我正在迁移一个 Web 服务器,遇到了 Apache mod_substitute 问题。在旧服务器上,一切运行正常,HTTP 和 HTTPS 请求均进行了正确的替换。
在新服务器上,仅对 HTTP 请求进行替换。新服务器的文件结构与旧服务器相同,操作系统也相同(CentOS 5.6)。服务器之间的 Apache 配置存在一些差异,但我无法找出问题的原因。我尝试过 LogLevel 调试,但毫无用处。
一些 conf 文件来查看差异:(删除了注释以节省空间)
旧服务器(可用)
conf.d/ssl.conf
LoadModule ssl_module modules/mod_ssl.so
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<IfDefine SSL>
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/etc/httpd/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/etc/httpd/logs/ssl_mutex
</IfDefine>
新服务器(mod_substitute 对 https:// 请求不采取任何措施)
conf.d/ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
相关 VHosts 部分(两个服务器上相同),https:// pages 页面做展示(并且证书信息正确),只有 mod_substitute 无法在新服务器上将 .com 链接转换为 .de 链接(而在旧服务器上它可以正常工作)。
<VirtualHost 10.0.0.11:443>
SuexecUserGroup myuser myuser
DocumentRoot /home/myuser/mydomain.de/html
ServerName mydomain.de
ServerAlias www.mydomain.de ftp.mydomain.de mail.mydomain.de
ServerAdmin [email protected]
# subdomain logic
RewriteEngine On
RewriteOptions inherit
RewriteCond %{HTTP_HOST} !^www\.mydomain\.de [NC]
RewriteCond %{HTTP_HOST} !^mydomain\.de [NC]
RewriteCond %{HTTP_HOST} ^([A-Z0-9a-z-.]+)\.mydomain\.de [NC]
RewriteCond %{DOCUMENT_ROOT}/%1 -d
RewriteRule ^(.+) %{HTTP_HOST}/$1 [C]
RewriteRule ^([0-9A-Za-z-.]+)\.mydomain\.de/?(.*)$ %{DOCUMENT_ROOT}/$1/$2 [L]
RewriteCond %{HTTP_HOST} ^www\.([A-Z0-9a-z-.]+)\.mydomain\.de [NC]
RewriteCond %{DOCUMENT_ROOT}/%1 -d
RewriteRule ^(.+) %{HTTP_HOST}/$1 [C]
RewriteRule ^www\.([0-9A-Za-z-.]+)\.mydomain\.de/?(.*)$ %{DOCUMENT_ROOT}/$1/$2 [L]
# end subdomain logic
LogLevel debug
ErrorLog /home/myuser/var/mydomain.de/logs/error_ssl.log
CustomLog /home/myuser/var/mydomain.de/logs/transfer.log combined
# php: default don't edit between this and the "end php" comment below
<IfModule mod_suphp.c>
suPHP_Engine On
suPHP_UserGroup myuser myuser
AddHandler x-httpd-php .php
suPHP_AddHandler x-httpd-php .php
suPHP_ConfigPath /home/myuser/etc
</IfModule>
<IfModule !mod_suphp.c>
<IfModule mod_php5.c>
php_admin_flag engine On
</IfModule>
<IfModule mod_php4.c>
php_admin_flag engine On
</IfModule>
</IfModule>
# end php
# cgi: 1 don't edit between this and the "end cgi" comment below
<Directory /home/myuser/mydomain.de/html>
AllowOverride All
</Directory>
<Location />
Options +ExecCGI
</Location>
ScriptAlias /cgi-bin/ /home/myuser/mydomain.de/html/cgi-bin/
# end cgi
<IfModule mod_substitute.c>
<Location />
AddOutputFilterByType SUBSTITUTE text/html
Substitute "s|http://www.mydomain.com/|http://www.mydomain.de/|niq"
Substitute "s|http://www.mydomain.com|http://www.mydomain.de/|niq"
Substitute "s|http://mydomain.com/|http://www.mydomain.de/|niq"
Substitute "s|http://mydomain.com|http://www.mydomain.de/|niq"
Substitute "s|https://www.mydomain.com/|https://mydomain.de/|niq"
Substitute "s|https://www.mydomain.com|https://mydomain.de/|niq"
Substitute "s|https://mydomain.com/|https://mydomain.de/|niq"
Substitute "s|https://mydomain.com|https://mydomain.de/|niq"
</Location>
</IfModule>
#.com.au is the primary (CN) certificate for all country domains (multi-domain certificate)
SSLEngine on
SSLCipherSuite SSLv3:HIGH:MEDIUM:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW
SSLCACertificatePath /home/myuser/var/mydomain.com.au/ssl
SSLCertificateKeyFile /home/myuser/var/mydomain.com.au/ssl/mydomain.com.au.priv.key
SSLCertificateFile /home/myuser/var/mydomain.com.au/ssl/mydomain.com.au.crt
SSLCACertificateFile /home/myuser/var/mydomain.com.au/ssl/mydomain.com.au.chain.crt
SSLOptions +ExportCertData +StrictRequire
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
答案1
通过将 Apache 升级到 2.2.23(原来是 2.2.3)解决了这个问题。
新服务器上的 yum 存储库未启用以允许升级到 2.2.3-76.el5.centos 以上版本,在找到正确的存储库并启用并升级后,SSL 问题已修复。这不是配置文件问题。