我想在 Apache 中启用对单个 IP 地址上的多个 SSL 虚拟主机和证书的支持。
我的配置文件如下。请帮助我:
NameVirtualHost 196.196.1.117:443
NameVirtualHost 196.196.1.117:80
#Site Configuration on Port 80
<VirtualHost 196.196.1.117:80>
DocumentRoot "/usr/local/tomcat/webapps/ROOT"
ServerName sample_Site
ServerAlias w3.sample.com
ServerAdmin www.w3.sample.com
ErrorLog /var/log/apache2/site-error_log
CustomLog /var/log/apache2/site-access_log combined
<Directory "/usr/local/tomcat/webapps/ROOT">
AllowOverride All
Options +ExecCGI -Includes
Order allow,deny
Allow from all
</Directory>
JkMount /* worker1
DirectoryIndex home.xhtml
Redirect /mb https://196.196.1.117/mb
ErrorDocument 400 /error.xhtml
ErrorDocument 401 /error.xhtml
ErrorDocument 403 /error.xhtml
ErrorDocument 404 /error.xhtml
ErrorDocument 405 /error.xhtml
ErrorDocument 408 /error.xhtml
ErrorDocument 410 /error.xhtml
ErrorDocument 411 /error.xhtml
ErrorDocument 412 /error.xhtml
ErrorDocument 413 /error.xhtml
ErrorDocument 414 /error.xhtml
ErrorDocument 415 /error.xhtml
ErrorDocument 500 /error.xhtml
ErrorDocument 501 /error.xhtml
ErrorDocument 502 /error.xhtml
ErrorDocument 503 /error.xhtml
ErrorDocument 506 /error.xhtml
</VirtualHost>
#Site Configuration on Port 443
<VirtualHost 196.196.1.117:443>
DocumentRoot "/usr/local/tomcat/webapps/ROOT"
ServerName sample_Site
ErrorLog /var/log/apache2/HttpsSite_error_log
CustomLog /var/log/apache2/Https-accessSite_log combined
<Directory "/usr/local/tomcat/webapps/ROOT">
SSLRequireSSL
Order Deny,Allow
Allow from All
</Directory>
JkMount /* worker1
DirectoryIndex home.xhtml
ErrorDocument 400 /error.xhtml
ErrorDocument 401 /error.xhtml
ErrorDocument 403 /error.xhtml
ErrorDocument 404 /error.xhtml
ErrorDocument 405 /error.xhtml
ErrorDocument 408 /error.xhtml
ErrorDocument 410 /error.xhtml
ErrorDocument 411 /error.xhtml
ErrorDocument 412 /error.xhtml
ErrorDocument 413 /error.xhtml
ErrorDocument 414 /error.xhtml
ErrorDocument 415 /error.xhtml
ErrorDocument 500 /error.xhtml
ErrorDocument 501 /error.xhtml
ErrorDocument 502 /error.xhtml
ErrorDocument 503 /error.xhtml
ErrorDocument 506 /error.xhtml
SSLEngine on
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCipherSuite ALL:!ADH:!EXPORT56:+SSLv3:TLSv1
SSLCertificateFile /etc/apache2/ssl.crt/sb24.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/sb24.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/srv/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/ssl_request_log ssl_combined
SetEnv HTTPS on
SetEnv SERVER_PORT 443
</VirtualHost>
#Admin Configuration on Port 443
<VirtualHost 196.196.1.117:443>
DocumentRoot "/usr/local/tomcat1/webapps/SB24_Admin"
ServerName SB24Admin
ErrorLog /var/log/apache2/admin_error_log
CustomLog /var/log/apache2/admin-access_log combined
<Directory "/usr/local/tomcat1/webapps/SB24_Admin">
SSLRequireSSL
Order Deny,Allow
Allow from All
</Directory>
JkMount /* worker2
DirectoryIndex home.xhtml
ErrorDocument 400 /error.xhtml
ErrorDocument 401 /error.xhtml
ErrorDocument 403 /error.xhtml
ErrorDocument 404 /error.xhtml
ErrorDocument 405 /error.xhtml
ErrorDocument 408 /error.xhtml
ErrorDocument 410 /error.xhtml
ErrorDocument 411 /error.xhtml
ErrorDocument 412 /error.xhtml
ErrorDocument 413 /error.xhtml
ErrorDocument 414 /error.xhtml
ErrorDocument 415 /error.xhtml
ErrorDocument 500 /error.xhtml
ErrorDocument 501 /error.xhtml
ErrorDocument 502 /error.xhtml
ErrorDocument 503 /error.xhtml
ErrorDocument 506 /error.xhtml
SSLEngine on
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCipherSuite ALL:!ADH:!EXPORT56:+SSLv3:TLSv1
SSLCertificateFile /etc/apache2/ssl.crt/sb24.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/sb24.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/srv/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/ssl_request_log ssl_combined
SetEnv HTTPS on
SetEnv SERVER_PORT 443
</VirtualHost>
答案1
只有当您的服务器和 Web 浏览器都支持服务器名称指示 (SNI) 时才可以执行此操作。有关详细信息,请参阅此 Apache 页面。
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2
如果您没有运行最新的 Apache(高于 2.2.12),那么您就无法在同一个 IP 和端口(443)上运行具有不同 SSL 证书的多个 SSL 站点。
答案2
还有一个通配符 SSL 选项,但是这只对托管虚拟主机有用,例如:
子域名1.mybadger.com
子域名2.mybadger.com
子域名3.mybadger.com
答案3
使用 gnutls,而不是 SSL 请参阅此页面了解详情
此外,一些反向代理可以让您完成同样的事情。