在Ubuntu上使用SNI的多重SSL Apache/2.4.7 Ubuntu Ubuntu 14.04
我正在尝试在同一ip上运行多个ssl。当我输入第一个域时,它会重定向到第二个域 我可能在某个地方遗漏了一件小事,如果你能帮我,那就太棒了 我没有更改ports.conf文件,因为我的印象是virtualhost已不再使用 我的站点启用目录中有两个.conf文件,我尝试过合并它们,但得到了相同的结果 apachectl-S的输出为:在Ubuntu上使用SNI的多重SSL Apache/2.4.7 Ubuntu Ubuntu 14.04,apache,ubuntu,ssl,Apache,Ubuntu,Ssl,我正在尝试在同一ip上运行多个ssl。当我输入第一个域时,它会重定向到第二个域 我可能在某个地方遗漏了一件小事,如果你能帮我,那就太棒了 我没有更改ports.conf文件,因为我的印象是virtualhost已不再使用 我的站点启用目录中有两个.conf文件,我尝试过合并它们,但得到了相同的结果 apachectl-S的输出为: *:443 is a NameVirtualHost default server domain2.com (/etc/apache2/sites-enabled/
*:443 is a NameVirtualHost
default server domain2.com (/etc/apache2/sites-enabled/domain2.com.conf:19)
port 443 namevhost domain2.com (/etc/apache2/sites-enabled/domain2.com.conf:19)
port 443 namevhost www.domain1.com (/etc/apache2/sites-enabled/domain1.com.conf:19)
alias domain1.com
wild alias *.domain1.com
以下是my ports.conf应为默认Ubuntu:
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
我尝试过使用更新的conf文件从mod_ssl切换到mod_gnutls,得到了相同的结果
已启用站点中的域1.conf文件:
<VirtualHost *:80>
ServerName domain1.com
ServerAlias www.domain1.com *.domain1.com
DocumentRoot /git/domain1.com/public/
ServerAdmin webmaster@domain1.com
<Directory /git/domain1.com/public/>
Options +Indexes +FollowSymLinks -MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/error_domain1.com.log
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@domain1.com
ServerName domain1.com
DocumentRoot /git/domain1.com/public/
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /git/domain1.com/apache/ssl/apache.crt
SSLCertificateKeyFile /git/domain1.com/apache/ssl/apache.key
<Directory /git/domain1.com/public/>
Options +Indexes +FollowSymLinks -MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
</IfModule>
域2配置:
<VirtualHost *:80>
ServerName domain2.com
ServerAlias www.domain2.com *.domain2.com domain2.ca *.domain2.ca
DocumentRoot /git/domain2.com/public/
ServerAdmin webmaster@domain2.com
<Directory /git/domain2.com/public/>
Options +Indexes +FollowSymLinks -MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/error_domain2.com.log
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@domain2.com
ServerName domain2.com
DocumentRoot /git/domain2.com/public/
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /git/domain2.com/apache/ssl/apache.crt
SSLCertificateKeyFile /git/domain2.com/apache/ssl/apache.key
<Directory /git/domain2.com/public/>
Options +Indexes +FollowSymLinks -MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/error_domain2.com.log
</VirtualHost>
</IfModule>
由于默认服务器是domain2.com,因此来自不支持SNI的浏览器的HTTPS请求可能会重定向到domain2.com,即使您打算访问www.domain1.com
如果您确定客户端支持SNI,那么您还可以调查另一种可能性,然后检查已安装的OpenSSL是否支持TLS,以及您的Apache是否使用该OpenSSL版本构建。为了使基于名称的Apache虚拟主机能够正确处理请求,必须满足服务器端和客户端的先决条件
更新1
您可能会看到类似Init:Name-based SSL的错误日志虚拟主机需要支持TLS extensions RFC 6066-服务器名称指示/SNI的OpenSSL版本,但当前使用的库版本%s在启动服务器时的错误日志中缺少此功能
更新2
而且,虽然apachectl-S的结果
正在显示*.domain1.com或domain1.com,将在您的domain1.conf中作为www.domain1.com进行处理
<VirtualHost *:443>
ServerAdmin webmaster@domain1.com
ServerName domain1.com
没有为此虚拟主机定义任何别名,因此我想知道此虚拟主机是否会像您假设的那样处理请求
port 443 namevhost www.domain1.com (/etc/apache2/sites-enabled/domain1.com.conf:19)
alias domain1.com
wild alias *.domain1.com
<VirtualHost *:443>
ServerAdmin webmaster@domain1.com
ServerName domain1.com