apache 名称虚拟主机 - 两个域名和 SSL

apache 名称虚拟主机 - 两个域名和 SSL

我正在尝试设置 Apache(2.2.3) 以使用不同的域和 IP 地址运行两个使用 SSL 的网站。两个网站在端口 80 上运行良好,但当我尝试为网站 2 启用 SSL 时,我收到 ssl_error_bad_cert_domain 错误;网站 2 选择了网站 1 的 SSL 证书。

这是我在 httpd.conf 中的设置:

# Website1
NameVirtualHost 192.168.10.1:80

<VirtualHost 192.168.10.1:80>
DocumentRoot /var/www/html
ServerName www.website1.org
</VirtualHost>

NameVirtualHost 192.168.10.1:443

<VirtualHost 192.168.10.1:443>
SSLEngine On
SSLCertificateFile conf/ssl/website1.cer
SSLCertificateKeyFile conf/ssl/website1.key
</VirtualHost>

# Website2
NameVirtualHost 192.168.10.2:80

<VirtualHost 192.168.10.2:80>
DocumentRoot /var/www/html/chart
ServerName www.website2.org
</VirtualHost>

NameVirtualHost 192.168.10.2:443

<VirtualHost 192.168.10.2:443>
SSLEngine On
SSLCertificateFile conf/ssl/website2.cer
SSLCertificateKeyFile conf/ssl/website2.key
</VirtualHost>

更新:回答 Shane(这不适合放在评论框中)这里是 apachectl -S 的输出:

VirtualHost configuration:
192.168.10.2:80       is a NameVirtualHost
         default server www.website2.org (/etc/httpd/conf/httpd.conf:1033)
         port 80 namevhost www.website2.org (/etc/httpd/conf/httpd.conf:1033)

192.168.10.2:443      is a NameVirtualHost
         default server bogus_host_without_reverse_dns (/etc/httpd/conf/httpd.conf:1040)
         port 443 namevhost bogus_host_without_reverse_dns (/etc/httpd/conf/httpd.conf:1040)

192.168.10.1:80       is a NameVirtualHost
         default server www.website1.org (/etc/httpd/conf/httpd.conf:1017)
         port 80 namevhost www.website1.org (/etc/httpd/conf/httpd.conf:1017)

192.168.10.1:443      is a NameVirtualHost
         default server bogus_host_without_reverse_dns (/etc/httpd/conf/httpd.conf:1024)
         port 443 namevhost bogus_host_without_reverse_dns (/etc/httpd/conf/httpd.conf:1024)

wildcard NameVirtualHosts and _default_ servers:
_default_:443          192.168.10.1 (/etc/httpd/conf.d/ssl.conf:81)
Syntax OK

答案1

SSL 虚拟主机不是 NameVirtualHosts - 它们是基于 IP 的虚拟主机。

从您的配置中删除NameVirtualHost *:443

答案2

请删除

NameVirtualHost 192.168.10.1:443

NameVirtualHost 192.168.10.2:443

为 SSL/TLS 连接激活基于名称的 Apache 虚拟托管功能是没有意义的,或者您想使用 SNI 扩展。

答案3

以下是我让它工作的方法。我必须将 ssl 配置从 httpd.conf 中移出,并在 ssl.conf 中设置两个虚拟主机。

httpd配置文件

# Website1
<VirtualHost 192.168.10.1:80>
DocumentRoot /var/www/html
ServerName www.website1.org
</VirtualHost>

# Website2
<VirtualHost 192.168.10.2:80>
DocumentRoot /var/www/html/chart
ServerName www.website2.org
</VirtualHost>

ssl.conf

<VirtualHost 192.168.10.1:443>
DocumentRoot "/var/www/html/"
ServerAdmin [email protected]
ServerName www.website1.org
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:
+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/website1.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/website1.key
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>

<VirtualHost 192.168.10.2:443>
DocumentRoot "/var/www/html/chart/"
ServerAdmin [email protected]
ServerName www.website2.org
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:
+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/website2.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/website2.key
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>

答案4

尝试删除或者注释掉<VirtualHost _default_:443>中的块/etc/httpd/conf.d/ssl.conf

相关内容