除了 chrome 中的错误域重定向。这是非常误导的,因为当我输入地址时,会显示正确的域名,但总是会重定向到错误的域名。这可能是因为之前的虚拟主机配置不当。
同样,在此过程中完成并尝试了很多事情,但以上是一些可能对其他人有所帮助的关键点。
我正在使用亚马逊 linux 和 apache (Apache/2.4.25 (Amazon))。我有几个域和几个子域。我使用 letsencrypt/cerbot 作为 ssl 证书。这行得通。我可以毫无问题地访问 https。但是,我无法访问我的任何非默认 http 虚拟主机。他们都重新路由到默认的虚拟主机。我只发现了一些其他类似的帖子没有解决,这似乎很难搜索。 Letsencrypt 抱怨说我需要为虚拟主机单独的文件,所以这就是我为 http 和 https 所做的。我最终将所有的 http 都移到了 httpd.conf 中,但这也不起作用。我的域和子域也有 "A" 记录。我错过了什么?
###Begin httpd.conf###
ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User nona_yo_biz
Group nona_yo_biz
ServerAdmin support@example.com
<Directory />
AllowOverride none
Require all denied
</Directory>
<Directory "/var/www">
AllowOverride All
# Allow open access:
Require all granted
</Directory>
<Directory "/var/www/html">
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
# Load config files in the "/etc/httpd/conf.d" directory, if any.
# This is where my ssl files are stored
IncludeOptional conf.d/*.conf
#Some other module crap etc
#Some other AWS settings
<Directory "/var/www/html">
Options FollowSymLinks
AllowOverride All
DirectoryIndex index.html index.php
Require all granted
</Directory>
<VirtualHost *:80>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/basesite"
ServerName basesite.com
</VirtualHost>
<VirtualHost *:80>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/sub1example"
ServerName sub1.example.com
</VirtualHost>
<VirtualHost *:80>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/sub2example"
ServerName sub2.example.com
</VirtualHost>
<VirtualHost *:80>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/example"
ServerName example.com
</VirtualHost>
###End httpd.conf###
###BEGIN ssl.conf###
Listen 443 https
#Some other stuff
<VirtualHost *:443>
DocumentRoot "/var/www/html/basesite"
ServerName basesite.com:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLHonorCipherOrder on
#Some other stuff
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ServerAdmin support@example.com
SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem
</VirtualHost>
###END ssl.conf
###Separate conf file for vhost###
<VirtualHost *:443>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/sub1example"
ServerName sub1.example.com:443
SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem
</VirtualHost>
###Separate conf file for vhost###
<VirtualHost *:443>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/sub2example"
ServerName sub2.example.com:443
SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem
</VirtualHost>
###Separate conf file for vhost###
<VirtualHost *:443>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/example"
ServerName example.com:443
SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem
</VirtualHost>
编辑 apachectl -S 输出
sudo apachectl -S
VirtualHost configuration:
*:443 is a NameVirtualHost
default server basesite.com (/etc/httpd/conf.d/ssl.conf:57)
port 443 namevhost basesite.com (/etc/httpd/conf.d/ssl.conf:57)
port 443 namevhost sub1.example.com (/etc/httpd/conf.d/ssl_sub1_exa.conf:1)
port 443 namevhost example.com (/etc/httpd/conf.d/ssl_exa.conf:1)
port 443 namevhost sub2.example.com (/etc/httpd/conf.d/ssl_sub2_exa.conf:1)
*:80 is a NameVirtualHost
default server basesite.com (/etc/httpd/conf/httpd.conf:392)
port 80 namevhost basesite.com (/etc/httpd/conf/httpd.conf:392)
port 80 namevhost sub1.example.com (/etc/httpd/conf/httpd.conf:400)
alias sub1.example.com:80
port 80 namevhost example.com (/etc/httpd/conf/httpd.conf:407)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html/"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex default: dir="/var/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "/var/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="nona_yo_biz" id=404
Group: name="nona_yo_biz" id=505
我没有看到 NameVirtualHost *:80 的条目,对于基于名称的虚拟主机,这是您在配置文件中需要的条目。试试看吧。
我有两个想法: (查看虚拟主机)
1. httpd -S
和
2. SSLCertificateKeyFile must have *.key extension
你没有规则的虚拟主机指令(index.php,启用.htaccess 和其他),你可以试试这个:
<VirtualHost *:80>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/basesite"
ServerName basesite.com
<Directory "/var/www/html/basesite/">
Options Indexes FollowSymLinks
AllowOverride All
DirectoryIndex index.php index.html
Require all granted
</Directory>
</VirtualHost>
您需要将 "NS" 记录添加到域管理面板。
所以我已经解决了这个问题,不幸的是它是尝试多种不同方法的组合。所以我没有一个简单的答案可以提供,但我可以提供一些在整个过程中对我有帮助的东西。
- 感谢 Vasya Zhuryk,我使用 sudo apachectl -S 确定 where/how 我的虚拟主机实际上正在加载。在 Amazon Linux apache 默认设置中,当您的 ssl 文件以“.conf”结尾时,它们会从 conf.d 动态加载。它们通过 IncludeOptional conf.d/*.conf 从主 httpd.conf 文件加载。正如我之前意识到的那样,不要将您的备份留在 conf.d 中并带有“.conf”,否则您最终会遇到问题。但是,这不会发生在 conf 文件夹中。因此,这些需要包含在 Include /path to file/file.conf 中。
- 我发现在 chrome (ctrl+shift+N) 中进行隐身浏览时,非 ssl 站点工作正常。因此清除自动填充表单数据(以及可能缓存的图像和文件),因为 "the beginning of time" 清除了 chrome 中的错误域重定向。这是非常误导的,因为当我输入地址时,会显示正确的域名,但总是会重定向到错误的域名。这可能是因为之前的虚拟主机配置不当。
同样,在此过程中完成并尝试了很多事情,但以上是一些可能对其他人有所帮助的关键点。