Apache 具有htaccess的Letsencrypt
这是我当前的htaccess配置/frontend/webApache 具有htaccess的Letsencrypt,apache,.htaccess,mod-rewrite,lets-encrypt,Apache,.htaccess,Mod Rewrite,Lets Encrypt,这是我当前的htaccess配置/frontend/web RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule ^.*$ https://%{SERVER_NAME} [R,L] # if a directory or a file exists, use it directly RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # otherw
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME} [R,L]
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# otherwise forward it to index.php
RewriteRule . index.php
我正在尝试插入以下内容:
RewriteCond %{REQUEST_URI} !^.well-known/acme-challenge/$
The following errors were reported by the server:
Domain: example.com
Type: unauthorized
Detail: Invalid response from
http://example.com/.well-known/acme-challenge/%acme%
或
在上面
RewriteRule ^.*$ https://%{SERVER_NAME} [R,L]
创建letsecnrypt证书,但这一切都不起作用
用于创建证书的Letsencrypt命令(debug coz Centos6):
letsencrypt错误:
RewriteCond %{REQUEST_URI} !^.well-known/acme-challenge/$
The following errors were reported by the server:
Domain: example.com
Type: unauthorized
Detail: Invalid response from
http://example.com/.well-known/acme-challenge/%acme%
上面的链接将我引向站点协议的HTTPS版本。如果删除对https的重定向,则会收到一条成功接收证书的消息。结论:。广为人知的消息继续发送到https,我的设置不起作用,我做错了什么?在不必更改任何规则的情况下,最干净的方法是在所有其他规则之前添加一个单独的规则,该规则有效地禁用对目录中文件的重写,如下所示:
RewriteRule^\.著名/+-[END]
您可能希望在规则之前立即添加文件存在性检查,以便显示自定义错误响应页面,而不是服务器的默认页面:
RewriteCond%{REQUEST_FILENAME}-f
我最终完成了这个配置,就像cakephp 2的魅力一样:
将此文件放入webroot和app文件夹上方的.htaccess文件中,与应用程序位于同一文件夹中
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^.well-known/ - [L,NC]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
RewriteRule ^$ app/webroot/ [L]
RewriteRule (.*) app/webroot/$1 [L]
</IfModule>
重新启动发动机
重写规则^.众所周知的/-[L,NC]
重写条件%{HTTP_HOST}^www\.(.*)$[NC]
重写规则^(.*)$https://%1/$1[R=301,L]
重写cond%{HTTPS}=在…上
重写规则^(.*)$https://%{HTTP_HOST}/$1[R=301,L]
重写规则^$app/webroot/[L]
重写规则(*)app/webroot/$1[L]
只需替换底部的两行以适应您的系统。我通常会在vhost配置中添加一个别名,该别名指向不安全的环境。通常,我的开发或登台服务器受到htaccess保护,而实时系统(显然)没有 Apache虚拟主机配置: protected.example.com.conf
<VirtualHost *:80>
Alias /.well-known /var/www/example.com/.well-known
<Directory /var/www/example.com/.well-known>
Require all granted
</Directory>
</VirtualHost>
在.htaccess中这样放置:
RewriteRule "^.well-known/acme-challenge" - [L]
这对我很有用:
RewriteCond %{REQUEST_URI} !^/.well-known/(.*)
RewriteRule^\.well/+-[END]是唯一对我有效的方法,我尝试了很多选择!在没有文档根的Apache 2.4 vhost上,我必须在
^
:RewriteRule^/\.众所周知的/+-[END]
首先,点前面缺少一个转义字符。点匹配任何字符(如果未转义)。此外,您还应该检查mod_rewrite.c,而且您没有提到,您的代码需要放在任何其他重写规则之前的顶部。这正是我所需要的框架,它阻止对公用文件夹之外的文件夹的访问。只需设置以下条件:RewriteCond%{HTTP_HOST}!^\。众所周知的/+
在.htaccess
文件中的上重写引擎后第一个
RewriteCond %{REQUEST_URI} !^/.well-known/(.*)