我的 Apache Web 服务器上的可用 IP 地址已达到上限,但越来越需要使用 SSL 运行网站。我很乐意让一些网站在 SNI 下运行,但其中一些网站需要专用 IP 上的 SSL 提供的向后兼容性。
那么,可以在同一台服务器上混合使用两者吗?
答案1
是的;对于给定的侦听器 IP 地址/端口组合,证书和 SNI 以及基于名称的虚拟主机逻辑与其他侦听器不同
因此,假设您想要192.0.2.50成为 SNI,192.0.2.51并192.0.2.52拥有专用 IP:
NameVirtualHost 192.0.2.50:443
<VirtualHost 192.0.2.50:443>
ServerName snisiteone.example.com
# SSL directives here for this site's certificate to be served via SNI
# Note that this cert, the first configured, will be used as default
# for clients that don't support SNI
</VirualHost>
<VirtualHost 192.0.2.50:443>
ServerName snisitetwo.example.com
# SSL directives here for this site's certificate to be served via SNI - different cert!
</VirualHost>
<VirtualHost 192.0.2.51:443>
ServerName dedicatedsite.example.com
# SSL directives here for this site's certificate
# Dedicated IP, so this'll be the only cert on this listener, SNI not used
</VirualHost>
<VirtualHost 192.0.2.52:443>
ServerName dedicatedsitetwo.example.com
# SSL directives here for this site's certificate
# Dedicated IP, so this'll be the only cert on this listener, SNI not used
</VirualHost>