Warning: file_get_contents(/data/phpspider/zhask/data//catemap/6/apache/8.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
在Ubuntu上使用SNI的多重SSL Apache/2.4.7 Ubuntu Ubuntu 14.04_Apache_Ubuntu_Ssl - Fatal编程技术网
Fatal编程技术网
  • apache/
  • 在Ubuntu上使用SNI的多重SSL Apache/2.4.7 Ubuntu Ubuntu 14.04

在Ubuntu上使用SNI的多重SSL Apache/2.4.7 Ubuntu Ubuntu 14.04

apache ubuntu ssl

在Ubuntu上使用SNI的多重SSL Apache/2.4.7 Ubuntu Ubuntu 14.04,apache,ubuntu,ssl,Apache,Ubuntu,Ssl,我正在尝试在同一ip上运行多个ssl。当我输入第一个域时,它会重定向到第二个域 我可能在某个地方遗漏了一件小事,如果你能帮我,那就太棒了 我没有更改ports.conf文件,因为我的印象是virtualhost已不再使用 我的站点启用目录中有两个.conf文件,我尝试过合并它们,但得到了相同的结果 apachectl-S的输出为: *:443 is a NameVirtualHost default server domain2.com (/etc/apache2/sites-enabled/

我正在尝试在同一ip上运行多个ssl。当我输入第一个域时,它会重定向到第二个域

我可能在某个地方遗漏了一件小事,如果你能帮我,那就太棒了

我没有更改ports.conf文件,因为我的印象是virtualhost已不再使用

我的站点启用目录中有两个.conf文件,我尝试过合并它们,但得到了相同的结果

apachectl-S的输出为:

*:443 is a NameVirtualHost
 default server domain2.com (/etc/apache2/sites-enabled/domain2.com.conf:19)
 port 443 namevhost domain2.com (/etc/apache2/sites-enabled/domain2.com.conf:19)
 port 443 namevhost www.domain1.com (/etc/apache2/sites-enabled/domain1.com.conf:19)
     alias domain1.com
     wild alias *.domain1.com
以下是my ports.conf应为默认Ubuntu:

Listen 80

<IfModule ssl_module>
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>
我尝试过使用更新的conf文件从mod_ssl切换到mod_gnutls,得到了相同的结果

已启用站点中的域1.conf文件:

<VirtualHost *:80>
    ServerName domain1.com
    ServerAlias www.domain1.com *.domain1.com 
    DocumentRoot /git/domain1.com/public/
    ServerAdmin webmaster@domain1.com

    <Directory /git/domain1.com/public/>
        Options +Indexes +FollowSymLinks -MultiViews
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog /var/log/apache2/error_domain1.com.log
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>

        ServerAdmin webmaster@domain1.com
        ServerName domain1.com
        DocumentRoot /git/domain1.com/public/

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile /git/domain1.com/apache/ssl/apache.crt
        SSLCertificateKeyFile /git/domain1.com/apache/ssl/apache.key

    <Directory /git/domain1.com/public/>
        Options +Indexes +FollowSymLinks -MultiViews
        AllowOverride All
        Require all granted
    </Directory>

</VirtualHost>

</IfModule>
域2配置:

<VirtualHost *:80>
    ServerName domain2.com
    ServerAlias www.domain2.com *.domain2.com domain2.ca *.domain2.ca
    DocumentRoot /git/domain2.com/public/
    ServerAdmin webmaster@domain2.com

    <Directory /git/domain2.com/public/>
        Options +Indexes +FollowSymLinks -MultiViews
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog /var/log/apache2/error_domain2.com.log
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>

        ServerAdmin webmaster@domain2.com
        ServerName domain2.com
        DocumentRoot /git/domain2.com/public/

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile /git/domain2.com/apache/ssl/apache.crt
        SSLCertificateKeyFile /git/domain2.com/apache/ssl/apache.key

    <Directory /git/domain2.com/public/>
        Options +Indexes +FollowSymLinks -MultiViews
        AllowOverride All
        Require all granted
    </Directory>
    ErrorLog /var/log/apache2/error_domain2.com.log

</VirtualHost>

</IfModule>
由于默认服务器是domain2.com,因此来自不支持SNI的浏览器的HTTPS请求可能会重定向到domain2.com,即使您打算访问www.domain1.com

如果您确定客户端支持SNI,那么您还可以调查另一种可能性,然后检查已安装的OpenSSL是否支持TLS,以及您的Apache是否使用该OpenSSL版本构建。为了使基于名称的Apache虚拟主机能够正确处理请求,必须满足服务器端和客户端的先决条件

更新1 您可能会看到类似Init:Name-based SSL的错误日志虚拟主机需要支持TLS extensions RFC 6066-服务器名称指示/SNI的OpenSSL版本,但当前使用的库版本%s在启动服务器时的错误日志中缺少此功能

更新2 而且,虽然apachectl-S的结果

正在显示*.domain1.com或domain1.com,将在您的domain1.conf中作为www.domain1.com进行处理

<VirtualHost *:443>

        ServerAdmin webmaster@domain1.com
        ServerName domain1.com
没有为此虚拟主机定义任何别名,因此我想知道此虚拟主机是否会像您假设的那样处理请求

  port 443 namevhost www.domain1.com (/etc/apache2/sites-enabled/domain1.com.conf:19)
     alias domain1.com
     wild alias *.domain1.com

<VirtualHost *:443>

        ServerAdmin webmaster@domain1.com
        ServerName domain1.com