使用ssl（端口转发）在流浪沙箱上访问apache

我构建了一个vagrant/virtualbox web服务器作为开发沙箱，并在VM中为ssl配置了apache（在默认端口443上，使用自签名证书）。我已经使用curl测试了VM本身的页面

curl -v -k https://mysite.mydomain.com/testSearch/results?postcode=WN8+0BA

而且它似乎工作得非常愉快，所以我对apache的正确配置和在VM中的工作感到满意

但是，当我试图通过https从主机的浏览器访问VM时，我无法这样做

我补充说

config.vm.forward_port "https", 443, 8443

到我的Vagrant文件，但正在尝试访问url

https://mysite.mydomain.com:8443/testSearch/results?postcode=WN8+0BA

我在几种不同的浏览器上试过的页面根本无法显示：IE给出了一个毫无意义的“Internet Explorer无法显示网页”；铬给予

SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server or it may be requiring a client authentication certificate that you don't have.
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

Firefox给了我

An error occurred during a connection to mysite.mydomain.com:8443.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)

但即使是Firebug Net标签也没有告诉我更多

我在vmapache上的访问或错误日志中没有得到任何信息，因此我怀疑vagrant根本没有转发ssl

• 虚拟机来宾操作系统：centos56x64
• 主机：Windows 7 64位
• JRuby:1.6.3（ruby-1.8.7-p330）（2011-07-07 965162f）（Java热点（TM）64位服务器VM 1.6.024）[Windows 7-amd64-Java]
• 流浪汉：0.7.8
• VirtualBox:4.0.12

任何帮助都将被感激地接受。

1）配置文件

Vagrant::Config.run do |config|
    config.vm.box = "lucid32"
    config.vm.network "33.33.33.10"
    config.vm.forward_port "http", 80, 8080
end

2）访问您的虚拟机“lucid32”

3）在虚拟机内部，配置Apache“虚拟主机”：

<VirtualHost 33.33.33.10:80>
    ServerName        your-domain.dev
    DocumentRoot    /vagrant
    DirectoryIndex    index.php index.html index.htm

    <Directory /vagrant>
        AllowOverride All
        Allow from All
    </Directory>
</VirtualHost>

<VirtualHost 33.33.33.10:443>
    ServerName        your-domain.dev
    DocumentRoot    /vagrant
    DirectoryIndex    index.php index.html index.htm

    <Directory /vagrant>
        AllowOverride All
        Allow from All
    </Directory>

    SSLEngine on
    SSLCertificateFile /path/to/certicate/apache.pem
</VirtualHost>

33.33.33.10    your-domain.dev

---

上述答案要求您在每次销毁盒子时重复步骤2和3。我建议你用厨师来实现你的目标。请参见下面的示例：

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure(2) do |config|

    config.vm.box       = "precise64"
    config.vm.box_url   = "http://files.vagrantup.com/precise64.box"

    config.vm.network :forwarded_port, guest: 80, host: 8080
    config.vm.network :forwarded_port, guest: 443, host: 443

    config.vm.network "private_network", ip: "192.168.33.10"

    config.vm.provision :chef_solo do |chef|

        chef.cookbooks_path = "/path/to/your/cookbooks"

        # Install PHP
        chef.add_recipe "php"
        chef.add_recipe "php::module_mysql"

        # Setup Apache
        chef.add_recipe "apache2"
        chef.add_recipe "apache2::mod_php5"

        chef.json = { :apache => { :default_site_enabled => true } }

    end

end

---

使用此解决方案时，在销毁流浪者箱时，必须反复执行步骤2和步骤3。使用资源调配（bash）脚本，Chef或Puppet将使此任务的重复性大大降低。对于Google，我必须将

SSLCertificateFile

指定为

.crt

文件，将

SSLCertificateKeyFile

指定为

.key

文件。

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure(2) do |config|

    config.vm.box       = "precise64"
    config.vm.box_url   = "http://files.vagrantup.com/precise64.box"

    config.vm.network :forwarded_port, guest: 80, host: 8080
    config.vm.network :forwarded_port, guest: 443, host: 443

    config.vm.network "private_network", ip: "192.168.33.10"

    config.vm.provision :chef_solo do |chef|

        chef.cookbooks_path = "/path/to/your/cookbooks"

        # Install PHP
        chef.add_recipe "php"
        chef.add_recipe "php::module_mysql"

        # Setup Apache
        chef.add_recipe "apache2"
        chef.add_recipe "apache2::mod_php5"

        chef.json = { :apache => { :default_site_enabled => true } }

    end

end