您正在向启用 SSL 的服务器端口发送普通 HTTP

您正在向启用 SSL 的服务器端口发送普通 HTTP

我正在尝试使用打开网站https://mydomain.com,但我总是看到:您正在向启用 SSL 的服务器端口发送纯 HTTP 消息。但使用 http 网站可以...

我使用的是 Apache 2.2.22,没有 nginx。这是我的 apache.conf:

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    NameVirtualHost *:443
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
#    Listen 443
</IfModule>

虚拟主机:

<VirtualHost *:80>
    ServerName mydomain.com:80
    SSLEngine off
    DocumentRoot /var/www/www-root/data/www/mydomain.com
    ServerAdmin [email protected]
    AddDefaultCharset UTF-8
    AssignUserID www-root www-root
    CustomLog /var/www/httpd-logs/mydomain.com.access.log combined
    ErrorLog /var/www/httpd-logs/mydomain.com.error.log
        <FilesMatch "\.ph(p[3-5]?|tml)$">
        SetHandler application/x-httpd-php
    </FilesMatch>
    ServerName mydomain.com
    ScriptAlias /cgi-bin/ /var/www/www-root/data/www/mydomain.com/cgi-bin/
    ScriptAlias /php-bin/ /var/www/php-bin/www-root/
    ServerAlias www.mydomain.com
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>
    <IfModule php5_module>
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f [email protected]"
        php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp"
        php_admin_value session.save_path "/var/www/www-root/data/mod-tmp"
        php_admin_value open_basedir "none"
    </IfModule>
    <IfModule php7_module>
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f [email protected]"
        php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp"
        php_admin_value session.save_path "/var/www/www-root/data/mod-tmp"
        php_admin_value open_basedir "none"
    </IfModule>
</VirtualHost>
<Directory /var/www/www-root/data/www/mydomain.com>
    AllowOverride All
    Options +Includes +ExecCGI
    <IfModule php5_module>
        php_admin_flag engine on
    </IfModule>
    <IfModule php7_module>
        php_admin_flag engine on
    </IfModule>
</Directory>
<VirtualHost *:443>
    ServerName mydomain.com:443
    DocumentRoot /var/www/www-root/data/www/mydomain.com
    ServerAdmin [email protected]
    AddDefaultCharset UTF-8
    SSLEngine on
    SSLCertificateFile "/var/www/httpd-cert/www-root/mydomain.com.crt"
    SSLCertificateKeyFile "/var/www/httpd-cert/www-root/mydomain.com.key"
    SSLCertificateChainFile "/var/www/httpd-cert/www-root/mydomain.com.ca"
    SSLHonorCipherOrder on
    SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH 
    AssignUserID www-root www-root
    CustomLog /var/www/httpd-logs/mydomain.com443.access.log combined
    ErrorLog /var/www/httpd-logs/mydomain.com443.error.log
    <FilesMatch "\.ph(p[3-5]?|tml)$">
        SetHandler application/x-httpd-php
    </FilesMatch>
    ServerName mydomain.com
    ScriptAlias /cgi-bin/ /var/www/www-root/data/www/mydomain.com/cgi-bin/
    CustomLog /var/www/httpd-logs/mydomain.com.access.log combined
    ErrorLog /var/www/httpd-logs/mydomain.com.error.log
    ScriptAlias /php-bin/ /var/www/php-bin/www-root/
    ServerAlias www.mydomain.com
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>
    <IfModule php5_module>
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f [email protected]"
        php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp"
        php_admin_value session.save_path "/var/www/www-root/data/mod-tmp"
        php_admin_value open_basedir "none"
    </IfModule>
    <IfModule php7_module>
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f [email protected]"
        php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp"
        php_admin_value session.save_path "/var/www/www-root/data/mod-tmp"
        php_admin_value open_basedir "none"
    </IfModule>
</VirtualHost>

嗯,我不知道该怎么办。我购买了 Aplpha SSL 证书,它至少可以与 ISPManager 配合使用,但我无法使用 https 打开该网站。请帮忙!

ssl.conf:

<IfModule mod_ssl.c>
#
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512

##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#
#   Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism 
#   to use and second the expiring timeout (in seconds).
#   (The mechanism dbm has known memory leaks and should not be used).
#SSLSessionCache         dbm:${APACHE_RUN_DIR}/ssl_scache
SSLSessionCache        shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization. 
SSLMutex  file:${APACHE_RUN_DIR}/ssl_mutex

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate. See the
#   ciphers(1) man page from the openssl package for list of all available
#   options.
#   Enable only secure ciphers:
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

#   Speed-optimized SSL Cipher configuration:
#   If speed is your main concern (on busy HTTPS servers e.g.),
#   you might want to force clients to specific, performance
#   optimized ciphers. In this case, prepend those ciphers
#   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
#   Caveat: by giving precedence to RC4-SHA and AES128-SHA
#   (as in the example below), most connections will no longer
#   have perfect forward secrecy - if the server's key is
#   compromised, captures of past or future traffic must be
#   considered compromised, too.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on

# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
SSLProtocol all -SSLv2

# Allow insecure renegotiation with clients which do not yet support the
# secure renegotiation protocol. Default: Off
SSLInsecureRenegotiation off

# Whether to forbid non-SNI clients to access name based virtual hosts.
# Default: Off
SSLStrictSNIVHostCheck off

</IfModule>

答案1

在服务器更改之后,将现有网站/应用程序从 http 转换为 https 有许多“陷阱”需要注意。绝不是完整的,但以下是我必须处理的一些事情。只是一个起点——检查项目以尽量减少WTF时刻。

当然,在您之前安装的任何(Web)应用程序框架中允许 ssl 连接也是其中之一。 (wordpress、drupal、joomla,...)

在任何 .htaccess 文件中进行适当的更改(不应将所有 https 更改为 http)。

如果您有任何域重定向到您的域,则可能需要对其进行调整。

另外,为了确保最终用户通过 https 查看您的网站时不会收到警告消息/图标:建议您彻底检查对加载到页面中的外部资源(javascript、css、图片)的引用,以确保它们不使用http://而不是https://.

建议不仅检查网页,还检查错误页面。

当然,如果您有任何“插件”或使用第三方附加应用程序,则需要仔细检查它们使用的任何地方。

当我将网站移动到具有“Let's Encrypt”SSL 证书的服务器时,我必须解决上述所有问题。我在旧服务器上保留了可用的“原始网站”,并且在一些情况下将网站指向该服务器,同时我整理了所有需要修复的内容。

答案2

问题解决了。这都是因为我的框架。我需要允许 ssl 连接。谢谢大家的帮助)

相关内容