好的,我的设置有点复杂,大部分情况下都可以使用,但最近我不得不将几个站点迁移到我的服务器上,但似乎无法让事情按照我想要的方式运行。
我的服务器上托管了 5 个网站。我最初有 3 个。我们称它们为
- 示例.com
- files.example.com
- git.example.com
- temp.alagory.com
- temp.minceraft.com
alagory.com和minceraft.com是我要迁移到个人服务器的站点。我的个人服务器没有静态 IP 地址,因此我使用 DDNS 对其进行了设置,DDNS 会为它提供example.com包含两个子域文件和 git 的地址。我希望将这三个 DDNS 域置于 SSL 之下。temp.alagory.com和temp.minceraft.com是 WordPress 站点,由于我将它们公开,因此我不希望每个访问它们的人都看到有关我的自签名证书的警告。我也不想花费便宜的费用来获得官方认可的证书。最初,我已经能够让三个 DDNS 站点正常运行(*.example.com),它们在加密下都可以很好地运行。其他两个站点在它们的服务器上运行良好,我决定取消它们。
当我尝试将所有这些具有不同之处的站点托管在一台服务器上时,麻烦就来了。
我设置了temp.alagory.com和 ,temp.minceraft.com并带有指向 的 CNAME 类型记录example.com。我已成功利用其他三个域上的虚拟主机将它们发送到各自的站点。我设置了 的虚拟主机并将allegory它们minceraft指向其目录,但它们解析为/srv/http,即 的目录example.com。此外,这些域被重定向以使用我的证书进行加密。我真的不明白这是怎么回事,因为它们不是我在证书中使用的名称。我以为那是经过检查的东西。
这是虚拟主机配置文件git.example.com
#This configuration has been tested on GitLab 6.0.0 and GitLab 6.0.1
#Note this config assumes unicorn is listening on default port 8080.
#Module dependencies
# mod_rewrite
# mod_proxy
# mod_proxy_http
<VirtualHost *:80>
ServerName git.example.com
ServerSignature Off
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
#strong encryption ciphers only
#see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
SSLProtocol all -SSLv2
SSLHonorCipherOrder on
# SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM :RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
SSLCompression Off
SSLCertificateFile /etc/httpd/conf/server.crt
SSLCertificateKeyFile /etc/httpd/conf/server.key
SSLCACertificateFile /etc/httpd/conf/server.crt
ServerName git.example.com
ServerSignature Off
ProxyPreserveHost On
<Location />
# New authorization commands for apache 2.4 and up
# http://httpd.apache.org/docs/2.4/upgrading.html#access
Require all granted
ProxyPassReverse http://127.0.0.1:8080
ProxyPassReverse http://git.example.com/
</Location>
#apache equivalent of nginx try files
# http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try- files
# http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA]
RequestHeader set X_FORWARDED_PROTO 'https'
# needed for downloading attachments
DocumentRoot /usr/share/webapps/gitlab/public
#Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
ErrorDocument 404 /404.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 503 /deploy.html
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog /var/log/httpd/git.example.com_error.log
CustomLog /var/log/httpd/git.example.com_forwarded.log common_forwarded
CustomLog /var/log/httpd/git.example.com_access.log combined env=!dontlog
CustomLog /var/log/httpd/git.example.com.log combined
</VirtualHost>
以下是我用来对files.example.com、example.com、temp.alagory.com和进行排序的配置temp.minceraft.com:
这是我的 httpd.conf
我尝试将其用作虚拟主机temp.alagory.com的服务器名称temp.alagory.com,但它仍然重定向到/srv/http/目录。我尝试删除所有其他配置,但它仍然解析为默认目录/srv/http/。
apachectl -S以下是替换相应站点名称后的输出:
[root@Vega extra]# apachectl -S
VirtualHost configuration:
*:80 is a NameVirtualHost
default server example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:25)
port 80 namevhost example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:25)
alias temp.alagory.com
wild alias *.temp.alagory.com
port 80 namevhost example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:36)
alias temp.minceraft.com
wild alias *.temp.minceraft.com
port 80 namevhost localhost.localdomain (/etc/httpd/conf/extra/httpd- vhosts.conf:47)
port 80 namevhost example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:70)
port 80 namevhost git.example.com (/etc/httpd/conf/extra/gitlab.conf:8)
*:443 is a NameVirtualHost
default server files.example.com (/etc/httpd/conf/extra/httpd- vhosts.conf:57)
port 443 namevhost files.example.com (/etc/httpd/conf/extra/httpd- vhosts.conf:57)
port 443 namevhost example.com (/etc/httpd/conf/extra/httpd- vhosts.conf:80)
port 443 namevhost git.example.com (/etc/httpd/conf/extra/gitlab.conf:16)
port 443 namevhost www.example.com (/etc/httpd/conf/extra/httpd-ssl.conf:80)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/srv/http"
Main ErrorLog: "/var/log/httpd/error_log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="http" id=33
Group: name="http" id=33
答案1
我设置了
temp.alagory.com并temp.minceraft.com带有指向的 CNAME 类型记录example.com。
CNAME 记录只是另一个 DNS 记录的别名。这意味着,如果一切都转到由 运行的主机上的一个 IP 地址example.com,则问题出在您的 Apache 虚拟主机配置中。对我来说,第一个可靠的线索是看到apachectl -S
default server example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:25)
port 80 namevhost example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:25)
alias temp.alagory.com
wild alias *.temp.alagory.com
port 80 namevhost example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:36)
alias temp.minceraft.com
wild alias *.temp.minceraft.com
最大的线索是port 80 namevhost example.comfortemp.alagory.com以及temp.minceraft.com。这意味着虚拟主机配置没有关注主机名 temp.alagory.com andtemp.minceraft.com`。
因此,当查看您的实际虚拟主机配置时,请查看ServerName两种情况;它们都是ServerName example.com:
#temp.alagory.com
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName example.com
DocumentRoot "/srv/http/alagory"
ServerAlias temp.alagory.com
ServerAlias *.temp.alagory.com
ErrorLog "/var/log/httpd/temp.alagory-error_log"
CustomLog "/var/log/httpd/temp.alagory-access_log" common
</VirtualHost>
#temp.minceraft.com
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName example.com
DocumentRoot "/srv/http/minceraft"
ServerAlias temp.minceraft.com
ServerAlias *.temp.minceraft.com
ErrorLog "/var/log/httpd/temp.minceraft-error_log"
CustomLog "/var/log/httpd/temp.minceraft-access_log" common
</VirtualHost>
这些应该进行如下更改,以便ServerName与连接到它的主机名匹配;我格式化了配置以使其更易于阅读:
#temp.alagory.com
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName temp.alagory.com
ServerAlias temp.alagory.com
ServerAlias *.temp.alagory.com
DocumentRoot "/srv/http/alagory"
ErrorLog "/var/log/httpd/temp.alagory-error_log"
CustomLog "/var/log/httpd/temp.alagory-access_log" common
</VirtualHost>
#temp.minceraft.com
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName temp.minceraft.com
ServerAlias temp.minceraft.com
ServerAlias *.temp.minceraft.com
DocumentRoot "/srv/http/minceraft"
ErrorLog "/var/log/httpd/temp.minceraft-error_log"
CustomLog "/var/log/httpd/temp.minceraft-access_log" common
</VirtualHost>
编辑:我重新编写了您的虚拟主机文件。最大的变化是格式化以提高可读性,以及将配置放在example.com列表顶部,以及为每个配置设置适当的ServerName设置ServerAlias。
#example.com
<VirtualHost *:80>
ServerName example.com
ServerSignature Off
ServerName example.com
ServerAlias example.com
DocumentRoot "/srv/http"
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
</VirtualHost>
#files.example.com
<VirtualHost *:80>
ServerAdmin [email protected]
ServerSignature Off
ServerName files.example.com
ServerAlias files.example.com
ServerAlias *.files.example.com
DocumentRoot "/srv/http/files/mollify"
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
</VirtualHost>
#temp.alagory.com
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName temp.alagory.com
ServerAlias temp.alagory.com
ServerAlias *.temp.alagory.com
DocumentRoot "/srv/http/alagory"
ErrorLog "/var/log/httpd/temp.alagory-error_log"
CustomLog "/var/log/httpd/temp.alagory-access_log" common
</VirtualHost>
#temp.minceraft.com
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName temp.minceraft.com
ServerAlias temp.minceraft.com
ServerAlias *.temp.minceraft.com
DocumentRoot "/srv/http/minceraft"
ErrorLog "/var/log/httpd/temp.minceraft-error_log"
CustomLog "/var/log/httpd/temp.minceraft-access_log" common
</VirtualHost>
#example.com SSL connection
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName example.com
ServerAlias example.com
DocumentRoot "/srv/http"
SSLEngine on
SSLCertificateFile /etc/httpd/conf/server.crt
SSLCertificateKeyFile /etc/httpd/conf/server.key
ErrorLog "/var/log/httpd/example.com-error_log"
CustomLog "/var/log/httpd/example.com-access_log" common
</VirtualHost>
</IfModule>
#files.example.com SSL connection
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName files.example.com
ServerAlias files.example.com
ServerAlias *.files.example.com
DocumentRoot "/srv/http/files/mollify"
SSLEngine on
SSLCertificateFile /etc/httpd/conf/files.crt
SSLCertificateKeyFile /etc/httpd/conf/files.key
ErrorLog "/var/log/httpd/files.example.com.id-error_log"
CustomLog "/var/log/httpd/files.example.com-access_log" common
</VirtualHost>
</IfModule>