在 Apache2 中,我希望单独定义一次与 SSL 相关的内容,并将其放在与其余配置不同的文件中。这主要取决于个人喜好,但它也允许我将其余配置包含在自动部署过程中。
即:目前的情况:
# in file: 0000-ourdomain.com.conf (number needs to be low)
<VirtualHost xx.xx.xx.xx:443>
# SSL part
SSLEngine on
SSLCertificateFile ....crt
SSLCACertificateFile ...pem
SSLCertificateChainFile ...intermediate.pem
SSLCertificateKeyFile ....wildcard.ourdomain.com.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
ServerName www.ourdomain.com
ServerAlias ourdomain.com
# the actual configuration, as found for xx.xx.xx.xx:80, repeated
</VirtualHost>
我想要
# in file: 0000-ssl-stuff
<VirtualHost xx.xx.xx.xx:443>
# SSL part
SSLEngine on
SSLCertificateFile ....crt
SSLCACertificateFile ...pem
SSLCertificateChainFile ...intermediate.pem
SSLCertificateKeyFile ....wildcard.ourdomain.com.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
ServerName www.ourdomain.com
ServerAlias ourdomain.com
</VirtualHost>
# in file: ourdomain.com.conf
<VirtualHost xx.xx.xx.xx:443>
# the actual configuration, as found for xx.xx.xx.xx:80, repeated
</VirtualHost>
不幸的是,这似乎不起作用。Apache SSL 失败了,尽管它在重新加载或语法检查时没有给出错误消息。
我发现的最佳解决方法是使用Include0000-ssl 文件中的指令。
非常感谢!
答案1
您可以使用include 指令. 您的 443 虚拟主机将是:
# in file: ourdomain.com.conf
<VirtualHost xx.xx.xx.xx:443>
# the actual configuration, as found for xx.xx.xx.xx:80, repeated
ServerName www.ourdomain.com
ServerAlias ourdomain.com
Include conf/vhosts/ourdomain.ssl.conf
</VirtualHost>
并在conf/vhosts/ourdomain.ssl.conf中:
# SSL part
SSLEngine on
SSLCertificateFile ....crt
SSLCACertificateFile ...pem
SSLCertificateChainFile ...intermediate.pem
SSLCertificateKeyFile ....wildcard.ourdomain.com.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
有几件事。首先,包含路径是相对于 ServerRoot 的(即 /usr/local/apache,而不是相对于包含它的文件)。
其次,ourdomain.ssl.conf 文件不会重复 xx.xx.xx.xx:443 的 VirtualHost 指令。该指令已由包含 Vhost 处理。