Apache SSL 虚拟主机共享相同的 DocumentRoot

tag-icon tag-icon apache-2.2 ssl configuration virtualhost
Apache SSL 虚拟主机共享相同的 DocumentRoot

我有一个 Web 服务器,其中有两个域指向同一个文档根目录。我为这两个域分别设置了 SSL 证书。我希望 (几乎) 进入网站的所有内容都使用 SSL 运行。一切都正常,但我的配置似乎太长且重复,我想知道我是否可以简化它?

我检查了以下答案: 在 Apache 中设置 SSL 虚拟主机Apache:带有 SSL 证书的多个虚拟主机?https://www.howtoforge.com/hosting-multiple-ssl-web-sites-on-one-ip-address-with-apache-2.2-and-gnutls-debian-lenny 但尽管有用,它们似乎并没有完全解决这个问题。

我想知道是否有办法将配置分解为可以包含的文件?

我的端口.conf:

NameVirtualHost *:80
NameVirtualHost *:443
Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

站点可用默认:

<VirtualHost *:80>
ServerAdmin [email protected]
ServerName yy.com

DocumentRoot /var/www
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory /var/www/>
    # everything to run under ssl
    RewriteEngine on
    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    Options -Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined

ProxyRequests Off

<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>

ProxyPass /geoserver http://localhost:8080/geoserver
ProxyPreserveHost On
ProxyStatus On

默认 SSL:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
    ServerAdmin [email protected]
    ServerName yy.com:443
    DocumentRoot /var/www
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/>
        Options -Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    SSLCertificateFile    /etc/apache2/ssl/yy.com.crt
    SSLCertificateKeyFile /etc/apache2/ssl/yy.com.key

    #   Server Certificate Chain:
    SSLCertificateChainFile /etc/apache2/ssl/intermediate.crt

    #   Certificate Authority (CA):

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
        SSLOptions +StdEnvVars
    </Directory>

    #   SSL Protocol Adjustments:
    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

</VirtualHost>
</IfModule>

第二个站点的ssl.conf:

<IfModule mod_ssl.c>
<VirtualHost *:443>

    ServerAdmin [email protected]
    ServerName zz.com
    ServerAlias www.zz.com
    DocumentRoot /var/www

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    SSLCertificateFile /etc/apache2/ssl/zz.com.crt
    SSLCertificateKeyFile /etc/apache2/ssl/zz.com.key

    #   Server Certificate Chain:
    SSLCertificateChainFile /etc/apache2/ssl/zz.com/intermediate.crt

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
        SSLOptions +StdEnvVars
    </Directory>

    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

</VirtualHost>

</IfModule>

任何帮助均感激不尽。

小型的

答案1

正如我所发布的那样,我认为必须有一个“包含”功能:)所以我查了一下(https://httpd.apache.org/docs/2.4/mod/core.html#include),现在我创建了一些单独的“.conf”文件,我可以根据需要将其包含进去。因此,第二个站点的 ssl.conf 现在如下所示:

<IfModule mod_ssl.c>
<VirtualHost *:443>

  ServerAdmin [email protected]
  ServerName zz.com
  ServerAlias www.zz.com
  DocumentRoot /var/www

  Include conf/cgi.conf
  Include conf/proxy.conf
  Include conf/ssl.conf

  #   SSL Engine Switch:
  #   Enable/Disable SSL for this virtual host.
  SSLEngine on

  SSLCertificateFile /etc/apache2/ssl/zz.com.crt
  SSLCertificateKeyFile /etc/apache2/ssl/zz.com.key

  #   Server Certificate Chain:
  SSLCertificateChainFile /etc/apache2/ssl/zz.com/intermediate.crt

</VirtualHost>

</IfModule>

现在更加方便和简单

小型的

相关内容