如果我们访问不带“www”的网站 ofornecedor.com.br/#/dashboard,则证书不起作用;但是,如果我们访问带有“www”的网站 www.ofornecedor.com.br/#/dashboard,则我们可以在 URL 中看到 https。
这个配置有什么问题?我的服务器在亚马逊上。
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
<VirtualHost *:80>
ServerName ofornecedor.com.br
ServerAlias www.ofornecedor.com.br
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteCond %{REQUEST_URI} /admin [NC]
RewriteRule /admin/(.*) ws://exp:8080/admin/$1 [P,L]
RewriteCond %{HTTP_HOST} !^ofornecedor\.com\.br$
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) https://ofornecedor.com.br/$1 [L,R]
</VirtualHost>
经过一番研究,我找到了这个配置。但由于某种原因,它仍然不起作用。
仍然无法使用 HTTPS 设置 Enonic XP
cat /home/xp/enonic/xp/config/com.enonic.xp.web.vhost.cfg
enabled = true
mapping.api.host = localhost
mapping.api.source = /api
mapping.api.target = /api
mapping.a.host = ofornecedor.com.br
mapping.a.source = /admin
mapping.a.target = /admin
mapping.a.userStore = system
mapping.b.host = ofornecedor.com.br
mapping.b.source = /
mapping.b.target = /portal/master/ofornecedor
000-default.conf
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
<VirtualHost *:80>
ServerName ofornecedor.com.br
RewriteEngine on
RewriteRule ^/(.*) https://ofornecedor.com.br/$1 [L,R=301,NE]
</VirtualHost>
<VirtualHost *:443>
ServerName ofornecedor.com.br
RequestHeader set X-Forwarded-Proto "https"
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/ofornecedor.com.br/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ofornecedor.com.br/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/ofornecedor.com.br/chain.pem
Header always set Strict-Transport-Security "max-age=15768000"
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://publicIp:8080/ timeout=5
ProxyPass
Reverse / http://publicIp:8080/ timeout=5
RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteCond %{REQUEST_URI} /admin [NC]
RewriteRule /admin/(.*) ws://publicIp:8080/admin/$1 [P,L]
RewriteCond %{HTTP_HOST} !^ofornecedor\.com\.br$
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) https://ofornecedor.com.br/$1 [L,R]
</VirtualHost>
SSLProtocol all -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
sudo service xp restart
sudo service apache2 restart
sudo service xp status
● xp.service - SYSV: Enonic XP server daemon
Loaded: loaded (/etc/init.d/xp; bad; vendor preset: enabled)
Active: active (exited) since Sat 2019-05-11 12:51:13 UTC; 1min 24s ago
Docs: man:systemd-sysv-generator(8)
Process: 2378 ExecStop=/etc/init.d/xp stop (code=exited, status=0/SUCCESS)
Process: 2392 ExecStart=/etc/init.d/xp start (code=exited, status=0/SUCCESS)
Tasks: 0
Memory: 0B
CPU: 0
May 11 12:51:13 ip-172-31-13-126 systemd[1]: Starting SYSV: Enonic XP server daemon...
May 11 12:51:13 ip-172-31-13-126 xp[2392]: Starting Enonic XP: xp....
May 11 12:51:13 ip-172-31-13-126 su[2397]: Successful su for xp by root
May 11 12:51:13 ip-172-31-13-126 su[2397]: + ??? root:xp
May 11 12:51:13 ip-172-31-13-126 su[2397]: pam_unix(su:session): session opened for user xp by (uid=0)
May 11 12:51:13 ip-172-31-13-126 xp[2392]: Enonic XP: xp started
May 11 12:51:13 ip-172-31-13-126 xp[2392]: ( with pid 2418 and exit code 0 )
May 11 12:51:13 ip-172-31-13-126 systemd[1]: Started SYSV: Enonic XP server daemon.
我得到的是默认的 apache 页面而不是应用程序。:sweat:
我在这里遗漏了什么?
答案1
请尝试改变这一点:
RewriteCond %{HTTP_HOST} !^ofornecedor\.com\.br$ 重写条件 %{HTTP_HOST} !^$ 重写规则 ^/(.*) https://ofornecedor.com.br/$1 [L,R]
变成这样:
RewriteEngine 开启 RewriteCond %{SERVER_NAME} =www.ofornecedor.com.br [或] RewriteCond %{SERVER_NAME} =ofornecedor.com.br 重写规则 ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]