Apache、Tomcat:如何在单个服务器上使用多个 SSL 证书

Apache、Tomcat:如何在单个服务器上使用多个 SSL 证书

我正在使用我们的 Debian X64 服务器,它是 5 个域名的端点。其中一个域名由在 Apache Web 服务器上运行的 Web 项目使用。其余 4 个域有单独的 Web 应用程序在单个 Apache Tomcat 实例上运行。目前我使用它mod_proxy来将请求重定向到适当的 Web 应用程序。

不幸的是,一旦出现 HTTPS,这种设置就变得毫无用处。我无法安装包含所有域的单个 https 证书。此类证书由LetsEncrypt

安装证书后,任何请求都只会重定向到单个 Tomcat 域。起初我无法理解这种行为,但在检查证书后,我发现它重定向到的域是证书中多个域中的第一个。我不知道为什么 URL 未被处理,但这是当前的行为。我曾考虑使用mod_jk而不是mod_proxy来完成这项任务,但不知道这是否正是我所需要的。

我想知道如何创建一个设置,以便为每个域安装单独的 SSL 证书。以下是当前设置的基本概述:

在此处输入图片描述

Apache2 工作者.属性:

 worker.list = worker_app1
worker.worker_app1.type = lb
worker.worker_app1.balance_workers = app1_instance1
worker.worker_app1.sticky_session = true
worker.worker_app1.sticky_session_force = false
worker.worker_app1.method = busyness

worker.app1_instance1.type = ajp13
worker.app1_instance1.host = 127.0.0.1
worker.app1_instance1.port = 8010
worker.app1_instance1.host = localhost
worker.app1_instance1.lbfactor = 1
worker.app1_instance1.socket_timeout = 40
worker.app1_instance1.socket_keepalive = true
worker.app1_instance1.reply_timeout = 30000

Apache 站点已启用/000-默认:

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName www.domain4.de.com
        ServerAlias domain4.de.com
        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                 Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Listen 443
<VirtualHost *:443>
ServerName www.domain1.de
ServerAlias domain1.de
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.domain1.de/tool.crt
SSLCertificateKeyFile /etc/letsencrypt/live/www.domain1.de/private.key
ProxyRequests off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
#ErrorDocument 503 /maintenance.html
# ErrorDocument 404 /maintenance.html
# ErrorDocument 500 /maintenance.html

#ProxyPass /maintenance.html !
#ProxyPass / http://localhost:8080/
#ProxyPassReverse / http://localhost:8080/

<Location / >
Order allow,deny
Allow from all
</Location>
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain3.de
ServerAlias domain3.de
ProxyRequests off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
#ErrorDocument 503 /maintenance.html
# ErrorDocument 404 /maintenance.html
# ErrorDocument 500 /maintenance.html

#ProxyPass /maintenance.html !
#ProxyPass / http://localhost:8080/
#ProxyPassReverse / http://localhost:8080/

<Location / >
Order allow,deny
Allow from all
</Location>
</VirtualHost>


<VirtualHost *:80>
ServerName www.domain3.de
ServerAlias domain3.de
ProxyRequests off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ErrorDocument 503 /maintenance.html
 ErrorDocument 404 /maintenance.html
 ErrorDocument 500 /maintenance.html

ProxyPass /maintenance.html !

ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/

<Location / >
Order allow,deny
Allow from all
</Location>
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain2.de
ServerAlias domain2.de
ProxyRequests off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ErrorDocument 503 /maintenance.html
 ErrorDocument 404 /maintenance.html
 ErrorDocument 500 /maintenance.html

ProxyPass /maintenance.html !

ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/

<Location / >
Order allow,deny
Allow from all
</Location>
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain5.de
ServerAlias domain5.de
ProxyRequests off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ErrorDocument 503 /maintenance.html
 ErrorDocument 404 /maintenance.html
 ErrorDocument 500 /maintenance.html

ProxyPass /maintenance.html !

ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/

<Location / >
Order allow,deny
Allow from all
</Location>
</VirtualHost>

如果需要任何其他信息,请告知我。感谢您的时间。

编辑

我通过在 Spring-security 配置中指定,重新部署了所有 webapps 以使用 https。我尝试了下面的配置。请注意,对于每个 VirtualHost ,我还尝试了 ProxyPass 和 localhost:8080 。目前,只有 webserver 应用程序加载,没有其他任何东西。

我将 000-default 更改如下:

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName www.domain4.de.com
        ServerAlias domain4.de.com
        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                 Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Listen 443
<VirtualHost *:443>
ServerName www.domain1.de
ServerAlias domain1.de
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.domain1.de/tool.crt
SSLCertificateKeyFile /etc/letsencrypt/live/www.domain1.de/private.key
ProxyRequests off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
#ErrorDocument 503 /maintenance.html
# ErrorDocument 404 /maintenance.html
# ErrorDocument 500 /maintenance.html

#ProxyPass /maintenance.html !
#ProxyPass / http://localhost:8443/
#ProxyPassReverse / http://localhost:8443/

<Location / >
Order allow,deny
Allow from all
</Location>
</VirtualHost>

<VirtualHost *:443>
ServerName www.domain3.de
ServerAlias domain3.de
ProxyRequests off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
#ErrorDocument 503 /maintenance.html
# ErrorDocument 404 /maintenance.html
# ErrorDocument 500 /maintenance.html

#ProxyPass /maintenance.html !
#ProxyPass / http://localhost:8443/
#ProxyPassReverse / http://localhost:8443/

<Location / >
Order allow,deny
Allow from all
</Location>
</VirtualHost>


<VirtualHost *:443>
ServerName www.domain3.de
ServerAlias domain3.de
ProxyRequests off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ErrorDocument 503 /maintenance.html
 ErrorDocument 404 /maintenance.html
 ErrorDocument 500 /maintenance.html

ProxyPass /maintenance.html !

ProxyPass / http://localhost:8443/
ProxyPassReverse / http://localhost:8443/

<Location / >
Order allow,deny
Allow from all
</Location>
</VirtualHost>

<VirtualHost *:443>
ServerName www.domain2.de
ServerAlias domain2.de
ProxyRequests off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ErrorDocument 503 /maintenance.html
 ErrorDocument 404 /maintenance.html
 ErrorDocument 500 /maintenance.html

ProxyPass /maintenance.html !

ProxyPass / http://localhost:8443/
ProxyPassReverse / http://localhost:8443/

<Location / >
Order allow,deny
Allow from all
</Location>
</VirtualHost>

<VirtualHost *:443>
ServerName www.domain5.de
ServerAlias domain5.de
ProxyRequests off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ErrorDocument 503 /maintenance.html
 ErrorDocument 404 /maintenance.html
 ErrorDocument 500 /maintenance.html

ProxyPass /maintenance.html !

ProxyPass / http://localhost:8443/
ProxyPassReverse / http://localhost:8443/

<Location / >
Order allow,deny
Allow from all
</Location>
</VirtualHost>

相关内容