使用ssl(端口转发)在流浪沙箱上访问apache
我构建了一个vagrant/virtualbox web服务器作为开发沙箱,并在VM中为ssl配置了apache(在默认端口443上,使用自签名证书)。我已经使用curl测试了VM本身的页面使用ssl(端口转发)在流浪沙箱上访问apache,ssl,virtualbox,portforwarding,vagrant,Ssl,Virtualbox,Portforwarding,Vagrant,我构建了一个vagrant/virtualbox web服务器作为开发沙箱,并在VM中为ssl配置了apache(在默认端口443上,使用自签名证书)。我已经使用curl测试了VM本身的页面 curl -v -k https://mysite.mydomain.com/testSearch/results?postcode=WN8+0BA 而且它似乎工作得非常愉快,所以我对apache的正确配置和在VM中的工作感到满意 但是,当我试图通过https从主机的浏览器访问VM时,我无法这样做 我补充
curl -v -k https://mysite.mydomain.com/testSearch/results?postcode=WN8+0BA
而且它似乎工作得非常愉快,所以我对apache的正确配置和在VM中的工作感到满意
但是,当我试图通过https从主机的浏览器访问VM时,我无法这样做
我补充说
config.vm.forward_port "https", 443, 8443
到我的Vagrant文件,但正在尝试访问url
https://mysite.mydomain.com:8443/testSearch/results?postcode=WN8+0BA
我在几种不同的浏览器上试过的页面根本无法显示:IE给出了一个毫无意义的“Internet Explorer无法显示网页”;铬给予
SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server or it may be requiring a client authentication certificate that you don't have.
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.
Firefox给了我
An error occurred during a connection to mysite.mydomain.com:8443.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
但即使是Firebug Net标签也没有告诉我更多
我在vmapache上的访问或错误日志中没有得到任何信息,因此我怀疑vagrant根本没有转发ssl
- 虚拟机来宾操作系统:centos56x64
- 主机:Windows 7 64位
- JRuby:1.6.3(ruby-1.8.7-p330)(2011-07-07 965162f)(Java热点(TM)64位服务器VM 1.6.024)[Windows 7-amd64-Java]
- 流浪汉:0.7.8
- VirtualBox:4.0.12
Vagrant::Config.run do |config|
config.vm.box = "lucid32"
config.vm.network "33.33.33.10"
config.vm.forward_port "http", 80, 8080
end
2)访问您的虚拟机“lucid32”
3)在虚拟机内部,配置Apache“虚拟主机”:
<VirtualHost 33.33.33.10:80>
ServerName your-domain.dev
DocumentRoot /vagrant
DirectoryIndex index.php index.html index.htm
<Directory /vagrant>
AllowOverride All
Allow from All
</Directory>
</VirtualHost>
<VirtualHost 33.33.33.10:443>
ServerName your-domain.dev
DocumentRoot /vagrant
DirectoryIndex index.php index.html index.htm
<Directory /vagrant>
AllowOverride All
Allow from All
</Directory>
SSLEngine on
SSLCertificateFile /path/to/certicate/apache.pem
</VirtualHost>
33.33.33.10 your-domain.dev
上述答案要求您在每次销毁盒子时重复步骤2和3。我建议你用厨师来实现你的目标。请参见下面的示例:
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure(2) do |config|
config.vm.box = "precise64"
config.vm.box_url = "http://files.vagrantup.com/precise64.box"
config.vm.network :forwarded_port, guest: 80, host: 8080
config.vm.network :forwarded_port, guest: 443, host: 443
config.vm.network "private_network", ip: "192.168.33.10"
config.vm.provision :chef_solo do |chef|
chef.cookbooks_path = "/path/to/your/cookbooks"
# Install PHP
chef.add_recipe "php"
chef.add_recipe "php::module_mysql"
# Setup Apache
chef.add_recipe "apache2"
chef.add_recipe "apache2::mod_php5"
chef.json = { :apache => { :default_site_enabled => true } }
end
end
使用此解决方案时,在销毁流浪者箱时,必须反复执行步骤2和步骤3。使用资源调配(bash)脚本,Chef或Puppet将使此任务的重复性大大降低。对于Google,我必须将
SSLCertificateFile
指定为.crt
文件,将SSLCertificateKeyFile
指定为.key
文件。
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure(2) do |config|
config.vm.box = "precise64"
config.vm.box_url = "http://files.vagrantup.com/precise64.box"
config.vm.network :forwarded_port, guest: 80, host: 8080
config.vm.network :forwarded_port, guest: 443, host: 443
config.vm.network "private_network", ip: "192.168.33.10"
config.vm.provision :chef_solo do |chef|
chef.cookbooks_path = "/path/to/your/cookbooks"
# Install PHP
chef.add_recipe "php"
chef.add_recipe "php::module_mysql"
# Setup Apache
chef.add_recipe "apache2"
chef.add_recipe "apache2::mod_php5"
chef.json = { :apache => { :default_site_enabled => true } }
end
end