使用一个 IP 地址在多个域上使用多个 SSL

tag-icon tag-icon apache2 ssl
使用一个 IP 地址在多个域上使用多个 SSL

我使用 Apache,并且我有两个域,我为它们创建了虚拟主机并安装了 SSL 证书。但是只有一个域可以工作,另一个域只会重定向到该域。我认为这是因为站点一是主站点,使用 SSL 时我需要为每个域设置单独的 IP 地址?

我读过不少文章说,你可以在虚拟主机中执行以下操作,在一个 IP 上使用多个 SSL 证书

<VirtualHost *:443>

我试过这个,但对我不起作用。还有许多文章提到了 SNI,但我不能 100% 确定这是什么意思。有人能解释一下并给我指明正确的方向吗?

这是我的虚拟主机的样子

站点 1

<VirtualHost *:80>
  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin [email protected]
  ServerName  domain.com
  ServerAlias www.domain.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.php
  DocumentRoot /var/www/html/domain.com/public_html
  Redirect permanent / https://www.domain.com

  <Directory "/var/www/html/domain.com/public_html">
  Options FollowSymLinks
  AllowOverride All
  Order allow,deny
  Allow from all
  </Directory>

  # Log file locations
  LogLevel warn
  #ErrorLog  /var/www/html/domain.com/log/error.log
  #CustomLog /var/www/html/domain.com/log/access.log combined
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin [email protected]
        ServerName domain.com
        ServerAlias www.domain.com

        DocumentRoot /var/www/html/domain.com/public_html
        <Directory "/var/www/html/domain.com/public_html">
                #Options Indexes FollowSymLinks MultiViews
                Options FollowSymLinks
                AllowOverride All
                Order allow,deny
                Allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

        Alias /doc/ "/usr/share/doc/"
        <Directory "/usr/share/doc/">
                Options Indexes MultiViews FollowSymLinks
                AllowOverride None
                Order deny,allow
                Deny from all
                Allow from 127.0.0.0/255.0.0.0 ::1/128
        </Directory>

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile    /etc/apache2/ssl/www_domain_com/www_domain_com.crt
        SSLCertificateKeyFile /etc/apache2/ssl/www_domain_com/server.key

        #   Server Certificate Chain:
        #   Point SSLCertificateChainFile at a file containing the
        #   concatenation of PEM encoded CA certificates which form the
        #   certificate chain for the server certificate. Alternatively
        #   the referenced file can be the same as SSLCertificateFile
        #   when the CA certificates are directly appended to the server
        #   certificate for convinience.
        SSLCertificateChainFile /etc/apache2/ssl/www_domain_com/www_domain_com.ca-bundle

        #...

</VirtualHost>
</IfModule>

站点 2

<VirtualHost *:80>
  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin [email protected]
  ServerName  domain2.com
  ServerAlias www.domain2.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.php index.html
  DocumentRoot /var/www/html/domain2.com/public_html/public
  #  Redirect permanent / https://www.domain2.com

  # Log file locations
  LogLevel warn
  ErrorLog  /var/www/html/domain2.com/log/error.log
  CustomLog /var/www/html/domain2.com/log/access.log combined

  SetEnv CI_ENV production
  SetEnv CI_BASE_URL http://www.domain2.com/

  <Directory "/var/www/html/domain2.com/public_html/public">
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /var/www/html/domain2.com/public_html/public/.htpasswd
        Require valid-user

        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
  </Directory>
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin [email protected]
        ServerName domain2.com
        ServerAlias www.domain2.com
        DocumentRoot /var/www/html/domain2.com/public_html/public

        <Directory "/var/www/html/domain2.com/public_html/public">
                #Options Indexes FollowSymLinks MultiViews
                Options FollowSymLinks
                AllowOverride All
                Order allow,deny
                Allow from all
        </Directory>

       ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
        Alias /doc/ "/usr/share/doc/"

        <Directory "/usr/share/doc/">
                Options Indexes MultiViews FollowSymLinks
                AllowOverride None
                Order deny,allow
                Deny from all
                Allow from 127.0.0.0/255.0.0.0 ::1/128
        </Directory>

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile    /etc/apache2/ssl/www_domain2_com/www_domain2_com.crt
        SSLCertificateKeyFile /etc/apache2/ssl/www_domain2_com/server.key

        #   Server Certificate Chain:
        #   Point SSLCertificateChainFile at a file containing the
        #   concatenation of PEM encoded CA certificates which form the
        #   certificate chain for the server certificate. Alternatively
        #   the referenced file can be the same as SSLCertificateFile
        #   when the CA certificates are directly appended to the server
        #   certificate for convinience.
        SSLCertificateChainFile /etc/apache2/ssl/www_domain2_com/www_domain2_com.ca-bundle

        #...

</VirtualHost>
</IfModule>

答案1

您不需要每个 SSL 域都有一个 IP,但您需要在每个虚拟主机中使用 ServerName 指令。使用 apache2 时,以下内容应该可以正常工作。如果您不使用 apache2,情况会略有不同。

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName example.com
        DocumentRoot /var/www

</VirtualHost>


<IfModule mod_ssl.c>
<VirtualHost *:443>

        ServerAdmin webmaster@localhost
        ServerName example.com
        DocumentRoot /var/www

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile /etc/apache2/ssl/example.com/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/example.com/apache.key
</VirtualHost>

</IfModule>

答案2

解决了!

仅适用于多个站点中的一个站点的配置属于该站点的配置。

移动

<Directory /var/www/html/example.com>
    AllowOverride All
</Directory> 
ServerName example.com

/etc/apache2/apache2.conf

进入

/etc/apache2/sites-available/example.conf

相关内容