如何使用 Apache 在单个 IP 上启用多个 SSL 虚拟主机和证书

如何使用 Apache 在单个 IP 上启用多个 SSL 虚拟主机和证书

我想在 Apache 中启用对单个 IP 地址上的多个 SSL 虚拟主机和证书的支持。

我的配置文件如下。请帮助我:

NameVirtualHost 196.196.1.117:443
NameVirtualHost 196.196.1.117:80

#Site Configuration on Port 80
<VirtualHost  196.196.1.117:80> 
    DocumentRoot "/usr/local/tomcat/webapps/ROOT" 
    ServerName   sample_Site
    ServerAlias  w3.sample.com
    ServerAdmin  www.w3.sample.com
    ErrorLog    /var/log/apache2/site-error_log  
    CustomLog   /var/log/apache2/site-access_log combined 

      <Directory "/usr/local/tomcat/webapps/ROOT">
      AllowOverride All
      Options +ExecCGI -Includes
      Order allow,deny
      Allow from all
      </Directory>

      JkMount /* worker1    
      DirectoryIndex home.xhtml 
      Redirect /mb  https://196.196.1.117/mb


    ErrorDocument 400 /error.xhtml
    ErrorDocument 401 /error.xhtml
    ErrorDocument 403 /error.xhtml
    ErrorDocument 404 /error.xhtml
    ErrorDocument 405 /error.xhtml
    ErrorDocument 408 /error.xhtml
    ErrorDocument 410 /error.xhtml
    ErrorDocument 411 /error.xhtml
    ErrorDocument 412 /error.xhtml
    ErrorDocument 413 /error.xhtml
    ErrorDocument 414 /error.xhtml
    ErrorDocument 415 /error.xhtml
    ErrorDocument 500 /error.xhtml
    ErrorDocument 501 /error.xhtml
    ErrorDocument 502 /error.xhtml
    ErrorDocument 503 /error.xhtml
    ErrorDocument 506 /error.xhtml

</VirtualHost>

#Site Configuration on Port 443

<VirtualHost 196.196.1.117:443>
    DocumentRoot "/usr/local/tomcat/webapps/ROOT"
    ServerName sample_Site
    ErrorLog /var/log/apache2/HttpsSite_error_log
    CustomLog /var/log/apache2/Https-accessSite_log combined 

       <Directory "/usr/local/tomcat/webapps/ROOT">
     SSLRequireSSL
        Order Deny,Allow
        Allow from All
       </Directory>

       JkMount /* worker1 
       DirectoryIndex home.xhtml 

    ErrorDocument 400 /error.xhtml
    ErrorDocument 401 /error.xhtml
    ErrorDocument 403 /error.xhtml
    ErrorDocument 404 /error.xhtml
    ErrorDocument 405 /error.xhtml
    ErrorDocument 408 /error.xhtml
    ErrorDocument 410 /error.xhtml
    ErrorDocument 411 /error.xhtml
    ErrorDocument 412 /error.xhtml
    ErrorDocument 413 /error.xhtml
    ErrorDocument 414 /error.xhtml
    ErrorDocument 415 /error.xhtml
    ErrorDocument 500 /error.xhtml
    ErrorDocument 501 /error.xhtml
    ErrorDocument 502 /error.xhtml
    ErrorDocument 503 /error.xhtml
    ErrorDocument 506 /error.xhtml

    SSLEngine on
    #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCipherSuite ALL:!ADH:!EXPORT56:+SSLv3:TLSv1
    SSLCertificateFile /etc/apache2/ssl.crt/sb24.crt
    SSLCertificateKeyFile /etc/apache2/ssl.key/sb24.key
    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>
    <Directory "/srv/www/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

    CustomLog /var/log/apache2/ssl_request_log   ssl_combined
    SetEnv HTTPS on 
    SetEnv SERVER_PORT 443

</VirtualHost>


#Admin Configuration on Port 443

<VirtualHost 196.196.1.117:443>

    DocumentRoot "/usr/local/tomcat1/webapps/SB24_Admin"
    ServerName SB24Admin
    ErrorLog /var/log/apache2/admin_error_log
    CustomLog /var/log/apache2/admin-access_log combined 

       <Directory "/usr/local/tomcat1/webapps/SB24_Admin">
     SSLRequireSSL
        Order Deny,Allow
        Allow from All
       </Directory>

    JkMount /* worker2 
       DirectoryIndex home.xhtml 

        ErrorDocument 400 /error.xhtml
       ErrorDocument 401 /error.xhtml
        ErrorDocument 403 /error.xhtml
        ErrorDocument 404 /error.xhtml
        ErrorDocument 405 /error.xhtml
        ErrorDocument 408 /error.xhtml
        ErrorDocument 410 /error.xhtml
        ErrorDocument 411 /error.xhtml
        ErrorDocument 412 /error.xhtml
        ErrorDocument 413 /error.xhtml
        ErrorDocument 414 /error.xhtml
        ErrorDocument 415 /error.xhtml
        ErrorDocument 500 /error.xhtml
        ErrorDocument 501 /error.xhtml
        ErrorDocument 502 /error.xhtml
        ErrorDocument 503 /error.xhtml
        ErrorDocument 506 /error.xhtml

       SSLEngine on
    #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCipherSuite ALL:!ADH:!EXPORT56:+SSLv3:TLSv1
    SSLCertificateFile /etc/apache2/ssl.crt/sb24.crt
    SSLCertificateKeyFile /etc/apache2/ssl.key/sb24.key
    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>
    <Directory "/srv/www/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
    CustomLog /var/log/apache2/ssl_request_log   ssl_combined

    SetEnv HTTPS on 
    SetEnv SERVER_PORT 443

</VirtualHost>

答案1

只有当您的服务器和 Web 浏览器都支持服务器名称指示 (SNI) 时才可以执行此操作。有关详细信息,请参阅此 Apache 页面。

http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2

如果您没有运行最新的 Apache(高于 2.2.12),那么您就无法在同一个 IP 和端口(443)上运行具有不同 SSL 证书的多个 SSL 站点。

答案2

还有一个通配符 SSL 选项,但是这只对托管虚拟主机有用,例如:

子域名1.mybadger.com
子域名2.mybadger.com
子域名3.mybadger.com

答案3

使用 gnutls,而不是 SSL 请参阅此页面了解详情

http://www.howtoforge.com/hosting-multiple-ssl-web-sites-on-one-ip-address-with-apache-2.2-and-gnutls-debian-lenny

此外,一些反向代理可以让您完成同样的事情。

相关内容