本地网络上具有虚拟主机和 SSL 的 Apache 配置

tag-icon tag-icon apache-2.2 ssl https xampp virtualhost
本地网络上具有虚拟主机和 SSL 的 Apache 配置

我正在尝试像这样设置我的本地 Apache 配置:

http://localhost/应该服务~/

http://development.somedomain.co.nz/应该服务~/sites/development.somedomain.co.nz/

https://development.assldomain.co.nz/应该服务~/sites/development.assldomain.co.nz/

我只想允许来自我们的本地网络(192.168.1.* 范围)和我自己(127.0.0.1)的连接。

我已经使用以下命令设置了我的主机文件:

127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost 
fe80::1%lo0 localhost
127.0.0.1 development.somedomain.co.nz
127.0.0.1 development.assldomain.co.nz
127.0.0.1 development.anunuseddomain.co.nz

我的 Apache 配置如下:

Listen 80

NameVirtualHost *:80

<VirtualHost development.somedomain.co.nz:80>
    ServerName development.somedomain.co.nz
    DocumentRoot "~/sites/development.somedomain.co.nz"
    DirectoryIndex index.php
    <Directory ~/sites/development.somedomain.co.nz>
        Options Indexes FollowSymLinks ExecCGI Includes
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

<VirtualHost localhost:80>
    DocumentRoot "~/"
    ServerName localhost
    <Directory "~/">
        Options Indexes FollowSymLinks ExecCGI Includes
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

<IfModule mod_ssl.c>
    Listen *:443
    NameVirtualHost *:443
    AcceptMutex flock
    <VirtualHost development.assldomain.co.nz:443>
        ServerName development.assldomain.co.nz
        DocumentRoot "~/sites/development.assldomain.co.nz"
        DirectoryIndex index.php
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /Applications/XAMPP/etc/ssl.crt/server.crt
        SSLCertificateKeyFile /Applications/XAMPP/etc/ssl.key/server.key
        BrowserMatch ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0
        <Directory ~/sites/development.assldomain.co.nz>
            SSLRequireSSL
            Options Indexes FollowSymLinks ExecCGI Includes
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    </VirtualHost>

</IfModule>

http://development.somedomain.co.nz/ http://localhost/并且https://development.assldomain.co.nz/运行良好。

问题是当我请求http://development.anunuseddomain.co.nz/http://development.assldomain.co.nz/它响应相同的内容时http://development.somedomain.co.nz/

我希望它拒绝所有与虚拟主机服务器名称不匹配的请求以及所有使用 http 请求的 https 主机的请求

PS 我在 Mac OS X 10.5.8 上运行 XAMPP

答案1

当 apache 无法匹配 vhost 时,它会打开默认 vhost。始终有一个默认值,如果没有明确定义,则它是配置文件中的第一个 vhost 定义。

您可以使用 httpd -S 检查您的默认虚拟主机是什么

而且,如果你愿意的话,你可以定义默认值并禁止访问它,正如 defraagh 指出的那样

答案2

基于 SSL 的虚拟主机不支持命名虚拟主机。

问题源于 ServerName 在 SSL 请求中也是加密的。因此,当服务器收到“somedomainname”或其他内容的请求时,它将默认使用命名的 VHost,不是443。

解决方案:

  • 将监听器放在 VHost 定义之外
  • 将 :443 更改为 IP 地址。服务器会自动执行反向 DNS 查找。

更正:

# Listen :80
Listen *:80
# Listen on IP Address for :443
Listen 127.0.0.1:443

<VirtualHost development.somedomain.co.nz:80>
   ServerName development.somedomain.co.nz
   DocumentRoot "~/sites/development.somedomain.co.nz"

   DirectoryIndex index.php

   # Stay consistent with your syntax definitions. This and the 443 Vhost Directory
   # were not Quoted. That's not to say it makes a difference guaranteed,
   # but it's always a good habit. 
   <Directory "~/sites/development.somedomain.co.nz">
       Options Indexes FollowSymLinks ExecCGI Includes
       AllowOverride All
       Order allow,deny
       Allow from all
   </Directory>
</VirtualHost>

<VirtualHost localhost:80>
   ServerName localhost
   DocumentRoot "~/"

   <Directory "~/">
      Options Indexes FollowSymLinks ExecCGI Includes
      AllowOverride All
      Order allow,deny
      Allow from all
   </Directory>
</VirtualHost>

<IfModule mod_ssl.c>

   # Does this need to exist outside of the VHost Definition ?? 
   AcceptMutex flock

   <VirtualHost 127.0.0.1:443>
       ServerName development.assldomain.co.nz
       DocumentRoot "~/sites/development.assldomain.co.nz"
       DirectoryIndex index.php
       SSLEngine on
       SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
       SSLCertificateFile /Applications/XAMPP/etc/ssl.crt/server.crt
       SSLCertificateKeyFile /Applications/XAMPP/etc/ssl.key/server.key
       BrowserMatch ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0

       <Directory "~/sites/development.assldomain.co.nz">
           SSLRequireSSL
           Options Indexes FollowSymLinks ExecCGI Includes
           AllowOverride All
           Order allow,deny
           Allow from all
       </Directory>
   </VirtualHost>

</IfModule>

答案3

在文件末尾添加默认的 VirtualHost 来捕获指向您未明确指定的主机的请求:

 <VirtualHost _default_:*>
    DocumentRoot /~/void
    ...
 </VirtualHost>

答案4

在您的虚拟主机指令中:

<VirtualHost localhost:80>

尝试使用 IP。

<VirtualHost 127.0.0.1:80>

相关内容