使用和不使用 SSL 托管的 CName 和 A 类型网站

使用和不使用 SSL 托管的 CName 和 A 类型网站

好的,我的设置有点复杂,大部分情况下都可以使用,但最近我不得不将几个站点迁移到我的服务器上,但似乎无法让事情按照我想要的方式运行。

我的服务器上托管了 5 个网站。我最初有 3 个。我们称它们为

  • 示例.com
  • files.example.com
  • git.example.com
  • temp.alagory.com
  • temp.minceraft.com

alagory.comminceraft.com是我要迁移到个人服务器的站点。我的个人服务器没有静态 IP 地址,因此我使用 DDNS 对其进行了设置,DDNS 会为它提供example.com包含两个子域文件和 git 的地址。我希望将这三个 DDNS 域置于 SSL 之下。temp.alagory.comtemp.minceraft.com是 WordPress 站点,由于我将它们公开,因此我不希望每个访问它们的人都看到有关我的自签名证书的警告。我也不想花费便宜的费用来获得官方认可的证书。最初,我已经能够让三个 DDNS 站点正常运行(*.example.com),它们在加密下都可以很好地运行。其他两个站点在它们的服务器上运行良好,我决定取消它们。

当我尝试将所有这些具有不同之处的站点托管在一台服务器上时,麻烦就来了。

我设置了temp.alagory.com和 ,temp.minceraft.com并带有指向 的 CNAME 类型记录example.com。我已成功利用其他三个域上的虚拟主机将它们发送到各自的站点。我设置了 的虚拟主机并将allegory它们minceraft指向其目录,但它们解析为/srv/http,即 的目录example.com。此外,这些域被重定向以使用我的证书进行加密。我真的不明白这是怎么回事,因为它们不是我在证书中使用的名称。我以为那是经过检查的东西。

这是虚拟主机配置文件git.example.com

#This configuration has been tested on GitLab 6.0.0 and GitLab 6.0.1
#Note this config assumes unicorn is listening on default port 8080.
#Module dependencies
#  mod_rewrite
#  mod_proxy
#  mod_proxy_http

<VirtualHost *:80>
  ServerName git.example.com
  ServerSignature Off

  RewriteEngine on
  RewriteCond %{HTTPS} !=on
  RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
</VirtualHost>

<VirtualHost *:443>

  SSLEngine on
  #strong encryption ciphers only
  #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
  SSLProtocol all -SSLv2
  SSLHonorCipherOrder on
#  SSLCipherSuite        "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM    :RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
  SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
  Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
  SSLCompression Off
  SSLCertificateFile /etc/httpd/conf/server.crt
  SSLCertificateKeyFile /etc/httpd/conf/server.key
  SSLCACertificateFile /etc/httpd/conf/server.crt

  ServerName git.example.com
  ServerSignature Off

  ProxyPreserveHost On

  <Location />
    # New authorization commands for apache 2.4 and up
    # http://httpd.apache.org/docs/2.4/upgrading.html#access
    Require all granted

    ProxyPassReverse http://127.0.0.1:8080
    ProxyPassReverse http://git.example.com/
  </Location>

  #apache equivalent of nginx try files
  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-    files
  # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
  RewriteEngine on
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
  RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA]
  RequestHeader set X_FORWARDED_PROTO 'https'

  # needed for downloading attachments
  DocumentRoot /usr/share/webapps/gitlab/public

  #Set up apache error documents, if back end goes down (i.e. 503 error) then a     maintenance/deploy page is thrown up.
  ErrorDocument 404 /404.html
  ErrorDocument 422 /422.html
  ErrorDocument 500 /500.html
  ErrorDocument 503 /deploy.html

  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
  ErrorLog  /var/log/httpd/git.example.com_error.log
  CustomLog /var/log/httpd/git.example.com_forwarded.log common_forwarded
  CustomLog /var/log/httpd/git.example.com_access.log combined env=!dontlog
  CustomLog /var/log/httpd/git.example.com.log combined

</VirtualHost>

以下是我用来对files.example.comexample.comtemp.alagory.com和进行排序的配置temp.minceraft.com

我的其他网站的虚拟主机

这是我的 httpd.conf

httpd配置文件

我尝试将其用作虚拟主机temp.alagory.com的服务器名称temp.alagory.com,但它仍然重定向到/srv/http/目录。我尝试删除所有其他配置,但它仍然解析为默认目录/srv/http/

apachectl -S以下是替换相应站点名称后的输出:

[root@Vega extra]# apachectl -S
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:25)
         port 80 namevhost example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:25)
                 alias temp.alagory.com
                 wild alias *.temp.alagory.com
         port 80 namevhost example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:36)
                 alias temp.minceraft.com
                 wild alias *.temp.minceraft.com
         port 80 namevhost localhost.localdomain (/etc/httpd/conf/extra/httpd-    vhosts.conf:47)
         port 80 namevhost example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:70)
         port 80 namevhost git.example.com (/etc/httpd/conf/extra/gitlab.conf:8)
*:443                  is a NameVirtualHost
         default server files.example.com (/etc/httpd/conf/extra/httpd-    vhosts.conf:57)
         port 443 namevhost files.example.com (/etc/httpd/conf/extra/httpd-   vhosts.conf:57)
         port 443 namevhost example.com (/etc/httpd/conf/extra/httpd-   vhosts.conf:80)
         port 443 namevhost git.example.com (/etc/httpd/conf/extra/gitlab.conf:16)
         port 443 namevhost www.example.com (/etc/httpd/conf/extra/httpd-ssl.conf:80)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/srv/http"
Main ErrorLog: "/var/log/httpd/error_log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default 
Mutex mpm-accept: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="http" id=33
Group: name="http" id=33

答案1

我设置了temp.alagory.comtemp.minceraft.com带有指向的 CNAME 类型记录example.com

CNAME 记录只是另一个 DNS 记录的别名。这意味着,如果一切都转到由 运行的主机上的一个 IP 地址example.com,则问题出在您的 Apache 虚拟主机配置中。对我来说,第一个可靠的线索是看到apachectl -S

default server example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:25)
port 80 namevhost example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:25)
        alias temp.alagory.com
        wild alias *.temp.alagory.com
port 80 namevhost example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:36)
        alias temp.minceraft.com
        wild alias *.temp.minceraft.com

最大的线索是port 80 namevhost example.comfortemp.alagory.com以及temp.minceraft.com。这意味着虚拟主机配置没有关注主机名 temp.alagory.com andtemp.minceraft.com`。

因此,当查看您的实际虚拟主机配置时,请查看ServerName两种情况;它们都是ServerName example.com

#temp.alagory.com
<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName example.com
    DocumentRoot "/srv/http/alagory"
    ServerAlias temp.alagory.com
    ServerAlias *.temp.alagory.com
    ErrorLog "/var/log/httpd/temp.alagory-error_log"
    CustomLog "/var/log/httpd/temp.alagory-access_log" common
</VirtualHost>

#temp.minceraft.com
<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName example.com
    DocumentRoot "/srv/http/minceraft"
    ServerAlias temp.minceraft.com
    ServerAlias *.temp.minceraft.com
    ErrorLog "/var/log/httpd/temp.minceraft-error_log"
    CustomLog "/var/log/httpd/temp.minceraft-access_log" common
</VirtualHost>

这些应该进行如下更改,以便ServerName与连接到它的主机名匹配;我格式化了配置以使其更易于阅读:

#temp.alagory.com
<VirtualHost *:80>
    ServerAdmin [email protected]

    ServerName temp.alagory.com
    ServerAlias temp.alagory.com
    ServerAlias *.temp.alagory.com

    DocumentRoot "/srv/http/alagory"

    ErrorLog "/var/log/httpd/temp.alagory-error_log"
    CustomLog "/var/log/httpd/temp.alagory-access_log" common

</VirtualHost>

#temp.minceraft.com
<VirtualHost *:80>
    ServerAdmin [email protected]

    ServerName temp.minceraft.com
    ServerAlias temp.minceraft.com
    ServerAlias *.temp.minceraft.com

    DocumentRoot "/srv/http/minceraft"

    ErrorLog "/var/log/httpd/temp.minceraft-error_log"
    CustomLog "/var/log/httpd/temp.minceraft-access_log" common
</VirtualHost>

编辑:我重新编写了您的虚拟主机文件。最大的变化是格式化以提高可读性,以及将配置放在example.com列表顶部,以及为每个配置设置适当的ServerName设置ServerAlias

#example.com
<VirtualHost *:80>
    ServerName example.com
    ServerSignature Off

    ServerName example.com
    ServerAlias example.com

    DocumentRoot "/srv/http"

    RewriteEngine on
    RewriteCond %{HTTPS} !=on
    RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]

</VirtualHost>

#files.example.com
<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerSignature Off

    ServerName files.example.com
    ServerAlias files.example.com
    ServerAlias *.files.example.com

    DocumentRoot "/srv/http/files/mollify"

    RewriteEngine on
    RewriteCond %{HTTPS} !=on
    RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]

</VirtualHost>

#temp.alagory.com
<VirtualHost *:80>
    ServerAdmin [email protected]

    ServerName temp.alagory.com
    ServerAlias temp.alagory.com
    ServerAlias *.temp.alagory.com

    DocumentRoot "/srv/http/alagory"

    ErrorLog "/var/log/httpd/temp.alagory-error_log"
    CustomLog "/var/log/httpd/temp.alagory-access_log" common

</VirtualHost>

#temp.minceraft.com
<VirtualHost *:80>
    ServerAdmin [email protected]

    ServerName temp.minceraft.com
    ServerAlias temp.minceraft.com
    ServerAlias *.temp.minceraft.com

    DocumentRoot "/srv/http/minceraft"

    ErrorLog "/var/log/httpd/temp.minceraft-error_log"
    CustomLog "/var/log/httpd/temp.minceraft-access_log" common
</VirtualHost>

#example.com SSL connection
<IfModule mod_ssl.c> 
<VirtualHost *:443>
    ServerAdmin [email protected]

    ServerName example.com
    ServerAlias example.com

    DocumentRoot "/srv/http"

    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/server.crt
    SSLCertificateKeyFile /etc/httpd/conf/server.key
    ErrorLog "/var/log/httpd/example.com-error_log"
    CustomLog "/var/log/httpd/example.com-access_log" common

</VirtualHost>
</IfModule>

#files.example.com SSL connection
<IfModule mod_ssl.c> 
<VirtualHost *:443>
    ServerAdmin [email protected]

    ServerName files.example.com
    ServerAlias files.example.com
    ServerAlias *.files.example.com

    DocumentRoot "/srv/http/files/mollify"

    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/files.crt
    SSLCertificateKeyFile /etc/httpd/conf/files.key
    ErrorLog "/var/log/httpd/files.example.com.id-error_log"
    CustomLog "/var/log/httpd/files.example.com-access_log" common

</VirtualHost>
</IfModule>

相关内容