不同虚拟主机上的 Sni 多个 ssl Apache 2.4.10 (Debian)

tag-icon tag-icon ssl apache-2.4 lets-encrypt sni
不同虚拟主机上的 Sni 多个 ssl Apache 2.4.10 (Debian)

是否可以在该 apache 版本上设置多个域 ssl?

我有站点 A -> SSL 证书 A 站点 B -> 证书 B

然后每个文件都有一个像这样的虚拟主机,但它不起作用:只有站点 A 正确应用了证书,浏览器说站点 B 有站点 A 证书。

<Virtualhost *:8888>
    ServerName www.siteA.com
    DocumentRoot /var/www/siteA/
    RewriteEngine On

    <Directory /var/www/siteA/>
        Options -Indexes +FollowSymLinks
        AllowOverride all
        Order allow,deny
        allow from all
    </Directory>
    Loglevel warn
    ErrorLog /var/log/apache2/siteA-error.log
    CustomLog /var/log/apache2/siteaA combined
</VirtualHost>

NameVirtualHost *:443

# Go ahead and accept connections for these vhosts
# from non-SNI clients
SSLStrictSNIVHostCheck off

<IfModule mod_ssl.c>
<Virtualhost *:443>
    ServerName siteA.com
    DocumentRoot /var/www/siteA/
    RewriteEngine On

    <Directory /var/www/siteA/>
        Options -Indexes +FollowSymLinks
        AllowOverride all
        Order allow,deny
        allow from all
    </Directory>

    CustomLog /var/log/apache2/siteA combined

# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =s
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/siteA/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/siteA/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

apachectl -S

*:443                  is a NameVirtualHost
     default server siteA (/etc/apache2/sites-enabled/siteA:24)
     port 443 namevhost siteA (/etc/apache2/sites-enabled/siteA:24)
     port 443 namevhost siteB (/etc/apache2/sites-enabled/siteB:8)

答案1

要在 Apache2 服务器下的多个网站中使用 SSL,请按照以下步骤操作

文件:000-default.conf

<VirtualHost *:80>
    ServerName siteA.com
    ServerAlias www.siteA.com
    ServerAdmin [email protected]
    DocumentRoot /var/www/html/siteA
    DirectoryIndex index.php

    <Directory /var/www/siteA/>
        AllowOverride All
        Order Deny,Allow
        Allow from all
    </Directory>

    RewriteEngine On
    RewriteCond %{HTTP:X-Forwarded-Proto} =http
    RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

    ErrorLog ${APACHE_LOG_DIR}/siteA-error.log
    CustomLog ${APACHE_LOG_DIR}/siteA-access.log combined
</VirtualHost>
<VirtualHost *:80>
    ServerName siteB.com
    ServerAlias www.siteB.com
    ServerAdmin [email protected]
    DocumentRoot /var/www/html/siteB

    RewriteEngine On
    RewriteCond %{HTTP:X-Forwarded-Proto} =http
    RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

    ErrorLog ${APACHE_LOG_DIR}/siteB-error.log
    CustomLog ${APACHE_LOG_DIR}/siteB-access.log combined
</VirtualHost>

文件:default-ssl.conf

<VirtualHost *:443>
    ServerAdmin [email protected]
    ServerName www.siteA.com
    DocumentRoot /var/www/html/siteA

    SSLEngine On
    SSLCertificateFile /etc/ssl/siteA_cf.crt
    SSLCertificateKeyFile /etc/ssl/private/siteA_cf.key
    SSLCACertificateFile /etc/ssl/siteA_cf.ca-bundle.crt
</VirtualHost>
<VirtualHost *:443>
    ServerName siteB.com
    ServerAlias www.siteB.com
    DocumentRoot /var/www/html/siteB

    SSLEngine On
    SSLCertificateFile /etc/ssl/siteB_cf.crt
    SSLCertificateKeyFile /etc/ssl/private/siteB_cf.key
    SSLCACertificateFile /etc/ssl/siteB_cf.ca-bundle.crt
</VirtualHost>

笔记:SSLCertificateChainFile已经过时,改用SSLCACertificateFile

创建这些文件后,请确保您的网站已启用。

a2ensite 000-default.conf

a2ensite default-ssl.conf

然后重新加载(或正常重启)

service apache2 reload

参考

相关内容