Fatal编程技术网
  • apache/
  • 如何为子域和https 443后面的丛配置apache?

如何为子域和https 443后面的丛配置apache?

apache

如何为子域和https 443后面的丛配置apache?,apache,plex,Apache,Plex,这是我目前为apache所做的工作,但如何添加http重定向到https for plex <VirtualHost *:80> ServerName plex.mydomain.com ProxyRequests Off ProxyPreserveHost On ProxyPass / http://localhost:32400/ ProxyPassReverse / http://localhost:32400/ Rewrit

这是我目前为apache所做的工作,但如何添加http重定向到https for plex

<VirtualHost *:80>
    ServerName plex.mydomain.com

    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://localhost:32400/
    ProxyPassReverse / http://localhost:32400/

    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^/web
    RewriteCond %{HTTP:X-Plex-Device} ^$
    RewriteRule ^/$ /web/$1 [R,L]
</VirtualHost>


ServerName plex.mydomain.com
代理请求关闭
代理主机
ProxyPass/http://localhost:32400/
ProxyPassReverse/http://localhost:32400/
重新启动发动机
重写cond%{REQUEST_URI}^/网状物
RewriteCond%{HTTP:X-Plex-Device}^$
重写规则^/$/web/$1[R,L]
这是其他子域的工作方式,但这不适用于plex:

<VirtualHost *:80>
    ServerName somesub.mydomain.com

    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^somesub.mydomain.com
    RewriteRule (.*) https://%{SERVER_NAME} [R,L]
</VirtualHost>

<VirtualHost *:443>
    ServerName somesub.mydomain.com

    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://localhost:5555/
    ProxyPassReverse / http://localhost:5555/
</VirtualHost>


ServerName somesub.mydomain.com
重新启动发动机
重写cond%{HTTP_HOST}^somesub.mydomain.com
重写规则(.*)https://%{SERVER_NAME}[R,L]
ServerName somesub.mydomain.com
代理请求关闭
代理主机
ProxyPass/http://localhost:5555/
ProxyPassReverse/http://localhost:5555/
这就是我现在正在使用的并且可以使用的东西(Ubuntu 17.04,Apache2.4)


ServerName my.sub.domain.com
重定向永久/https://my.sub.domain.com/
ServerName my.sub.domain.com
服务器别名“”
选项-Includes-ExecCGI
重新启动发动机
重写cond%{THE_REQUEST}!HTTP/1.1$
重写规则。*-[F]
莱姆博迪512000
斯伦金安
SSLCertificateFile/etc/letsencrypt/live/my.sub.domain.com/fullchain.pem
SSLCertificateKeyFile/etc/letsencrypt/live/my.sub.domain.com/privkey.pem
SSLProtocol+TLSv1.2
标头始终设置严格的传输安全性“最大年龄=63072000;包括子域;预加载”
标题始终设置X帧选项拒绝
FileTag无
可追溯的
#标题编辑集Cookie^(.*);HttpOnly;保护
标题集X-XSS-Protection“1;模式=块”
超时60
ProxyPasswss://localhost:32400/:/websockets/notifications 
ProxyPassReversewss://localhost:32400/:/websockets/notifications
命令拒绝,允许
通融
代理请求关闭
代理主机
SSLProxyEngine打开
RequestHeader将前端Https设置为“开”
ProxyPass/http://localhost:32400/
ProxyPassReverse/http://localhost:32400/
重新启动发动机
重写cond%{REQUEST_URI}^/网状物
RewriteCond%{HTTP:X-Plex-Device}^$
重写cond%{REQUEST_METHOD}^(选项)$
重写规则^/$/web/$1[R,L]
您需要将
localhost
(可能不是)和
my.sub.domain.com
更改为您自己的值,并在重新启动apache服务之前生成ssl证书(我使用了
LetsEncrypt

这个vhost配置是我从许多帖子(一些来自这里,一些来自plex论坛)中改编的。它可能不是完整的或优化的,但确实有效

有关更多详细信息/备选方案,请访问

Alex的回答很好,但要将流量从80重定向到443,您只需在plex.conf文件中添加以下代码行:

<VirtualHost *:80>
    ServerName plex.mydomain.com
    DocumentRoot /var/www/html
    ServerAdmin admin@plex.mydomain.com
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =plex.mydomain.com
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>


ServerName plex.mydomain.com
DocumentRoot/var/www/html
服务器管理员admin@plex.mydomain.com
重新启动发动机
RewriteCond%{SERVER_NAME}=plex.mydomain.com
重写条件%{HTTPS}关闭
重写规则^https://%{SERVER_NAME}%{REQUEST_URI}[END,NE,R=permanent]
以下是我的plex apache2 conf文件供参考:

<VirtualHost *:80>
    ServerName plex.mydomain.com
    DocumentRoot /var/www/html
    ServerAdmin admin@plex.mydomain.com
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =plex.mydomain.com
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
编辑:自2019年4月17日起更新。 您需要使用Apache2>=2.4.11来使用这个和几个MOD(代理、ssl、代理隧道、http、dir、env、标头、代理平衡器、代理http、重写,我认为它们都是):


定义丛url 192.168.1.22
定义丛_端口32400
定义serv_name plex.domain.com
服务器令牌产品
SSLStaplingCache“shmcb:${APACHE_LOG_DIR}/装订缓存(150000)”
SSLSessionCache“shmcb:${APACHE_LOG_DIR}/ssl_scache(512000)”
SSLSessionCacheTimeout 300
ModPagespeed Off
服务器名${serv_name}
DocumentRoot/var/www/html
服务器管理员aw@hell.no
重新启动发动机
RewriteCond%{SERVER\u NAME}=${serv\u NAME}
重写条件%{HTTPS}关闭
重写规则^https://%{SERVER_NAME}%{REQUEST_URI}[END,NE,R=permanent]
ErrorLog${APACHE\u LOG\u DIR}/${serv\u name}.error.LOG
CustomLog${APACHE\u LOG\u DIR}/${serv\u name}.access.LOG组合
服务器名${serv_name}
DocumentRoot/var/www/html
服务器管理员aw@hell.no
ErrorLog${APACHE\u LOG\u DIR}/${serv\u name}.error.LOG
CustomLog${APACHE\u LOG\u DIR}/${serv\u name}.access.LOG组合
###让我们加密部分###
SSLCertificateFile/etc/letsencrypt/live/${serv_name}/fullchain.pem
SSLCertificateKeyFile/etc/letsencrypt/live/${serv_name}/privkey.pem
#Include/etc/letsencrypt/options-ssl-apache.conf
选项-Includes-ExecCGI
###拒绝http1.0请求###
重新启动发动机
重写cond%{SERVER_PROTOCOL}^HTTP/1\.0$
#重写cond%{REQUEST_URI}^/404/$
重写规则^-[F]
###强化安全###
代理请求关闭
代理主机
代理超时600
ProxyReceiveBufferSize 4096
SSLProxyEngine打开
RequestHeader将前端Https设置为“开”
服务器签名关闭
SSL压缩关闭
SSLUS建立在
SSLSTAPL超时5
SSLStaplingReturnResponderErrors关闭
SSLSE:退票
RequestHeader集合X-Forwarded-Proto'https'env=https
标头始终设置严格的传输安全性“最大年龄=15552000;预加载”
标题始终设置X-Content-Type-Options nosniff
标题始终设置为X-Robots-Tag none
标头始终设置X-XSS-Protection“1;模式=块”
标题始终设置X帧选项“SAMEORIGIN”
标头始终设置引用者策略“相同来源”
标题始终设置功能策略“加速计‘无’;摄像头‘无’;地理定位‘无’;陀螺仪‘无’;磁强计‘无’;麦克风‘无’;付款‘无’;usb‘无’;”
标头始终设置内容安全策略“默认src'self'https:;字体src'self'数据:${plex_url}${serv_name};媒体src'self'blob:${plex_url}${serv_name};脚本src'self''safe-i

<IfModule mod_ssl.c>
    DEFINE plex_url 192.168.1.22
    DEFINE plex_port 32400
    DEFINE serv_name plex.domain.com
    ServerTokens Prod
    SSLStaplingCache "shmcb:${APACHE_LOG_DIR}/stapling-cache(150000)"
    SSLSessionCache "shmcb:${APACHE_LOG_DIR}/ssl_scache(512000)"
    SSLSessionCacheTimeout 300
    ModPagespeed Off
<VirtualHost *:80>
    ServerName ${serv_name}
    DocumentRoot /var/www/html
    ServerAdmin aw@hell.no
    RewriteEngine On
    RewriteCond %{SERVER_NAME} =${serv_name}
    RewriteCond %{HTTPS} Off
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    ErrorLog ${APACHE_LOG_DIR}/${serv_name}.error.log
    CustomLog ${APACHE_LOG_DIR}/${serv_name}.access.log combined
</VirtualHost>
<VirtualHost *:443>
    ServerName ${serv_name}
    DocumentRoot /var/www/html
    ServerAdmin aw@hell.no
    ErrorLog ${APACHE_LOG_DIR}/${serv_name}.error.log
    CustomLog ${APACHE_LOG_DIR}/${serv_name}.access.log combined
### Let's Encrypt Section ###
    SSLCertificateFile /etc/letsencrypt/live/${serv_name}/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/${serv_name}/privkey.pem
    #Include /etc/letsencrypt/options-ssl-apache.conf
    Options -Includes -ExecCGI
### Deny http1.0 requests ###
    RewriteEngine On
    RewriteCond %{SERVER_PROTOCOL} ^HTTP/1\.0$
    #RewriteCond %{REQUEST_URI} !^/404/$
    RewriteRule ^ - [F]
### Harden Security ###
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyTimeout 600
    ProxyReceiveBufferSize 4096
    SSLProxyEngine On
    RequestHeader set Front-End-Https "On"
    ServerSignature Off
    SSLCompression Off
    SSLUseStapling On
    SSLStaplingResponderTimeout 5
    SSLStaplingReturnResponderErrors Off
    SSLSessionTickets Off
    RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
    Header always set Strict-Transport-Security "max-age=15552000; preload"
    Header always set X-Content-Type-Options nosniff
    Header always set X-Robots-Tag none
    Header always set X-XSS-Protection "1; mode=block"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set Referrer-Policy "same-origin"
    Header always set Feature-Policy "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none';"
    Header always set Content-Security-Policy "default-src 'self' https:; font-src 'self' data: ${plex_url} ${serv_name}; media-src 'self' blob: ${plex_url} ${serv_name}; script-src 'self' 'unsafe-inline' ${plex_url} ${serv_name} plex.tv www.gstatic.com; style-src 'self' ${plex_url} ${serv_name}; img-src 'self' data: blob: ${plex_url} ${serv_name} plex.tv *.plex.tv; worker-src *; frame-src 'none'; connect-src 'self' wss: https: ${plex_url} ${serv_name} plex.tv *.plex.direct *.plex.tv;"
    SSLCipherSuite ECDHE+RSA+AES256+GCM+SHA512:DHE+RSA+AES256+GCM+SHA512:ECDHE+RSA+AES256+GCM+SHA384:DHE+RSA+AES256+GCM+SHA384:ECDHE+RSA+AES256+SHA384:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLHonorCipherOrder On
### Plex Specific Section ###
    ProxyPass / http://${plex_url}:${plex_port}/
    ProxyPassReverse / http://${plex_url}:${plex_port}/
    ProxyPass /:/ ws://${plex_url}:${plex_port}/:/
    ProxyPassReverse /:/ ws://${plex_url}:${plex_port}/:/
    ProxyPass /:/ wss://${plex_url}:${plex_port}/:/
    ProxyPassReverse /:/ wss://${plex_url}:${plex_port}/:/
    LimitRequestBody 512000
    FileETag None
    TraceEnable off
    #Header edit Set-Cookie ^(.*)$ ;HttpOnly;Secure
    Timeout 60
    <Location /:/websockets/notifications>
        ProxyPass wss://${plex_url}:${plex_port}/:/websockets/notifications
        ProxyPassReverse wss://${plex_url}:${plex_port}/:/websockets/notifications
    </Location>
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^/web
    RewriteCond %{HTTP:X-Plex-Device} ^$
    RewriteCond %{REQUEST_METHOD} !^(OPTIONS)$
    RewriteCond %{QUERY_STRING} (^|&)X-Plex-Device=(&|$) [OR]
    RewriteCond %{QUERY_STRING} !(^|&)X-Plex-Device=
    RewriteRule ^/$ /web/$1 [R,L]
</VirtualHost>
</IfModule>