我的目标
一切都导致https://mydomain.tld
(非 www 且使用 TLS) 并且 HSTS 工作正常。我使用的是 LE (Let's Encrypt) 的证书,因此我使用他们的向导使我的网站在任何地方都使用 HTTPS。但它似乎不能正常工作。
我目前的问题
- 访问
http://mydomain.tld
(非 www、非 tls)。结果是 Apache 状态页面,但我已经有一个正在运行且包含内容的网站。重新加载页面会显示https://mydomain.tld
网站内容。但它应该从第一次访问开始就这样做,而不仅仅是在重新加载页面后才这样做。 - 从 TLS-view访问
http://www.mydomain.tld
结果https://www.mydomain.tld
是可以的,但它不会重定向到非 www,这是我的目标。 - 访问
https://www.mydomain.tld
结果为https://www.mydomain.tld
。没有重定向到非 www。 - 没问题:访问的
https://mydomain.tld
结果还是相同的URL,这正是我想要的。
DNS 设置:
A-RECORDS
.mydomain.tld -> 111.222.333.444
*.mydomain.tld -> 111.222.333.444
www.mydomain.tld -> 111.222.333.444
我的域名.tld.conf
<VirtualHost *:80>
ServerName mydomain.tld
ServerAlias www.mydomain.tld
ServerAdmin [email protected]
DocumentRoot /var/www/mydomain.tld/public_html
Redirect permanent / https://mydomain.tld/
<Directory /var/www/mydomain.tld/public_html>
Options FollowSymLinks
AllowOverride all
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]
</VirtualHost>
mydomain.tld-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.mydomain.tld
ServerAlias mydomain.tld
ServerAdmin [email protected]
DocumentRoot /var/www/mydomain.tld/public_html
<Directory /var/www/mydomain.tld/public_html>
Options FollowSymLinks
AllowOverride all
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
RewriteEngine on
SSLCertificateFile /etc/letsencrypt/live/mydomain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.tld/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
正如你在上面看到的mydomain.tld-le-ssl.conf还包括另一个文件,这可能不会产生问题,但仅供记录:
选项-ssl-apache.conf
# Baseline setting to Include for SSL sites
SSLEngine on
# Intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA$
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
#CustomLog /var/log/apache2/access.log vhost_combined
#LogLevel warn
#ErrorLog /var/log/apache2/error.log
# Always ensure Cookies have "Secure" set (JAH 2012/1)
#Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"
奖金问题
我的域根目录中有一个.htaccess
文件,可以使链接看起来更好:
- 没有:
https://mydomain.tld/index.php?page=news
- 和:
https://mydomain.tld/news
.htaccess
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^\w+$ index.php?page=$0 [L]
RewriteCond %{THE_REQUEST} index\.php
RewriteCond %{QUERY_STRING} ^page=(\w+)$
RewriteRule ^index\.php$ /%1? [R=301,L]
如果可能的话,我希望没有.htaccess文件并将内容添加到.conf文件中,但我所做的一切还没有起作用。
答案1
很奇怪。昨天我创建了新证书,它仍然有效。今天:
Chrome(移动版):
http://mydomain.tld
重定向至https://mydomain.tld
Firefox(桌面版):
http://mydomain.tld
不重定向并导致出现 Apache 页面Firefox(移动版)从未出现在我的网站上:与 Firefox(桌面版)相同
Safari(移动版)从未出现在我的网站上:与 Firefox(桌面版)相同
所以,似乎仍然存在问题。如果能得到帮助来最终解决这个问题就太好了。
该问题的解决方案:
- $
sudo a2dissite 000-default.conf
- 删除 mydomain.tld.conf 中的以下内容:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L] RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
只需使用:Redirect permanent / https://mydomain.tld
- $
sudo /etc/init.d/apache2 restart
最终文件
我的域名.tld.conf
<VirtualHost *:80>
ServerName mydomain.tld
ServerAlias www.mydomain.tld
ServerAdmin [email protected]
DocumentRoot /var/www/mydomain.tld/public_html
Redirect permanent / https://mydomain.tld
<Directory /var/www/mydomain.tld/public_html>
Options FollowSymLinks
AllowOverride all
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
mydomain.tld-le-ssl.conf
LoadModule headers_module modules/mod_headers.so
<IfModule mod_ssl.c>
<VirtualHost *:443>
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomain$
ServerName mydomain.tld
ServerAlias www.mydomain.tld
ServerAdmin [email protected]
DocumentRoot /var/www/mydomain.tld/public_html
<Directory /var/www/mydomain.tld/public_html>
Options FollowSymLinks
AllowOverride all
Require all granted
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^\w+$ index.php?page=$0 [L]
RewriteCond %{THE_REQUEST} index\.php
RewriteCond %{QUERY_STRING} ^page=(\w+)$
RewriteRule ^index\.php$ /%1? [R=301,L]
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
SSLCertificateFile /etc/letsencrypt/live/mydomain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.tld/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]
</VirtualHost>
</IfModule>