我有一个域名为 staging.example.com,出于测试目的,我想在不使用 HTTPS 的情况下运行它。主域名 (example.com) 确实使用 SSL。
我正在尝试找到一个重写规则,它将转发到主域的 HTTPS,但不转发子域(www. 除外)。
目前,我已通过从虚拟主机文件中删除所有可以找到的重写规则并访问域和子域进行了测试。尽管再次对两个虚拟主机文件运行 a2ensite 并运行 sudo service apache2 reload 和 sudo service apache2 restart,但浏览器仍被重定向到子域和主域上的 HTTPS。
还有其他地方可能发生这种重定向吗?这是我的虚拟主机:
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName example.com
ServerAlias www.example.com
DocumentRoot /srv/www/example.com/public_html/example/example-production/current/public
Options Indexes FollowSymLinks Includes ExecCGI
<Directory /srv/www/example.com/public_html/example/example-production/current/public>
Allow from all
Options -MultiViews -Indexes
</Directory>
ErrorLog /srv/www/example.com/public_html/example/example-production/current/log/error.log
CustomLog /srv/www/example.com/public_html/example/example-production/current/log/access.log combined
<Location />
</Location>
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /srv/www/example.com/public_html/example/example-production/current/public
ErrorLog /srv/www/example.com/public_html/example/example-production/current/log/error.log
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/certs/example.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/certs/example.com.key
SSLCACertificateFile /etc/apache2/ssl/certs/example.com.intermediate.crt
SSLOptions +StrictRequire
Header set Strict-Transport-Security "max-age=16070400; includeSubDomains"
CustomLog /var/log/apache2/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
暂存子域名如下:
<VirtualHost *:80>
ServerName staging.example.com
DocumentRoot /srv/www/example.com/public_html/example/example-staging/current/public
<Directory /srv/www/example.com/public_html/example/example-staging/current/public>
Allow from all
Options -Multiviews
</Directory>
</VirtualHost>
答案1
Header set Strict-Transport-Security "max-age=16070400; includeSubDomains"
您的浏览器正在遵守它,包括includeSubDomains