我正在尝试使用 Joomla 在 apache2 上运行 SSL。但是,我遇到了连接超时问题。我做了大量研究,并且相当确定我的代码是正确的。我已将 ports.conf 文件设置为监听 443:
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
NameVirtualHost *:443
Listen 443
</IfModule>
我还编辑了我的“默认”文件/etc/apache2/sites-available
<VirtualHost *:443>
DocumentRoot /var/www
SSLEngine on
SSLOptions +StrictRequire
<Directory />
SSLRequireSSL
</Directory>
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
SSLSessionCacheTimeout 600
SSLCertificateFile /root/server.crt
SSLCertificateKeyFile /root/server.key
SSLVerifyClient none
SSLProxyEngine off
<IfModule mime.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfModule>
</VirtualHost>
我的“default-SSL”位于同一位置:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
#SSL Engine switch
#Enable SSL engine for this virtual host
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /root/server.crt
SSLCertificateKeyFile /root/server.key
等等等等。
我的问题是:我正在本地服务器上测试所有内容。当我输入 DNS(例如)时https://mydomainname.com/
,我收到连接超时错误。但是,如果我输入类似以下内容:https://mylocalip:443
,它会起作用,但我会收到无效证书警告(这是可以预料到的,因为我正在使用自签名证书进行测试)。为什么我无法使用名称访问我的 SSL,但完全可以使用 IP 地址?
答案1
问题解决了。ping 服务器时,我意识到它正在访问我的域之外的网站。我重定向后一切正常。