我有两个网站由 CentOS 实例提供服务。其中一个启用了 SSL,另一个仅在端口 80 上提供服务。
因此,http://siteone.com
和https://siteone.com
都可以正常工作, 也是如此http://sitetwo.com
。
问题是https://sitetwo.com
显示https://siteone.com
。
我有一个可用的公网 IP 地址。
我认为我无法从一个 IP 为两个 https 站点提供服务,但是有没有办法将 https 重定向到端口 80,而https://sitetwo.com
不是为错误的站点提供服务?
sudo apachectl -S
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using xxx.xxx.xxx.xxx. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
▽
xxx.xxx.xxx.xxx:443 siteone.com (/etc/httpd/sites-enabled/ssl-siteone.conf:1)
*:80 is a NameVirtualHost
default server beta-siteone (/etc/httpd/sites-enabled/beta-siteone.conf:1)
port 80 namevhost beta-ilegis (/etc/httpd/sites-enabled/beta-siteone.conf:1)
alias beta.siteone.com
port 80 namevhost siteone.com (/etc/httpd/sites-enabled/siteone.conf:1)
alias www.siteone.com
port 80 namevhost sitetwo.com (/etc/httpd/sites-enabled/sitetwo.com.conf:1)
alias www.sitetwo.com
*:443 is a NameVirtualHost
default server xxx.xxx.xxx.xxx (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost xxx.xxx.xxx.xxx (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost xxx.xxx.xxx.xxx (/etc/httpd/sites-enabled/ssl-sitetwo.com.conf:1)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
答案1
一个 IP 可以服务两个 https。您只需要验证虚拟主机配置是否有效。
你确定你的虚拟主机能用吗?你可以在 site-available 中使用此配置。
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
DocumentRoot /var/www/example.com/public_html
ErrorLog /var/www/example.com/error.log
CustomLog /var/www/example.com/requests.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName www.example2.com
DocumentRoot /var/www/example2.com/public_html
ServerAlias example2.com
ErrorLog /var/www/example2.com/error.log
CustomLog /var/www/example2.com/requests.log combined
</VirtualHost>
按照教程操作这里
如果您确定您的虚拟主机配置,那么您可以像这样更改配置:
<VirtualHost *:443>
ServerName www.example.com
ServerAlias example.com
DocumentRoot /var/www/example.com/public_html
ErrorLog /var/www/example.com/error.log
CustomLog /var/www/example.com/requests.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/example/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/example/apache.key
</VirtualHost>
<VirtualHost *:443>
ServerName www.example2.com
DocumentRoot /var/www/example2.com/public_html
ServerAlias example2.com
ErrorLog /var/www/example2.com/error.log
CustomLog /var/www/example2.com/requests.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/example2/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/example2/apache.key
</VirtualHost>
也许你可以参考这有关 ssl 教程。
最后你可以像这样访问你的网站
https://example.com
https://example2.com
答案2
您也可以尝试一下
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/public
<Directory /var/www/example.com>
Options +FollowSymlinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com [OR]
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
答案3
这里的问题不是 IP 地址,而是如果没有与当前主机名匹配的 vHost,Apache 会默认回退到第一个定义的 vHost,并且会通过端口进行回退。由于您通过 HTTPS 为任何站点提供服务,因此只要您让它监听端口 443,该端口就会对指向该服务器的所有域开放,如果没有端口为 443 的匹配 vHost,Apache 将提供回退服务。为了适应这种情况,您必须为每个域定义一个端口 443 vHost,如果您不希望它支持 HTTP,请在那里放置一条消息或重定向。