Apache mod_substitute 无法通过 SSL 工作

tag-icon tag-icon linux apache-2.2 ssl
Apache mod_substitute 无法通过 SSL 工作

我正在迁移一个 Web 服务器,遇到了 Apache mod_substitute 问题。在旧服务器上,一切运行正常,HTTP 和 HTTPS 请求均进行了正确的替换。

在新服务器上,仅对 HTTP 请求进行替换。新服务器的文件结构与旧服务器相同,操作系统也相同(CentOS 5.6)。服务器之间的 Apache 配置存在一些差异,但我无法找出问题的原因。我尝试过 LogLevel 调试,但毫无用处。

一些 conf 文件来查看差异:(删除了注释以节省空间)

旧服务器(可用)

conf.d/ssl.conf

LoadModule ssl_module modules/mod_ssl.so
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<IfDefine SSL>
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/etc/httpd/logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/etc/httpd/logs/ssl_mutex
</IfDefine>

新服务器(mod_substitute 对 https:// 请求不采取任何措施)

conf.d/ssl.conf

LoadModule ssl_module modules/mod_ssl.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

相关 VHosts 部分(两个服务器上相同),https:// pages 页面做展示(并且证书信息正确),只有 mod_substitute 无法在新服务器上将 .com 链接转换为 .de 链接(而在旧服务器上它可以正常工作)。

<VirtualHost 10.0.0.11:443>
  SuexecUserGroup myuser myuser

  DocumentRoot /home/myuser/mydomain.de/html
  ServerName mydomain.de

  ServerAlias www.mydomain.de ftp.mydomain.de mail.mydomain.de
  ServerAdmin [email protected]

  # subdomain logic
  RewriteEngine On
  RewriteOptions inherit
  RewriteCond %{HTTP_HOST} !^www\.mydomain\.de [NC]
  RewriteCond %{HTTP_HOST} !^mydomain\.de [NC]
  RewriteCond %{HTTP_HOST} ^([A-Z0-9a-z-.]+)\.mydomain\.de [NC]
  RewriteCond %{DOCUMENT_ROOT}/%1 -d
  RewriteRule ^(.+) %{HTTP_HOST}/$1 [C]
  RewriteRule ^([0-9A-Za-z-.]+)\.mydomain\.de/?(.*)$ %{DOCUMENT_ROOT}/$1/$2 [L]

  RewriteCond %{HTTP_HOST} ^www\.([A-Z0-9a-z-.]+)\.mydomain\.de [NC]
  RewriteCond %{DOCUMENT_ROOT}/%1 -d
  RewriteRule ^(.+) %{HTTP_HOST}/$1 [C]
  RewriteRule ^www\.([0-9A-Za-z-.]+)\.mydomain\.de/?(.*)$ %{DOCUMENT_ROOT}/$1/$2 [L]
  # end subdomain logic

  LogLevel debug
  ErrorLog /home/myuser/var/mydomain.de/logs/error_ssl.log
  CustomLog /home/myuser/var/mydomain.de/logs/transfer.log combined

  # php: default  don't edit between this and the "end php" comment below
  <IfModule mod_suphp.c>
    suPHP_Engine On
    suPHP_UserGroup myuser myuser
    AddHandler x-httpd-php .php
    suPHP_AddHandler x-httpd-php .php
    suPHP_ConfigPath /home/myuser/etc
  </IfModule>

  <IfModule !mod_suphp.c>
    <IfModule mod_php5.c>
      php_admin_flag engine On
    </IfModule>
    <IfModule mod_php4.c>
      php_admin_flag engine On
    </IfModule>
  </IfModule>
  # end php

  # cgi: 1 don't edit between this and the "end cgi" comment below
  <Directory /home/myuser/mydomain.de/html>
    AllowOverride  All
  </Directory>

  <Location />
    Options +ExecCGI
  </Location>
  ScriptAlias /cgi-bin/ /home/myuser/mydomain.de/html/cgi-bin/
  # end cgi

  <IfModule mod_substitute.c>
    <Location />
      AddOutputFilterByType SUBSTITUTE text/html
      Substitute "s|http://www.mydomain.com/|http://www.mydomain.de/|niq"
      Substitute "s|http://www.mydomain.com|http://www.mydomain.de/|niq"
      Substitute "s|http://mydomain.com/|http://www.mydomain.de/|niq"
      Substitute "s|http://mydomain.com|http://www.mydomain.de/|niq"
      Substitute "s|https://www.mydomain.com/|https://mydomain.de/|niq"
      Substitute "s|https://www.mydomain.com|https://mydomain.de/|niq"
      Substitute "s|https://mydomain.com/|https://mydomain.de/|niq"
      Substitute "s|https://mydomain.com|https://mydomain.de/|niq"
    </Location>
  </IfModule>

 #.com.au is the primary (CN) certificate for all country domains (multi-domain certificate)
 SSLEngine on
  SSLCipherSuite SSLv3:HIGH:MEDIUM:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW
  SSLCACertificatePath /home/myuser/var/mydomain.com.au/ssl
  SSLCertificateKeyFile /home/myuser/var/mydomain.com.au/ssl/mydomain.com.au.priv.key
  SSLCertificateFile /home/myuser/var/mydomain.com.au/ssl/mydomain.com.au.crt
  SSLCACertificateFile /home/myuser/var/mydomain.com.au/ssl/mydomain.com.au.chain.crt
  SSLOptions +ExportCertData +StrictRequire
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>

答案1

通过将 Apache 升级到 2.2.23(原来是 2.2.3)解决了这个问题。

新服务器上的 yum 存储库未启用以允许升级到 2.2.3-76.el5.centos 以上版本,在找到正确的存储库并启用并升级后,SSL 问题已修复。这不是配置文件问题。

相关内容