我正在运行 Node.js 服务器8200,我刚刚为我的域名获取了一些 SSL 证书。我希望能够通过 HTTPS 提供我的页面。
到目前为止我的 apache 配置文件是这样的
文件: /etc/apache2/sites-enabled/synsis.conf
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName www.synsis.live
ServerAlias synsis.live
SSLEngine On
SSLProxyEngine On
SSLCertificateFile "/home/vas/synsis.live/certs/domain.crt"
SSLCertificateKeyFile "/home/vas/synsis.live/certs/domain.key"
SSLCertificateChainFile "/home/vas/synsis.live/certs/intermediate.pem"
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
ProxyPass https://localhost:8200/
ProxyPassReverse https://localhost:8200/
</Location>
</VirtualHost>
但是,使用此配置我的网站无法加载。有什么想法吗?
apachectl -t
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK
和
apachectl -S
VirtualHost configuration:
*:80 is a NameVirtualHost
default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost ch.mu (/etc/apache2/sites-enabled/c.conf:1)
port 80 namevhost www.hai.run (/etc/apache2/sites-enabled/hai.conf:3)
alias hai.run
port 80 namevhost practicalhuman.org (/etc/apache2/sites-enabled/ph.conf:4)
alias www.practicalhuman.org
*:443 www.synthesis.live (/etc/apache2/sites-enabled/synthesis.conf:5)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33 not_used
Group: name="www-data" id=33 not_used
答案1
您的配置包含了我对现有配置示例的三个主要抱怨在野外
<Proxy *>配置反向代理时使用块。<Proxy>块包括几乎专门用于配置正向代理而非反向代理。您这种情况不需要它。- 位置块内部的使用
ProxyPass。最佳实践是使用 2 个参数版本,ProxyPass除非没有其他选择。 - 在 Apache v2.4 中使用 Apache v2.2 授权指令。我强烈推荐总是将所有 v2.2
Allow、Order和Satisfy指令更改require为新的 v2.4Require指令和<RequireAny>和<RequireAll>块。 - 该
SSLProxyEngine指令用于在代理时配置您的服务器到和基于 SSL 的服务,与您的实际虚拟主机是否为 SSL 无关(是的,我知道我说的是 3,但这是一个非常小的,我添加它只是因为您回复说您的后端未启用 SSL :-)
尝试以下内容作为基础,并希望“清理”,配置并从那里开始工作。 *如果它不起作用,请告诉我们实际发生了什么,而不仅仅是说“它不起作用”。
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName www.synsis.live
ServerAlias synsis.live
SSLEngine On
SSLProxyEngine On
SSLCertificateFile "/home/vas/synsis.live/certs/domain.crt"
SSLCertificateKeyFile "/home/vas/synsis.live/certs/domain.key"
SSLCertificateChainFile "/home/vas/synsis.live/certs/intermediate.pem"
# This is the default anyway, but no harm having it explicitly set
ProxyRequests Off
# You say in a comment your backend is not SSL, but your original configuration
# tries to proxy to an SSL enabled service. This is almost certainly
# why it originally failed
ProxyPass / http://localhost:8200/
ProxyPassReverse / http://localhost:8200/
</VirtualHost>
答案2
你的后端是 ssl 吗?
如果不:
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName www.synsis.live
ServerAlias synsis.live
SSLEngine On
SSLProxyEngine On
SSLCertificateFile "/home/vas/synsis.live/certs/domain.crt"
SSLCertificateKeyFile "/home/vas/synsis.live/certs/domain.key"
SSLCertificateChainFile "/home/vas/synsis.live/certs/intermediate.pem"
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
ProxyPass http://localhost:8200/
ProxyPassReverse http://localhost:8200/
</Location>
</VirtualHost>
如果是:
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName www.synsis.live
ServerAlias synsis.live
SSLEngine On
SSLProxyEngine On
SSLCertificateFile "/home/vas/synsis.live/certs/domain.crt"
SSLCertificateKeyFile "/home/vas/synsis.live/certs/domain.key"
SSLCertificateChainFile "/home/vas/synsis.live/certs/intermediate.pem"
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
SSLProxyEngine on
ProxyPass https://localhost:8200/
ProxyPassReverse https://localhost:8200/
</Location>
</VirtualHost>