SSL 在 Apache2/Ubuntu 中不起作用

tag-icon tag-icon apache-2.2 ssl ubuntu-12.04
SSL 在 Apache2/Ubuntu 中不起作用

我正在尝试使用 Joomla 在 apache2 上运行 SSL。但是,我遇到了连接超时问题。我做了大量研究,并且相当确定我的代码是正确的。我已将 ports.conf 文件设置为监听 443:

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    NameVirtualHost *:443
    Listen 443
</IfModule>

我还编辑了我的“默认”文件/etc/apache2/sites-available

<VirtualHost *:443>

    DocumentRoot /var/www

    SSLEngine on
    SSLOptions +StrictRequire

    <Directory />
        SSLRequireSSL
    </Directory>

    SSLProtocol -all +TLSv1 +SSLv3
    SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM

    SSLSessionCacheTimeout 600    

    SSLCertificateFile /root/server.crt
    SSLCertificateKeyFile /root/server.key

    SSLVerifyClient none
    SSLProxyEngine off

    <IfModule mime.c>
        AddType application/x-x509-ca-cert      .crt
        AddType application/x-pkcs7-crl         .crl
    </IfModule>
</VirtualHost>

我的“default-SSL”位于同一位置:

<IfModule mod_ssl.c>

<VirtualHost *:443>

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

    #SSL Engine switch
    #Enable SSL engine for this virtual host
    SSLEngine on

    #   A self-signed (snakeoil) certificate can be created by installing
    #   the ssl-cert package. See
    #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
    #   If both key and certificate are stored in the same file, only the
    #   SSLCertificateFile directive is needed.
    SSLCertificateFile    /root/server.crt
    SSLCertificateKeyFile /root/server.key

等等等等。

我的问题是:我正在本地服务器上测试所有内容。当我输入 DNS(例如)时https://mydomainname.com/,我收到连接超时错误。但是,如果我输入类似以下内容:https://mylocalip:443,它会起作用,但我会收到无效证书警告(这是可以预料到的,因为我正在使用自签名证书进行测试)。为什么我无法使用名称访问我的 SSL,但完全可以使用 IP 地址?

答案1

问题解决了。ping 服务器时,我意识到它正在访问我的域之外的网站。我重定向后一切正常。

相关内容