Apache2:如何分离 SSL 配置?

Apache2:如何分离 SSL 配置?

在 Apache2 中,我希望单独定义一次与 SSL 相关的内容,并将其放在与其余配置不同的文件中。这主要取决于个人喜好,但它也允许我将其余配置包含在自动部署过程中。

即:目前的情况:

# in file: 0000-ourdomain.com.conf (number needs to be low)
<VirtualHost xx.xx.xx.xx:443>
    # SSL part
    SSLEngine on
    SSLCertificateFile ....crt
    SSLCACertificateFile ...pem
    SSLCertificateChainFile ...intermediate.pem
    SSLCertificateKeyFile ....wildcard.ourdomain.com.key
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

    ServerName www.ourdomain.com
    ServerAlias ourdomain.com

    # the actual configuration, as found for xx.xx.xx.xx:80, repeated
</VirtualHost>

我想要

# in file: 0000-ssl-stuff
<VirtualHost xx.xx.xx.xx:443>
    # SSL part
    SSLEngine on
    SSLCertificateFile ....crt
    SSLCACertificateFile ...pem
    SSLCertificateChainFile ...intermediate.pem
    SSLCertificateKeyFile ....wildcard.ourdomain.com.key
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

    ServerName www.ourdomain.com
    ServerAlias ourdomain.com
</VirtualHost>

# in file: ourdomain.com.conf
<VirtualHost xx.xx.xx.xx:443>
    # the actual configuration, as found for xx.xx.xx.xx:80, repeated
</VirtualHost>

不幸的是,这似乎不起作用。Apache SSL 失败了,尽管它在重新加载或语法检查时没有给出错误消息。

我发现的最佳解决方法是使用Include0000-ssl 文件中的指令。

非常感谢!

答案1

您可以使用include 指令. 您的 443 虚拟主机将是:

# in file: ourdomain.com.conf
<VirtualHost xx.xx.xx.xx:443>
    # the actual configuration, as found for xx.xx.xx.xx:80, repeated
    ServerName www.ourdomain.com
    ServerAlias ourdomain.com

    Include conf/vhosts/ourdomain.ssl.conf
 </VirtualHost>

并在conf/vhosts/ourdomain.ssl.conf中:

# SSL part
SSLEngine on
SSLCertificateFile ....crt
SSLCACertificateFile ...pem
SSLCertificateChainFile ...intermediate.pem
SSLCertificateKeyFile ....wildcard.ourdomain.com.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

有几件事。首先,包含路径是相对于 ServerRoot 的(即 /usr/local/apache,而不是相对于包含它的文件)。

其次,ourdomain.ssl.conf 文件不会重复 xx.xx.xx.xx:443 的 VirtualHost 指令。该指令已由包含 Vhost 处理。

相关内容